Re: [clipboard] Semi-Trusted Events Alternative from Jeffrey Walton on 2020-07-16 (public-webapps@w3.org from July to September 2020)

From: Jeffrey Walton <noloader@gmail.com>
Date: Wed, 15 Jul 2020 21:05:21 -0400
To: public-webapps WG <public-webapps@w3.org>
Message-ID: <CAH8yC8kNk4wRV869jWdT4CimViD_vukFLXf9EX5LvPCgwquJeg@mail.gmail.com>

On Sat, Jul 26, 2014 at 10:09 AM Jeffrey Walton <noloader@gmail.com> wrote:
>
> On Sat, Jul 26, 2014 at 9:34 AM, Perry Smith <pedzsan@gmail.com> wrote:
> >
> > On Jul 26, 2014, at 8:26 AM, Jeffrey Walton <noloader@gmail.com> wrote:
> >
> >> On Sat, Jul 26, 2014 at 9:19 AM, Perry Smith <pedzsan@gmail.com> wrote:
> >>> Sorry if this is a lame question but I never understood the dangers of Copy and Paste that the web is trying to avoid.  Can someone explain that to me?
> >>>
> >> Its a point of data egress. You don't want sensitive information from
> >> one program scraped and egressed by another.
> >>
> >> The first program could be a browser and the second program could be
> >> malware. In this case, the malware looks for data placed on the
> >> clipboard by the browser (and hopes to get a username, password,
> >> sensitive document, etc).
> >>
> >> Or, it could be another program with the browser scraping the data and
> >> hauling it off to a site.
> >
> > I thought about that.  So it is not so much the Copy and Paste operations as much as being able to get the content of the clipboard. ?
> >
> Yes, I believe so. The clipboard is a shared resource with little to
> no restrictions.
>
> One of the check boxes on a security evaluation is how a program
> handles the clipboard and copy/paste (or at least the ones I used when
> doing security architecture work). Its one of those dataflows that
> could be part of a higher then expected data sensitivity, like a
> single sign-on password.
>
> Also, "data egress" may have been a bad choice. In this case, I think
> its more about "data collection". Its hard to stop a web browser from
> opening a socket ;)
>
> Two addition clipboard features that would be nice are: (1) a "one
> shot" copy/paste: delete the password from the clipboard after
> retrieving it from he password manager and pasting it into a password
> box; and (2) "timed" copy/paste: expire the data after 10 seconds or
> so. Both should allow the legitimate use cases, and narrow the window
> for the abuse cases.

Sorry to dig up an old thread....

This just made my radar from Schneier's blog:
https://www.schneier.com/crypto-gram/archives/2020/0715.html#cg14

Jeff

Received on Thursday, 16 July 2020 01:05:46 UTC