[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] Possible browser security problem
- To: list@xxxxxxxxxxxxx
- Subject: Re: [LUG] Possible browser security problem
- From: comrade meowski <mr.meowski@xxxxxxxx>
- Date: Wed, 15 Jul 2020 19:26:36 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sOYfZwzDa9UMQ+21ENtVxpgcoIQvUA9HZYvi69wzvH4=; b=byN5sFVUbTPYCT91klytDU3ILitenyBFFPxusC9rm8AIrG9gZirsFD/BhN1X4kFYWqktNQRCQneewB+GXPbXvncc3r1eW/g15UpWRSg6jJ8t/hWNPKla2GKdFj1qV17yjFrng15arftknG/dWgBsM5B51n6AMiuUYQSVZ+MRLl3PEwFzc9kHfGos7FDuq5cVVlcTOJyqVE3HcMM1akOq326OXFAisQsSbrdwRPlW4q6l7YQy7+qHj1/1RhHcaKff1kAPHk5ilU6JJcp0jc6jfXTX4/K2Pi9ohUUDt2ffeYnM9TrdFzy3bAFtlMtbPa43+Cuc/WKUr77lPj0z6Y/Q5A==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cyKUZrClWEULnfl8KGi15/byd/jWHKEuWeOLnFwXGlluXyCKWGwKBTJfmBQ0yWXQpFShylM5Qfo35eTINzlQo9nVHSl1fWtqfprVoyfRhVIAVxHxwTuL7rpmeSd8AeAZAeDMfsErnLv+RZpWmp0u96X3TWEm+K3ncG8gt38lebXe3s3rvMJAT8Sz0USTNAGKid0MtjD0OrZfzOhr5QkOWr0ckHK2yZSLSYYNdt7JOOgtGoAdd+OMtBOQDtgPNTOtUFKhUfF6DYJuc9IzgwSo2KH9x4ngfJRVp1imIGonr7zP85qha15KQmD3viFDJh/vtr5PuQCfYDvAOeSiknxlTQ==
- Content-language: en-GB
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1586423162; h=Sender:Content-Type: Content-Transfer-Encoding:Reply-To:List-Subscribe:List-Help:List-Post: List-Unsubscribe:List-Id:Subject:MIME-Version:In-Reply-To:Date:Message-ID: From:References:To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner:List-Archive; bh=pQM2jzN6SI4WwLKagmPCJjR3YT7FoVyQfBVUVWaBfZM=; b=2fP1ZCE35ecezeFCzwYdUV611 yWRaaUWajlnykrWK/BLMxG5M0Jr3knizWzq4Jl+kL3/z3dE+Kxk4QBKLRqqH9YcD5Yr46vKRDFadl hg5Bwp5m+ORSZ+xw1vvuhEQMuh1w6+vKb/0Ej2qskuHETY53TIY8zu3brJ8etqqy4Qyx4=;
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sOYfZwzDa9UMQ+21ENtVxpgcoIQvUA9HZYvi69wzvH4=; b=U+LACtluefNkK54F3RJBwx7KzVPKtHGdkhG42os6y1PBcmCBAGHTcTnfNWkZXLzsqbsez+Ty/EFtiPHOabt6H5h9GaUpu+U3ps8NXg9HZBYxLVAY2UfJBHFMX/fSCY89hZSX3CZzMET1imCeQ2UWodKfi4fcmyGhE2/019Z7303sBzuTL3fP0nB/z8V990Jtkzm9JCNeZiRy/sYbsppBIiKGFl6sHrx697TUIEGXVdiAMDsHJhxEJa/XOYfjN1GjeNmSx2kAed0TRysoHBelsNCADk/aqKzFKHDEjG9fIuY9CEREfQ9LxhugOZDn/nhM6iJFO5tqKHYTmjyQ/fqhlA==
Welcome to UNIX where everything is more complicated than it initially
seems...
There are multiple types of buffer in play in X unlike for example
Microsoft Windows - this will be most visible to Linux end users as the
different mechanisms for copy/paste and select+middle clicking text.
https://en.wikipedia.org/wiki/X_Window_selection
There are a lot of other things in play here as well which muddy the
waters - on different systems applications access to polling the
system's buffers may be restricted (or not), different web browsers
behave differently, there are OS level tunables that can be tweaked...
Perhaps Tom's original concern about the security aspect of this is in
part because of other recent news:
https://arstechnica.com/gadgets/2020/06/tiktok-and-53-other-ios-apps-still-snoop-your-sensitive-clipboard-data/
I guess I'm surprised that anyone's surprised by this, as is Gordon by
the sound of it. "What do you mean, there's a copy buffer that $STUFF
can access if it's not prevented from doing so? Of course there is,
doesn't everyone know that?"
--
The Mailing List for the Devon & Cornwall LUG
https://mailman.dcglug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
