D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Possible browser security problem

 



On 15 Jul 2020 9:18 p.m., comrade meowski <mr.meowski@xxxxxxxx> wrote:

On 15/07/2020 19:33, rich@xxxxxxxxxxx wrote:
> So should we stop it and is that possible please?

It's a critical part of your operating system's design and functionality
set - for a normal end user, this is definitely not something you should
worry about. Xorg (and Wayland) both implement this and it's a feature,
not a bug.

The first casualty of disabling it would be your password manager and
things would only get worse from there.

The old method of dealing with this (for the paranoid, like me) is to
install a clipboard manager with various privacy options available such
as one that stores multiple copy buffers by moving them into it's own
secured storage unreachable by - for example - web browser clipboard
APIs and also repeatedly zeroes out any current "main" clipboard buffer
content periodically.

This isn't a new problem by any stretch of the imagination - if you
examine the options in your password manager tool(s) you'll see most of
them implement a delayed wipe of your clipboard buffer so as to avoid
leaving sensitive information effectively visible to anything that
requests it. Obviously this is so they can work in the first place (by
utilising the clipboard to temporarily store your username+password
combos on route to the browser) but also don't just leave the info in
the buffer for the next craptastic app that asks for it.

One for you to file under "don't worry about it" basically.

--
The Mailing List for the Devon & Cornwall LUG
https://mailman.dcglug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Thanks for reply and support. No longer worried!

Rich

-- 
The Mailing List for the Devon & Cornwall LUG
https://mailman.dcglug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq