Is this a real Security risk?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

My boss sent me an email containing this context and he got all freaked out.
I don't think it is that much of a problem because we have all of the
Microsoft updates and third party security software, but I just wanted to
check and see if this is cricitcally necessary.


To All Internet Explorer Users:


You need to be made aware of a potential security risk when using IE. The
risk comes with a particular configuration setting for scripting. If
enabled, anything you have stored in your copy/paste buffer can be sent to a
linked Web site with no knowledge of the user. This is especially risky if
you have copied something confidential (social security #, credit card #,
etc.) to the buffer for use to paste in another application. If you were to
go to a compromising Web site afterwards, that site would get the buffer
information without your knowledge.



Try this for size: Use any app (Word, Notepad, etc.), highlight some text,
right-click and Copy. Go to
http://www.friendlycanadian.com/applications/clipboard.htm. Surprise,
surprise… see what appears.



To get around this potential problem, go to Tools -> Internet Options... ->
Security -> Internet -> Custom Level... -> Scripting -> Allow paste
operations via script: set to “Prompt†or to “Disableâ€.
 
My boss sent me an email containing this context and he got all freaked out.
I don't think it is that much of a problem because we have all of the
Microsoft updates and third party security software, but I just wanted to
check and see if this is cricitcally necessary.


To All Internet Explorer Users:


You need to be made aware of a potential security risk when using IE. The
risk comes with a particular configuration setting for scripting. If
enabled, anything you have stored in your copy/paste buffer can be sent to a
linked Web site with no knowledge of the user. This is especially risky if
you have copied something confidential (social security #, credit card #,
etc.) to the buffer for use to paste in another application. If you wereto
go to a compromising Web site afterwards, that site would get the buffer
information without your knowledge.



Try this for size: Use any app (Word, Notepad, etc.), highlight some text,
right-click and Copy. Go to
http://www.friendlycanadian.com/applications/clipboard.htm. Surprise,
surprise? see what appears.



To get around this potential problem, go to Tools -> Internet Options... ->
Security -> Internet -> Custom Level... -> Scripting -> Allow paste
operations via script: set to ?Prompt? or to ?Disable?.
Click to expand...

If you set your IE security setting as per Microsoft suggested HIGH-
SECURITY mode, you would not have to worry, but then most websites will
not work properly either.

Look up "Internet Explorer High Security Settings" in google.com and
read a few articles on it.
 
Hi

If it was a Security Bulletin from MS, it would have started something like
this:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Otherwise disregard it.

--


Will Denny
MS MVP Windows Shell/User
Please reply to the News Groups
 
Will Denny said:
Hi

If it was a Security Bulletin from MS, it would have started something
like this:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Click to expand...


Microsoft uses PGP for digital signatures rather than their own x.509
security certificate(s)? Why would Microsoft go to a 3rd party for digital
signing when they already have their own mechanism?
 
Vanguard said:
Microsoft uses PGP for digital signatures rather than their own x.509
security certificate(s)? Why would Microsoft go to a 3rd party for digital
signing when they already have their own mechanism?

Theyre just mad
Click to expand...
 
The email that your boss got would definetly be spam because it is not from
microsoft because they digitally sign all there messages and they didnt send
me one.
 
I have never received unsolicited e-mails from Microsoft so I cannot attest
that Microsoft (for legit e-mails from them rather than phish or spam mails)
ever used PGP for digital signing. I did subscribe at one time to some of
their newsletters but don't remember them ever being digital signed by ANY
method.
 
Every security bulletin I have received from Microsoft for the past 1 1/2
years, or so, have begun with:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I also subscribe to their service.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!
 
Richard Urban said:
Every security bulletin I have received from Microsoft for the past 1 1/2
years, or so, have begun with:
Click to expand...


Is that one of their standard newsletters to which I could subscribe? If
so, I'd like to subscribe to see them using PGP.
 
Back
Top