Don't copy-paste commands from webpages — you can get hacked

Discussion in 'other security issues & news' started by stapp, Jan 3, 2022.

  1. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    18,789
    Location:
    UK
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,584
    Location:
    Canada
    Wow!! copy/paste from web pages, which I do a lot of especially in Linux, is going to be a tough habit to break.

    EDIT

    there is this:

    https://www.wizer-training.com/blog/copy-paste

    Also I noticed on my Linux clipboard:

    copy-paste.png

    ...it copies both the malicious text and harmless text, so this could allow an audit and selection of the harmless entry only.
     
    Last edited: Jan 3, 2022
  3. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,559
    Location:
    Member state of European Union
    I think that commenting isn't bulletproof, because I saw that multiline copy-paste can make comment only apply to first line.
    However I tested copy-pasting in two browsers (Vivaldi, Firefox) and Firefox for some reason seems to be immune to attack.

    Best way to prevent it is probably to have some intermediate program like notepad to proxy clipboard content.
     
  4. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,584
    Location:
    Canada
    The malicious test code was not copied to the clipboard from Firefox?

    EDIT

    just found out about this FF flag:

    dom.event.clipboardevents.enabled ..change to disable.
     
    Last edited: Jan 3, 2022
  5. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    7,154
    Location:
    USA
    Any time I copy/paste I go to Notepad first and paste it there. This removes any formatting that is not plain text and if the text doesn't match at all it will be quite obvious. Once it looks the way you want it to in Notepad (or your text editor in Linux) copy and paste from there.
     
  6. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,873
    Location:
    Lloegyr
    I would never copy/paste direct from a webpage into the Terminal.
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,584
    Location:
    Canada
    Good plan that you and @reasonablePrivacy suggest :thumb: I've disable the preference "dom.event.clipboardevents.enabled" in Firefox and that prevents the malicious code too. So there seems to be:

    1. copy to text editor and audit
    2. copy to clipboard and audit
    3. count on the disabled Firefox preference
     
  8. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,485
    Location:
    Italy
    4. https://www.tenforums.com/tutorials/113963-turn-off-copy-paste-application-guard-microsoft-edge.html

    Check if it works for you using an OS higher than Home.
     
  9. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,584
    Location:
    Canada
    I'm both too lazy and can't be bothered to try. I'm sure it works, but I don't want to disable copy/paste, because i use it fairly often, although mostly in Linux, and the methods discussed above should be most suitable and secure.
     
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    7,154
    Location:
    USA
    Yeah, disabling copy/paste is more extreme than I want to go.
     
  11. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,392
    Location:
    the Netherlands
    Confirmed.

    Clipboard.png

    I always have that about:config dom.event.clipboardevents.enabled preference set as false.
    I see it's also metioned in comments, by Mr. Chip,
    "In firefox's about:config section you can disable dom.event.clipboardevents.enabled to avoid this nasty problem."
    https://www.wizer-training.com/blog/copy-paste
     
  12. nicolaasjan

    nicolaasjan Registered Member

    Joined:
    Sep 23, 2018
    Posts:
    487
    Location:
    The Netherlands
    PoC didn't work here. :)
    'dom.event.clipboardevents.enabled' is already set to 'false'.

    In Linux, I usually paste selected text by middle-clicking in editor or terminal and then the PoC didn't work when 'dom.event.clipboardevents.enabled' set to 'true'. :)

    The original source of all this: http://thejh.net/misc/website-terminal-copy-paste (2013).
     
  13. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,567
    Location:
    Philippines
    I have the Copy PlainText add-on install with Firefox. Select "sudo apt update", right-click, select Copy PlainText from the context menu, 'udo apt update' goes to the clipboard.

    I set "dom.event.clipboardevents.enabled" to false, it works, "sudo apt update" went to the clipboard. I will be adding this to my user.js file.
     
  14. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,584
    Location:
    Canada
    Another test using the same test command from here:

    https://www.wizer-training.com/blog/copy-paste

    I used latest Edge-beta in Linux MX-21 to copy the test command and paste it into Konsole terminal. The first screen shot is all that happened; the malicious code pasted, but it did not execute automatically. Only after I manually hit the <Enter> key did the malicious code run, as seen in the second screen shot.

    test script01.png test script02.png
     
  15. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    504
    Location:
    Austria
    Or using a clipboard manager which captures the clips as plain text would do the same. Right?
    This seems to me more comfortable as I do not have to use every time an intermediate text editor like Notepad.

    It obviously has a similar function like an appropriate add-on:
     
    Last edited: Jan 4, 2022
  16. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,584
    Location:
    Canada
    Right, which I listed as #2
     
  17. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    7,154
    Location:
    USA
    Maybe. Depends on what that plain text is that goes to the clipboard. JavaScript code is plain text. A Carriage Return is plain text. If the plain text amounts to what you see then sure. If it still picks up code then no.
     
  18. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    3,592
    i always do it @xxJackxx 's way. first paste it to notepad and then copy again.:thumb:
     
  19. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    504
    Location:
    Austria
    Thanks, @wat0114 and @xxJackxx.

    I have one more, perhaps silly but basic question:

    The dangers described in this thread respectively in the linked articles exist when "copying-pasting commands from web pages into a console or terminal" (article of posting #1). And corresponding in the other article (posting #2): "This is why you should NEVER copy paste commands directly into your terminal."

    That means the copying-pasting of a "normal" text (e.g. a sentence from an online newspaper or a forum) - typically to save it in a .doc-file for future reading - does not belong to this dangerous category and can be done without the discussed safety precautions? Is this correct?
     
  20. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,584
    Location:
    Canada
    I guess there are two answers to this.

    1. You can't really know if what you are copying, even if it's from an online news article, is actually harmless text or malicious code.

    2. If you paste into a word or text document and save it as such with .doc or .txt extension for example, I think it is safe.

    That's how I understand it but I could be missing something.
     
  21. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,567
    Location:
    Philippines
    I think a lot depends on were you are getting the copy from. For example a forum code block. Seems that sould be fairly safe. That said I generally never copy and paste anything from a web page directly in to a terminal, especially as root.
     
  22. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,404
  23. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    7,154
    Location:
    USA
    If it is just text it should be fine. Word is capable of running malicious code but I haven't previously looked into whether or not this can happen from pasting the clipboard contents into it. Notepad or a similar text editor would be a safer bet until you see the actual content.
     
  24. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    504
    Location:
    Austria
  25. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,584
    Location:
    Canada
    No problem, although I admit this is a threat I never took notice of before. Many, many times I copy/pasted commands into Linux terminal with no consequence. Based on some experimentation, the threat actually seems a bit blown out of context - what else is new with these types of articles. No auto-execute of the script in my case at least, and I did nothing to change the behavior of the terminal.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.