Ever copy-pasted from the internet? All the time? Me too. Let’s stop.
Problem
We have all been there. You search for a restaurant’s address, stumble upon a highly shareable quote, find one line of code that replaces two of yours. It’s just what you needed. You feel joy and gratitude for the world wide web.
Now what? Are you going to transcribe what you found character by character and re-type it all out from scratch where you need it?
Naaah. Larry Tesler invented a perfect solution for this: copy-pasting!
The legal and ethical problems with just “borrowing” information from somewhere and taking credit for it seem overall widely documented and understood.
A less well-known issue is that sometimes your human eyes see something being copied while your computer is doing something different under the hood.
And when what you snatch from the web is code things can get ugly fast.
Also known as “clipboard poisoning”, pastejacking occurs when you think you grab something innocent from a website and underneath something else is copied. By the time youcommand+v , bad stuff gets pasted instead.
An example
Here’s a demo created by Dylan Ayrey.
Feel free to test this yourself via https://security.love/Pastejacking/
Solution(ish)
You might be thinking, “sure sure… I am smart though. I will notice that what I paste is different from what I thought I copied.”
Well, if a hacker knows what they are doing, their malicious commands can be invisible even in your terminal. Also, hidden code can be written to run itself . What’s worst, clipboards can be hijacked without you even manually doing acommand+c to begin with.
Experts recommend:
- Copy-paste abstinence
- Caution when copy-pasting, only do it from sites you trust
- Disabling JavaScript on your browser
- Pasting to a GUI text editor before making your way to the terminal
Good luck.
