[clug] unusual password retention in browser

Eyal Lebedinsky eyal at eyal.emu.id.au
Fri Aug 14 05:35:31 UTC 2015

On 14/08/15 15:15, Paul Harvey wrote:
> Is it possible one is from the middle-click/selection buffer and the
> other from the clipboard? I.e. is it possible you middle-clicked as
> well as ctrl+v (or equivalent)

I only used copy (with mouse) and paste (middle button). I did copy some stuff
after the password yet the password showed up later...

> Having written some javascript to do clipboard manipulation about 5
> years ago, I know first-hand how hard it is to deliberately access the
> OS clipboard from the browser (requires the help of a java applet,
> flash, sliverlight & friends) - standard browser JS DOM simply does
> not allow any interaction with the clipboard, read or write.

I see, though I expected the financial institution as well as firefox and vi
to know this and do this securely.

It is disappointing for me to discover that my password keeps floating about
long after the login was completed. Who cares about the ***** often shown then?


> On 14 August 2015 at 15:07, Brett Worth <brett.worth at gmail.com> wrote:
>> On 14/08/15 14:59, Eyal Lebedinsky wrote:
>>> xxxxxxxxxxxxxxxx        (my password!)
>> Your password may seem secure but I think it's a bit too repetitive.
>> Plus you probably shouldn't have told all of us what it is.
>> :-)
>> Brett
>> --
>>    /) _ _ _/_/ / / /  _ _//
>>   /_)/</= / / (_(_/()/< ///

Eyal Lebedinsky (eyal at eyal.emu.id.au)

More information about the linux mailing list