Cut Copy Paste has always been an important part of our digital life. Developers, as well as regular users, can't...
live without it. Regular users use it routinely to copy and paste information such as passwords and credit card numbers from one form to another. Office employees use it all the time when creating documents. There's no denying our reliance on the Copy and Paste functionality of the clipboard.
As Ray Ozzie said in his blog posting Wiring the Web, "In its simplest form, the clipboard enabled the user to simply grasp the concept of moving a copy of the information from one application to another (i.e. by value)."
When you use the Cut or Copy functions, the information is stored in the computer's memory in the clipboard. That information is later used when you paste it to another area of the same application or a different application. Although you can't see the information, it remains in the computer clipboard until you use the Copy or Cut command again, at which time the information that was previously in the clipboard is overwritten with the latest information that you just copied. Newer Microsoft Office products, including Microsoft Word, allow you to keep more than one item in the clipboard at a time. That information remains there until you clear the clipboard or you restart your computer.
As you can see, it's incredibly easy to capture and steal the data on your clipboard. Now Microsoft is working on Live Clipboard, which lets you copy structured data from one Web site to another or from one Web site to a PC application. Imagine if we could copy and paste credit card information from our online banking site into a shopping cart on Amazon. That would make life a lot easier for us and the hackers. Live Clipboard no doubt is the way to go, but Microsoft also needs to consider the security issues when designing this application.
About the author: Anurag Agarwal, CISSP, works for a leading software solutions provider where he addresses different aspects of application security. You may e-mail him at firstname.lastname@example.org.
Reader Feedback: Share your comments on this article