Not even copy-paste is safe.

… No, seriously. This is pretty bad: it’s basically using some cheap tricks to get to you to copy one thing (text or a URL) and paste another. Like you know how you get those emails with a URL that says something like “if you don’t trust this link, copy-paste this URL into your browser!”? Yeah, well. That‘s no longer safe, either. Or, worse, for anyone who’s copy-pasted command line, erm, commands? Like, for example, every sysadmin in every company ever? How closely do you check that what you’re pasting is what you’re copying?1

Yeah. Thought not.

  1. It’s actually potentially worse than that, too, because depending on your CLI, you can wind up “auto-submitting” your pasted command if you happened to also copy the return character. Or, yanno. Someone slotted one in there for you. This is actually a pretty good vector, now that I’m thinking about it. sudo tar -h; sudo rm -r /; -xvf, indeed. ^
2016-09-20T18:50:12+00:00 22nd September, 2016|Tags: infosec|Comments Off on Pastejacking.