Habka ugu fudud ee lagu heli karo qoraal kasta iyo sawir kasta oo ka socda mareegaha waa in la doorto, koobiyeeyo adiga oo isticmaalaya CTRL+C ka dibna ku dheji adigoo isticmaalaya CTRL+V . Maxaa dhacaya haddii walxaha la dhejiyay aysan ahayn waxaad ka soo guurisay mareegaha? Hubaal inaad koobi-koobi doonto markale, natiijaduna waxay noqon kartaa isku mid. Waa khatar, waana ka hadli doonaa sababta.

Tusaalaha degdega ah waa in aad koobi ka sameyso amarka mareegaha oo aad ku dhejiso console-ka. Waxay soo baxday in amarka la bedelay, oo tani waxay dhaawacaysaa xogtaada. Ma wax baa ka qaldan habka aad u koobiyayso dhejiska? Mise waa wax xaasidnimo ah? Maqaalkani waxa uu ka hadlayaa waxa uu yahay Pastejacking - farshaxanka beddelka waxa aad ka koobiyayso bogagga shabakadda.

Waa maxay Pastejacking

Ku dhawaad ​​dhammaan daalacayaashu waxay u ogolaadaan shabakadaha inay ku shaqeeyaan amarrada kombuyuutarrada isticmaalaha. Habkani wuxuu u oggolaan karaa shabakadaha xaasidnimada leh inay la wareegaan sabuuradda kombayutaradaada. Taasi waa, markaad shay koobiyayso oo aad ku dhejiso sanduuqaaga, shabakadu waxay ku socon kartaa hal ama in ka badan amarrada adoo isticmaalaya browserkaaga. Habka waxa loo isticmaali karaa in lagu beddelo waxa ku jira Kiliboodhka . Iyadoo laga yaabo inaysan khatar badan lahayn haddii aad kaliya ku koobiynayso Notepad^(Notepad) ama Word iwm, waxay dhibaato ku noqon kartaa kombiyuutarkaaga haddii aad si toos ah wax ugu dhejiso Command Prompt^{(Command Prompt)} .

Websaydhyadu waxay maamulaan amarka (yada) marka wax gaar ah uu sameeyo isticmaaluhu - sida marka la riixayo fure gaar ah ama gujinaya midigta jiirka. Markaad ku CTRL+C kumbuyuutarkaaga, waxay kicinaysaa habka amarka bogga. Sugitaan yar ka dib, dheh 800 ms, waxay ku dhejisaa shay xaasidnimo ah sabuuraddaada. Sugiddu waa inay kuu ogolaato inaad isticmaasho CTRL+V ku dhejiso qoraalkii asalka ahaa ee aad koobiyaysay. Mareegaha qaar ayaa laga yaabaa inay la socdaan CTRL+V oo ay u isticmaalaan inay kiciyaan amar beddela waxa ku jira sabuuradaha.

Waxay kaloo la socon karaan dhaqdhaqaaqa jiirka. Haddii aadan isticmaalin kiiboodhka laakiin taa beddelkeeda, isticmaal menu-ka macnaha guud si aad u koobiyeyso, ka dibna sidoo kale waxay kicin karaan amarro lagu beddelayo waxa ku jira sabuuradda.

Marka la soo koobo, Pastejacking waa hab ay mareegaha xaasidnimada leh u adeegsadaan inay gacanta ku dhigaan sanduuqa kombayutaradaada oo ay u beddelaan waxa ku jira wax dhibaato ah adiga oo aan ogayn.^{(In short, Pastejacking is a method that malicious websites employ to take control of your computers’ clipboard and change its content to something harmful without your knowledge.)}

Waa maxay sababta Pastejacking ay waxyeelo u tahay

Ka soo qaad^(Suppose) inaad koobi ka soo dhejinayso bogga internetka Microsoft Word . Marka aad riixdo CTRL+C ama CTRL+V , website-ku wuxuu dhigayaa amarro yar oo kilibboodhka kaaga ah kuwaas oo abuuri kara oo fulin kara macros waxyeello leh.

Waxaa ka sii daran marka aad si toos ah ugu dhejinayso nuxurka konsole sida PowerShell ama daaqadda Command Prompt . Isticmaalayaasha Mac^(Mac) waxay leeyihiin xoogaa ammaan ah haddii ay isticmaalayaan iTerm . Waa ku dayasho u saamaxaysa isticmaaleyaasha Mac inay beddelaan console-ka caadiga ah. Marka la isticmaalayo iTerm, waxay waydiisaa isticmaalayaasha haddii ay runtii rabaan inay dhejiyaan wax ka kooban dabeecad "cusub". Isticmaalayaasha ayaa markaa dooran kara "Haa" ama "Maya" iyadoo ku xiran waxa ay sameynayaan.

Dabeecadda Newline^{(Newline character)} dhab ahaantii waa kala badh furaha Gelida^(Enter) . Furaha Gelida^(Enter) waxa lagu sawiray, guud ahaan fallaadho u muuqata in ay ka soo bilaabmayso laynka sare ilaa xariiqda hoose ka dibna bidix. Furaha Gelida^(Enter) waa isku darka Khadka Cusub^(Newline) (u beddel xariiqda xigta) iyo Soo^(Return) noqod (akhri "ku soo noqoshada booska bidix ee x,0" sida ku qoran makiinada wax lagu qoro) Markaad riixdo furaha Gelida^(Enter) , amar kasta oo ku yaal khadka console waa la fuliyay. Waxay ku xiran tahay konsole si aad u weydiiso xaqiijin.

Dakhliga amarka Windows ma waydiiyo xaqiijin haddii ay dhacdo amarrada intooda badan. Waxay ku weydiinaysaa xaqiijin kaliya haddii aad isticmaasho amarka DEL ama FORMAT . Amarrada sida RENAME iwm., ma waydiin doonto xaqiijin. Wax badan uma aan isticmaalin Powershell sidaa darteed ma garanayo sida amarrada halkaas looga aqbalo.

Si kastaba ha ahaatee, haddii website-ku amar ku bixiyo sabuuraddaada oo leh furaha Gelida ( ^(Enter)/n/r halka / n ay tahay khad cusub iyo / r waa soo celinta gaadiidka), console-ka ama codsi kasta oo barnaamij ah ayaa si toos ah u maamula amarka (-yada). Haddii amarradani yihiin kuwo waxyeello leh, waxay ku abuuri karaan burbur mashiinkaaga iyo shabakadaada.

Akhri: Sawirka Farta Gaadiidka ee Mareegta^{(Website Traffic Fingerprinting)} .

Sida looga fogaado Pastejacking

Haddii aad tahay OS X , waxaad u isticmaali kartaa iTerm emulator-ka badbaadada. Way ku soo dajin doontaa haddii ay dhacdo tuuganimo oo ku lifaaqan Geli^(Enter) jilayaasha.

Isticmaalayaasha Windows^(Windows) waxay u baahan yihiin inay hubiyaan waxa lagu dhejiyay sanduuqa kombuyuutarkaaga. Si tan loo sameeyo, marka hore, ku dheji waxa ku jira Notepad . Waxa ay ku dhejisaa kilib-boodhka qoraal ahaan oo kaliya waxayna kuu ogolaanaysaa inaad aragto waxa ku jira sabuuradda. Haddi aad aragto waxa aad koobiyaysay, hore u soco oo ku dheji meel kasta oo aad rabto. Waxay la macno tahay tallaabo dheeraad ah laakiin way ka wanaagsan tahay in la jaad qaado^{(Pastejacked)} . Xasuusnoow^(Remember) isticmaalka Word si aad u hubiso kilibboodhka ayaa laga yaabaa inay khatar tahay maadaama ay sidoo kale tahay barnaamij la isticmaalayo macros iwm.

Xasuusnoow^(Remember) isticmaalka Word si aad u hubiso kilibboodhka ayaa laga yaabaa inay khatar tahay maadaama ay sidoo kale tahay barnaamij la isticmaalayo makros iwm ^(Notepad)Dabcan, ma arki doontid qaabka, xarfaha, iyo qaababka, iwm. marka waxa ku jira lagu dhejiyo qoraal cad.

Sawirada, in kastoo aanan hubin, waxaan u maleynayaa in midig-gujiska iyo xulashada " Save As... " ay ka fiican tahay isticmaalka amarka " Koobi^(Copy) ".

Sidoo kale akhri: ^{(Also read:)} Xatooyada Xogta Clipboard - Badbaadada adag ee Internet Explorer .

What is Pastejacking? Why you shouldn't copy paste from web?

The easieѕt method to obtain any text and images from a website is to select іt, сopy it using CTRL+C keys and then paste it using CTRL+V. Whаt if the pаstеd materiаl is not what you copied from the website? Surelу you’ll copy-paste again, and thе results might be the same.  Іt’s rіѕkу, and we’ll talk why.

A quick example is that you copy a command from a website and paste it on the console. It turns out the command was changed, and this damages your data. Is it something wrong with the way you copy paste? Or is it something malicious? This article talks about what is Pastejacking – the art of changing what you copy from web pages.

What is Pastejacking

Nearly all browsers allow websites to run commands on the users’ computers. This feature can allow malicious websites to take over your computers’ clipboard. That is, when you copy something and paste it to your clipboard, the website can run one or more commands using your browser. The method can be used to change the Clipboard contents. While it may not be much dangerous if you are just copying to Notepad or Word etc. , it could be a problem for your computer if you paste something directly to the Command Prompt.

Websites run command(s) when anything specific is done by the user – like when pressing a specific key or right-clicking the mouse. When you press CTRL+C on your keyboard, it triggers the website command mode. After a small wait, say 800 ms, it pastes something malicious to your clipboard. The wait is to let you use CTRL+V paste the original text that you copied. Some websites may track CTRL+V and use it to trigger a command that changes the clipboard contents.

They can also track mouse movements. If you do not use the keyboard but instead, use the context menu to copy, then too they can trigger commands to replace your clipboard contents.

In short, Pastejacking is a method that malicious websites employ to take control of your computers’ clipboard and change its content to something harmful without your knowledge.

Why is Pastejacking harmful

Suppose you are copy pasting from a website to Microsoft Word. When you press CTRL+C or CTRL+V, the website places few commands on your clipboard that can create and execute harmful macros.

Worse is when you are pasting content directly to a console like PowerShell or Command Prompt window. Mac users have some security if they are using iTerm. It is an emulation that allows Mac users to replace the default console. When using iTerm, it asks the users if they really wish to paste something containing “newline” character. Users can then select “Yes” or “No” depending on what they are doing.

The Newline character is actually half the Enter key. The Enter key is depicted, generally by an arrow that seems to be originating fro an upper line to lower line and then to left. The Enter key is a combination of Newline (change to next line) and Return (read “carriage return to leftmost position x,0” as in typewriters) character. When you press the Enter key, any command on that console line is executed. It is dependent upon the console to ask for confirmation.

The Windows command prompt does not ask for confirmation in case of most commands. It asks confirmation only in case you use a DEL or FORMAT command. For commands like RENAME etc., it will not ask for confirmation. I haven’t used Powershell much so I don’t know how the commands are accepted there.

In any case, if the website places commands on your clipboard with the Enter key (/n/r where /n is newline and /r is carriage return), the console or any programmable application directly runs the command(s). If these commands are harmful, they can create havoc on your machine and network.

Read: Website Traffic Fingerprinting.

How to avoid Pastejacking

If you are an OS X, you can use the iTerm emulator for safety. It will prompt you in case pastejacking happens with already appended Enter set of characters.

Windows users need to check what is placed into your computers’ clipboard. To do this, first, paste the contents into the Notepad. It pastes clipboard as text only and lets you see what is there in the clipboard. If you see what you copied, you can go ahead and paste it wherever you want. It means an additional step but is better than getting Pastejacked. Remember that using Word to check clipboard may be dangerous as it too is programmable using macros etc.

Remember that using Word to check clipboard may be dangerous as it too is programmable using macros etc. Notepad is not programmable and hence is safe to check the contents of the clipboard. Of course, you will not see the format, fonts, and styles, etc. as the contents are pasted as plain text.

For images, though I am not sure, I think right-clicking and selecting “Save As…” is better than using the “Copy” command.

Also read: Clipboard Data Theft – Harden security setting in Internet Explorer.

Related posts

• Sida loo hubiyo in xiriirku uu badbaado yahay ama aan la isticmaalin biraawsarkaaga

• Soo ogow in akoonkaaga onlaynka ah la jabsaday & iimaylka & faahfaahinta sirta ah oo la daatay

• Talooyin Badbaadada onlaynka ah ee Carruurta, Ardayda iyo Dhallinyarada

• Maqaalka Amniga Internetka iyo talooyinka isticmaalayaasha Windows

• Ka ilaali carruurtaada waxyaabaha ay ku jiraan dadka waaweyn addoo isticmaalaya Browsing Nadiif ah

• Aalad Online ah oo Tifaftirayaasha PDF ah oo bilaash ah si aad u saxdo faylasha PDF - PDF Haa

• Soosaaraha Magaca beenta ah ee bilaashka ah si loo dhaliyo Aqoonsi Been abuur ah

• Weerarada Cyber ​​- Qeexid, Noocyada, Ka Hortagga

• Koorsooyinka Tababarka tooska ah ee Bilaashka ah ee ugu Fiican si aad Taam u ahaato inta aad guriga joogto

• Barnaamijyada Sahanka Tooska ah ee bilaashka ah iyo Form Builder ee ugu fiican

• PayPal Login: Talooyin si aad si ammaan ah isugu diiwaan geliso oo aad si ammaan ah u gasho

• Fix Online galitaanka hadda lama heli karo - Cilada asalka ah ee Windows PC

• Sida Loo Helo Sawiro La Mid Ah Online Adigoo Adeegsanaya Raadinta Sawirka

• Sawir-qaadayaasha URL-yada si ay u baadhiyaan mareegaha internetka ee malware, fayraska, phishing, iwm

• Aaladaha Shirarka Fiidiyowga ee khadka tooska ah ee bilaashka ah ee ugu fiican AAN IS DIIWAAN GELIN

• 5-ta ugu Fiican ee ku darida Qarsoonnimada Firefox ee Badbaadada Intarneedka

• Adeegyada Kobcinta Khadka Tooska ah ee Ku-saleysan ee Bilaashka ah ee ugu Fiican

• Sida loogu raadiyo Templates Online gudaha Microsoft Word

• Aaladaha Intarneedka ee Tifaftiraha PDF ee Bilaashka ah ee ugu Wanaagsan ee ku saleysan Daruuraha

• Ka fogow bangiyada internetka iyo khiyaamada kale ee internetka - Talooyin Badbaadada ee isticmaalayaasha PC