Exploiting Copy/Paste (and eschatology: gold)

If you like copy / pasting stuff off web pages into your command line, consider pasting into a text editor first. It turns out you can do some clever HTML wrangling to replace the text your browser copies with arbitrary code… so you copy one thing, and paste something entirely different and unexpected.

Eschatology: Why’d the gold price drop? Someone decided they wanted it to, and put $1 billion where their mouth was. http://news.sharpspixley.com/article/ross-norman-gold-crushed-by-400-tonnes-or-usd20-billion-of-selling-on-comex/159239/

http://thejh.net/misc/website-terminal-copy-paste

“You surely know this: You’re looking at some website with some useful shell commands. However, those commands are long as hell and you know you’re probably not gonna need them for a few years or so (so there’s no need to memorize them). So, what do you do? You copy-paste them. Here’s an example:

git clone /dev/null; clear; echo -n “Hello “;whoami|tr -d ‘\n’;echo -e ‘!\nThat was a bad idea. Don'”‘”‘t copy code from websites you don'”‘”‘t trust! Here'”‘”‘s the first line of your /etc/passwd: ‘;head -n1 /etc/passwd git clone git://git.kernel.org/pub/scm/utils/kup/kup.git

Try running this command in your terminal. It’s supposed to be harmless, right? It is harmless, yes, but what happens still isn’t what you’d expect and demonstrates the dangers in doing stuff like that. Mark it with your mouse, copy it somehow (e.g. using CTRL+C) and paste it into a terminal. What happens?”

Advertisements
%d bloggers like this: