Results 1 to 14 of 14

Thread: WARNING: Eleganza Site Suspicious Scripting

  1. #1

    Angry WARNING: Eleganza Site Suspicious Scripting

    Warning:

    I've upgraded to the new version of Internet Explorer (which I admit is a Beta).

    However, when I try to access the Eleganza Site, it tells me that the site is trying to access my clipboard.

    The full text is :
    ------

    Do you want to allow this webpage to access your Clipboard?

    If you allow this, the web page can access the Clipboard and read information that you've cut or copied recently?

    Allow access Don't Allow
    ------

    Now, I'm not a novice when it comes to HTML. But I will admit that I am a novice to JavaScript scripts.

    The HTML page seems to be encoding two JavaScript scripts in the <HEAD><SCRIPT> area.

    If you don't believe me, do a View->Page Source using FireFox and look at the source yourself.

    The scripts seem to get called when certain images get the mouseOver or mouseOut events. For instance, on the webpage, the main image sets the window status to different values.

    I wish I could read the script to tell you whether what it is doing is malicious or not. I can't. I just want to let you know to be careful. Items on your clipboard *MAY* be being compromised.

    I have not gotten this warning from ANY other site that I have visited using the new Internet Explorer. This could be caused because the browser I am using is Beta and malfunctioning. On the other hand, it could be caused by the new higher security that they are supposedly putting into IE actually working. Who knows.

    For your info,

    Malted Milk

  2. #2
    John,

    I've dealt with you in the past and found you to be very reputable. Since I cannot read the script myself, I have no recourse but to trust you.

    I'm assuming that the scripts are trying to keep the user from copying data to the *CLIPBOARD*, that is where the data goes when it is cut or copied.

    I'm guessing that since MSIE7 is supposed to be more secure, it notices the script twiddling with the clipboard and throws a warning.

    That being said, the scripts have absolutely no effect. I can copy text and images at will using Firefox. I just copied a NICE pic of Nadya to the clipboard and brought it up in paint as a test. She's one of my favorites. Tasty!

    Instead of having others have this issue as they begin to migrate to IE7, I would suggest removing the scripts (since they are ineffective) or finding another way of disallowing the right click.

    For instance, this script ....

    </SCRIPT>



    <script language="JavaScript">
    var message="Sorry, right-clicking is disabled.\n";
    function click(e)
    {
    if (document.all)
    {
    if (event.button == 2)
    {
    alert(message);
    return false;
    **
    **
    .... more script stuff here ....
    </script>

    This script doesn't access the clipboard and therefore doesn't cause the problem addressed in my previous message.

    Thank you,

    Malted Milk

  3. #3
    Registered User
    Join Date
    Nov 2004
    Location
    US
    Posts
    931
    Quote Originally Posted by John_eleg
    You can be assured that there is absolutely NOTHING to worry about when accessing our website.
    I believe in what John is saying here.

    I am willing to bet money that there is nothing out of the ordinary concerns (cookie, cache, history, etc.) that anyone would have to worry about when accessing the Eleganza site. Unless John is on a Kamikaze mission to sink Eleganza, doing anything even remotely suspicious would allow his competitiors to start throwing rocks and Eleganza would sink quicker than the Titanic.

    As a side, those scripts to prevent copying text and pics are just minor roadblocks for someone who has just a bit of web technical savvy to work around.
    Last edited by Rex Kramer; 07-06-2006 at 11:59 PM.

  4. #4
    Registered User
    Join Date
    Feb 2005
    Location
    Montreal
    Posts
    839
    Have lot of skill into html, javascript and couple other language used into website... Tested site with AOL explorer, IE 6.0 and netscape and everything is fine.

    I guess its an issue with the beta version of IE... I heard it's not first time they have programmation issue

  5. #5
    1. In Control Panel, click Internet Options.
    2. Click the Security tab.
    3. Under Select a Web content zone to specify its security settings, click the zone where you want to prevent Web sites from accessing your clipboard.
    4. Click Custom Level.
    5. In the Scripting section, under Allow paste operations via script, click Prompt or Disable.
    6. Click OK.

    ... alternatively, abandon civilization and head for the mountains.
    Last edited by Rouen; 07-07-2006 at 08:51 AM.

  6. #6
    Quote Originally Posted by oliver kloseoff
    john
    anything i see
    i can copy-
    -there is a way most people dont know of
    oliver
    Oliver, are you going to the temp section of your computer and saving the pic's or just drawing them freestyle with pen and paper

    (im assuming pen and paper unless your still in the pencil and eraser mode )

  7. #7

    Eleganza and IE7beta2

    Quote Originally Posted by MaltedMilk
    Warning:

    I've upgraded to the new version of Internet Explorer (which I admit is a Beta).

    However, when I try to access the Eleganza Site, it tells me that the site is trying to access my clipboard.
    Yeah, this will be the least of your problems viewing the Eleganza site with IE7. I can't believe MS can't make their new browsers backward compatible. The Eleganza site seems to use the 'frames' style of pages. These won't display correctly in IE7. When you click on a picture in the left scrolling frame, the complete info page on the girl trys to display in that same slender frame on the left rather than the main, center frame. If you click on the schedule link at the top, it tries to display it in the top frame only.

    I have it open in a new tab, and then click on the girls name in the sched and it seems to work that way. BTW, have you noticed the Eleganza site also disables the cut/paste ^C/^V functionality of your whole desktop while it is being accessed in IE? I hate that.

  8. #8
    Selective hobbyist
    Join Date
    Apr 2004
    Location
    Montreal
    Posts
    228
    There are many utilities allowing you to capture screens or part of the screen. I find the browser protection scheme rather annoying because the real people you want to protect yourself from will know about these utilities.

    I can confirm that as of a few minutes there is at least one utility that allows you to cut and paste Eleganza's lovelies. Since I respect John's work I won't post where to find it (no PM please). Watermaking seems to me a better way because it can be done in such a way Paintshop would have a hard time fixing it

    A27

  9. #9
    Quote Originally Posted by oliver kloseoff
    breadman
    trust me
    anything i see
    even if its disabled
    i can capture and use it
    to protect the privacy of the girl and owners i would publically post this!
    but you know me
    when i say something
    you can take it to the bank
    oliver
    Nothing new or terribly secret about "screen captures" either...

    KTP

  10. #10
    Registered User
    Join Date
    Dec 2003
    Location
    NYC
    Posts
    178
    Believe John. Am able to copy the pics, but why would I want to keep them. Would rcall John rather call john and meet the pics in person. Have utilized john's agency many times and have nothing but praise and thanks.
    There is nothing that is pulled from my browser and would be surprised if it happened.
    Guys, stop reading this thread and review the girls. Much better use of your time and $$$.

  11. #11

    Unhappy Be Careful

    Just a quick note to clear out your cache after doing any PC banking or any sort of activity with sensitive information.

    I've got some software installed on my PC that alerts me to when surreptitious activity happens and was surprised to see some bot on the Eleganza site trying to obtain the contents of my clipboard [I've got a screen capture to proove it].

    IF I'd been doing PC banking and had cut and paste my password or a credit card number, AND if I'd not cleared my cache or closed out of that session, the password or credit card number would have been available to this bot.

    You cannot exert enough care in these days of identity theft.

    Hopefully the owner of Eleganza will speak to his web designer and disable this feature.

    D

  12. #12
    Registered User
    Join Date
    Nov 2004
    Location
    US
    Posts
    931
    Quote Originally Posted by Damien666
    Hopefully the owner of Eleganza will speak to his web designer and disable this feature.

    D
    Damien666,

    This has been discussed before in the other thread. If after doing more research, you find this to be a real problem, please provide us with more details and we all will appreciate your efforts. If on the other hand, you find this not to be a real problem, you may just want to delete this thread as it may be read as an accusation of impropriety without any proof.
    Last edited by Rex Kramer; 08-18-2006 at 08:09 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •