Comment by ocdtrekkie

Comment by ocdtrekkie 10 months ago

2 replies

View on Hacker News

I've started disabling the Run dialog for non-technical users, but unfortunately a GitHub attack targets users who likely have a real use for it sometimes.

The clipboard strategy feels like it should be easy to block too, most scammers just convince people to type a well-obscured URL into the Run dialog manually over the phone.

chii 10 months ago

> The clipboard strategy feels like it should be easy to block too

yea, the browser should actually have each site ask for permission to modify the clipboard imho.

Reply View 1 reply
  • bradjohnson 10 months ago

    That might add another step but I think it is unlikely to help reduce the number of victims. If someone is willing to bring up the run prompt and paste whatever they have in the clipboard they are also likely to be social engineered into clicking yes on a dialog that tells them to allow clipboard modification.

    Reply View 0 replies