Bypassing the paste restriction on the browser

Banking sites and Mac OS Keychain makes you intentionally type in your credentials. These can be usually bypassed with help of browser specific extensions using Password Managers like 1Password or LastPass. Its also important to note that have their own downsides aka bugs.

Being a developer using a keyboard for hours every day since 10+ years, being productive will become a mandatory requirement for me personally. By unblocking websites and Mac from restricting me to use the bypassed paste, I feel invincible on the keyboard. Although you need to think through of other security implications of using the clipboard to store sensitive data.

The advantages for me were

  1. Bypassing the paste restrictions
  2. Pasting text from the browser without styles into existing notes / cheatsheets.

The paste has been both an important and tough to bypass. The bank websites stop you to use the Paste option in all possible ways with the help of Javascript and they do not work without Javascript (which is sad)

Old Solution

I used an Alfred Workflow called Type to achieve that till it became unusable when I upgraded to Sierra (10.12). The workflow has become buggy, I think its part of the OS itself or something I did not spend time figuring out.

New Solution

While struggling with this problem for about a week and avoiding to type where ever possible, I came across “HammerSpoon”, a desktop automation tool . A desktop automation tools helps you script/automate tasks. Its written in Lua.

What can HammerSpoon do?

You can write Lua code that interacts with OS X APIs for applications, windows, mouse pointers, filesystem objects, audio devices, batteries, screens, low-level keyboard/mouse events, clipboards, location services, wifi, and more.

It is simple to script out what you need with the help of the exhaustive documentation

Find the script for Paste bypass

Here is my current configuration. I can now right click with my keyboard or even scroll without going to the arrow keys on the browser.

Disabling Java Plugin on your Browsers

Java is one of the most famous programming language. A plugin is an addon so that you can use the power one software from another. Well if they share functionality, they might as well share security issues.

This is the first post on Security. If you haven’t heard about a security breach or a botnet or a website or computer hacked, its time to know.

A website being hacked means extracting data illegally which could have been possible because of a bad configuration or the software not begin up to date.

A computer being hacked means an illegal user (who is supposed to be not be there) gained access to your computer and stealing information. ( You don’t want a stranger roaming in the house eating eggs from your refrigerator and using your money from your wallet). This usually happens via the browser or a local network or having physical access to the computer.

Configuring a browser

Coming back to configurations. There is a lot to configure in your browser where you might be reading this post. A browser has plugins and extensions. Java and Flash Plugins, Firefox and Chrome Extensions are the usual ones a normal user uses. The plugins have the ability to read / write to any where in your computer. Since the plugins run in the browser, the API they provide to the developers contain abstractions. Though some times the code has bugs. Researchers find bugs and report them in order to avoid exploitation of bugs before a bad guy finds them and uses them.

Don’t use if you don’t need it.

Its best if you disable the feature if you are not using it (assuming the software respects the configuration correctly). A Recent Java Bug for reference.

My personal experience is that I use the internet for at-least 10 hours a day and its hard to come across sites that use Java applets or SilverLight. Flash is a common one, but one can find the downward trend and because of the HTML5 standardisation. Also, it depends on the sites being browsed since if someone distributes illegal data, its possible that they are trying to get more from people who are accessing the sites.

A Botnet

By the way, a botnet is a network of such hacked computers working together to accomplish a task. Think what you can do if you have access to hundreds of machines across the world ?