Hello

Security is critical for clipboard tools because sensitive data is very often stored. I am therefore very surprised that there is ZERO information about this topic on the product page.
Hence the question: What's about the security of ClipboardFusion?

The specific questions:
1. Is it possible to define a custom encryption key for synchronization,
so that neither Binary Fortress nor any third party / hacker with access to the data can read it?

2. Can malware read the RAM of ClipboardFusion?
Here's the background to the question:

• A hacker can easily read the memory of, for example, Word.exe. However, if they try to read the RAM of Norton Antivirus, they are denied access.
• It's perfectly fine that any application can read the *current* clipboard with Ctrl V.
• However, it must not happen that a hacker can access the entire clipboard history, as they would then be able to obtain many or all login information from numerous users in a matter of seconds.

Thanks a lot, kind regards,
Thomas

Hello Jon

Thank you very much for your fast answer!


This unfortunately means that the data stored at BinaryFortress is not secure:
❯ We have to trust that all employees at BinaryFortress are 100% trustworthy at all times
❯ We have to hope that BinaryFortress is never hacked

It would be brilliant — and possibly a unique selling feature in the clipboard manager market — if BinaryFortress could develop encryption that uses a key stored exclusively on the user's computer.

If you now declare: “Yes!, our data is secure!”
Then I ask you that BinaryFortress takes responsibility and pays out 10000 US$ to every customer whose data has been hacked.

BinaryFortress will never do that - because they know that thethis risk is too high.



Yes, that's correct:
> In theory, any application could read the memory of any other application running at the same security level.

I really tried it! and did the following:
❯ Cisco AMP (our Endpoint "Protection") flagged one of my scripts as dangerous (which it was not), and I set myself the goal of getting Cisco AMP to download my "dangerous" script from the Internet and execute it. Since I was able to read the RAM from Cisco AMP, it only took me ~180 minutes to bypass this Endpoint "Protection". It's just a shame.

❯ With Norton, I had NO chance of gaining access to the RAM. (And I was not able to bypass Norton)

BinaryFortress's statement that they do not protect application data in RAM
"because *very skilled* hackers can still gain access" means that even scripting kiddies with minimal expertise can read the data of BinaryFortress customers.

Therefore, your response and "explanation" is very disappointing.
❯ There are software providers who explain that usernames and passwords are being hacked. Therefore, they no longer offer any protection . Other providers are looking for solutions to still achieve the goal of protecting customers. Of course, enhanced security measures such as MFA (Multi-Factor Authentication) are not a perfect safeguard, but they make it very difficult for hackers to succeed. And scripting kiddies have no chance.

I would have expected you to explain:
"That's right, in this day and age where hackers are making billions in profits, these aspects are central to security and we will implement them, the aim is to have the solution by mid-2025."

… or something like this

Thanks a lot, kind regards,
Thomas