Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox add-on, lets surfers tweak sites.


  • Please log in to reply
3 replies to this topic

#1 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:07:30 PM

Posted 02 April 2005 - 03:31 PM

That's one cautionary note making the rounds along with a popular new extension for Firefox that lets people customize Web pages they visit without the knowledge or cooperation of Web publishers. The extension, dubbed Greasemonkey, lets people run what's known as a "user script," which alters a Web page as the page is downloaded. By Paul Festa, CNET News.com Published on ZDNet News: March 23, 2005, 1:50 PM PT That capability has gained the extension an avid following of Web surfers who want to customize the sites they visit, removing design glitches and stripping sites of ads. But the extension comes with substantial security risks and could stir trouble among site owners who object to individual, custom redesigns of their pages.
Posted Image

BC AdBot (Login to Remove)

 


#2 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:30 PM

Posted 02 April 2005 - 03:44 PM

Although this add-on is growing in popularity it seems to have a serious security issue.

This paper may be above some of the user level here,but it's good to know
that this script can be potentionally dangerous.
Have a look here:
http://pb.specialised.info/all/articles/monkey.txt

"All I can say is that just like any other software, you should think a tiny bit before
installing a user script... Make sure the author is someone you trust, or
at least in a social network you trust."

Aaron Boodman (author of Greasemonkey)


rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#3 ColdinCbus

ColdinCbus

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 02 April 2005 - 05:54 PM

I am not too sure it is really a security issue with Greasemonkey. The security issue is with what plug-ins you install into Greasemonkey. Ummmmmmm - guys, if I remember correctly, that is a security issue with any plug-in you install on any browser.

#4 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:30 PM

Posted 02 April 2005 - 11:00 PM

Yes sir you are correct in that the flaw is not GreaseMonkey itself,but in its ability to run potentially harmful scripts. I can see where that could cause some confusion.Thanks.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users