mrlachatte: (Default)
mrlachatte ([personal profile] mrlachatte) wrote2005-07-20 01:35 am
  • Add Memory
  • Share This Entry
  • Current Mood: grumpy
  • Current Music: Halo - The Maw
Entry tags:

Boo

There goes my great discovery of greasemonkeyed.  This message makes it clear that GreaseMonkey is a huge security risk as of this moment (as does [livejournal.com profile] atrustheotaku's post) and I've disabled GM until further notice, or at least until 0.3.5 becomes compatible with Deer Park.
Flat | Top-Level Comments Only
(deleted comment)

[identity profile] mrlachatte.livejournal.com 2005-07-19 09:46 pm (UTC)(link)
If you don't have the neutered version, a website with appropriately malicious Javascript that matches any Greasemonkey script (even *) can retrieve any file on your hard drive and send it anywhere on the internet.

[identity profile] wardrich.livejournal.com 2005-07-19 09:51 pm (UTC)(link)
wow! That's sort of weird. I thought greasemonkey was only one-way and that the sites wouldn't know you had it on. That's some CRAZY security hole, though. Could the sites that took advantage of this hole be in trouble for invasion of privacy?
Flat | Top-Level Comments Only