[Greasemonkey] Public Announcement, please.

John Plsek gm at plsek.id.au
Tue Jul 19 23:22:36 EDT 2005


Ben Hyde wrote:

> Can a public announcement be pulled together and placed somewhere?   
> Better that the bloggers[1],
> like me [2], point to something standard, correct, and most 
> importantly that can be updated rather over time.
> Otherwise we are stuck pointing to random emails from this list.  - ben
>
> ps. My sympathy, this too shall pass.
>
> [1] http://technorati.com/tag/Grease%20Monkey
> [2] http://gibbon.cozy.org
>
> ----
> http://enthusiasm.cozy.org    tel:+1-781-240-2221
>  I forecast sunny weather!
>
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>
>
Boy, storm in a tea cup or what!!! I don't see any specifics. For 
instance, should I worry that my "show ebay negs" script may be 
exploited by the evil minions at ebay, redisigning the feedback page to 
take advantage of this exploit?

Granted, it's a big security "whoops", but I'm not uninstalling the best 
extension I've ever seen (or installing the nobbled version). I'd rather 
keep doing what I've always done. SAFE SURFING.

As soon as I heard about the exploit ... out went any script with a 
global include, and I tightened any potential loopholes in my remaining 
scripts:
for instance, the show ebay negs script matches http://feedback.ebay* 
... which means http://feedback.ebay.malicious-site.com/  matches as 
well, I simply changed it to http://feedback.ebay.com.au/* as I only 
ever seriously deal on ebay australia

Internet security is only as strong as its weakest link. Unfortunately, 
for the majority of internet users, that weak link is not the hardware 
or software, but rather, the wetware that causes most of the problems.

John


More information about the Greasemonkey mailing list