Tag Archives | threats

Greasemonkey Security Issues

Greasemonkey Security Issues?Well, this is one of those security issues that everybody always knew was there – but the community usually did a good job at policing it themselves to where it did not become an issue. It looks like somebody has been creating and uploading Greasemonkey scripts that steal your cookies. Since your cookies store a lot of information about you – you can see this is a kind of big deal here.

Here is the post that got my attention on UserScripts.org:

Someone has been attempting to post scripts that steal cookies. Thanks to several alert us.o citizens (including davey, descriptor, loucypher, joel h, pogue) we have been able to note that the script is malicious and then delete them.

I’m putting up a banner to warn people that newly uploaded/updated scripts should be put under extra scrutiny.

I’ve also decreased the cache duration of rss feeds to 10 minutes, so if you keep an eye on http://userscripts.org/feeds/recent_scripts it will be a lot fresher than normal (it was cached for an hour)

So yes, everybody should be extra careful when downloading scripts like this – even if it is from a trusted source. I am happy to see the UserScripts.org team moved so quickly on this though. That makes me feel a lot better about my continued use of their Firefox extension.

Greasemonkey Help Need Help? Be sure to check out the Beginner’s Guide to Greasemonkey!

Firefox 3.0 May Block Suspicious Sites

StopWill Firefox start telling you where you can or can not go? Where are my freedoms?! I can already smell some of the outrage that might be building over Firefox 3 blocking Web sites that try to install back stuff onto your computer. Personally I think it is a good thing after reading through this article from Computer World.

Here is the most interesting sample from the article in question.

“Similar to how Firefox 2 blocks Web sites that are potentially going to try to steal your personal information, Firefox 3 will block Web sites that we believe are going to try to install malicious programs on your computer,” said Alex Faaborg, a user experience designer in a blog entry last week. “Mozilla is coordinating with Google on this feature.”

So is it Firefox’s place to tell you where to go and where not to go? I think so. I think this is Mozilla trying to be proactive instead of being reactive.

Understanding the Firefox Symantecs

Symantec had some harsh things to say about Firefox, and now the Mozilla team has decided to speak out and put any rumors out there to rest.

The Symantec Internet Security Threat Report came out yesterday. Of all the metrics that they are using, number of vulnerabilities gets top billing. This is possibly because this concept is easiest for people to understand: Count up the number of bugs. Product with the least bugs is declared to be more secure. It is, of course, much more complex than that.

+ Read More About the Firefox/Symantec Security Brawling!