Greasmonkey Phishing: Security |
||
Comments>its relativly easy for a script kiddie to develop one without much technical skill...so the risk factor is greater. I would say the risk in a greasemonkey script is much lower then a firefox extension or an internet explorer BHO. Still a risk is there and telling people "oh you should look through the code" is expecting alot of greasemonkeys users. Thanks for the comment Mon Sep 25, 2006 9:47 am MST by cavedave
lots of hacks write such greasemonkey scripts and make them availale for download..there are a ton of em on the interweb...they might serve some useful function and also contain some malware as desribed above...not so difficult to persuade someone to install them volentarily,.. however it would be easy to trace the origon of such malware... point is that anything you install on your PC carries a risk. now the thing about greasemonkey scripts is that the barrier to entry is low....its relativly easy for a script kiddie to develop one without much technical skill...so the risk factor is greater. Mon Sep 25, 2006 9:26 am MST by Anonymous
>I asume this comment won't appear as you don't have any already visible, No it is because nobody reads this blog. >First of all, there is no hosts.ini. It's just "host". Sorry my mistake I corrected this. >Second, if you for some extraordinary way could modify a greasemonkey script, that would mean that you have much more access to the machine, so greasemonkey is the last of your worrying. Agreed. I though i made this clear in the sentance "Once you can run programs on a machine many malicious opportunities arise". Yes you would have to have greasemonkey installed before greasemonkey could be used. That is not an insightful point you are making > See ya :) Bye Thanks for the comment. Fri Sep 22, 2006 1:16 am MST by Anonymous
You don't know what you are talking about do you? First of all, there is no hosts.ini. It's just "host". Second, if you for some extraordinary way could modify a greasemonkey script, that would mean that you have much more access to the machine, so greasemonkey is the last of your worrying. You would have to install firefox, then the greasemonkey extension, then the greasemonkey script. And then they should have access to modify the script. If someone can do that, you are in trouble for other reasons. I call it FUD. There are some more wrong points in this post, which I won't address but if you want, i can discuss it with you. I asume this comment won't appear as you don't have any already visible, but that's up to you. You have to research much more before spreading fud. See ya :) Thu Sep 21, 2006 2:46 pm MST by Masio
Add Comment |
Search This SiteSyndicate this blog site Powered by BlogEasy Free Blog Hosting | |
|