May 23rd, 2005
My 360°
So I’ve decided that I’m gonna use my 360° blog. Posts will be everyday stuff. Frequency of posts could be high. Right now I’ve got lots of pictures from my camera phone lying around; maybe I’ll post those.
Greasemonkey and Phishing
Some days back, when I had posted about the Yahoo! Search link on Google, sriramb brought up an interesting issue:
GreaseMonkey throws up an interesting issue: What if there are GM scripts that phish for information, and a user unwittingly installs an extension that acts as a phishing script? Should browsers start supporting a CRC/MD5 check logo (like the ssl lock icon) to certify that the client and server-side copies of a page are the same and unaltered? Just curious....
One solution, of course, is to read the source and try to figure out if the script is doing something Evil. But then that’s not a solution, is it? I posted his comment to the Greasemonkey mailing list. One solution was userscript.org (not live yet)—which would be like a repository of reviewed scripts; also, scripts will be rated (apropos security), and monitored for changes.
UserJS.org, a repository of User JavaScripts for Opera, went live sometime back. I don’t think it has per-script security ratings and stuff; it’s only a repository. I hope userscript.org goes live soon.
Also of interest (via Sriram): Know your Enemy: Phishing.
