Greasemonkey scripts please be careful everyone but this really sucks

[pcslookout]

I don't understand why people would do this but thankfully it doesn't give them your password. Still its very low thing to do.

 

[bsobel]

Originally posted by: pcslookout
I don't understand why people would do this but thankfully it doesn't give them your password. Still its very low thing to do.

They do it because many cookies are poorly obfuscated and by getting them then can impersonate your account on those sites.

 

[pcslookout]

Originally posted by: bsobel

Originally posted by: pcslookout
I don't understand why people would do this but thankfully it doesn't give them your password. Still its very low thing to do.

They do it because many cookies are poorly obfuscated and by getting them then can impersonate your account on those sites.

That sucks. Who is to blame for poor obfuscated cookies ? Is it best to block all cookies ?

 

[bsobel]

That sucks. Who is to blame for poor obfuscated cookies ? Is it best to block all cookies ?

The website developer is responsible for the cookies contents. In the past you'd often see things simply in clear text (e.g. bsobelassword in the cookie). As things progressed many developers started obfuscating or encrypting the data. Encrypted data presuming the sites key is private is pretty safe. Obfuscation isnt, once one person figures out how its hidden he can decode all cookies of the sort.

As for turning off cookies, no that would make many sites unusable (cookies are used here, for example, to track who you are)

Bill

 

[pcslookout]

Is there anyway to scan each greasemonkey script before installing it to make sure its safe ? This really sucks.

 

[nova2]

"Is there anyway to scan each greasemonkey script before installing it to make sure its safe"

the only way to be 100% sure is to look at it yourself or spend time with perl regexp and be very through - covering all possibilities (including of course what to do if the parser becomes confused)

 

[mechBgon]

Originally posted by: pcslookout
I don't understand why people would do this but thankfully it doesn't give them your password. Still its very low thing to do.

Out of curiosity, is there a specific instance you're referring to?

Also maybe review the 10 immutable laws of computer security, Law #1. Possibly #6 as well.

 

[pcslookout]

Originally posted by: mechBgon

Originally posted by: pcslookout
I don't understand why people would do this but thankfully it doesn't give them your password. Still its very low thing to do.

Out of curiosity, is there a specific instance you're referring to?

Also maybe review the 10 immutable laws of computer security, Law #1. Possibly #6 as well.

No. Thank you.