By John Gruber
Kolide by 1Password ensures that if a device isn’t secure, it can’t access your apps.
- Greasemonkey Security Hole
-
Mark Pilgrim:
In other words, running a Greasemonkey script on a site can expose the contents of every file on your local hard drive to that site. Running a Greasemonkey script with “@include *” (which, BTW, is the default if no parameter is specified) can expose the contents of every file on your local hard drive to every site you visit. And, because GM_xmlhttpRequest can use POST as well as GET, an attacker can quietly send this information anywhere in the world.
His advice is to completely uninstall Greasemonkey.
(Via Anil Dash.)
★ Monday, 18 July 2005