By John Gruber
Resurrect your side projects with Phoenix.new, the AI app-builder from Fly.io.
Mark Pilgrim:
In other words, running a Greasemonkey script on a site can expose the contents of every file on your local hard drive to that site. Running a Greasemonkey script with “@include *” (which, BTW, is the default if no parameter is specified) can expose the contents of every file on your local hard drive to every site you visit. And, because GM_xmlhttpRequest can use POST as well as GET, an attacker can quietly send this information anywhere in the world.
His advice is to completely uninstall Greasemonkey.
(Via Anil Dash.)
★ Monday, 18 July 2005