[Greasemonkey] greasemonkey for secure data over insecure
networks / sites
blakewest at gmail.com
Mon Jul 18 17:47:59 EDT 2005
> In other words, running a Greasemonkey script on a site can expose the
> contents of every file on your local hard drive to that site. Running
> a Greasemonkey script with "@include *" (which, BTW, is the default if
> no parameter is specified) can expose the contents of every file on
> your local hard drive to every site you visit. And, because
> GM_xmlhttpRequest can use POST as well as GET, an attacker can quietly
> send this information anywhere in the world.
So what is the short term strategy for not exposing yourself to
malicious attacks, barring making the monkey frown until a real fix is
I've already turned off all the scripts that run on every site. What
else should I do?
More information about the Greasemonkey