Tuesday, July 19, 2005
Greasemonkey RIP, atleast for now
There was a serious security flaw discovered in Greasemonkey. Check it out here. Although, I havent read the entire email thread myself, the bottom line is that uninstall Greasemonkey for now.
I guess, this all started out when Joe Gregario wrote an article in XML.com about putting his private key in the Greasemonkey script to decrypt secure content.
So one thing to keep in mind is not to jump on something which promises to be cool and secure, without letting it get tried and tested by the world out there. Same is said about security algorithms also. Dont try to invent your own algorigthm. Use an existing one.
I guess, this all started out when Joe Gregario wrote an article in XML.com about putting his private key in the Greasemonkey script to decrypt secure content.
So one thing to keep in mind is not to jump on something which promises to be cool and secure, without letting it get tried and tested by the world out there. Same is said about security algorithms also. Dont try to invent your own algorigthm. Use an existing one.
Copyright Anand Jain 2004, 2005. All rights
reserved.
Webmaster
