This post originated from an RSS feed registered with Ruby Buzz by Premshree Pillai. Original Post: Greasemonkey and Phishing Feed Title: Premshree's Personal Weblog Feed URL: http://premshree.livejournal.com/data/rss Feed Description: Premshree's Weblog Latest Ruby Buzz Posts Latest Ruby Buzz Posts by Premshree Pillai Latest Posts From Premshree's Personal Weblog

Some days back, when I had posted about the Yahoo! Search link on Google, sriramb brought up an interesting issue:

GreaseMonkey throws up an interesting issue: What if there are GM scripts that phish for information, and a user unwittingly installs an extension that acts as a phishing script? Should browsers start supporting a CRC/MD5 check logo (like the ssl lock icon) to certify that the client and server-side copies of a page are the same and unaltered? Just curious....

One solution, of course, is to read the source and try to figure out if the script is doing something Evil. But then that’s not a solution, is it? I posted his comment to the Greasemonkey mailing list. One solution was userscript.org (not live yet)—which would be like a repository of reviewed scripts; also, scripts will be rated (apropos security), and monitored for changes.

UserJS.org, a repository of User JavaScripts for Opera, went live sometime back. I don’t think it has per-script security ratings and stuff; it’s only a repository. I hope userscript.org goes live soon.

Also of interest (via Sriram): Know your Enemy: Phishing.