Author Topic: Greasemonkey and Security  (Read 2464 times)

Boozie

  • Newcomer
  • *
  • Posts: 5
Greasemonkey and Security
« on: 18:15:01 - 04/28/10 »
I don't mean to throw out any accusations, but is it possible for one of these greasemonkey scripts that people post to be doing any sort of keylogging?  Even if it only runs when on the estiah website it could take my password and get my email from the forums and see if the two match (sure they probably shouldn't match but it's after the fact now)

My girlfriend and I both had our email "hacked" into within a day of each other and one of the very few common links we have is we both use greasemonkey for estiah.  Now I'm sure there's plenty of other possibilities, I'm merely asking if it is even plausible or if anyone else has had any similar experience lately?

I have bitdefender and haven't found anything on my computer, so my only other top possibility is our wireless network got hacked into which seems even more far-fetched to me.

Don't get me wrong, I appreciate these scripts immensely.  I am just at a loss for what caused my problems.

Schutzengel

  • Magic
  • High Mediator
  • Bunny Cultist
  • ****
  • Posts: 1442
  • Tired of burning.
Re: Greasemonkey and Security
« Reply #1 on: 18:19:56 - 04/28/10 »
No.
And if it happens it is wl (aka Sheira) fault!

Damn it! I knew it the whole time.
[20:01]   <wl>   that happens if you let schutz design a dungeon! only charms for himself :P

Sheira

  • Veteran
  • Bunny Cultist
  • ***
  • Posts: 393
Re: Greasemonkey and Security
« Reply #2 on: 18:24:58 - 04/28/10 »
Well it could be possible, but all the Greasemonkey scripts are open source and up for anyone to review. Since there are only two ways to send data from it, you can check this pretty easily (only GM_xmlhttpRequest and IFrame).
I made mine exclude the login pages. It does not run on them as can be seen when checking the greasemonkey menu, so there is no way for it to happen.
As you have mentioned: There are lots of possibilites for this to happen. Maybe only one got hacked, but in the e-mails passwords were exchanged so that's why the other one got hacked, too. Maybe once one of you logged into any side on the computer of the other, ... nearless endless possibilites.

Jmackxiii

  • The BanAxe
  • High Mediator
  • Bunny Cultist
  • ****
  • Posts: 355
Re: Greasemonkey and Security
« Reply #3 on: 22:51:00 - 04/28/10 »

I have bitdefender and haven't found anything on my computer, so my only other top possibility is our wireless network got hacked into which seems even more far-fetched to me.

Don't get me wrong, I appreciate these scripts immensely.  I am just at a loss for what caused my problems.

You know how easy it is for someone to hack into a wireless network? Its probably easier to do that than hide a keylogger into a very widely used GM script that noone has noticed yet.
In the forums, MODDING your topicz

Boozie

  • Newcomer
  • *
  • Posts: 5
Re: Greasemonkey and Security
« Reply #4 on: 23:40:50 - 04/28/10 »
Well there's more than one person making these scripts, and I don't know how widely used the one I'm using is.  If no one brought it up because of how unlikely it might seem to them, it would never be uncovered.  It's not like wireless hackers are a dime a dozen.  Yea it's possible to do, but so is the GM script apparently.

Wasn't trying to point fingers, was just asking.  I need to cover all grounds here because I don't know how it happened nor can I be sure how to protect myself going forward.

Powerpet

  • Wanderer
  • *
  • Posts: 90
Re: Greasemonkey and Security
« Reply #5 on: 19:20:01 - 04/29/10 »
It's possible, yes, but not very likely (on account of the open nature of gm scripts, making the risk of getting caught pretty big).

The easiest way to protect yourself would be to never use your email password for anything else. Keyloggers, while they do exist, are much rarer than, say, crappily secured game databases. Lots and lots of websites leak passwords. Also, don't make your email password easily guessable.