A new FireFox extension called Greasemonkey allows users to modify webpages as they view them. It gives users the capabilities to manipulate DHTML of a page to prevent ads from appearing, transform links, make a page more printable, change colors, ad your Amazon ID’s in links, change the way links open, and much more. There are literally hundreds of GreaseMonkey userscripts. This all sounds like a great idea, but news.com has some security concerns.
The trouble with Greasemonkey and user scripts in general is that scripts can be used for both good and ill, and end users scanning through lists of enticing scripts might fail to distinguish between malicious and benign code.”A user JavaScript file can in no way harm your computer or stored data, but badly written files can slow down Opera, and malicious files can spy on your browsing,” read the browser maker’s caveat. “Never install and use a script library from someone you don’t know and trust–if in doubt post in the Opera forums, newsgroups or mailing lists and ask if the script you would like to use is well written and exploit-free.”
User scripts also could facilitate password-stealing schemes, said security consultant Richard Smith, who runs the Computer Bytes Man Web site.“The bad guys could likely create a script for stealing usernames and passwords in login forms using this tool,” said Smith. “They would still need to break into someone’s computer to install the script, but the tool would make the theft process much easier.”