Friday, July 20, 2007

Cookie stealing script on a run

Userscript.org is warning it's users . Some one has upladed cookie stealing script on their server.They have put up a banner that warns users about it.

"A malicious user is uploading scripts that steal cookies.
Extra caution is recommended when installing recently uploaded/updated scripts
"


This what the admin has to say about this

"Someone has been attempting to post scripts that steal cookies. Thanks to several alert us.o citizens (including davey, descriptor, loucypher, joel h, pogue) we have been able to note that the script is malicious and then delete them. I'm putting up a banner to warn people that newly uploaded/updated scripts should be put under extra scrutiny.

The FBI has been provided IP addresses, email addresses, and other information and we have added additional information tracing systems to catch them red-handed. "

Be very careful while downloading a js (javascript) or a FireFox add on. Luckily we haven't uploaded any scripts for the past 2 months. Still if you find any, although the chances are negligible just inform me.

What can be done with these scripts these scripts give the hackers your cookie with which he can access your account withouth the need of your password.

Now how to know if you have installed it by mistake??
Just open the csripts and check for the following

  • .php?cookie=
  • encodeURIComponent(document.cookie)

If they exist then just disable those scripts.

0 comments:

Post a Comment