I'm going to tell you a horror story now. It hasn't happened yet, but the terrifying thing is that it can happen, and most likely will happen. Somewhere, on the net, the cyber-mafia is creating a site, a site you will visit and like and it will ask you to use their bookmarklet and to click on it on sites you like. And you do.
And every time you click their bookmarklet, that bookmarklet downloads their javascript application which does a lot of nifty things, but one of the things it also does is check your page for credit card info, social security numbers, stock broker accounts, and other very personal stuff. And it can do this because when you click on that nifty bookmarklet you give them permission to do anything to the current page they want.
To give you an idea of just what a bookmarklet can do on a third party website here is a bookmarklet which will pop up a window on any page you visit, that window will display the cookies that site has set and it will display the elements of that page (pretty much a butt ugly version of view source).
Comments