[opensource-dev] Known details of LL 'Firefly' client-side scripting

[Argent Stonecutter]

On 2010-03-17, at 14:14, Dzonatas Sol wrote:
> It's still the same concept: to download and install...  they are  
> overused buzzwords that make people think there are some elaborate  
> separations for the basic ideas on how to migrate processes.

That's because there are. One requires a human in the loop to decide  
"I'm going to deliberately choose to trust this piece of code". Not  
just "approve" it, but to actively seek it out and pull it in. The  
other allows drive-by attacks at the speed of broadband.

It's the difference between an automated remote execution attack and a  
social engineering attack.