[opensource-dev] Known details of LL 'Firefly' client-side scripting

Argent Stonecutter secret.argent at gmail.com
Wed Mar 17 12:16:49 PDT 2010


On 2010-03-17, at 14:14, Dzonatas Sol wrote:
> It's still the same concept: to download and install...  they are  
> overused buzzwords that make people think there are some elaborate  
> separations for the basic ideas on how to migrate processes.

That's because there are. One requires a human in the loop to decide  
"I'm going to deliberately choose to trust this piece of code". Not  
just "approve" it, but to actively seek it out and pull it in. The  
other allows drive-by attacks at the speed of broadband.

It's the difference between an automated remote execution attack and a  
social engineering attack.


More information about the opensource-dev mailing list