XMLHttpRequest Security errors

Hey /prog/, not a regular but I thought I'd try you guys - I'm running into problems when I try to load cross-board content using xmlhttprequest. Apparently it only works in the same domain, so I get security errors when a link pointing to img wants to load content from dat (the cross-board links send you to a redirecting page which does this). Any ideas on how to work through this? I'm running the code through the Greasemonkey Firefox extension. Thanks!

>>40
I see 11 networks, four of which are secured. Two of those use WEP.

>>41
By any chance, are you in a place full of clueless idiots? Such as, say, America? Just wondering.

In any case the only thing you need to do to get the private information of somebody who is OK with using an unsecured network is asking them for it.

>>38
Smart card solutions with private key protected by hardware are stupid for this kind of situation. If the machine is compromised already, the attacker can capture any information he needs(this doesn't mean he can actually do it without having researched what's in use).

What can the key do? Store a private key, and maybe do some assymetric and block crypto using it and associated secure storage. But where does the input come from? The user, and it's passed by the user's software, in which case the software can be hooked and data intercepted. Can HTTPS be attacked this way too? Of course, there's plenty of banker trojans which hook standard SSL libs and send all plaint-text(before SSL lib encrypted and after SSL lib decrypts) traffic to a rogue server or network. Doing the same thing for a smart card is possible too. As long as the user can access or create the information on his computer, it can be intercepted. And don't even get start about the TPM crap. Once a box has been compromised, no firewall, antivirus, IDS can stop a skilled attacker. If the box hasn't been compromised, just use SSL and related, no need for useless smartcards.

>>43
It's safer if it's done correctly: only one authentication for every "insertion". And maybe the ability to verify the foreign party too.

That way, you can still get owned, but at least you'll notice immediately.

And of course, I was implying you need the PK authentication to do anything of value - if you authenticate and then send your credit card details, then it's fucking useless. But of you had a credit card who needs your private key to be used, then we're talking. The user doesn't know its own credentials, neither does the machine he's using.

>>40
I see two networks (three sometimes if I try very hard) where I live, they're from my two neighbours (plus the house in front). Two WPA, one open, but the open one has such a weak signal that it's almost impossible to associate without a larger antenna. Wifi won't reach any farther because the houses are too big and too apart.
Quit living in poor neighborhoods.