XMLHttpRequest Security errors

Hey /prog/, not a regular but I thought I'd try you guys - I'm running into problems when I try to load cross-board content using xmlhttprequest. Apparently it only works in the same domain, so I get security errors when a link pointing to img wants to load content from dat (the cross-board links send you to a redirecting page which does this). Any ideas on how to work through this? I'm running the code through the Greasemonkey Firefox extension. Thanks!

>>38
Smart card solutions with private key protected by hardware are stupid for this kind of situation. If the machine is compromised already, the attacker can capture any information he needs(this doesn't mean he can actually do it without having researched what's in use).

What can the key do? Store a private key, and maybe do some assymetric and block crypto using it and associated secure storage. But where does the input come from? The user, and it's passed by the user's software, in which case the software can be hooked and data intercepted. Can HTTPS be attacked this way too? Of course, there's plenty of banker trojans which hook standard SSL libs and send all plaint-text(before SSL lib encrypted and after SSL lib decrypts) traffic to a rogue server or network. Doing the same thing for a smart card is possible too. As long as the user can access or create the information on his computer, it can be intercepted. And don't even get start about the TPM crap. Once a box has been compromised, no firewall, antivirus, IDS can stop a skilled attacker. If the box hasn't been compromised, just use SSL and related, no need for useless smartcards.