Wanted: Personas Hack

[Tekh]

Today, I had the great idea/hack for web developers involving Personas @ Mozilla Labs

If your not familiar with Personas check it out here: http://labs.mozilla.com/2007/12/personas-for-firefox/

On persona's gallery page (http://www.getpersonas.com/store/recent.html) java script invokes changes based on hovering over page elements. Is it possible to change someone else's persona theme when they visit your website? For example, if someone goes to the hak5 webpage, the hak5 webpage would run a script onload and change the persona theme to something else.

This sort of thing would be used to create a richer web experience. Now its possible that personas will only accept updates from Mozilla, but I am not really sure.

Lemme know what you think

-Tekh

[Sparda]

Commonly known as a XSRF attack. The steamcommunity site was pretty vulnerable to this kind of attack a short time ago but required a bit of social engineering. Having to convince some one to login to steamcommunity site then send them a tiny url that changes there name on steam.

[Twitchtastic]

I'd start by looking at the Javascript that the persona's site uses. And guess what!? It uses JQuery for all of it. Go check it out and see if you can find anything, if not I'll try to look at it on monday or tuesday.

http://www.getpersonas.com/static/js/script.js

[Twitchtastic]

Upon further looking, it's fully open source (duh, it's mozilla) you can check out ALL of the source-code here http://hg.mozilla.org/labs/personas/personas

Thanks for giving me a project to work on this week! =D