http://www.infobytesec.com/down/isr-evi ... Readme.txt
This week i present to you a rethink of the firesheep concept, only this time an order of magnitude more horrific.
Evil grade takes the same concept employed by firesheep, which is snooping on _unencrypted_ and _unauthenticated_ connections adds a little bit of DNS spoofing in the mix and installs backdoors on victims system's that attempt to upgrade a program that doesn't use an _authenticated_ connection.
Had these vulnerable programs pulled upgrades over SSL/TLS in a strict manner, evilgrade would be powerless over them.
Hopefully this will be another harsh lesson for software engineers to stop ignoring the elephant in the room.
"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP
“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein