It seems that users were being duped in to running malicious scripts that gave attackers control of their accounts. Sure, Facebook could be evil and not offer the option to re-enable the console and I'm sure other sites will do exactly that until browser makers prevent it, but at this time, Facebook is not being evil. I'm not sure about Netflix.
If people are being successfully duped in to running malicious scripts this way, perhaps browser developers should put a first-run warning on the dev tools saying that running code there supplied by a third-party is dangerous.
It seems that users were being duped in to running malicious scripts that gave attackers control of their accounts. Sure, Facebook could be evil and not offer the option to re-enable the console and I'm sure other sites will do exactly that until browser makers prevent it, but at this time, Facebook is not being evil. I'm not sure about Netflix.
If people are being successfully duped in to running malicious scripts this way, perhaps browser developers should put a first-run warning on the dev tools saying that running code there supplied by a third-party is dangerous.