Hein (fub) wrote,
Hein
fub

  • Mood:

Hack through LJ embedding

LJ has been used as the vector for a cross-site scripting attack through embedded media. The hack was only effective for two hours, and there's no danger of computers being infected through this.

Read all about it here, and see if you were affected.

Why this matters: if you use a hotmail or other free webmail account as your LJ mail account, and the mail-account has been cleaned up because of inactivity, a smart attacker could re-enable the account and take control of your Journal through the 'mail me my new password'-functionality.
Otherwise, the worst that could happen is an increase in spam.
Tags: lj
Subscribe

  • Friending frenzy

    There's still plenty of people using LJ, even though it seems like your friendslist is slowly drying up. The remedy is, of course, to join a…

  • LiveJournal in WordPress and back again

    So, I fully migrated to a self-hosted WordPress blog from my LiveJournal. In the process, I reconfigured WordPress to accommodate the features that…

  • Migrating away from LJ

    I’ve been following along with the #rpgaday questions, and linking the posts in my ‘gaming’ Twitter account. At work, I clicked…

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments