gwalla (gwalla) wrote,

  • Mood:
  • Music:

Update on LJ hacktards

It looks like those auto-post LJ trojan/worms are, at the moment, harmless: the security flaw they exploit has to do with making your browser submit a form through JavaScript, and have no way to access your password. So if you've clicked on one, you're probably in the clear.

However, although it doesn't seem like they've tried to do anything actively malicious yet short of self-replication, it may be theoretically possible for them to submit other forms besides the new-post ones. This ranges from posting in friends' journals (just another irritant) to adding themselves as friends (slightly more annoying) to actually changing your password and thereby locking you out, or changing your LJ's email address to their email and turning on email notification of password changes. In the latter case, changing your password would actually be a bad move, since that would actually tell them the new one.

See this discussion in lj_dev  for more technical details, if you're so inclined. Remember: that's the LJ developers' community, so it's for trying to figure out ways of closing the security hole—don't just post requests for help or complaints.

Stay safe out there, kids!

  • Yet another drink recipe

    Long time no post! Since LJ's been on the wane, both in terms of community and actual functionality (we can seriously only go back ONE page on the…

  • (no subject)

    Wow, that's one hell of a lineup! I can confirm that Earth is excellent live, or at least they were several years ago when I saw them in SF. Also, no…

  • I can't stop watching...

    Yoshi's got the moves.

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.