pauraque_bk: (his dark materials)
pauraque_bk ([personal profile] pauraque_bk) wrote2004-06-12 09:39 am
  • Add Memory
  • Share This Entry

PSA

There are a couple of destructive memes going around.

If you see a form written in Russian with a bunch of usernames, don't put in yours.

If you see a post with nothing but a link that says "This is very interesting", don't click it.

These memes exploit a hole in LJ security and automatically post to your journal. There's some discussion on closing the hole in [livejournal.com profile] lj_dev here.

If one of these memes already got you, clear your cookies and change your password.

EDIT: Having read a little more about this problem, my advice is not to put in your username anywhere except LJ's own pages until this issue is resolved.
Flat | Top-Level Comments Only

Re: Thanks!

[identity profile] threeoranges.livejournal.com 2004-06-12 10:02 am (UTC)(link)
Does this apply if you only entered your lj-username and didn't actually enter a password/do anything to update your lj?

*worried* :-)
pauraque: bird flying (Default)

Re: Thanks!

[personal profile] pauraque 2004-06-12 10:19 am (UTC)(link)
When you put in your username, the destructive memes exploit your login cookies and use javascript to post to your journal without you doing anything, or putting in your password at all.

Most memes that ask for your username are benign and don't exploit the security hole; if you didn't get a mysterious new post on your journal, you did one that was harmless, or has had its code altered to prevent it from posting. Of course, it never hurts to change your password, just in case!

Re: Thanks!

[identity profile] threeoranges.livejournal.com 2004-06-12 10:23 am (UTC)(link)
Great, I didn't suffer the rogue posting but am off to change my password now. Much appreciated!
Flat | Top-Level Comments Only