?

Log in

No account? Create an account

Sun, Jun. 13th, 2004, 03:33 pm
A clarification

Lest anyone starts accusing me of spreading LJ hacks, the Russian meme below is harmless, although it does illustrate vulnerabilities in LJ. I wouldn't let it stay there otherwise.

There are warnings spreading through LiveJournal (itself a meme) warning people not to click on link on links named "This is interesting" or "Whose sausage is longest", claiming that they will steal your password. It's my understanding that this is not possible, but, as the Russian meme illustrates in a harmless and amusing way, it is possible for links to do undesirable things to your LJ, so it is a timely warning to be careful about what you click on.

'Nuff said.

EDIT: Amusing but topical mondygrene I heard on the radio: I'm pretty sure the real lyrics were "Your worst enemy," but I heard "You're worse than a meme".

Sun, Jun. 13th, 2004 09:04 am (UTC)
mollymargay

Actually the, 'this is interesting' thing actually does steal your password. As soon as you click it, your password is instantly sent to the owner of that meme. Its been pretty much proven, and the person who did it had their journal wiped and their IP banned, from what I understand.

Sun, Jun. 13th, 2004 09:11 am (UTC)
marko_the_rat

From theferrett:
(EDIT: Officials say you don't have to change your password if you've accidentally clicked and had it posted, and that this is "trivial." What this thing does is use your browser's session info, temporarily masquerading as you to post a message in your journal that links back to the hack, all in order to encourage more people to unknowingly spread it. I've written some other thoughts on how this could have been harmful - but this one wasn't, since apparently this particular iteration did nothing aside from posting a message - and, theoretically, could have done nothing but post a message. Your password was not stolen, despite early reports to the contrary. Your user info is safe. And some from LJ claim the the security hole is fixed (though there are others who claim angrily that it isn't; I'm too tired to investigate the particulars right now).