Details of the LiveJournal Account Hacks

An anonymous reader writes "Brian Krebs of the Washington Post has written about the recent spate of hijackings at Six Apart's popular LiveJournal service. Hundreds of journals have now been taken over by a notorious group called 'Bantown' using a series of complicated cross-site-scripting vulnerabilities. Krebs details the recent security changes made by LiveJournal in response to the takeovers." From the article: "It is unclear whether LiveJournal has managed to close the security holes that the hackers claim to have used. The company says it has, but the hackers insist there are still at least 16 other similar JavaScript flaws on the LiveJournal site that could be used conduct the same attack. [Bantown] group members said they plan to turn their attention to looking for similar flaws at another large social-networking site. "

This is Cross Site Scripting

[mrkitty]

I've written an FAQ on this type of attack which can be found below.
The Cross Site Scripting FAQ

Re:Oh dear!

[StrawberryFrog]

How on Earth are all those white kids in the suburbs going to express their teen angst now?

How on Earth are all those white kids in the suburbs going to express their teen angst now?

I wouldn't know mate. I'm in my 30s, and I use LJ to keep in touch with family and friends around the world (UK, Australia, US and South Africa mostly).

Or at least I did, until my account was hacked and locked today. A good number of other accounts are in the same boat. I just hope that the LJ admins sort it out soon. My account email address was changed to bantownlj292@mailinator.com . I just hope my posts are OK. I can't even tell at present.