Details of the LiveJournal Account Hacks

An anonymous reader writes "Brian Krebs of the Washington Post has written about the recent spate of hijackings at Six Apart's popular LiveJournal service. Hundreds of journals have now been taken over by a notorious group called 'Bantown' using a series of complicated cross-site-scripting vulnerabilities. Krebs details the recent security changes made by LiveJournal in response to the takeovers." From the article: "It is unclear whether LiveJournal has managed to close the security holes that the hackers claim to have used. The company says it has, but the hackers insist there are still at least 16 other similar JavaScript flaws on the LiveJournal site that could be used conduct the same attack. [Bantown] group members said they plan to turn their attention to looking for similar flaws at another large social-networking site. "

Ahhhhh security.... in Web 2.0 land

[TedTschopp]

As we move more towards applications that depend on the JavaScript enabled client (AJAX and all his relatives) we will see more of this hacking.

On the bright side, it will eventually get people to code securely in a non-trusted enviroment becuase the source code is not only available, but changeable.

Sadly, there will be a bunch of rough lessons between that wonderful future and what we have right now, espeically with all the focus on WEB 2.0 and Ajax.