Slashdot Mirror

← Back to Stories (view on slashdot.org)

Details of the LiveJournal Account Hacks

Posted by Zonk on from the my-rss-reader-is-unhappy dept.

An anonymous reader writes "Brian Krebs of the Washington Post has written about the recent spate of hijackings at Six Apart's popular LiveJournal service. Hundreds of journals have now been taken over by a notorious group called 'Bantown' using a series of complicated cross-site-scripting vulnerabilities. Krebs details the recent security changes made by LiveJournal in response to the takeovers." From the article: "It is unclear whether LiveJournal has managed to close the security holes that the hackers claim to have used. The company says it has, but the hackers insist there are still at least 16 other similar JavaScript flaws on the LiveJournal site that could be used conduct the same attack. [Bantown] group members said they plan to turn their attention to looking for similar flaws at another large social-networking site. "

4 of 246 comments (clear)

  1. Not really a shock by TerenceRSN · · Score: 0, Redundant

    Considering the majority of personal blogger write about their personal lives and reveal the most secret of details does it surprise anybody that they're extremely susceptible to targeted attacks? If you're writing about your latest illegal activities or at least embarrassing moments you probably don't aren't going to be too careful about keeping your username and password secret.

    I know I'm generalizing but there have been plenty of stories here and in print media about all the trouble people get themselves into by posting things about their teachers, school mates, etc. on their blogs and myspace type sites.

    Of course nobody deserves to have their privacy violated, but some people aren't very careful with it to begin with.

  2. Re:Oh dear! by SeekerDarksteel · · Score: 0, Redundant

    I guess they'll have to revert back to razor blades, green day, hot topic, and spoken word night at the corner coffee shop.

    --
    The laws of probability forbid it!
  3. Re:Poor Emos! by j_kenpo · · Score: 1, Redundant

    Damned, Now I know I'm old. Apparently the whole "Emo" scene sprouted up around me, and I had no idea. I had to look that up. Scarry... now get off my lawn.

  4. Re:Ahhhhh security.... in Web 2.0 land by laffer1 · · Score: 0, Redundant

    That's a great idea. Does anyone know of example code to do this in java or .NET? I often find it difficult to wrap my mind around writing good validation code for complex data. (like blog entries) I have a blog site setup, but it has terrible data validation. I'd love to handle html safely.

    --
    MidnightBSD: The BSD for Everyone