Slashdot Mirror

← Back to Stories (view on slashdot.org)

LiveJournal XSS Security Challenge

Posted by CmdrTaco on from the now-thats-a-game-worth-playing dept.

Jamesday writes "LiveJournal is offering a free permanent account and possibly other prizes to those who find new vulnerabilities in its XSS Security Challenge. LiveJournal has recently been attacked via a Firefox XSS exploit."

4 of 66 comments (clear)

  1. Y'know... by Grendel+Drago · · Score: 4, Interesting

    ... this wouldn't even be necessary if they'd taken security seriously in the first place, instead of tacking it on as an afterthought, or using the "eh, we can probably trust all this user-submitted content" model.

    But still, good to see them taking it seriously. Now, instead of Bantown getting an eternal newspost declaring their victory, they'll just get permanent accounts.

    --
    Laws do not persuade just because they threaten. --Seneca
  2. Other possible prizes: by RandoX · · Score: 1, Interesting

    Matching steel bracelets? Just because LJ encourages it doesn't make it legal. At the very least, it's probably a violation of the TOS of your ISP.

    1. Re:Other possible prizes: by GCsoftware · · Score: 3, Interesting

      Yes, that's why I'm serving 25 to life for being a security consultant and there is no such thing as a penetration testing industry. Why post if you have no idea?

  3. Marketing gimmic? by joostje · · Score: 1, Interesting

    From the announcement:
    STEP 1: Go to http://www.test.dev.livejournal.org/ . Make an account. Probably need to change it to paid so you can make styles/etc.
    So to be able to help them test their security, you have to pay them? Or am I missing something?