hummingwolf (![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
hummingwolf) wrote2004-06-12 03:36 pm
hummingwolf) wrote2004-06-12 03:36 pm
Entry tags:
For those of you just tuning in
Don't click on mysterious links.
I am sooo tempted to end this post right here.
There are a handful of links and forms going around now which exploit a tiny hole in LiveJournal. If you click on the link or the shiny button, a new post (containing the link or form) will appear on your journal without your having to write--or approve--the post yourself.
So far the different variants of this exploit seem harmless. If you clicked on the link, your password has not been stolen (you were already logged in to LJ, your password was not required) and there probably isn't anything for you to worry about. It's never a bad idea to change your password and delete your cookies, of course, but there doesn't seem to be any immediate danger. However, it's theoretically possible (and, given human nature, it's now probable) that somebody will use this little trick to create a post on your journal detailing your indecent love of small furry animals, to change your userinfo, or to add new people to your friends list. [Edit: The person who wrote one version now admits that he's planning to change the image from a tiny 1-pixel thing you don't see to a "Bush/Cheney 04" graphic. Oh, the horror! the horror!]
[Edit 2: The guy who wrote the one that posts "this is very interesting" must be very proud of himself--looking at someone else's friends page just now, I saw three identical posts in a row. Imagine what would have happened if he'd made his first post on a Monday morning rather than during the slow weekend hours.]
[Edit 3: If you have clicked on one of these links, check your friends list and make sure there's nobody extra. One version of the sausage meme apparently does add two users to your list.]
[Edit 4: Have read that no, there weren't any users added to anyone's friends list after all. Not sure how accurate the information is; if you have clicked on any of the links, it doesn't hurt to check your own list. Anyway, the good news is that the LJ team worked on a fix and it should no longer be possible for any of these forms and links to post to your journal without your approval. Still, this is the Internet. It pays not to click on mysterious links. (While I'm here (and I know this is silly and unrelated (and yes, I do like parentheses)): It's still very strange not to hear any cicadas. I wonder if they'll be back tomorrow.)]
Please note: This hole is not browser-specific. If your browser has javascript enabled, that's all that's required for these tricks to work. Those of you who were preparing to mock IE users may be quiet now (you know you'll have plenty of other chances to mock IE users anyway).
Oh, the mysterious link at the beginning of this post goes directly to a discussion in![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-community.gif)
lj_dev about this hole and what might be done to fix it. If you're not interested in the geeky technical parts of the situation, there's no need to click the link.
I am sooo tempted to end this post right here.
There are a handful of links and forms going around now which exploit a tiny hole in LiveJournal. If you click on the link or the shiny button, a new post (containing the link or form) will appear on your journal without your having to write--or approve--the post yourself.
So far the different variants of this exploit seem harmless. If you clicked on the link, your password has not been stolen (you were already logged in to LJ, your password was not required) and there probably isn't anything for you to worry about. It's never a bad idea to change your password and delete your cookies, of course, but there doesn't seem to be any immediate danger. However, it's theoretically possible (and, given human nature, it's now probable) that somebody will use this little trick to create a post on your journal detailing your indecent love of small furry animals, to change your userinfo, or to add new people to your friends list. [Edit: The person who wrote one version now admits that he's planning to change the image from a tiny 1-pixel thing you don't see to a "Bush/Cheney 04" graphic. Oh, the horror! the horror!]
[Edit 2: The guy who wrote the one that posts "this is very interesting" must be very proud of himself--looking at someone else's friends page just now, I saw three identical posts in a row. Imagine what would have happened if he'd made his first post on a Monday morning rather than during the slow weekend hours.]
[Edit 3: If you have clicked on one of these links, check your friends list and make sure there's nobody extra. One version of the sausage meme apparently does add two users to your list.]
[Edit 4: Have read that no, there weren't any users added to anyone's friends list after all. Not sure how accurate the information is; if you have clicked on any of the links, it doesn't hurt to check your own list. Anyway, the good news is that the LJ team worked on a fix and it should no longer be possible for any of these forms and links to post to your journal without your approval. Still, this is the Internet. It pays not to click on mysterious links. (While I'm here (and I know this is silly and unrelated (and yes, I do like parentheses)): It's still very strange not to hear any cicadas. I wonder if they'll be back tomorrow.)]
Please note: This hole is not browser-specific. If your browser has javascript enabled, that's all that's required for these tricks to work. Those of you who were preparing to mock IE users may be quiet now (you know you'll have plenty of other chances to mock IE users anyway).
Oh, the mysterious link at the beginning of this post goes directly to a discussion in
lj_dev about this hole and what might be done to fix it. If you're not interested in the geeky technical parts of the situation, there's no need to click the link.
no subject
no subject
Nah, you weren't going wonky. Too many people simply have too much fun clicking on the tempting links. As a dial-up user, I'm slightly less likely to click on a link unless I have some idea of where it's going to go. It's rare that a slow connection provides such a clear advantage. :-)
no subject
no subject
no subject
no subject