?

Log in

No account? Create an account
Previous Entry Share Next Entry
LiveJournal security
lj-PWN
soopageek
ou know all of those nifty security changes LiveJournal has been making lately? What they neglected to tell you is why.

In case you don't follow the link to Bantown's Encyclopedia Dramatica entry from the Washington Post security blog:

"In order for the account takeovers to end, Bantown demands that Denise Paolucci post on the front-page LiveJournal news that LJ has been owned by Bantown."



ho is Denise Paolucci? Glad you asked. Apparently, the whole ordeal is the result of a vendetta that Bantown has for Ms. Paolucci.

Personally I find the staggering claim that they swiped 900,000 account passwords a little hard to swallow, but if it is true, it's no wonder that LiveJournal has been nagging about passwords for months and even freezing accounts. Also if this is true, that means you people click on ANYTHING. Sheesh. Considering there's only 2 million active LiveJournal accounts, they have a 50% success rate at obtaining the information necessary to hijack an account. Pretty impressive if you ask me.

People wonder why I'm so cautious about putting too many real-life things out into the internet. This is why ladies and gentlemen: somewhere in some massive file of stolen cookies lies my login information to LiveJournal. The concept of "friends-only" and "private" doesn't really mean much in light of that.

  • 1
s I told discreet_chaos in another comment, I was being mock-incredulous about people on clicking anything. The fact-of-the-matter is, security holes can be exploited and general information gathered with relatively simple scripts that execute upon the mere loading of a photograph, with no special action from the victim. E-mail marketers have been using this tactic for years: when you allow the images from a junk e-mail to load, there's a good chance that some less scrupulous marketers have it execute a script on their webserver (or at the very least, creates a log) which let's them know whether or not you looked at the e-mail.

A friend of mine who worked in e-mail marketing for a while told me that they will even use 1 pixel, clear images that you wouldn't even know loaded. This is why most e-mail lients these days allow you to read the text of e-mails without loading the graphics embedded into it, requiring the user to click a special button to make the graphics load.

  • 1