solarbird: (cowboys-suck)
solarbird ([personal profile] solarbird) wrote2009-09-23 08:08 am
  • Add Memory
  • Share This Entry
  • Current Mood: busy
  • Current Music: Tell Me When | The Human League
Entry tags:

Flash-based cross-scripting LJ security hole

As described in this post in News, there's a Flash-based cross-site scripting bug that edits the most recent post of any logged in user who views content containing the script. This journal's previous entry was affected - code embedding infected video was added to that post after I viewed an apparently-infected post on my friendslist. As a result, LJ staff have partially disabled embedding while they work on a better solution. So be aware of this, and check your most recent posts as described in this post in News. Youtube embeds aren't affected, and have already been re-whitelisted.
Flat | Top-Level Comments Only

[identity profile] leftbase.livejournal.com 2009-09-23 03:22 pm (UTC)(link)
Yeah, it happened to me and two other users that I know of also.
ext_3294: Tux (Default)

[identity profile] technoshaman.livejournal.com 2009-09-23 03:44 pm (UTC)(link)
*nods* checked my pages, and my last embed was too early to have been affected (and wasn't)... #include grumbles_about_proprietary_stuff.h
maellenkleth: (liraz-wtf)

[personal profile] maellenkleth 2009-09-23 04:30 pm (UTC)(link)
I seem to have dodged this, what with having Flash blocked on all of our various machines. Still, it's a reminder that security is an ongoing process.

[identity profile] flashfire.livejournal.com 2009-09-23 05:35 pm (UTC)(link)
I saw that box thing on one of yours yesterday.
solarbird: (Default)

[personal profile] solarbird 2009-09-23 06:34 pm (UTC)(link)
I know. Hence my comments on that post about fixing it, and this post.

[identity profile] blues-kun.livejournal.com 2009-09-24 08:50 am (UTC)(link)
So that's what that goofy box shit was about.

Good thing I have embedded media blocked by default and run Flashblock on top of that, lol~
Flat | Top-Level Comments Only