Signal Boost

Sep. 23rd, 2009 08:59 am
turps: (Default)
[personal profile] turps
Reading my flist this morning I was wondering why some posts had weird things at the end.

I suspect it's due to this: Urgent security notice: embedded content security breach.

As far as known at this time, LJ has had a security breach with the embedded content domain lj-toys.com. This breach resets the icon and metadata of your most recent post and sets the security to public, along with inserting malicious Flash content into the body of the post, within minutes of viewing an infected Flash file. Then, other people viewing that Flash content in your entry will also become infected. Because of this, embedding on LJ has been disabled, so there should be no new infections from the LiveJournal site itself. However, many people are already infected.

I suggest people go over and read the post. I've got lj toys blocked and have logged back in.
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2009-09-23 10:36 am (UTC)
sperrywink: (Ba'al can kill you with his brain)
From: [personal profile] sperrywink
I seem to be fine but I took measures anyway. It's not like I use flash all that often.

Date: 2009-09-23 10:45 am (UTC)
ext_1650: (Default)
From: [identity profile] turps33.livejournal.com
I was wondering why all media embeds weren't working earlier, and why some posts had funky stuff at the end. I'm just glad I had lj toys blocked so I only saw what was left behind.

It's a scary thing, especially for those that post flocked all the time or post sensitive stuff.

Date: 2009-09-23 10:36 am (UTC)
From: [identity profile] digital-diva.livejournal.com
How/where do you block that lj toys thing?

Date: 2009-09-23 10:42 am (UTC)
ext_1650: (Default)
From: [identity profile] turps33.livejournal.com
I've got the no script add on for Firefox. It's really easy to ban it using that.

Date: 2009-09-23 11:19 am (UTC)
From: [identity profile] msktrnanny.livejournal.com
and if you're lame and don't have firefox or any other fancy browser thingys?

Date: 2009-09-23 11:34 am (UTC)
ext_1650: (Default)
From: [identity profile] turps33.livejournal.com
I know it was suggested that you turn off images and use placeholders (http://www.livejournal.com/support/faqbrowse.bml?faqid=268) instead for now, but beyond that, I have no idea. Sorry.

Date: 2009-09-23 11:38 am (UTC)
From: [identity profile] msktrnanny.livejournal.com
okay. Thanks.

Date: 2009-09-23 11:14 am (UTC)
From: [identity profile] strippedhalo.livejournal.com
Wow, thank you for posting this. It had totally set my last (private) entry to public and put the nasty thing at the end. Jerks!

Date: 2009-09-23 11:30 am (UTC)
ext_1650: (Default)
From: [identity profile] turps33.livejournal.com
Just the thought of private entries being made public is horrific.

I'm glad you could change it back.

Date: 2009-09-23 01:25 pm (UTC)
From: [identity profile] strippedhalo.livejournal.com
Yeah, awful. I mean, this particular entry was just a half-finished request form for a fic exchange, so the worst thing would be my friends list being subjected to a long uncut bit of gibberish, but a lot of people actually do have private things that shouldn't just be out there for anyone to read. Yikes.

The weird thing is, I don't even remember seeing any weird boxes or anything yesterday, but clearly I was exposed.

Date: 2009-09-23 11:34 am (UTC)
From: [identity profile] raynedanser.livejournal.com
I seem to be fine - my most recent post is as I left it. Weirdness.

Date: 2009-09-23 01:01 pm (UTC)
ext_1650: (Woe (eyesthatslay))
From: [identity profile] turps33.livejournal.com
That's good. The thought of private/flocked entries being changed is horrible.

Date: 2009-09-23 12:44 pm (UTC)
From: [identity profile] mahoni.livejournal.com
Yikes! Yesterday when I made that Bob post I felt kind of lame just linking out to the Youtube videos instead of embedding them, but did it that way anyways. Now I'm glad I did. :/ I don't know if I would have had a problem with it, but still.
Edited Date: 2009-09-23 12:44 pm (UTC)

Date: 2009-09-23 01:02 pm (UTC)
ext_1650: (Default)
From: [identity profile] turps33.livejournal.com
Yeah, in hindsight it is a good decision.

I just don't get why people feel the need to do stuff like this. Journal security should be absolute and knowing people's private entries have been made public is horrible.

Date: 2009-09-23 02:43 pm (UTC)
turlough: castle on mountain top in winter, Burg Hohenzollern (cause i don't feel bad about it)
From: [personal profile] turlough
I'm glad I VERY SELDOM embed anything and definitely didn't click on anything embedded in anyone else's journal yesterday. And I've got placeholders, Flashblock, AND NoScript activated too ;-) Of course, I don't even know if it even affects Macs!

Date: 2009-09-23 04:39 pm (UTC)
ext_1650: (Frank is a vamp ( turloughishere))
From: [identity profile] turps33.livejournal.com
I embed a lot and follow You Tube links often so am very glad I had my blocking add ons enabled.

Having a privacy setting changed like that is a horrible thought.

Date: 2009-09-23 04:52 pm (UTC)
turlough: castle on mountain top in winter, Burg Hohenzollern (frank iero is remarkably pretty)
From: [personal profile] turlough
It is though personally I think it's the mail adress harvesting that's going to turn out to be the most problematic for most people.

Date: 2009-09-23 07:54 pm (UTC)
From: [identity profile] littleladypunk.livejournal.com
It looks like nothing got into my LJ, but it's scary to think about it. :/
Thanks for letting know!

Date: 2009-09-23 09:00 pm (UTC)
ext_1650: (Default)
From: [identity profile] turps33.livejournal.com
You're welcome :)
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only
Page generated Jan. 31st, 2026 02:34 am
Powered by Dreamwidth Studios