26-01-06

blogging community livejournal massively hacked

LiveJournal, an online community that boasts nearly 2 million active members, on Thursday announced sitewide changes for users logging into their accounts -- changes prompted by a hacker group's successful hijacking of potentially hundreds of thousands of user accounts

 

and all it takes was  members said they created hundreds of dummy member accounts featuring Web links that used the Javascript flaws to steal "cookies" (small text files on a Web-browsing computer that can be used to identify the user) from people who clicked on the links. Armed with those cookies, the hackers were then able to either log in as the victim, or arbitrarily post or delete entries on the victim's personal page

 

It is unclear whether LiveJournal has managed to close the security holes that the hackers claim to have used. The company says it has, but the hackers insist there are still at least 16 other similar Javascript flaws on the LiveJournal site that could be used conduct the same attack.

 

http://blogs.washingtonpost.com/securityfix/2006/01/accou...

 

they say others will follow

their philosophy is here

http://lists.grok.org.uk/pipermail/full-disclosure/2005-D...

(it is all your own fault if you become infected)

 

so if javascript has no many mistakes, how many other sites and webservices are based solely on javascript ?

00:12 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.