Comments | meta_lj: Urgent security notice: embedded content security breach

foxfirefey in meta_lj

Urgent security notice: embedded content security breach

Sep 23, 2009 00:03

As far as known at this time, LJ has had a security breach with the embedded content domain lj-toys.com (not to be confused with the third party domain, ljtoys.org.uk). This breach resets the icon and metadata of your most recent post and sets the security to public, along with inserting malicious Flash content into the body of the post, within ( Read more... )

breaking news

Comments 63

azurelunatic September 23 2009, 09:30:54 UTC

http://community.livejournal.com/lj_releases/49660.html

karcy September 23 2009, 09:45:57 UTC

Thanks!

raffie79 September 23 2009, 10:32:09 UTC

I looked on my entries, with the edit-link and all, and I can't find it. But I installed "no script" on my firefox and it says it was in my journal, so I blocked it. where could it be if not inside posts? i'd like to delete it...
thanks for the help. [I have to add that I don't see Ads]

afuna September 23 2009, 10:41:54 UTC

If you don't see any sign of it in your entries, then you weren't affected (which is a good thing! *grin*)

ETA: Oh actually, sorry I missed the part where noscript said something was in your journal. Do you know what URL, specifically, it was warning you about?

raffie79 September 23 2009, 11:05:02 UTC

No problem :)
no it doesn't say where it is, just that it's there 'cause it asked me if I wanted to block it. So I did XD I should be okay now since it's blocked, but I wanted to delete it.
Now... I removed an embedded code from youtube.com, who didn't seem affected, and it seems it was there instead, 'cause noscript now doesn't find lj-toys anymore.
so maybe even embedding from youtube is not so safe.. :(
thanks for the help :)

foxfirefey September 23 2009, 15:05:30 UTC

It's okay to unblock lj-toys now--you can read more about what happened in LJ news. Embedding from YouTube is safe and works again.

Thread 5

desh September 23 2009, 11:15:06 UTC

The Manage Logins page only shows one login for me, even though I know I'm logged in on at least three computers plus my mobile phone. Any idea why? And would manually logging out and logging back in on each of those devices help?

afuna September 23 2009, 11:18:32 UTC

The Manage Logins page only remembers logins for a limited length of time; if you have long-standing log-ins, these may not be reflected on that page.

trumpeterofdoom September 23 2009, 12:17:50 UTC

Is there a need to change my primary email address? What if you have the @livejournal.com email forwarding on, or if your email is hidden in your profile? Is there a way to know you're infected?

foxfirefey September 23 2009, 15:02:47 UTC

Nope. If you still have access to your primary email address, you should be fine. (Sometimes people's Hotmail accounts go inactive, which then allows somebody to take over that email account and gain access to your journal through resetting your password if you were using that Hotmail account as an email address on LJ.)

The only infection occurs in entries--if you don't have the weird code put into the bottom of one of your recent LJ entries, you are fine. It doesn't infect your computer.

trumpeterofdoom September 23 2009, 15:06:16 UTC

Ahhhh okay. Thanks for the clarification!