Security Exploits, ho! aka HTTP, your days are numbered.

[nfotxn]

The Livejournal gnomes are already busy patching the sausage meme that is going around today. Some people are flipping out but essentially all it does is use javascript to exploit the livejournal session cookie from the client side. If you want to play it safe just log out of livejournal and re-type your password every time you update or post a comment. This is a security risk you run by staying logged into Livejournal.

From the sounds of it to post from the web people may have to type a password displayed in a distorted image to prevent abuse like this. Or required that all posts made from the web be previewed. Luckily the XML-RPC isn't effected so modern Livejournal client programs should continue to work uninterrupted.

Comments

[jameth.livejournal.com]

My meme is better. http://home.graffiti.net/turkeyphant/looj/

[nfotxn.livejournal.com]

Yes, I've seen it. I'm sure you think you're very clever.

[jameth.livejournal.com]

Especially when I didn't even make it. SO CLEVER.

[bitterlawngnome.livejournal.com]

I can't imagine this little dildo was a problem after having your head up there.

[zombietruckstop.livejournal.com]

Is this part of that "this is interesting" thing going around? Can you explain what is happening in super simple "I'm a retard" terms cuz I don't get it...

[nfotxn.livejournal.com]

Ok, so you know how you don't need to type in your password every time you do something? This just lets a 3rd party website submit stuff on your behalf without your consent because of that. It's a bit of a security hole but nobody will be stealing your passwords, credit card, babies etc. It will likely be patched within the day.

[33mhz.livejournal.com]

Most people do, but the reason that these have spread so far is that these "viral" posts can be triggered by following an otherwise innocuous-looking link, if the person clicking happens to be logged in at the time.

[susobear.livejournal.com]

Grrrr. I knew it was something wrong when LJ was asking my password... Well... no scripting is safe at all :(
Now if I could only solve a little problem I have with scripting + activex... :(

[backrubbear.livejournal.com]

Unfortunately, if you're using the web client, leaving yourself logged in is the only useful way of being able to access and reply to many posts. You can't even get to some posts if they're friends protected without being logged in.

I was displeased that mozilla didn't have a control for disabling the form.submit method.

[shawnsyms.livejournal.com]

And in the wake of that, now everyone is posting stats on commenters on their journals that you get by running a compiled .exe on your local PC...

I am listening to the Postal Service song "The District Sleeps Alone Tonight" over and over today. It made me think of you since you first turned me on to DNTEL...