Security again, LJ vs DW
2009-Sep-25, Friday 16:53![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
LJ-news: Media embedding change - important notice
DW-maintenance: LJ web security exploit
In short, LJ had a "cross site scripting hack" which infected a bunch of people's accounts. Check the LJ news post and verify you're okay if you're on LJ.
However, Dreamwidth wasn't vulnerable.
Yet another reason to Dump LJ in favour of Dreamwidth.
ETA: If you're not running some kind of flash blocker, you probably want to be.
Safari - http://apple.com/safari - http://hoyois.github.com/safariextensions/clicktoplugin/ (Was: http://rentzsch.github.com/clicktoflash/)
Firefox - http://mozilla.com/firefox - http://noscript.net/ or http://flashblock.mozdev.org/
Opera - http://opera.com/ - http://my.opera.com/Lex1/blog/index.dml/tag/Flashblock
Chrome - http://google.com/chrome - http://www.privoxy.org/ (run a local proxy) or switch to one of the above.
Internet Explorer - http://www.microsoft.com/ie - http://www.privoxy.org/ (run a local proxy) or switch to one of the above.
DW-maintenance: LJ web security exploit
In short, LJ had a "cross site scripting hack" which infected a bunch of people's accounts. Check the LJ news post and verify you're okay if you're on LJ.
However, Dreamwidth wasn't vulnerable.
Yet another reason to Dump LJ in favour of Dreamwidth.
ETA: If you're not running some kind of flash blocker, you probably want to be.
Safari - http://apple.com/safari - http://hoyois.github.com/safariextensions/clicktoplugin/ (Was: http://rentzsch.github.com/clicktoflash/)
Firefox - http://mozilla.com/firefox - http://noscript.net/ or http://flashblock.mozdev.org/
Opera - http://opera.com/ - http://my.opera.com/Lex1/blog/index.dml/tag/Flashblock
Chrome - http://google.com/chrome - http://www.privoxy.org/ (run a local proxy) or switch to one of the above.
Internet Explorer - http://www.microsoft.com/ie - http://www.privoxy.org/ (run a local proxy) or switch to one of the above.
(no subject)
Date: 2009-09-25 10:52 (UTC)(no subject)
Date: 2009-09-25 21:47 (UTC)The way around this is that each program should run in a "sandbox" so that it can only interact with the site that it was loaded from. I don't know whether the flash interpreter just doesn't have a sandbox, or doesn't have one that does what is says on the tin.
(no subject)
Date: 2009-09-25 22:35 (UTC)http://shiflett.org/blog/2006/sep/the-dangers-of-cross-domain-ajax-with-flash
(no subject)
Date: 2009-09-28 04:10 (UTC)Hi, BTW. :-) Do I know you from elsewhere, or were you just tracking this issue and found this post?
(no subject)
Date: 2009-09-30 05:56 (UTC)(no subject)
Date: 2009-09-28 03:39 (UTC)I typically open about 60 tabs at once... 40 flash players later (some pages have 2-3, some none), my computer is grinding, and I'm not even looking at a webpage yet.
Excellent!
Re: Excellent!
Date: 2009-09-28 03:36 (UTC)(no subject)
Date: 2009-09-28 01:17 (UTC)