Log in

No account? Create an account
23 September 2009 @ 09:14 am
LJ Security Breach  
I know a few people on my list use lj-toys.com and it seems there has been a breach of security either there or on LJ's end. You can read everything you need to about it here or under the cut where I copy/posted it.

Via foxfirefey at meta_lj

As far as known at this time, LJ has had a security breach with the embedded content domain lj-toys.com. This breach resets the icon and metadata of your most recent post and sets the security to public, along with inserting malicious Flash content into the body of the post, within minutes of viewing an infected Flash file. Then, other people viewing that Flash content in your entry will also become infected. Because of this, embedding on LJ has been disabled, so there should be no new infections from the LiveJournal site itself. Many people's journals have already been tampered with--however, it only affects your journal, not your computer.

You should check your latest journal entries using this page. Affected entries will contain blocks of embedded Flash at the end. Depending on your LJ usage patterns, you may have more than one recent entry affected. Remove the added code (and reset your metadata, icon and post security if wanted).

Here is an example of the code inserted into posts (with all links redacted; this example linked to a .swf on e1h5.simplecdn.net):

See Example here

Further information will be added to this post as it comes in. It's not reported to be stealing cookies; however, you would not be amiss to expire all your current login sessions and log back in. Content placeholders and the use of Flashblock and NoScript are currently highly recommended--block the lj-toys.com domain (that domain should be okay now). (Other LJ security concerns can also be mitigated with NoScript: Ads shown on LiveJournal can occasionally carry malware. Sometimes spam bot accounts spread malicious links in posts or comments; in some cases, accounts have been hijacked and their entries replaced with a misleading post saying they had moved with a link to malware. You can see a report on LJ's safety at Google Safebrowsing.)

Based on the disassembled code, it appears to also harvest your primary email address.

LJ will update the lj_releases community when they have more information. As far as known at this time, LJ clones such as InsaneJournal and Deadjournal and LJ forks such as Dreamwidth are not affected. This security breach is not related to the recent code release, or the Your Journal - Your Money program.

Feel free to spread this post around to help notify others.

ETA 12:57AM PST: YouTube embedding appears to have been reenabled.
ETA 7:25AM PST: lj_releases post done earlier in the night.
ETA 7:53AM PST: news post with good summary and explanation made earlier this morning
klutzy_girlklutzy_girl on September 23rd, 2009 04:22 pm (UTC)
Thanks for telling me! I was wondering why a video I posted was suddenly not working.
Kelly: Buffy: Spuffy Arkaniumxlivvielockex on September 23rd, 2009 05:04 pm (UTC)
Well, they have re-established YouTube embedding so that is a plus. Hopefully it won't be that long until they get it all contained and re-establish embedding for everything.
(Deleted comment)
Kelly: Buffy: Hungry and Hornyxlivvielockex on September 23rd, 2009 05:04 pm (UTC)
Youtube embedding is back and I assume that once the virus is contained and wiped, they will allow embedding again. I don't see how they can't. I will keep my eye on the various posts and see if we get any new news.