Account Hijackings Force LiveJournal Changes

["Fergie" <fergdawg () netzero net>]

Anyone else heard any additional deatils on this one?

Brian Krebs:

[snip]

LiveJournal, an online community that boasts nearly 2 million active members, on Thursday announced sitewide changes 
for users logging into their accounts -- changes prompted by a hacker group's successful hijacking of potentially 
hundreds of thousands of user accounts.

In an alert posted to its user forum, LiveJournal said it was instituting new login procedures for users because 
"recent changes to a popular browser have enabled malicious users to potentially gain control of your account." Company 
officials could not be immediately reached for comment. I also put in a query to Six Apart, which owns LiveJournal (and 
the service we use to produce this blog), but have yet to hear from them either.

An established hacker group known as "Bantown" (I would not recommend visiting their site at work) claimed 
responsibility for the break-in, which it said was made possible due to a series of Javascript security flaws in the 
LiveJournal site.

[snip]

More here:
http://blogs.washingtonpost.com/securityfix/2006/01/account_hijacki.html

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.