Frazzen razzen virus script hack...

(Reply) (Thread)

This cannot steal your password. That is false information. Passwords are not stored by LJ in cookies, only a login / session hash is stored.

Furthermore unless you have an entirely ancient and decrepit version of internet explorer or mozilla / netscape this can't even get your session key. I think he probably uses the "blah" image to simply track the spread of his virus.

(Reply) (Parent) (Thread) (Expand)

ferrett love, are you sure you meant to do that?

(Reply) (Thread)

Yeah. Great. Another one. Thanks.

(Reply) (Thread)

I've already been sucked in once! It will not happen again!

(Reply) (Thread) (Expand)

Yeah, I caught it from you. I don't blame ya, though. Bah!

(Reply) (Parent) (Thread) (Expand)

/trust

(Reply) (Thread)

i retract the my ire,in your direction,..o.0

(Reply) (Parent) (Thread) (Expand)

Do you realize that that is probably another password miner, like the Russian "Who has the longest sausage" thing? You should change your password ASAP.

(Reply) (Thread) (Expand)

Why would someone WANT my LJ password?

(Reply) (Parent) (Thread) (Expand)

Must say I'm not pleased with whoever created that... I already knew to avoid URLS in IRCs... pisses me that now we'll have to start mistrusting links in LJs...

I changed my password and WARNED people in my LJ not to click on such a linked entry...

(Reply) (Thread) (Expand)

Me too. Fucker.

(Reply) (Parent) (Thread) (Expand)

There was a similar meme doing the rounds, a Russian one, yesterday. I checked it out with LJ support and they said it doesn't represent a security risk. You can check out what they said here.

They're still evil fuckers, mind. They should include a warning that it'll post an entry for you.

(Reply) (Thread) (Expand)

Yes, THAT one isn't going to steal your passwords and eat your babies. However! The one that has a username AND password blank.. that one IS evil. Of course, only an idiot would put their password on a meme to start with.

(Reply) (Parent) (Thread) (Expand)

He posted that in the mac community I belong to, which is how it got to me. He also has the most disturbing icon I've ever seen.

(Reply) (Thread) (Expand)

All I can say is, Jay-sus....

(Reply) (Parent) (Thread) (Expand)

Thanks for the info, Ferrett! I did exactly what you advised, too.

(Reply) (Thread)

*worries*

(Reply) (Thread)

Dude, it can't get your password. It's using the cookie on your machine. It's trivial; I could write one in about thirty seconds straight. It's no danger, and just a mild annoyance at it posting stuff to your lj that you then have to delete.

It's not a hack. It's not a crack. It's not even up to skript kiddie level, for gods sakes. Stop fussing, man. Chill.

(Reply) (Thread) (Expand)

Still. You know what I really wanted? LJ Viruses. Where I now have to worry about the links I click on.

What a complete and utter fuckwipe. It doesn't have to be Hi-Tech Shit to make something annoying and an asshole.

(Reply) (Parent) (Thread) (Expand)

I hope this piece of shit, dies a slow death !!! And I think some thing that can make a post in your journal is sorta serious !!!! btw

(Reply) (Thread)

The only way it can make a post in your journal is by using what YOU use to post in your journal. Unless you want post-less journals, not much you can do about it. Sorry.

(Reply) (Parent) (Thread)

Grr...that fuckwit...it makes me so very, very angry that someone would mess with other people like that. I appreciate the warning, Ferret.

(Reply) (Thread) (Expand)

Am i the only one here who thought "'Fucking crackers?' He's against annoying white people now?"

(Reply) (Thread) (Expand)

A "cracker" is what everyone thinks about when they hear the word "hacker". Except for actual hackers, which I think Ferrett is, who instead get frustrated at the incorrect usage that American media has caused.

(Reply) (Parent) (Thread)

I'm sorry to bother you but I'm now really thourougly confused and more than a little worried.

"If you see this in someone's journal, they didn't put it there, and you will be vulnerable if you click it."

If I see what in someone's journal? I feel a bit daft now but I really am hugely confused. What should I not click on?

(Reply) (Thread)

It's the this is interesting link itself that you don't want to click on.

I bit on it in a friend's journal. My initial reaction was more along the lines of 'great--this is one of those practical joke things that gets played on you and then you turn around and play on the next sucker to come along...'....

Now after reading these responses I'm becoming a bit more concerned...

(Reply) (Parent) (Thread) (Expand)

Note that if you go to this persons userinfo page, you'll see that he lists a toll free number for you to call and express your opinion. I even verified that it's the same as the toll free number on his domain record so he's not trying to get someone else's number implicated.

You might also want to direct people to this FAQ that tells them how to expire all sessions which they will likely want to do. This won't take your password (since your password isn't stored in the cookie) but it could do all sorts of interesting things with your journal if it keeps the session id.

If possible, folks also want to choose "Bind to IP Address" when they login as mentioned in this FAQ. This means that if someone manages to keep the session id, they can't use it unless they can spoof your ip address.

Note that I've looked at the code for the current mischief and it doesn't do more than is apparent but that doesn't mean that others won't.

(Reply) (Thread) (Expand)

binding is a great idea - unless you have a dynamic ip (right?)

(Reply) (Parent) (Thread) (Expand)

OK Ferret,

Now is the link you have up on YOUR entry the real deal? or something you simply fabricated to look like the real deal so that your readers will not be infected even if they do bite?

(Reply) (Thread)

The link on this page links back to one of the Ferret's own entries. No worries; the bomb--here at least--has been defused.

(Reply) (Parent) (Thread)

It's not a permanent cure... and the fucktards crackers still go on breathing - but this will save everyone A LOT of undue heartache

TURN OFF JAVASCRIPT!!!

That's how the virus is running - and it's that simple to avoid

this should also be a natural precaution to anyone surfing on any public site - fine, so you won't get to see those cute little roll-overs or super happy fun pop-up windows... but you'll still have your LJ account.

I hope this can be of some help to y'all

(Reply) (Thread) (Expand)

It isn't a virus. It's harmless. No database is made. The passwords aren't being harvested.

(Reply) (Parent) (Thread) (Expand)

I have a friend who downloaded the code and studied it. He says it's harmless.

(Reply) (Thread)

what if you're not able to change your password again?

(Reply) (Thread)

(Reply) (Thread)

(Reply) (Thread)

i cant change my password?

(Reply) (Thread)

NEITHER CAN I..

uh oh.

(Reply) (Parent) (Thread) (Expand)

It's impossible for it to steal your password as explained by my boyfriend.

http://www.livejournal.com/users/coolashell/364234.html?mode=reply

(Reply) (Thread)