« Microsoft’s real competition: Stormhoek | Main | mysql_real_escape_string() vs addslashes() vs Prepared Statements »

LiveJournal XSS Issues

Heard about the LiveJournal XSS security compromise earlier this evening via Matt:

I’ve been following the Livejournal hack closely because as someone who runs many services that allow user submitted content, any new developments in XSS are very important to stay on top of. So far the only official technical explanation I’ve seen is here on lj_dev. Since we don’t allow template editing or embedded JS or styles on WP.com I can’t think of any vectors for attack, but you never know with these things. More on moz-binding

In the process of their fixes for the XSS cookie capturing issue, they've now enabled users to have username.livejournal.com for all users. Previously free users had to make do with www.livejournal.com/~username/ and www.livejournal.com/users/username/ for their LiveJournal blogs.

Posted by Jacques Marneweck on January 21, 2006 10:28 PM |



TrackBack

TrackBack URL for this entry:
http://www.powertrip.co.za/blog/mt-tb.cgi/498

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)