![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
bryantI'm not clicking on any links in LiveJournal entries until they fix the security hole. Recommend you don't either. Long story short, it's immensely easy to set up a page which, when you view it, will post something to your journal. That something can include a link to a page which, when you view it -- well, you get the idea.
I don't see any password theft vulnerabilities but I haven't really put too much effort into thinking about it, so I could be wrong.
I also have no idea how this gets fixed.
Sigh.
I don't see any password theft vulnerabilities but I haven't really put too much effort into thinking about it, so I could be wrong.
I also have no idea how this gets fixed.
Sigh.
no subject
Date: 2004-06-12 04:43 pm (UTC)At any rate, yeah, the random auth key is a good solution, although it would be nice if they made it so you could have more than one key checked out at once - I often have 3 or 4 "post a comment" tabs open at the same time.