Log In

Home
    - Create Journal
    - Update
    - Download

LiveJournal
    - News
    - Paid Accounts
    - Contributors

Customize
    - Customize Journal
    - Create Style
    - Edit Style

Find Users
    - Random!
    - By Region
    - By Interest
    - Search

Edit ...
    - Personal Info &
      Settings
    - Your Friends
    - Old Entries
    - Your Pictures
    - Your Password

Developer Area

Need Help?
    - Lost Password?
    - Freq. Asked
      Questions
    - Support Area



vanya_elda ([info]vanya_elda) wrote in [info]unfunnybusiness,
@ 2011-10-26 12:49:00
Previous Entry  Add to memories!  Tell a Friend!  Next Entry
Current mood:Fan-Fucking-tastic

New Livejournal release is the cause of massive user privacy breech
Are you a still a Livejournal user? Well, son, better hold onto your butt.

Yesterday morning, Livejournal announced that it had implemented release 86, which supposedly "fixed" and "improved" several features of the site. A little over 24 hours later, the complaints on the release post are still rolling in (around 800 comments worth at the time of this posting) concerning issues with the release. In fact, several users are encouraging others to contact the Better Business Bureau and find another journaling site to use. Now, this is the normal reaction to any given new Livejournal release, but this time, as Raylan Givens would say, it's justified.

So, what's all the hub-bub about? Well, as you may have noticed as a Livejournal user, the hover menu on a user's ID has changed significantly and certain browser add-ons like LJ Login no longer work. What you might not know is that there is now a random, but rampant privacy breech on the site. Several users are able to see the f-locked and the private entries of other users/communities even if they are not friended by or they are banned from that particular user/community. Not only that, but several users have been taken to another user's entries when they try edit their own. The same mix-up in redirects goes for the redirect to edit profiles, edit journal information/settings, managing userpics, and even checking your message inbox. To put it simply: certain users have complete access to another user's account.

Whether or not people will exploit this fact remains to be seen and the Livejournal staff has yet to comment on the issue.


(Post a new comment)


[info]annathepiper
2011-10-26 06:49 pm UTC (link)
The announcement link is broken, it's missing a colon from the URL. Here you go: http://lj-releases.livejournal.com/70891.html

(Reply to this)(Thread)

(no subject) - [info]vanya_elda, 2011-10-26 06:52 pm UTC
(no subject) - [info]annathepiper, 2011-10-26 06:53 pm UTC

[info]the__ivorytower
2011-10-26 07:05 pm UTC (link)
Is this why I tried to edit entries and got russian?

(Reply to this)(Thread)

(no subject) - [info]vanya_elda, 2011-10-26 07:08 pm UTC

[info]pantyless_angel
2011-10-26 07:32 pm UTC (link)
Well I suppose this explains why I was randomly logged out when I got on yesterday morning... That the ever loving fuck LJ?

(Reply to this)(Thread)

(no subject) - [info]rosehiptea, 2011-10-26 07:53 pm UTC
(no subject) - [info]agent_hyatt, 2011-10-26 11:54 pm UTC

[info]marmaladecat
2011-10-26 07:57 pm UTC (link)
I don't even really know what to say to this, because it's absolutely the worst thing, bar "All entries now public" that could happen. I mean, even complete data loss would be preferable to absolute strangers having access to view and edit the private entries of random journals.

I really do hope this is only restricted to the three or so people I saw commenting to say they had extra access, rather than, I don't know, a one in four chance or whatever. For what it's worth, I've just spent an hour compiling a newsletter, clicking around and editing links and not been given access to anything I shouldn't have access to.

Anyone else found themselves somewhere they shouldn't be?

(Reply to this)(Thread)

(no subject) - [info]vanya_elda, 2011-10-26 08:00 pm UTC
(no subject) - [info]marmaladecat, 2011-10-26 08:07 pm UTC
(no subject) - [info]vanya_elda, 2011-10-26 08:16 pm UTC

[info]sullensiren
2011-10-26 08:19 pm UTC (link)
I was just posting about this. I logged in to my journal, clicked to edit, and then was in someone else's journal entries, and able to see all of their LOCKED entries. It took me a minute to realize, and then I logged right the hell out and back in, and reported it to support. I didn't have the reset to Russian that a lot of people seem to be reporting though.

(Reply to this)(Thread)

(no subject) - [info]vanya_elda, 2011-10-26 08:40 pm UTC
(no subject) - [info]sullensiren, 2011-10-26 08:43 pm UTC

[info]herongale
2011-10-26 08:27 pm UTC (link)
Well, considering that it's obviously a bug, I'm sure LJ will fix it post haste. I'd be angry if I thought it was intentional, but this doesn't seem like that?

(Reply to this)(Thread)

(no subject) - [info]vanya_elda, 2011-10-26 08:39 pm UTC
(no subject) - [info]octavia, 2011-10-26 09:22 pm UTC
The fatality of petty annoyance - [info]frequentmouse, 2011-10-28 06:20 pm UTC

[info]yoritomo_reiko
2011-10-26 09:20 pm UTC (link)
Something secondary and what they knew would happen is that they've fubared LJ Login and LJ Juggler as well. And last I saw, they hadn't let the coders of either know what change had been made so that they could work around it.

(Reply to this)(Thread)

(no subject) - [info]octavia, 2011-10-26 09:24 pm UTC
(no subject) - [info]yoritomo_reiko, 2011-10-26 09:37 pm UTC
(no subject) - [info]vanya_elda, 2011-10-26 09:42 pm UTC
(no subject) - [info]yoritomo_reiko, 2011-10-26 09:45 pm UTC

[info]annathepiper
2011-10-26 09:45 pm UTC (link)
I'm not seeing any of the reported issues on my own journal. Don't know if this is because I'm a paid user, or if it's affecting only some server clusters, or what.

Spreading the word, though, via my other channels of communication.

(Reply to this)

OBLIGATORY DREAMWIDTH CODE THREAD
[info]anarchicq
2011-10-26 09:58 pm UTC (link)
Heh, Dreamwidth just gave me an invite code.
Whoever wants it may take it.
Z9QD5XMX2MKCNAAAS9A6

(Reply to this)(Thread)

Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]anarchicq, 2011-10-26 10:02 pm UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]cesare, 2011-10-26 10:07 pm UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]j_crew_guy, 2011-10-26 10:31 pm UTC
I have, like, thirty codes. - [info]catslash, 2011-10-26 11:38 pm UTC
Re: I have, like, thirty codes. - [info]randombastary, 2011-10-27 02:48 am UTC
Re: I have, like, thirty codes. - [info]rushikayu13, 2011-10-27 05:52 pm UTC
Re: I have, like, thirty codes. - [info]catslash, 2011-10-27 06:01 pm UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]risha, 2011-10-26 11:49 pm UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]rosehiptea, 2011-10-27 12:26 am UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]sidewinder, 2011-10-27 01:41 am UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]vivien529, 2011-10-27 01:45 am UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]birdzilla, 2011-10-27 02:21 am UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]altera, 2011-10-27 03:19 am UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]altera, 2011-10-27 04:03 am UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]finchbird, 2011-10-27 05:56 am UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]altera, 2011-10-29 12:13 am UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]suthunfox, 2011-10-27 03:34 am UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]supersyncspaz7, 2011-10-27 04:02 am UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]littlemousling, 2011-10-27 04:05 am UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]amaresu, 2011-10-27 07:59 am UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]poisonyoulove, 2011-10-27 08:00 am UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]ladyvyola, 2011-10-27 11:05 pm UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]anarchicq, 2011-10-27 11:44 pm UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]ninwhore, 2011-10-28 03:02 am UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]evilsqueakers, 2011-10-29 08:38 am UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]librarianmouse, 2011-10-30 08:12 pm UTC
Re: OBLIGATORY DREAMWIDTH CODE THREAD - [info]evilsqueakers, 2011-10-30 08:30 pm UTC

[info]kittydesade
2011-10-26 10:55 pm UTC (link)
Took me a second to remember the password to this site, I so rarely use it.

And at this point I'm almost praying for a DDoS attack to shut everything down so they can roll back/fix it. Except, you know, a DDoS attack would probably mean that they couldn't, but who needs logic when all you have is the ability to froth in rage.

(Reply to this)(Thread)

(no subject) - [info]risha, 2011-10-26 11:32 pm UTC
(no subject) - [info]yoritomo_reiko, 2011-10-26 11:49 pm UTC
(no subject) - [info]risha, 2011-10-26 11:51 pm UTC
Reposted for HTML issue
[info]bemysty
2011-10-27 01:58 am UTC (link)
...I have noticed absolutely nothing of this, and so has my flist, as far as I can tell. I haven't been logged out without logging myself out, and while I've edited galleries, pictures and entries over the last couple of days, I've never ended up somewhere I shouldn't have. I've posted to my regular journal and a community and similarly no issues.

The only thing I've noticed is that the update window shows me a different font for the text I type, but that doesn't interfere with anything I do on LJ, so I kinda put it out of my mind.

(for the record, PA on Porterhouse. You can check your server cluster here)

(Reply to this)(Thread)

Re: Reposted for HTML issue - [info]thoms, 2011-10-27 04:12 pm UTC
Re: Reposted for HTML issue - [info]evilsqueakers, 2011-10-27 08:06 pm UTC
Re: Reposted for HTML issue - [info]mirhanda, 2011-10-27 04:21 pm UTC

[info]annathepiper
2011-10-27 03:37 am UTC (link)
Note to all with spare DW codes: if you don't get rid of them here, try the DW codesharing community. I was able to shuck all of my excess codes pretty quickly there.

(Reply to this)


[info]dapperdinosaur
2011-10-27 04:01 am UTC (link)
I just logged into LJ and ended up looking at some random Russian journal entries.

(Reply to this)


[info]tez
2011-10-27 05:57 am UTC (link)
Welp. This would explain the random logout I just got not all that long ago.

(Reply to this)(Thread)

(no subject) - [info]kedase_derragar, 2011-10-27 09:46 am UTC

[info]sullensiren
2011-10-27 11:18 am UTC (link)
Posting again to say I tried to put together a start for a link round up here.

And eruthros @ dw has more up too, here

(Reply to this)


[info]chienne
2011-10-27 04:38 pm UTC (link)
I was wondering why LJLogin wasn't working. Stupid LJ.

(Reply to this)


[info]telegramsam
2011-10-27 07:17 pm UTC (link)
livejournal's been going downhill since the 6apart sale, and been going downhill at warp-speed since the Russian company bought it.

I really don't know how they've managed to keep their user base this long. I'd have ditched my journal ages ago if I didn't still read my flist. My LJ is just a crosspost-mirror of my dreamwidth these days anyway.

(Reply to this)(Thread)

(no subject) - [info]seiberwing, 2011-10-28 06:35 pm UTC

[info]marmaladecat
2011-10-27 08:25 pm UTC (link)
http://lj-maintenance.livejournal.com/131843.html

Window of ability to access other's journals was apparently only 3 minutes.

It's not really a security issue.

Well. That's okay then.

[I assume what they meant was that no passwords were given out or similar. The fact remains it's a security breach in that others could see private info.]

(Reply to this)(Thread)

(no subject) - [info]northen_light36, 2011-10-27 08:42 pm UTC
(no subject) - [info]marmaladecat, 2011-10-27 09:26 pm UTC
(no subject) - [info]northen_light36, 2011-10-27 09:31 pm UTC
(no subject) - [info]evilsqueakers, 2011-10-29 08:22 am UTC

[info]vitalitat
2011-10-28 05:54 pm UTC (link)
http://lj-maintenance.livejournal.com/131843.html

It's one thing to fuck up and own up to it and try to legitimately fix it, it's another to ignore the reality of a situation, which is what is happening here. I know this has happened in the past, I was logged in as someone else about a year ago and put in a support ticket and never got a response. The fact that this still happens proves that no one really cares about this site at all anymore.

It's not as easy as it sounds to just roll back and undo a release/updates/changes, it's not how it works. It's really astounding that an error(s) of this magnitude slipped by and ignored in the coding and/or testing process (and probably, since it's been an issue in the past, has been ignored for so long). Their testers seem to be the worst around.

(Reply to this)


[info]acrimonious
2011-10-30 11:31 am UTC (link)
They claimed it was a three-minute window, but reports were still rolling in fourteen hours ago.

(Reply to this)


[info]marywatt
2012-01-05 09:33 am UTC (link)
Cleanness is not an abstract notion. When something is clean, it has no grime, no stains on and smells fresh. Anything else can be regarded as dirty. Your home is dirty when it hasn’t been cleaned for weeks and months. Some deep cleaning and carpet cleaning is all that you should do now. Rely on garden clearance London to make your yard a dream garden.

(Reply to this)


[info]jenifer
2012-01-31 08:10 am UTC (link)
cleaners Brunswick | cleaners Cranbourne | cleaners Frankston

Great post !
As most of you have probably heard, green cleaning became very popular in the past few years. You can make most of your cleaning products from your household products. They are eco-friendly, they do not have any chemicals and last but not least they are much cheaper. So why not make it easier and healthier for us and our family?

(Reply to this)

New Livejournal release is the cause of massive user privacy breec
[info]harvriddle
2012-02-07 01:22 pm UTC (link)
St. Valentine's Day is approaching. Most people will spend it in the old-fashioned way - romantic dinner, candles, maybe a movie. However, not many people can afford a romantic dinner in a restaurant. The solution is to create a romantic sensation in your own home. Cleaners Aldgate recommend you to clean it first. This way it will smell clean and fresh. Then you can add some scent by boiling cinnamon or placing small bowls full of water and a few drops of a favourite essential oil. If you do not have the time to clean, then just give a call to cleaners Camden Town.

(Reply to this)

New Livejournal release is the cause of massive user privacy breech
[info]harvriddle
2012-02-16 01:14 pm UTC (link)
Home cleaning is a tricky process that every housewife has to face with. A woman’s home is her business card and tells much about her. Besides calling professional cleaners Aldgate to do the job, you can keep your home perfectly maintained without wasting your time in useless rubbing and scrubbing. All you need is the right products and the knowledge to use them. So, you can call professional cleaners Camden Town and get what you need.

(Reply to this)

New Livejournal release is the cause of massive user privacy breech
[info]harvriddle
2012-02-21 04:47 pm UTC (link)
The importance of living in a clean and healthy environment is getting more valuable as the planet gets dirtier. You have to clean your home regularly in order to avoid different diseases and allergies. Home cleaning is really important nowadays but many cannot afford the time to do it regularly. That is why cleaners Canning Town offer their reliable services on reasonable prices. You home will be perfectly cleaned and disinfected so you can enjoy a healthy environment. Regards, cleaners Canonbury.

(Reply to this)

  
   
Privacy Policy - COPPA
Legal Disclaimer - Site Map