LJ web security exploit
Sep. 23rd, 2009 09:18 am![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png)
If you use LiveJournal, you're probably aware of an exploit involving cross site Flash that was propagated over there for a little while last night (LJ news post). They've since taken steps to mitigate the issue, and are working on a permanent fix as we speak.
Some people have contacted me about Dreamwidth; this is something I should have posted about last night. We investigated both the source code of the exploit (Flash is easy to decompile) as well as the attack vector (how the exploit code works) and determined that Dreamwidth is not currently vulnerable to this attack.
I apologize for not posting about this last night. We investigated and made the determination that Dreamwidth was safe, but didn't mention it anywhere.
Some people have contacted me about Dreamwidth; this is something I should have posted about last night. We investigated both the source code of the exploit (Flash is easy to decompile) as well as the attack vector (how the exploit code works) and determined that Dreamwidth is not currently vulnerable to this attack.
I apologize for not posting about this last night. We investigated and made the determination that Dreamwidth was safe, but didn't mention it anywhere.