starlady: the DW logo in red against a blurred background (dreamwidth)
[personal profile] starlady
There are multiple reports out that LiveJournal's latest code push has created a bug wherein users can, at random, view and edit other users' entries. [site community profile] dw_maintenance has information as to its possible cause.

[personal profile] boundbooks has the actual quote from the first post about this, which was on…Journal Fen.

So, what's all the hub-bub about? Well, as you may have noticed as a Livejournal user, the hover menu on a user's ID has changed significantly and certain browser add-ons like LJ Login no longer work. What you might not know is that there is now a random, but rampant privacy breech on the site. Several users are able to see the f-locked and the private entries of other users/communities even if they are not friended by or they are banned from that particular user/community. Not only that, but several users have been taken to another user's entries when they try edit their own. The same mix-up in redirects goes for the redirect to edit profiles, edit journal information/settings, managing userpics, and even checking your message inbox. To put it simply: certain users have complete access to another user's account.

Whether or not people will exploit this fact remains to be seen and the Livejournal staff has yet to comment on the issue.
There's been no comment from LJ either way; [personal profile] eruthros has links to actual bug reports. People have started reporting that they're no longer getting the bug as of my writing this, but unless LJ says something officially, there'll be no way to know whether it's actually stopped.

As [personal profile] boundbooks says,
I'm really not sure what more can be said in response to a massive privacy breech on LJ as a result of a change not reported to users, while Dreamwidth has reported what is likely that LJ code-change to DW users in a timely manner, in order to explain a minor bug on Dreamwidth.

I'm probably going to discontinue crossposting of everything but translations to my LJ. In the meantime, [site community profile] dw_codesharing has lots of Dreamwidth invite codes.

(no subject)

Date: 2011-10-27 02:58 (UTC)
boundbooks: Zhang Ziyi (flower: white dogwood)
From: [personal profile] boundbooks
I just updated my journal to say that there's another report of the bug that just got posted to the lj-releases (last comment on the page as of my writing of this comment)

So, it seems that it has not been fixed. :(

http://lj-releases.livejournal.com/70891.html?thread=5593835#t5593835

http://boundbooks.dreamwidth.org/100381.html


Nevermind! Checking the person's journal says that they found this bug yesterday http://fallacy-angel.livejournal.com/11657.html#comments

edit - aaaand, still live as of 2011-10-27 04:01 am UTC :(

http://www.journalfen.net/community/unfunnybusiness/324593.html?thread=21136369#t21136369
Edited Date: 2011-10-27 04:53 (UTC)

(no subject)

Date: 2011-10-27 12:19 (UTC)
soukup: fancy monarch wings (monarch)
From: [personal profile] soukup
Thank you for posting about this! If not for you (and ein_myria, who boosted the signal) I would never have known.

Profile

starlady: Raven on a MacBook (Default)
Electra

October 2017

S M T W T F S
1 23 4 567
89101112 1314
15161718192021
22232425262728
293031    

Style Credit

Expand Cut Tags

No cut tags
Powered by Dreamwidth Studios