File not found on this server.

I got a virus, you got a virus.

That's a fake page. QUickly, change your password.

I've got NoScripts, I should be fine.

Hm, looks like it did get me, somehow. What the fuck? I changed my password anyways...wondering how this managed to get through my NoScript / AdBlock.

Pretty sure it's just an AJax post. :/

Yeah, someone else said it was an XSS or something like that, just grabbing your password and running a script.

Thank you very much for the warning.

Just curious, does this attack require the victim to click the link in question? Or is it one of those attacks were simply viewing the offending post is enough to do the damage?

You need to click the link.

My first guess is that this is pretty much something  Eevee has warned about-- FA has tons of vulnerabilities due to bad coding.

What I'm pretty sure is going on:
the page contains some code that submits a journal consisting of the same text to your FA.
What FA Needs to do: Require that a unique code to be submitted for each FA action, that varies each time you're logged in. Ergo, a journal can't be posted unless it uses that code. :/

WRONG VEE.  lexyeevee That vee.

What FA Needs to do:

>Implying FA does anything about security

Sad, but true.

Though with security-discussing people like Pi and Eevee becoming grumpy and cynical, it's hard to listen to their valid complaints. They all seem like they need to pull sticks out of their asses when discussing this stuff.

What FA Needs to do: Require that a unique code to be submitted for each FA action, that varies each time you're logged in. Ergo, a journal can't be posted unless it uses that code. :/

Whoooaaa now, baby steps, man. Let's start with: "caring enough about their users' security that they actually feel an obligation to improve it".

Lol.

Thanks very much, again, for the clarification!

This sounds very similar to the comment deletion/watcher addition cross-site forgery issue that was POC'd many months ago.

Wait. Scratch that. It doesn't sound similar to it, it sounds exactly like it.

Yeap, spot on, Pandemic. :>

Same thing just happened at DA recently.

Good thing I just ignore DA journals in the first place.

I saw a journal that reminded me of those spam emails you get that do the same thing as this and ignored it. Later I see more and more and then warnings about it.

Kinda like here.

WOMAN: Peter, don't! They say if you click that link, you die.
PETER GRIFFIN: "Aah, that's a lotta baloney."
WEIRD AL (on TV): Virus alert! Delete immediately before someone get hurt!...
PETER: *die*

NOTE: There isn't a Weird Al video in the real link. There's a virus.