|
News
Welcome to LiveJournal news. If you crave more frequent and detailed news, check out the following journals:
 comm_news
|
Weekly meta-summary of everything!
|
|
news
|
Infrequent, basic, overall news. (this page)
|
|
lj_maintenance
|
Server status and planned downtime annoucements.
|
|
changelog
|
Every little change, as it happens.
|
|
lj_dev
|
LiveJournal technical development & planning
|
|
lj_biz
|
LiveJournal business/marketing development & planning
|
[ << Previous 5 ]
Password security
Saturday, Jul 20th, 2002 -- 10:05 pm
bradfitz |
In the past week or so, the number of stolen accounts has been on the rise. The reason is that there are a number of "brute force" programs out there now to sit around for hours, trying to guess an account's password.
So, what did we do to combat it? Three things:
1) We finished our rate-limiting framework and applied it towards failed logins. A brute force program is now severely limited in how fast it can try and guess your password. (Further, we can now see attacks happening in real-time and notify the ISP)
2) We implemented password quality checks throughout the site. When you login, you're now told if your password is easily guessable and tells you to go change it. Also, you can't change your password to something weak, and you can't create a new account with a weak password. We analyzed all the existing passwords, and a pathetic number are trivially brute-forceable. If you see the warning text, please, go change your password.
3) If your account is "hacked" in the future, or already has been, you can delete the hacker's email address, mail the changed password to your old one, and change your password. The trick to this was that there was never a tool for you to delete the hacker's password in the past. There is now: /tools/emailmanage.bml Best, it doesn't let the hacker delete your old email address.
We'll continue to work on improving security. In the meantime, however, don't use "password" for your password. Thanks. :)
|
Find a friend...
Wednesday, Jul 17th, 2002 -- 12:32 pm
bradfitz |
If you have a paid account, you can now find friends who are popular with your friends, but who you do not list yourself:
http://www.livejournal.com/friends/popwithfriends.bml
Props to ellenlouise and evan for the idea, even though they'll probably both give me crap about not using 'whom' a couple times in that first sentence.
Update: Heh, I messed up.... I had my userid hardcoded in there from testing instead of using the $remote user's userid. Try again! :)
|
LiveJournal Singles
Sunday, Jul 14th, 2002 -- 8:48 pm
bradfitz |
Let the romancin' begin...
http://www.livejournal.com/singles/
Update: There seems to be a lot of concern that this is evil, and it well might be. :) But... it's entirely opt-in evil, so don't worry. Just don't use it and all is well.
|
LiveJournal as RSS/Syndication Aggregator
Monday, Jul 8th, 2002 -- 4:27 pm
Email Scam Alert
Saturday, Jul 6th, 2002 -- 2:02 am
jproulx |
There seems to be a new email scam targeting LiveJournal users, effectively asking them for their login information by visiting a URL that almost matches "livejournal.com". If you receive this email or any others bearing a similar resemblence, please disregard it entirely, and certainly do not click on the link provided. We do not delete accounts for simple inactivity.
Dear LiveJournal user,
We have recently noticed that you haven't updated your LiveJournal in
awhile. If you would like to keep your LiveJournal account, you must sign in
within the next 24 hours.
You may sign in at: { link removed }
Failure to sign in within the next 24 hours will result in account
termination.
If at all possible, please spread the word about ignoring this scam to other users that may not see this news post.
|
[ << Previous 5 ]
|
