RE: FanFiction.Net -- Javascript trojan
10-30-2018, 05:53 PM (This post was last modified: 10-30-2018, 05:54 PM by Shepherd.)
10-30-2018, 05:53 PM (This post was last modified: 10-30-2018, 05:54 PM by Shepherd.)
According to their Twitter feed (https://twitter.com/FICTIONPRESS):
Oct. 24 - We are currently working to prevent the mix of automated bots and social engineering to exploits a security hole which may allow user to self trigger an account modification without visual consent. We will update frequently as the fix is continuing to be applied.
Oct. 24 - We have plugged the current known attack vector which combined csrf attacks with a html injection bug within the user profile page when access via a web browser. App users are not effected. A security review of the entire system is underway.
Does this mean they've patched the problem?
Oct. 24 - We are currently working to prevent the mix of automated bots and social engineering to exploits a security hole which may allow user to self trigger an account modification without visual consent. We will update frequently as the fix is continuing to be applied.
Oct. 24 - We have plugged the current known attack vector which combined csrf attacks with a html injection bug within the user profile page when access via a web browser. App users are not effected. A security review of the entire system is underway.
Does this mean they've patched the problem?
“I really hope I’m behind this convoluted mess; at least that way I’ll be able to get revenge by doing this to myself. I won’t even have to feel bad because it’ll be all my fault.” - Harry Potter, The Master of Death by Ryuugi.