Ясмин (zolotayakoshka) wrote,


Оригинал взят у markf в CSRF/Phishing attack
There is currently a CSRF designed to mislead you into believing LiveJournal is requesting your username and password, when the data is actually being requested by a third party who is trying to gain access to your account.

The attack will appear as though someone has left you a comment, but an image similar to the following will appear requesting your password:


The domain used, liv i ejournal.com, is not livejournal.com, and you should not enter your password into any popup like this which appears.  The domain used by the attacker could change at any time.

If you have entered your username and password into any popup like this, you should immediately change your password at https://www.livejournal.com/changepassword.bml.

If any content has been deleted from your journal by someone other than you, please submit an abuse request.

Объясняю для тех, кто ничего не понял. В вашей записи может быть оставлен коммент и потом появится такая форма как выше. Если посмотреть внимательно там написано liv i ejournal.com, а не livejournal.com.
Если вы ее заполните то дадите доступ к вашему журналу третьим лицам

Будьте внимательны!

UPD Уже перевели тут.
Tags: жж
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.