azurelunatic: Ryoko's gloved hand dripping with her own blood. (bleeding)
Azure Jane Lunatic (Azz) 🌺 ([personal profile] azurelunatic) wrote2011-10-27 07:07 am
  • Add Memory
  • Share This Entry
Entry tags:

D:

I've been hearing some really disturbing shit about unfunny login(?)/security-type issues at LJ.

I don't think anything I could say would be in the least helpful, except that if you saw stuff that you don't think you ought to have seen, please, report it to Support.

Other people have been reporting that when they leave support requests they are moved private; moving to private was standard practice for security/sensitive/needs-staff/senior support requests when I was in Support, and I see no reason for this to have changed in that time. (Private support categories are standard for that sort of stuff at Dreamwidth too.)

DDDDDDDDDDDDDD:
Flat | Top-Level Comments Only
arkeiryn: (Socks)

[personal profile] arkeiryn 2011-10-27 06:20 pm (UTC)(link)
Um. Well, fuck?

I'm not sure what to do with this information. But my initial instinct is to delete my entire LJ...
geekosaur: cat on car, face distorted by closeup as it pokes nose into camera lens; caption "I AM The Security System" (security)

[personal profile] geekosaur 2011-10-28 01:35 pm (UTC)(link)
I would like to point out, for the benefit of those who aren't used to working with security issues, that it is customary to not publish them publicly during discovery (and often until fixed) because it would be pretty much handing out free "hack me!" advice. Having knowledge that there's a problem out there is bad enough; providing what might be hints on how to exploit it is really not so smart. (Especially since someone might immediately test it on the reporter's journal. Reporting a discovered potential security issue really shouldn't involve hanging a kick-me sign on one's back.)
azurelunatic: Warning sign: "If there's a huge fuck-up call Todd"; (huge fuck-up)

[personal profile] azurelunatic 2011-10-28 02:13 pm (UTC)(link)
*nodding from the choir section*

I maintain a security-issue "phone tree", of the people who need to know about LJ/DW-related problems that I have discovered or learned of, if the cat is still in the bag. It generally involves [staff profile] denise (or [personal profile] fu or [staff profile] mark, or someone from ToS), and often enough Kat (go go team Support) and possibly Trixie or Carrie(if it involves LJ).

If the cat is out of the bag, all bets are off.
Flat | Top-Level Comments Only