Public Service Announcement

This is cribbed from a post on Daily KOS. I noticed we've been getting a ton of spam lately that says stuff like "Omg, I can't believe you posted this video! What will your dad say!!" and then it has a what looks like a youtube link but if you hover your mouse over the link you see it goes to some skeevy numbers only address and is not a link to youtube.

Here is the main part of the original post:
*********
There was a malicious diary placed on Daily Kos very early in the morning: people who clicked a link provided by the diarist were directed to a site with a malicious script on it designed to steal your dKos cookies. The "script kiddie" was then able to log in as those users and write comments or diaries under their names, change their signatures, etc.

Note that this isn't a "hacking" attempt. Nope, this was a "script kiddie" using well-known XSS (cross-site scripting) attacks -- the sort of "trojan horse" attacks that have been common to email spammers and virus writers for years -- and which other sites have unfortunately also had to deal with in their own comments. Since it can't perform a malicious action directly, it relies on tricking you into going to some other site where a malicious script can be run, virus uploaded, etc.

There is an absolute defense against such scripts, though: don't click the link. Don't click ANY link leading away from the site unless you are reasonably certain that it goes to a safe place. This counts for URL shortening services, too: if you see a "shortened" link and you don't know where it goes, DO NOT CLICK. This is true of emailed spam and the entire rest of the internet. This script kiddie was only interested in getting Daily Kos logins... many others are criminals seeking to get your banking information or other information they can use for identity theft. NEVER click on a URL in email, on this site, or on any other site unless you can see where it goes at the bottom of your browser window and can determine that it's probably safe.

If you're using firefox and want hardcore protection against scripted attacks, try the noscript plugin. It will prevent scripts from running unless you explicitly allow them on a site-by-site basis. Perhaps folks in comments can suggest similar measures for other browsers.

(Oh, and general internet advice -- no matter where you are, never click anything hosted on php0h.com, which has hosted nearly every one of these "script kiddie" attacks over the last year.)

*******
The noscript plugin for firefox can be found here: http://noscript.net/

And if you are one of those people still using Internet Explorer, consider switching to Firefox.

Public Service Announcement

This is cribbed from a post on Daily KOS. I noticed we've been getting a ton of spam lately that says stuff like "Omg, I can't believe you posted this video! What will your dad say!!" and then it has a what looks like a youtube link but if you hover your mouse over the link you see it goes to some skeevy numbers only address and is not a link to youtube.

Here is the main part of the original post:
*********
There was a malicious diary placed on Daily Kos very early in the morning: people who clicked a link provided by the diarist were directed to a site with a malicious script on it designed to steal your dKos cookies. The "script kiddie" was then able to log in as those users and write comments or diaries under their names, change their signatures, etc.

Note that this isn't a "hacking" attempt. Nope, this was a "script kiddie" using well-known XSS (cross-site scripting) attacks -- the sort of "trojan horse" attacks that have been common to email spammers and virus writers for years -- and which other sites have unfortunately also had to deal with in their own comments. Since it can't perform a malicious action directly, it relies on tricking you into going to some other site where a malicious script can be run, virus uploaded, etc.

There is an absolute defense against such scripts, though: don't click the link. Don't click ANY link leading away from the site unless you are reasonably certain that it goes to a safe place. This counts for URL shortening services, too: if you see a "shortened" link and you don't know where it goes, DO NOT CLICK. This is true of emailed spam and the entire rest of the internet. This script kiddie was only interested in getting Daily Kos logins... many others are criminals seeking to get your banking information or other information they can use for identity theft. NEVER click on a URL in email, on this site, or on any other site unless you can see where it goes at the bottom of your browser window and can determine that it's probably safe.

If you're using firefox and want hardcore protection against scripted attacks, try the noscript plugin. It will prevent scripts from running unless you explicitly allow them on a site-by-site basis. Perhaps folks in comments can suggest similar measures for other browsers.

(Oh, and general internet advice -- no matter where you are, never click anything hosted on php0h.com, which has hosted nearly every one of these "script kiddie" attacks over the last year.)

*******
The noscript plugin for firefox can be found here: http://noscript.net/

And if you are one of those people still using Internet Explorer, consider switching to Firefox.