Well, I wasn't going to say anything.
But now that it's 'out' and growingly topical in the geek community, why should Xangans be the last to know?
We were annoyed by the holiday troll-botting that baited us with racist/sexist comments. But apparently, some or all of that botting was also engineered to successfully deliver a distributed denial of service attack (DDos) to Slashdot.com over the holidays.
And apparently that was just a 'proof of concept'. Meaning to the devious: "Attention all K-Mart hackers: this way to the Xanga door and key aisle."
There's also a 'full disclosure' available on the internet that provides a code to steal xanga cookies (passwords) and suggests that the exploits described above can be employed to harvest thousands of our passwords per hour.
My advice (while we wait for Xanga to secure its code and processes): if you get hit up by what appears to be random hate/racist/sexist comments (even just one) and you want to check out the offending source xanga blog (a totally natural response on your part), either a) log out of your xanga account and visit the site looking like a non-xangan, or b) subscribe to a relatively inexpensive anonymizer service like megaproxy.com and do your blogging under the cloak of stealth.
(btw, I hate writing these kinds of posts. It's too much like the work I do as an information security specialist.)
Recent Comments