pseudomonas (![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
pseudomonas) wrote2010-07-22 04:57 pm
pseudomonas) wrote2010-07-22 04:57 pm
Repeated PSA - LJ/DW
As I said here - if you give OpenID access to a LiveJournal account which has been deleted, suspended, or (has fewer than two posts and has been inactive for >24 months) then whoever buys the account name will have access to your locked posts. A technically-minded attacker can easily tell which account names they should be buying.
The only solution is to withdraw OpenID access from such accounts. Feel free to link to my original post.
ETA: LJ has taken the interim step of disabling OpenID for resold names. This fixes the problem for as long as they maintain this policy.
The only solution is to withdraw OpenID access from such accounts. Feel free to link to my original post.
ETA: LJ has taken the interim step of disabling OpenID for resold names. This fixes the problem for as long as they maintain this policy.