(![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
starrylizard Apr. 24th, 2010 08:09 pm)
starrylizard Apr. 24th, 2010 08:09 pm)(Thanks for the heads up ![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
rinkle; this is copied form her post.)
Noticed that when you mouse over a link it comes up with 'outboundlink.me'? From this post:
"The way it does this is an enormous security risk. What the script does is wait until you mouse over a link. Then, it activates and sends information about that URL to a company called outboundlink.me. This outboundlink site parses the URL the script sent it, compares it to a list of sites that LJ is affiliated with, and decides whether or not the URL needs to be modified. If it does need to be modified, then the site adds/adjusts it accordingly and sends the user on to the newly readjusted URL. If it doesn't need to be modified, then it simply bounces the user without doing anything else.
The problem is that this process involves sending information about these URLs to an outside company as soon as you mouse over the link. Every link you mouse over gets sent. Which means that an enterprising script kiddie with some time on his or her hands could pretty easily intercept the 'GET' requests that the script sends to the outside site, and would know what people linked in f-locked or private entries. Depending on the entry and the URL, the link could have other account information associated with it, which makes scripts like these perfect backdoors if you really want to screw with someone and you know a little code."
How to turn it off, so that it doesn't happen to you (although it will come up on your LJ if other people view and don't turn off this):
Admin console
set opt_exclude_stats 1
Hit 'execute' after.
rinkle; this is copied form her post.)Noticed that when you mouse over a link it comes up with 'outboundlink.me'? From this post:
"The way it does this is an enormous security risk. What the script does is wait until you mouse over a link. Then, it activates and sends information about that URL to a company called outboundlink.me. This outboundlink site parses the URL the script sent it, compares it to a list of sites that LJ is affiliated with, and decides whether or not the URL needs to be modified. If it does need to be modified, then the site adds/adjusts it accordingly and sends the user on to the newly readjusted URL. If it doesn't need to be modified, then it simply bounces the user without doing anything else.
The problem is that this process involves sending information about these URLs to an outside company as soon as you mouse over the link. Every link you mouse over gets sent. Which means that an enterprising script kiddie with some time on his or her hands could pretty easily intercept the 'GET' requests that the script sends to the outside site, and would know what people linked in f-locked or private entries. Depending on the entry and the URL, the link could have other account information associated with it, which makes scripts like these perfect backdoors if you really want to screw with someone and you know a little code."
How to turn it off, so that it doesn't happen to you (although it will come up on your LJ if other people view and don't turn off this):
Admin console
set opt_exclude_stats 1
Hit 'execute' after.
Tags: