sushiinthecan asks: So, is there anything we can do to avoid this? Or at least know if what we are about to reblog is infected?
» SFB says: Yes — the key thing is to check your browser to make sure there’s nothing rogue on it (say, extensions you didn’t install) and to be sure everything is updated to the latest version, and as far as reblogging stuff, click on the “HTML” tag in the posting interface to view the source code. If there is something there that shouldn’t be — it’d look similar to the top image on our last post, particularly the top line — delete it. It appears to be a browser hijack rather than a theme hijack, as it adds the code to the bottom of posts, but users can spread the offending code on their own Tumblrs unwittingly. It looks like the code adds ad links to affected Tumblrs. — Ernie @ SFB
» Wait, what about YouPorn?: See, YouPorn, one of the most popular sites on the Internet that nobody ever talks about going to, is the most-notable user of this particular hack, which scrapes your history using Javascript to see if you’re going to other sites, and even hijacks it. And don’t think because you don’t watch porn that you’re not getting traced – news sites, sports sites and many other safe-for-work sites also use the scary technique. (Update: In an earlier version, we linked to a site which appears to have been down much of the day. Sorry ‘bout that.)
Copyright 2009-2013 Ernie Smith • Ask us stuff! • E-mail us • Follow us on Twitter • Follow us on Facebook
