Q. What happened?
Starting around 05:45 PST on Wednesday 15th June, we started to receive reports of "Journal Exploits" doing the rounds and we began to investigate them.
It quickly became apparent that someone had crafted a link behind the bit.ly URL-shortening service that caused people who visited it to post a journal on deviantART.
The content of the journal was sometimes an insulting message directed towards the journal's owner. Other times, it was a copy of the link itself, making it more likely that more people would see it and click on it, causing the exploit to propagate further.
We quickly deployed a temporary fix that blocked the bit.ly URL at our outgoing link page, to prevent people from clicking on the link if they saw it in someone's journal. While this wasn't a comprehensive fix, it was one that we could deploy within 10 minutes of the matter coming to our attention, while we worked on a full solution.
The simple explanation of the problem being exploited is that the link was crafting a hidden form submit to your journal page. Because it was submitted by your web-browser, it appeared to be you submitting a journal via the normal process, and so would be posted under your name.
This is what's known as a "confused deputy" attack, and we have protection against it as part of our standard suite of security tools. Unfortunately the journal submission process wasn't utilizing it.
Once the problem was diagnosed we added the missing protection to the journal, tested and then deployed it approximately 2 hours after the exploit came to our attention.
We then began the process of cleaning up the journals that were added during the attack.
Q. How many people were affected?
The first journal to have been posted via this exploit appears to have been at 23:50 PST on Tuesday 14th June, some 5 hours before the matter was brought to our attention.
During the 7 hours the exploit was active, just over 2300 journals were posted via it.
Q. Should I change my password? Are my personal details at risk?
You don't need to change your password and your personal details were not exposed in any way.
At no point was your account integrity compromised or your password available to the attacker.
The nature of the vulnerability was strictly limited to being able to prefill a journal form and act as if you had clicked on "submit" within your browser.
ShopDreamUp AI ArtDreamUp
Objective-C deviantART SDK
We're happy to announce the release of version 1.0 of the Objective-C deviantART SDK. This SDK is a simple way to build great experiences using the deviantART API in your Mac or iOS apps.
Overview
The SDK requires iOS7 or OS X 10.9 and provides several classes for you to use and interact with:
DVNTAPIClient - The core of the SDK. This class provides the OAuth2 management along with core network calls.
DVNTAPIRequest - Provides simple wrapper methods around all API deviantART endpoints. If you find any that are missing, feel free to open a pull request to add them.
For the fastest integration, we recommend you use CocoaPods to install the SD
We Give a F*** How the Site Loads
Developers can be angry people sometimes. This is actually quite the understatement and dt (https://www.deviantart.com/dt) is no exception to that assessment. With web development in particular, there are several moments during the day where we are astounded, perplexed, and irritated by why something works the way it does--often over things beyond our control like lack of uniform web standards. Abe Stanway, the creator of Commit Logs from Last Night, actually gives a pretty compelling, and serious, Ignite talk on the functionality of profanity for developers here:
(It has several cool histograms and visualizations of how developers use profanity and which languages it
How deviantART looks like to colorblind users
One in 20 men and one in 200 women have some form of color blindess that prevents them from seeing color the same way that people without any color vision deficiencies do. For example, some 10 million American men — fully 7 percent of the male population — either cannot distinguish red from green, or see red and green differently from most people.
Below are some views of deviantART as seen by colorblind visitors. Click the images to view them in full size.
Tritanopia
:bigthumb564209613793529:
Deuteranopia
:bigthumb3265201673023403:
Here's a few other pages as seen by those with Deuteranopia, the more common variation of color
#DT and LOGR
It's Friday evening and after a long day, you check the code you were working on into git, have the commit reviewed, accepted, merged, and sync it live. All seems right with the world. You let out a sigh of relief, back your chair away from your desk, and walk away in a satisfied mist of ease. In fact, you're excited because you're going to a concert with your friends tonight.
But then, twenty minutes after you leave, it begins. Errors. Fatal errors. And you're not around to know. So what happens?
In dt (https://www.deviantart.com/dt), we look out for one another. One of the ways we manage to do this is through an error logging service we've built called Logr. If you
Featured in Groups
© 2011 - 2024 dt
Comments146
Join the community to add your comment. Already a deviant? Log In