LiveNetLive privacy fail *updated*
I’ve encountered LiveNetLive a few times, it’s a service that runs on top of your website and creates a live community chat. Never had any problems with it, until yesterday, when I tried posting a comment on some blog.
Seems like LNL steals focus upon loading, which may happen a few seconds after you’ve already started writing a form. Needless to say that this is annoying at least.
But today, I’ve seen the problem in all of its glory. I’ve tried logging in to VideoLectures.net, I focused the username input, entered my username, tabbed to password input, entered password, pressed Enter, and only then realised that it stole the focus just before I typed the first letter of the password. My full password then went public to at least 8 people that were reportedly visiting the same page. What good is strong password hashing, XSS and session protection and whatnot, when you have a feature like this?
Needless to say I’ve changed my password immediately.
Update: I’ve contacted them and they replied promptly that this problematic auto-focus will be fixed soon.