Exploit was active on LA Times site for 6 weeks

"The Los Angeles Times has scrubbed its Web site of malicious code that served browser exploits and malware to potentially hundreds of thousands of readers over the past six weeks," reports Brian Krebs. The paper's statement on the matter is a model of how not to handle security clusterfucks.