diff --git a/app/helpers/sockets_helper.rb b/app/helpers/sockets_helper.rb
index 049c3a17f..eba28dd5f 100644
--- a/app/helpers/sockets_helper.rb
+++ b/app/helpers/sockets_helper.rb
@@ -23,7 +23,7 @@ module SocketsHelper
       action_hash[:photo_hash] = object.thumb_hash
     end
 
-    if object.person.owner_id == uid
+    if object.person && object.person.owner_id == uid
       action_hash[:mine?] = true
     end
 
diff --git a/lib/diaspora/user/receiving.rb b/lib/diaspora/user/receiving.rb
index 5bb5d9bd9..8010b7e96 100644
--- a/lib/diaspora/user/receiving.rb
+++ b/lib/diaspora/user/receiving.rb
@@ -83,6 +83,9 @@ module Diaspora
 
       def receive_retraction retraction, xml
         if retraction.type == 'Person'
+          unless retraction.person.id.to_s == retraction.post_id.to_s
+            raise "#{retraction.diaspora_handle} trying to unfriend #{retraction.post_id} from #{self.id}"
+          end
           Rails.logger.info( "the person id is #{retraction.post_id} the friend found is #{visible_person_by_id(retraction.post_id).inspect}")
           unfriended_by visible_person_by_id(retraction.post_id)
         else
diff --git a/spec/lib/diaspora/parser_spec.rb b/spec/lib/diaspora/parser_spec.rb
index a6a306f03..6ad1da099 100644
--- a/spec/lib/diaspora/parser_spec.rb
+++ b/spec/lib/diaspora/parser_spec.rb
@@ -27,7 +27,7 @@ describe Diaspora::Parser do
 
     it 'should accept retractions' do
       friend_users(user, aspect, user2, aspect2)
-      message = Factory.create(:status_message, :person => user2.person)
+      message = user2.post(:status_message, :message => "cats", :to => aspect2.id)
       retraction = Retraction.for(message)
       xml = retraction.to_diaspora_xml
 
diff --git a/spec/models/user/attack_vectors_spec.rb b/spec/models/user/attack_vectors_spec.rb
index 86dc6c2dd..8ee200dce 100644
--- a/spec/models/user/attack_vectors_spec.rb
+++ b/spec/models/user/attack_vectors_spec.rb
@@ -111,17 +111,29 @@ describe "attack vectors" do
     end
 
     it 'it should not allow you to send retractions for other people' do
-     pending 
       ret = Retraction.new
       ret.post_id = user2.person.id
       ret.diaspora_handle = user3.person.diaspora_handle
       ret.type = user2.person.class.to_s
 
-      #proc{ 
+      proc{ 
         user.receive_salmon(user3.salmon(ret).xml_for(user.person)) 
-      #}.should raise_error /Malicious Post/
+      }.should raise_error /#{user3.diaspora_handle} trying to unfriend #{user2.person.id} from #{user.id}/
     
-     # user.reload.friends.count.should == 2
+      user.reload.friends.count.should == 2
+    end
+
+    it 'it should not allow you to send retractions with xml and salmon handle mismatch' do
+      ret = Retraction.new
+      ret.post_id = user2.person.id
+      ret.diaspora_handle = user2.person.diaspora_handle
+      ret.type = user2.person.class.to_s
+
+      proc{ 
+        user.receive_salmon(user3.salmon(ret).xml_for(user.person)) 
+      }.should raise_error /Malicious Post/
+    
+      user.reload.friends.count.should == 2
     end
   end
 end