Google to sort out YouTube hole exploited by hackers

5 July 2010

youtube-logoApparently, YouTube has been blighted by fake pop-up messages which redirect browsers to mucky websites. I haven't seen any. That's because I don't click pop-ups. That's because I'm not a spectacular dunce.

Anyway, because the world has many dithering idiots, YouTube are having to fix this flaw which has allowed hackers to do such a thing.

What happened was, hackers put some code in the comments in specific videos and naturally, these would run whilst you watched a clip. It isn't entirely humourless though. One such pop-up appeared reporting that warbling foetus Justin Beiber had been killed in a car crash.

Google (who owns the YouTube, should you be unaware of this fact) said that it had fixed the problem "about two hours" after it was discovered.

"We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com," a spokesperson said. "Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours.

In this instance, hackers used a bit of JavaScript code and did some HTML tinkering to horse around with the videos. Despite the fact that most people were pissing around with videos for daft, pranky reasons, some expert types noted that it was being used for more malicious purposes.

"The thing with a cross-site scripting attack is that it will appear that it is a message being posted by that website, which gives it a certain legitimacy, Graham Cluely of security firm Sophos told BBC News. "It could be used to show a message that tells you to update your password; it could link to a malicious website; or it could attempt to phish you."

Google said it was "continuing to study the vulnerability to help prevent similar issues in the future".

[BBC]

TOPICS:   Technology   Privacy   Best Of Youtube

11 comments

  • Matt
    You are a knob if you click this.
  • Matt
    Damn, my html code was removed from that post :-( . Bitterwallet 1 : You Tube 0.
  • Stewie G.
    Matt, minus 1
  • ClickForSmuttySite
    Hey, does this work? Click on my name... Cheers!
  • Rhinestone
    I blame eBaums
  • shadow
    function expandCreative(d) { document.getElementById(d).style.height = "240px"; // expanded height } function collapseCreative(d) { document.getElementById(d).style.height = "90px"; // normal height } http://www.adspeed.com/swf/expandable-ad-300x250.swf?clickTAG=http://gay.com
  • Spark
    There's a campaign by 4chan at the moment to send that Justin Beiber guy on a tour of North Korea. I think they were the ones responsible for this as well.
  • Yue
    Yeah, here. http://news.bbc.co.uk/1/hi/technology/10506482.stm
  • Yue
    This is what tickled me 'There have also been false rumours circulating that Bieber had died, that he had joined a cult, and that his mother was offered $50,000 to pose topless in Playboy magazine.'
  • er
    ^ is all a viral campain by bieber media. Isn't it a bit, obvious ?
  • Fashion D.
    xoxo I completely adore Justin

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment