Monday, July 05, 2010

Hackers Hit YouTube XSS Flaw

YouTube was attacked yesterday by hackers using a Cross-Site Scripting (XSS) vulnerability on its web site. Press reports indicate the flaw was fixed by Google, YouTube's owner, within a few hours.

The flaw apparently allowed the attackers to post JavaScript code in the comments section of videos. The attack redirected users looking for videos of Canadian singer Justin Bieber, alleging falsely that he was killed in a car accident. Twitter tweeted away that YouTube was hit by a virus.

Some more technical details were reported on Techie Buzz, and the Internet Storm Center at SANS mentioned the exploit could steal the cookies of YouTube users, which they said wouldn't be of much value.


Post a Comment

<< Home