Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Rumours spread across the internet yesterday that YouTube had been hacked.
According to Chris Boyd, malware researcher at Sunbelt Software, a cross-site scripting (XSS) vulnerability allowed people to perform all manner of interesting things on video pages, starting with the ability to block fresh comments that soon moved into the realms of scrolling text.
Specifically hit was videos featuring Canadian teen singer Justin Bieber, however other random videos were also hit.
Rumours also spread across micro-blogging site Twitter, with its front page advising users not to ‘watch any YouTube videos or comment (on) them today, there's a virus! Spread!'
Boyd said: “Advising people to steer clear until the problem is fixed? That's good. Lots of people running around telling lots more people that there's a ‘virus'? That's not so good.
“Even hours after it's been fixed, people continue to talk about ‘getting infected' by a nonexistent virus and there's a lot of unscheduled scans now taking place.”
He commented that the Chinese Whispers-style misinformation clouding the actual attack was pretty interesting, and if the exploit had been discovered by a professional moneymaking outfit, there could have been all sorts of subtle attacks taking place for a long time – not good, given the apparent simplicity of the attack.
Speaking to techie-buzz.com, Jay Nancarrow a spokesman for YouTube's owner Google, said in a statement: “We took swift action to fix an XSS vulnerability on YouTube that was discovered several hours ago. Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours. We're continuing to study the vulnerability to help prevent similar issues in the future.”See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.