Google acts to fix YouTube flaw exploited by hackers

YouTube has been forced to fix a flaw allowing hackers to bombard users with fake pop-up messages and redirect them to adult sites.Hackers placed code in the comments section, under targeted videos, that would run when people watched the clip.In some cases, a pop-up screen appeared reporting that the Canadian singer, Justin Bieber, had died in a car crash. see:Google confirms attack on YouTube [IDG]
Malicious hackers attacked Google’s YouTube on Sunday, exploiting a cross-site scripting (XSS) vulnerability on the ultra-popular video sharing site, hitting primarily sections where users post comments.”Comments were temporarily hidden by default within an hour [of discovering the problem], and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future,” a Google spokesman said via e-mail.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.