• Tweet

• Tweet

Hackers always find ways to direct people on what they want to do. Now, they have turned their attention on you tube users, which was found to have happened this weekend. They play pranks on you tube users by including pop-ups and directing its users to some pornographic websites. Google claims that they have removed that vulnerability and now all is working well. ESET’s Randy Abrams has stated that “Avoiding XSS attacks needs a more effort in code review and so off shore consultants are needed for assistance”.

It happened during this weekend and this is what happens, when a you tube user or viewer is viewing Videos, pop-ups emerges, which will take them to some of the pornographic sites. Google has now fixed the problem really quick and now is trying to find the main cause behind these attacks. This hack was done with the method of you tube HTML code injection.

The cross-site scripting attack (XSS) is the attack used by hackers on you tube, where the redirecting code with pop-ups are injected into the web browser while it is running.

Any browser instances like general web browser, a browser integrated into a software project, an Email Client or a RSS reader. The attacking code is found to be on various languages like Java script, VB script, HTML, Flash, ActiveX control or other kinds of languages that are used by the browser.

When talking about this you tube attack, it is HTML scripts that was actually used on Users’ comment pages.
You tube users are generally not allowed to post any codes on their comment pages and so, you tube used a filter to guide their actions. But, there was a big flaw as identified by hackers. F-Secure’s CRO Mikko Hypponen has stated in a tweet that, “When putting 2 script tags concurrently in a sequence will allow the viewer to post any scripting languages like VBscript. The filter will now remove the 1st tag and ignore the 2nd tag”.

Reportedly, many you tube users reported that they were being directed towards the porn or other dangerous sites across the Web.

Related Tech News:

1. Facebook, social networking site reached 500 million users
2. Google created iPhone version of YouTube
3. Now YouTube Supports Up To 15 Min
4. Top 10 Firefox Add-ons from Web Developers point of view

Tags: hacking attack on YouTube, youtube attacked, Youtube hacked