Youtube hacked. XSS attacks on YouTube users redirecting to XXX

July 7th, 2010 by Manish

Hackers always find ways to direct people on what they want to do. Now, they have turned their attention on you tube users, which was found to have happened this weekend. They play pranks on you tube users by including pop-ups and directing its users to some pornographic websites. Google claims that they have removed that vulnerability and now all is working well. ESET’s Randy Abrams has stated that “Avoiding XSS attacks needs a more effort in code review and so off shore consultants are needed for assistance”.

Youtube hacked by hackers

It happened during this weekend and this is what happens, when a you tube user or viewer is viewing Videos, pop-ups emerges, which will take them to some of the pornographic sites. Google has now fixed the problem really quick and now is trying to find the main cause behind these attacks. This hack was done with the method of you tube HTML code injection.

The cross-site scripting attack (XSS) is the attack used by hackers on you tube, where the redirecting code with pop-ups are injected into the web browser while it is running.

Any browser instances like general web browser, a browser integrated into a software project, an Email Client or a RSS reader. The attacking code is found to be on various languages like Java script, VB script, HTML, Flash, ActiveX control or other kinds of languages that are used by the browser.

When talking about this you tube attack, it is HTML scripts that was actually used on Users’ comment pages.

You tube users are generally not allowed to post any codes on their comment pages and so, you tube used a filter to guide their actions. But, there was a big flaw as identified by hackers. F-Secure’s CRO Mikko Hypponen has stated in a tweet that, “When putting 2 script tags concurrently in a sequence will allow the viewer to post any scripting languages like VBscript. The filter will now remove the 1st tag and ignore the 2nd tag”.

Reportedly, many you tube users reported that they were being directed towards the porn or other dangerous sites across the Web.

Related Tech News:

  1. Facebook, social networking site reached 500 million users
  2. Google created iPhone version of YouTube
  3. Now YouTube Supports Up To 15 Min
  4. Top 10 Firefox Add-ons from Web Developers point of view

Posted in Latest technology News | 1 comment

Previous post:
Next post:

1 comment on this post.

  1. GSX-R750 guy:

    July 7th, 2010 at 10:37 pm

    My friend and I were arguing about this! Now I know that I was right. lol! Thanks for making me sure!

    Sent from my Android phone

Leave a comment