YouTube XSS Vulnerability Fixed [Official Statement]

YouTube-Vulnerability Earlier today, a critical cross-site scripting (XSS) vulnerability was uncovered in YouTube. It now appears that the source of these attacks was Ebaumsworld, with 4Chan later chipping in to propagate it. Of course, both sides are accusing the other of the wrong doing.

Google swung into action fairly quickly, and the vulnerability has now been fixed. Jay Nancarrow, a spokesman for Google, reached out to us to issue the following statement:

We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com that was discovered several hours ago. Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future.

In spite of Google’s swift response, the script kiddies managed to cause a fair amount of annoyance. A large selection of popular YouTube videos, especially Justin Bieber videos, were flooded with malicious comments. Fortunately for us, while obnoxious, most of these scripts did little damage other than irritating viewers.

4 thoughts on “YouTube XSS Vulnerability Fixed [Official Statement]”

  1. The good thing is that the “malicious” content was not really that malicious. It was an important reminder that Internet security should be taken seriously and I don’t think any real harm has actually been done. Although we might not know yet what data leaked out to third party sites through the XSS.

    iTunes, on the other hand, suffered a major identity theft incident and all they said was that their customers should change their passwords and credit card numbers. Which is otherwise a very simple thing to do, isn’t it? And it is also very kind, particularly if you just lost hundreds of dollars on fake purchases.

    The only thing that bugs me is how difficult it is to program a solid rich website with plenty of active content. There are so many things to keep in mind that without a great and vigilant team working for you, you are having a hard time keeping it safe.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>