YouTube XSS Vulnerability Fixed [Official Statement]
By on July 4th, 2010

YouTube-Vulnerability Earlier today, a critical cross-site scripting (XSS) vulnerability was uncovered in YouTube. It now appears that the source of these attacks was Ebaumsworld, with 4Chan later chipping in to propagate it. Of course, both sides are accusing the other of the wrong doing.

Google swung into action fairly quickly, and the vulnerability has now been fixed. Jay Nancarrow, a spokesman for Google, reached out to us to issue the following statement:

We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com that was discovered several hours ago. Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future.

In spite of Google’s swift response, the script kiddies managed to cause a fair amount of annoyance. A large selection of popular YouTube videos, especially Justin Bieber videos, were flooded with malicious comments. Fortunately for us, while obnoxious, most of these scripts did little damage other than irritating viewers.

Tags: , ,
Author: Pallab De Google Profile for Pallab De
Pallab De is a blogger from India who has a soft spot for anything techie. He loves trying out new software and spends most of his day breaking and fixing his PC. Pallab loves participating in the social web; he has been active in technology forums since he was a teenager and is an active user of both twitter (@indyan) and facebook .

Pallab De has written and can be contacted at pallab@techie-buzz.com.

Leave a Reply

Name (required)

Website (optional)

 
    Warning: call_user_func() expects parameter 1 to be a valid callback, function 'advanced_comment' not found or invalid function name in /home/keith/techie-buzz.com/htdocs/wp-includes/comment-template.php on line 1694
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN