Thursday, October 27, 2016
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Microsoft Brings 3D Creativity To Winsdows 10, Launches Surface Studio, Surface Book i7 And Affordable VR Headset
Alphabet Cutting Jobs in Google Fiber, Pauses Expansion Plans
Nintendo Cuts Profit Forecast
Sony To Establish New Imaging Products And Solutions Company
Samsung Pay Expand In New Russia, Thailand and Malaysia
Samsung Introduces New ARTIK Smart IoT Platform Modules
iPhone Sales Declined, But Services Revenue Grew In Last Fiscal Quarter
Google's Jamboard Reinverts The Whiteboard For Collaboration in the Cloud
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Youtube...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, July 05, 2010
Youtube Hit By Code Injection Attack

YouTube was hit by a persistent cross-site scripting (XSS) vulnerability which affects YouTube's comment field.

Malicious JavaScript was inserted into user's comments by exploiting a XSS flaw. The bug was abused by unnamed attackers to poison the comments on multiple videos.

Researchers from a Romanian security team (InSecurityRomania) have revealed the vulnerability first.

Google has corrected the issue now but it is possible that malicious users have already exploited it to redirect unwitting YouTube users watching videos to drive-by download pages in order to infect them with malware, adware and spyware.

Cross-site scripting (XSS) vulnerabilities is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.

Experts distinguish between at least two primary flavors of XSS: non-persistent and persistent.

The non-persistent (or reflected) cross-site scripting vulnerability is by far the most common type. For example, a non-persistent XSS vulnerabilitie in Google could allow malicious sites to attack Google users who visit them while logged in.

The persistent XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. For example, a persistent cross-zone scripting vulnerability coupled with a computer worm allowed execution of arbitrary code and listing of filesystem contents via a QuickTime movie on MySpace.

Sony Introduces Slim PS3 in Japan        All News        E-books Still Slower Than Reading Print, Study Says
Bluetooth Opens Qualification Program For Bluetooth Version 4.0 Devices     General Computing News      IBM is Moving to Firefox As Its Default Browser

Get RSS feed Easy Print E-Mail this Message

Related News
YouTube Go App Lets You Watch Videos Offline
Youtube, Facebook Expand Their Initiatives To Combat Hate Speech
Youtube Introduces New Video Ad Tools For Businesses
Youtube Introduces Support For 360-degree Live Streaming And Spatial Audio
First YouTube Red Originals Premiere February 10
YouTube Wants To Add Movies To Red Subscription Service
YouTube Unveils New Music App
Youtube Now Supports VR Videos
YouTube Launches Ad-free video, Music Plan
These Are The World's Highest-Paid YouTubers In 2015
YouTube Unveils New Advertising Service Within Videos
YouTube Gaming Site Launched

Most Popular News
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2016 - All rights reserved -
Privacy policy - Contact Us .