Saturday, July 26, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Tablet Market Grows in Second Quarter
The Pirate Bay Goes Mobile
ASUS Announces Strix DSP, Strix Claw, Strix Tactic Pro and Strix Glide Series
China Telecom to Offer The Xbox One System
Thermaltake Debuts the Water 3.0 Ultimate All-In-One Liquid
HP Pavilion 10z Laptop Uses An AMD Mullins Processor
Google Does Not Confirm to $1 Billion Acquisition Of Twitch
Sony Settles 2011 PSN Hacking Case
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > Youtube...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, July 05, 2010
Youtube Hit By Code Injection Attack


YouTube was hit by a persistent cross-site scripting (XSS) vulnerability which affects YouTube's comment field.

Malicious JavaScript was inserted into user's comments by exploiting a XSS flaw. The bug was abused by unnamed attackers to poison the comments on multiple videos.

Researchers from a Romanian security team (InSecurityRomania) have revealed the vulnerability first.

Google has corrected the issue now but it is possible that malicious users have already exploited it to redirect unwitting YouTube users watching videos to drive-by download pages in order to infect them with malware, adware and spyware.

Cross-site scripting (XSS) vulnerabilities is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.

Experts distinguish between at least two primary flavors of XSS: non-persistent and persistent.

The non-persistent (or reflected) cross-site scripting vulnerability is by far the most common type. For example, a non-persistent XSS vulnerabilitie in Google could allow malicious sites to attack Google users who visit them while logged in.

The persistent XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. For example, a persistent cross-zone scripting vulnerability coupled with a computer worm allowed execution of arbitrary code and listing of filesystem contents via a QuickTime movie on MySpace.


Previous
Next
Sony Introduces Slim PS3 in Japan        All News        E-books Still Slower Than Reading Print, Study Says
Bluetooth Opens Qualification Program For Bluetooth Version 4.0 Devices     General Computing News      IBM is Moving to Firefox As Its Default Browser

Get RSS feed Easy Print E-Mail this Message

Related News
YouTube To Fund Hollywood Content Creation: report
Youtube Rates ISP's Video Atreaming Quality
EU May Probe Google Over Youtube's Dominance
Youtube Is Adding 60fps Video Support, Other Features
YouTube to Launch Music Service
YouTube Access to be Restored In Turkey
Youtube Offers ISP Video Performance Reports
Google Considers Buying Streaming-video site Twitch
Turkey Attempts To Block Access To Youtube
Trade Your Used Video Games At Walmart
YouTube "Trusted Flaggers" To Police Videos
Youtube Now Offers Comment Management Tool

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .