Wednesday, June 20, 2007

YouTube 'Riddled with 40+ Security Vulnerabilities'

Web 2.0 turns into "Web Uh-Oh".

Dan Goodin writes on The Register:

Google researchers have at last responded to a hacker who says he's uncovered more than 40 YouTube flaws that put users at risk.

Christian Matthies, says he's been trying to get the attention of Google bug squashers for the past several months, but was unsuccessful in getting a single reply to his emails warning of the vulnerabilities. That changed this week, a few days after he posted an ultimatum effectively vowing to disclose the bugs publicly if Google didn't give him some acknowledgment of the problems.

The vast majority of the vulnerabilities are of the cross site scripting (XSS) variety, in which hackers are able to inject unauthorized code by making it appear as if it's hosted by the website being targeted. Many of the flaws make it possible for an attacker to infect a user's profile with a quick-spreading worm that could also steal login credentials. In recent weeks, both Google and Yahoo! have been tripped up by serious XSS errors that put the privacy of millions of their users at risk.

More here.

0 Comments:

Post a Comment

<< Home