YouTube 'Riddled with 40+ Security Vulnerabilities'

["Fergie" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via The Register.

[snip]

Google researchers have at last responded to a hacker who says he's
uncovered more than 40 YouTube flaws that put users at risk.

Christian Matthies, says he's been trying to get the attention of Google
bug squashers for the past several months, but was unsuccessful in getting
a single reply to his emails warning of the vulnerabilities. That changed
this week, a few days after he posted an ultimatum effectively vowing to
disclose the bugs publicly if Google didn't give him some acknowledgment of
the problems.

The vast majority of the vulnerabilities are of the cross site scripting
(XSS) variety, in which hackers are able to inject unauthorized code by
making it appear as if it's hosted by the website being targeted. Many of
the flaws make it possible for an attacker to infect a user's profile with
a quick-spreading worm that could also steal login credentials. In recent
weeks, both Google and Yahoo! have been tripped up by serious XSS errors
that put the privacy of millions of their users at risk.

[snip]

More:
http://www.theregister.co.uk/2007/06/20/youtube_security_ultimatum/

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)

wj8DBQFGeYy2q1pz9mNUZTMRAr6QAKCUwTzE9iK7RjtcbI7Riix9m2z+pwCgsL1K
3FfL7PnTx7YH18yWbVhlJTQ=
=T+Fk
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.