funsec mailing list archives
YouTube 'Riddled with 40+ Security Vulnerabilities'
From: "Fergie" <fergdawg () netzero net>
Date: Wed, 20 Jun 2007 20:23:21 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via The Register. [snip] Google researchers have at last responded to a hacker who says he's uncovered more than 40 YouTube flaws that put users at risk. Christian Matthies, says he's been trying to get the attention of Google bug squashers for the past several months, but was unsuccessful in getting a single reply to his emails warning of the vulnerabilities. That changed this week, a few days after he posted an ultimatum effectively vowing to disclose the bugs publicly if Google didn't give him some acknowledgment of the problems. The vast majority of the vulnerabilities are of the cross site scripting (XSS) variety, in which hackers are able to inject unauthorized code by making it appear as if it's hosted by the website being targeted. Many of the flaws make it possible for an attacker to infect a user's profile with a quick-spreading worm that could also steal login credentials. In recent weeks, both Google and Yahoo! have been tripped up by serious XSS errors that put the privacy of millions of their users at risk. [snip] More: http://www.theregister.co.uk/2007/06/20/youtube_security_ultimatum/ - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) wj8DBQFGeYy2q1pz9mNUZTMRAr6QAKCUwTzE9iK7RjtcbI7Riix9m2z+pwCgsL1K 3FfL7PnTx7YH18yWbVhlJTQ= =T+Fk -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- YouTube 'Riddled with 40+ Security Vulnerabilities' Fergie (Jun 20)