Shoutbox

youtube under heavy raid - Printable Version

-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Tech Talk (/forumdisplay.php?fid=17)
+----- Thread: youtube under heavy raid (/showthread.php?tid=94940)
youtube under heavy raid by Chrissy on 07-04-2010 at 01:57 PM

STAY AWAY FROM YOUTUBE. Exploits have been taken further to now steal account details.
I HIGHLY recommend staying away from youtube for the time being. The exploit involves javascript which can be used to give your computer a shit time via browser exploits (this applies for all browsers). Watch youtube videos at your own risk.

Anyone can inject code to youtube videos :P

http://www.facepunch.com/showthread.php?p=23100690

And of course 4chan is involved as always

http://boards.4chan.org/v/res/65521163 :P

RE: youtube under heavy raid by Chris4 on 07-04-2010 at 02:02 PM

And now it's been fixed.

RE: youtube under heavy raid by andrey on 07-04-2010 at 02:05 PM

quote:
Originally posted by Chris4
And now it's been fixed.
No it hasn't. All they did is hide the comments by default. (which is the part where the code injection can happen)

This is a suprisingly huge fuckup. :zippy:

Cookies can be stolen, houses burnt and lives threatened.

* andrey puts youtube on his block list for the next few days..
RE: youtube under heavy raid by Chris4 on 07-04-2010 at 02:15 PM

quote:
Originally posted by andrey
All they did is hide the comments by default.
That's correct.. so none of the JavaScript pop-ups, disabled report buttons, text and images across the screen, website redirects, cookie grabbers, etc. now occur and therefore temporarily "fixed". They just have to delete the offending comments now, then re-enable comments.
RE: youtube under heavy raid by andrey on 07-04-2010 at 02:20 PM

quote:
Originally posted by Chris4
quote:
Originally posted by andrey
All they did is hide the comments by default.
That's correct.. so none of the JavaScript pop-ups, disabled report buttons, text and images across the screen, website redirects, cookie grabbers, etc. now occur and therefore temporarily "fixed". They just have to delete the offending comments now, then re-enable comments.
That's not what I'd consider a 'fix'. Fix would be to disable posting/display of comments completely for the time being, get their input validation fixed and delete the comments that abused the flaw.
Currently, all the JavaScript pop-ups, disabled report buttons, text and images across the screen, website redirects, cookie grabbers, etc. still work once you press the "show comments" link.
RE: youtube under heavy raid by Chris4 on 07-04-2010 at 02:22 PM

quote:
Originally posted by andrey
Currently, all the JavaScript pop-ups, disabled report buttons, text and images across the screen, website redirects, cookie grabbers, etc. still work once you press the "show comments" link.
Ah right, wasn't aware of that. In that case they should definitely disable comments for now until they're removed.
RE: youtube under heavy raid by Chrissy on 07-04-2010 at 02:23 PM

Anything posted is still up, but youtube has blocked all further posts..

RE: youtube under heavy raid by whiz on 07-05-2010 at 08:37 AM

Looks like they've removed the safety mode, now.  Has it all been fixed?

RE: youtube under heavy raid by Chrissy on 07-05-2010 at 11:50 AM

quote:
Originally posted by whiz
Looks like they've removed the safety mode, now.  Has it all been fixed?
Yeah :P