This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://news.bbc.co.uk/go/rss/-/1/hi/technology/10506150.stm
The article has changed 5 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| Google acts to fix YouTube flaw | Google acts to fix YouTube flaw |
| (40 minutes later) | |
| Initial reports suggested that YouTube had been hit by a virus | Initial reports suggested that YouTube had been hit by a virus |
| YouTube has been forced to fix a flaw allowing hackers to bombard users with fake pop-up messages and redirect them to adult sites. | YouTube has been forced to fix a flaw allowing hackers to bombard users with fake pop-up messages and redirect them to adult sites. |
| Hackers placed code in the comments section, under targeted videos, that would run when people watched the clip. | Hackers placed code in the comments section, under targeted videos, that would run when people watched the clip. |
| In some cases, a pop-up screen appeared reporting that the Canadian singer, Justin Beiber, had died in a car crash. | In some cases, a pop-up screen appeared reporting that the Canadian singer, Justin Beiber, had died in a car crash. |
| Google, which owns the YouTube, said that it had fixed the problem "about two hours" after it was discovered. | Google, which owns the YouTube, said that it had fixed the problem "about two hours" after it was discovered. |
| "We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com," a spokesperson said. | "We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com," a spokesperson said. |
| "Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours. | "Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours. |
| Nasty attacks | Nasty attacks |
| Cross-site scripting (XSS) vulnerabilities are relatively simple attacks that allow hackers to place code into web pages. | Cross-site scripting (XSS) vulnerabilities are relatively simple attacks that allow hackers to place code into web pages. |
| In the YouTube incident, hackers used JavaScript code and HTML, both commonly used on web pages. | In the YouTube incident, hackers used JavaScript code and HTML, both commonly used on web pages. |
| Security experts said that although in most cases the code was relatively benign, it has been used for more malicious purposes. | Security experts said that although in most cases the code was relatively benign, it has been used for more malicious purposes. |
| "The thing with a cross-site scripting attack is that it will appear that it is a message being posted by that website, which gives it a certain legitimacy, Graham Cluley of security firm Sophos told BBC News. | |
| "It could be used to show a message that tells you to update your password; it could link to a malicious website; or it could attempt to phish you." | "It could be used to show a message that tells you to update your password; it could link to a malicious website; or it could attempt to phish you." |
| Phishing is a common tactic used by cybercriminals and involves using fake websites to lure people into revealing details such as bank accounts or login names. | Phishing is a common tactic used by cybercriminals and involves using fake websites to lure people into revealing details such as bank accounts or login names. |
| "I've seen nasty XSS attacks that are used to fake whole login screens and we know how many people use same passwords for multiple accounts," said Bojan Zdrnja of the Internet Storm Centre in a blog post. | "I've seen nasty XSS attacks that are used to fake whole login screens and we know how many people use same passwords for multiple accounts," said Bojan Zdrnja of the Internet Storm Centre in a blog post. |
| Mr Cluley said that repsonsibility for these kinds of vulnerabilites was down down to how securely a website was written. | Mr Cluley said that repsonsibility for these kinds of vulnerabilites was down down to how securely a website was written. |
| "Web programmers need to be much more careful with their code." | "Web programmers need to be much more careful with their code." |
| Google said it was "continuing to study the vulnerability to help prevent similar issues in the future". | Google said it was "continuing to study the vulnerability to help prevent similar issues in the future". |
| When the vulnerability was first reported, rumours suggested that YouTube was infected with a virus. | When the vulnerability was first reported, rumours suggested that YouTube was infected with a virus. |