It appears YouTube has become the target of a hacker attack, specifically targeting videos of pop singer Justin Bieber.
Videos relating to the star have been hit with a redirect hack with a number of different payloads. We’ve seen one redirect to an infamous, explicit “One Man One Jar” video while another covers the screen in the words “OMG Faggot”. A Twitter search confirms that the problem is widespread. Some users are reporting seeing a banner claiming that Bieber is dead.
So, what’s causing this? Coder Richard Cunningham writes on his Posterous blog that it relates to video comments.
“It looks like they are deliberately using malformed HTML to get past YouTube’s checks for HTML sanitisation in the comments. The comment I’ve seen is using the long forgotten marquee tag and a javascript alert, though in principle it could be expanded to support XSS type flaws.”
Comments on many videos, some not related to Bieber, have code like this on them:
Discussions on the notorious 4chan bulletin board site point to members of its community being to blame. Here’s a screenshot of one such message.
Google has released the following statement regarding the hack:
“We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com that was discovered several hours ago. Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future.”
By,
Jayarathina Madharasan. Y
MCA – III Year
http://technophilia.madharasan.com/
Tags: 4chan, Cross-site scripting, Hackers, Justin Bieber, Twitter, YouTube
