Security researcher rounds on YouTube flaws
By Rene Millman,
Popular video sharing website YouTube is riddled with security vulnerabilities according to an independent security researcher.
In an open letter to YouTube owner's Google, Christian Matthies said he would publicly disclose over 40 bugs he said he found on the site.
Most of the flaw concern cross-site scripting flaws which allow hackers to inject malicious code into legitimate website in order to steal personal information on website visitors. Most of the exploits allow hackers to infect user profiles with malware that could spread through the internet and steal users log-in details.
"Just like other major social networking sites (or even more), YouTube is responsible for the privacy and security of hundreds of millions of users," said Matthies.
"However, presently this security is not provided in the least due to a continuously increasing amount of severe security vulnerabilities on YouTube coming with each site update."
"Having security holes is one thing but not responding to vulnerability reports is totally unacceptable and certainly not conform to your commitment to data security," he said. "Taking that into account I'm going to have one last try and give you two weeks from now to contact me. If you don't, I am obliged to disclose all vulnerabilities in public."
According to research from Secure Computing, cross-site scripting flaws aren't the only problems affecting the popular video sharing site.
The IT security firm said that hackers are planting fake videos on the site which infect computers with the Zlob virus. While personnel at YouTube were quick to take down the infected videos, Paul Henry, vice president of technologies at Secure Computing said that the incident heralded a new attack vector for hackers.
"The fact is no one expects to find malware hidden in YouTube files. Yet the medium's popularity is highly alluring as a mass distribution vehicle for malicious code," said Henry. The Zlob virus then installs adware and spyware that then bombards users with pornographic ads.
"What's alarming is that, from a security perspective, many users and organisations will be blindsided and potentially seriously exposed."
Henry was concerned that the virus was a prelude to hackers infecting computers with keyloggers or make them part of a botnet.
advertisement
Latest Internet Features
Why enterprise search is not internet search
We explain why you can’t always get the best search results for your business from Google.
- Web helps Wiggly Wigglers win big
- Netbooks vs. Smartphones: Making business mobile
- How to be a successful online fraudster
- Q&A: DNS inventor Paul Mockapetris
- Q&A: Cuil co-founder Tom Costello
- What does Internet Explorer 8 mean for you?
- Blogging for business
- Social networking in business and branding
- Internet search secrets
Latest Internet Reviews
HTC Touch HD
Rating: 
advertisement
Latest News Videos in Internet
Video: Q&A with Easynet Connect's Chris Stening
PlayIT PRO spoke to Chris Stening, managing director of Easynet’s SME division, about whether ISPs are giving businesses the service they deserve.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?