This is the funniest thing eBaum’s World has done since…I stopped watching videos there to watch videos at YouTube. Seriously. Looking to make yourself a little more relevant? Drop the smack on the kid with the comb-over.
I’m not certain as to why they’re calling them attacks, but eBaum’s did themselves a favor, because those of us who can appreciate the loop they found in YouTube’s XSS are the same people they want to come visit their world more often.
What happened? Simply put. They put a little love into using HTML in the YouTube comments, and were able to bypass YouTube’s filters, sending everyone searching for a Justin Bieber videos to other random videos on the site.
I can see Bieber now, as he learned of this tragedy: “What the hell, mom!? You gotta call my manager to fix this!” Then he looked in a mirror, waved his magic wand, said “21st Century skater cut,” and went back to his millions.
Google, which/whom I love, offered the following statement:
“We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com that was discovered several hours ago. Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future.”
I’m not buying it. The folks at Google are soooooo far beyond such a hackable offense. I think it was possibly an insider who spouted to a buddy at eBaum’s: “Hey bro, if you punch code into the comments section, you can totally bypass our current filter…we thought it would be funny if all Justin Bieber’s videos took people to other places…but we can’t do it ourselves…so…”
Yeah. That’s totally how it went down.
(Image via: WhyFame?)
Comments
No comments.