Sunday, July 04, 2010

Hacking through comments on YouTube

Stored XSS vulnerability on YouTube actively abused?

I would avoid YouTube for a while, as it seems that there is a new vulnerability that is being actively exploited today, where people post malware in the comments and it activates when you load a page.

Apparently this is widespread, and can be used to steal the session cookies for your YouTube account if you are logged in. That really doesn't do much, but it may allow them to post further bad things as you.

Best advice - stay away until the all-clear is sounded.