YouTube Hacked

Google acknowledged that hackers attacked YouTube on Sunday, exploiting a cross-site scripting (XSS). The attack hit mainly sections where users post comments.

The result of this strike was that comments were temporarily hidden for few hours. However Google fixed everything within two hours. A Google spokesman in an chat with New York Times that the company is “continuing to study the vulnerability to help prevent similar issues in the future.”

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pagesviewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by the site’s owner. Source: