Does someone find Youtube seem to be hacked now?

Does someone find Youtube seem to be hacked now?

I click http://www.youtube.com/comment_servlet?all_comments=1&v=AxOBoWKqE5s of youtube

But it bring me to another site. (tiny.4chan.org)

If it not turn to the site, click F5, it will do it.

I hope Symantec can check the problem and tell them.

I dont believe its YouTube's problem. Its just that link. I can visit any video in YouTube off the main site with no issues. Its just that one video so dont worry about it or watch it.

 


Dieselman326 wrote:

I dont believe its YouTube's problem. Its just that link. I can visit any video in YouTube off the main site with no issues. Its just that one video so dont worry about it or watch it.


 

Try to visit the link by IE, or click F5 to refresh the page.

If happened on Youtube and bring user to another site now.

I think youtube find the problem now.

http://www.youtube.com/watch?hl=en&v=AxOBoWKqE5s

If you visit a video, it will show "Safety mode has hidden comments for this video. Show hidden comments" right now.

 

Never use IE in the first place. Firefox with No Script is the best way to go.

working fine on my pc

I think they fix it now.

You can see janramonmartin's comment. It's the code.

Looks like ONE actually stumbled onto something here - apparently YouTube really did get hacked.  The SANS Internet Storm Center Diary is reporting this today:

 


XSS vulnerabilities are often underestimated, but they can sometimes be extremely dangerous. It looks as if couple of hours ago attackers started exploiting what looks like a stored XSS vulnerability on YouTube.

 

You can read the full report here:

 

http://isc.sans.edu/diary.html?storyid=9130&rss

Like I said................Firefox with No Script will cover you.

 


Dieselman326 wrote:

Like I said................Firefox with No Script will cover you.


 

Yes, but who visits YouTube without whitelisting it? 

 

More information on the YouTube cross-site scripting attacks from PC World:

 

http://www.pcworld.com/article/200485/reports_of_possible_youtube_hack_light_up_social_media_sites.html?tk=rss_news

Yes, but who visits YouTube without whitelisting it?

 

 


 

You are right, SoJ.  People will happily click on "Allow all this page," but even then I find that NoScript does not allow everything.  They also have a relatively new system in that you can middle click (if you have one) and go to WOT or McAfee Site Advisor for a report on individual script objects.  Google-analytics.com is a common one that according to WoT has tracking and privacy issues.  At least users have the ability to look after themselves, if they choose to use it.

A clearer picture is emerging of what happened surrounding the YouTube hack.  The latest from PC World:

 

http://www.pcworld.com/businesscenter/article/200486/google_acknowledges_youtube_hack.html

Here is a report on the cross=scripting issue from the BBC Technology Web Site.

 

http://news.bbc.co.uk/1/hi/technology/10506150.stm