InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Warning? |
|
Answer» http://mashable.com/2010/07/04/itunes-accounts-hacked/ Just a heads up.Wait...i thought Apple products were immune to these type of nefarious activities.....So they would have us believe. Youtube was hacked as well on the same day. http://www.helpmyos.com/latest-computer-news-f43/youtube-and-itunes-independence-day-hack-t2036.htm The YT comment form was susceptible to an XSS ATTACK, and a fairly simple one at that. Something in the form of Code: [Select]<script>IF_HTML_FUNCTION?<h1><marquee><font color="red">(YOUR TEXT HERE)<script> Video of attack: http://www.youtube.com/watch?v=Mjoa1WY35bEand then youtube decided to go noob style and directly replace the word "script" in comments with blank. so even if the context was completely benign, suddenly the comment is nonsense. This is called a clbuttic mistake. the best part was that for quite some time you could still, and maybe you still can- easily insert script by MAKING the deleting of a "script" entry create a new one, such as: scripscriptt, sscriptcript, scscriptript, etc etc. Dear youtube: This is how you do validation. Whatever happened to simply transforming < and > into HTML entities when displaying the comment? why all this nonsense to make sure that the < and > are not forming some malignant tag? just disallow tags to begin with. No matter how DEVIOUS a person can be, <script> can not be used to create a script tag. I'm not sure what kind of filtering functions Python has compared to PHP but they can't be that bad. That's if YT is BUILT with Python, but I think it is.Quote from: kpac on July 05, 2010, 02:02:47 PM I'm not sure what kind of filtering functions Python has compared to PHP but they can't be that bad. http://forums.thedailywtf.com/forums/t/18289.aspx Just goes to once again prove that no company (even Apple and Google) are immune to security vulnerabilities. I still think a lot of people are being driven down the wrong path by the false sense of security Apple portrays and I think eventually as Apple and their products become more popular more hackers / troublemakers are going to start targeting them as easy prey. Regardless of the companies product you use or the websites you visit you should always be concerned about your computers security. There has never been and there never will be a full-proof system. EVERY company that seems to believe that they can't be hacked or compromised has been proven wrong. |
|