Tag Archives: xss-attack

Justin Bieber YouTube Videos Hacked

Someone apparently really doesn’t like Justin Bieber. The teen pop sensation had several of his YouTube videos “hacked” yesterday. The perpetrators injected hate speech into the videos as well as information (FALSE!) claiming that Justin had died in a car accident. There were also redirects to external adult sites and other nefarious places.

YouTube has been forced to fix the flaw, which originated in the comments section. The hackers placed executable code strings into the comments of targeted videos which ran when people watched the clip. YouTube parent company Google said that the problem was fixed within two hours of its discovery. “We took swift action to fix a cross-site scripting (XSS) vulnerability on the site.” a spokesperson said. “Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours.”

Cross-site scripting (XSS) vulnerabilities are relatively simple attacks that allow hackers to place code into web pages. On YouTube, the script kiddies used JavaScript and HTML – two commonly-used coding languages found on web pages. In most cases, the code was harmless. However, it was used to deliver links and redirects to questionable websites in some instances. Considering the age group of the population who watch Justin Bieber videos, I feel this was a pretty sick way of exposing kids to things they shouldn’t be seeing.

It takes a seriously unbalanced and immature group of people to do this.