It may sound strange (especially after 4Chan’s history of attacking YouTube on porn day), but it seems that the message board may have inadvertently saved YouTube from serious harm yesterday.
After one users stumbled upon a serious XSS vulnerability (a type of bug which allows attacker to take control of everything your web browser does on a specific site), things could have got really serious.
A well-planned attack by a well-informed programmer could have run crazy – bombarding a huge number of web users with mallware and other attacks in a very short time, and without YouTube noticing for a significant time if done subtly enough.
Luckly, the news spread via 4Chan – a site who’s average user can hardly be described as well-informed. Within a few minutes the site was over-run with scrolling-marquees and redirects to shock sites – just the kind of thing that’s not going to stay under YouTube’s radar for long.
According to a Google spokesperson, it took under an hour for a temporary fix to be applied, and under two hours for a full fix to be deployed across the whole of youtube.
So thank you 4Chan – your practical jokes have saved a huge number of users from serious attacks. That’s the power of full-disclosure at work.
(Of course you could have just emailed them the vulnerability and saved all the people that did get attacked – YouTube have always responded very quickly when I’ve contacted them with serious issues)
