Thursday, April 2, 2015

$ 5000 for discovering a bug on Youtube

Sometimes Internet experience could be compared to a race through a minefield: Facebook intrudes on our privacy beyond the limits of legality, easy money hungry companies flood us with illegal advertising and several bugs in services used by millions expose us to money and data steals, affecting our peace. Luckily, there are people who are on the ball, de-miners discovering bugs and scams and warning the rest. Google just reward one of them with $ 5,000.

The researcher Kamil Hismatullin discovered a really serious failure that allowed to delete any Youtube video very easily. Simply by sending the order "delete" from a console command to Youtube, along with video ID. Google, the company that owns Youtube, has rewarded Hismatullin with $ 5,000. Some voices have suggested that the researcher should have received more, remembering that Facebook recently paid 11,500 euros for another "bug".

It is reassuring to know that there are watchful people like Hismatullin, as well as the European Union, which is investigating Facebook for something we already knew but no authority had taken into consideration: Facebook "widgets" on many blogs, for readers to recommend the post on that social network, spy visitors to the blog itself, whether or not they are users of Facebook, and follow his steps all along the websites embedding these "widgets", which are legion.

Another reason for tranquility: Google has taken the bull by the horns about malicious extensions for Chrome. A study by the Universities of California and Berkeley detected two hundred injected extensions not only injecting ads but also malicious code, affecting some 14 million people. Google has removed them.

We ended up with an excellent didactic text about an attack on a company gets prepared, gathering information from public sources from the Internet and then, using social engineering from the obtained data, gaining the trust of a manager or employee. Beware!

We wish our readers a good Easter break, if they are lucky to have them. We will return on Sunday with renewed energy.


Post a Comment