YouTube has been enforced to fix a flaws that allows hackers to bombard its users with fake pop-up add and alerts and redirect them to retricted sites. Hackers use to place code in the comments section, and when some plays that video the script automatically runs. In some cases, a pop-up screen appears, showing some latest news (Fake most of the time).Google, which owns YouTube, asked it to fix problem at the arlest, "about two hours" after it was discovered. YouTube spokeperson said that, "We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com,"
Hackers hide those comments within in an hour as soon as they get this news.
Hackers use Cross-site scripting (XSS) vulnerabilities, they are relatively easy attacks that allows them to place code into website pages. In this YouTube incident, hackers use JavaScript and HTML code, both commonly used on web pages.
Internet Security experts claims that although in most these attacks code was relatively not much dangerous, it has been used for more malicious purposes. "It could be used to show a message like “update your password”, this further could link to a malicious website.
