July 4 turned out to be a field day for hackers and chance cyber-saboteurs as they converged on the world's most popular video streaming site to wreck havoc using a cross-site scripting (XSS) vulnerability. They inserted malicious code in the comments section of many YouTube videos to trigger a series of anomalous events, including redirects to porn sites and nasty pop-ups, whenever a user visited a targeted video. Justin Bieber fans were probably the worst hit, with hackers and pranksters concertedly targeting the Canadian singer's videos.
But Google wasted little time in plugging the hole. "We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com," a spokesperson for YouTube's parent company said. "Comments were temporarily hidden by default within an hour [of discovering the problem], and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future."