Saturday, April 19, 2008

Security Vulnerability in YouTube!




[This is a re-post from my technology blog - Technically Speaking]

Hello world. The time is 12:31 AM in Abu Dhabi, United Arab Emirates, and I have logged in to YouTube to upload a short video. And guess what? I am automatically logged in as another Youtube user that I dont know anything about!!

I kept navigating on various pages in YouTube, and I found that I kept getting logged on as various other users! New vulnerability in Youtube/Google? I guess this will be published in a dozen other blogs by tomorrow and then maybe we can wait and see what Youtube/Google says.
Here are some screenshots. I'm cropping some of the images for ethical reasons :)

I clicked on My Favorites, and I get Zoobi4658's favorites!


Hmm, I clicked on Home, and I arrive at Just2koool's home.


I click on My Videos, here comes da54sk8er



Clicked a random link, and lo, here is koxlcxlk


No, I am not a hacker - neither white, nor grey, nor black hat. It just happened. I logged in with my username and password and the next thing I know I get redirected with a new identity. I keep clicking on other links, I get further new identities. I tried to logout and back in - the same story ensues.

This isn't the first time with Google. The exact same problem was reported by GMail users in Kuwait a few months ago. Users were able to see other users' inboxes and email.




Monday, April 7, 2008

Nobody appreciates IT: Who says?!

Today, one of my colleagues received some chocolates as a gift with a thank-you note attached for restoring some important files that a user had deleted herself accidentally. Who says nobody appreciates IT?!