YouTube, XSS, and a sprinkle of LOLWAT

YouTube have had a Cross Site Scripting (XSS) vulnerability in their video viewing pages.

Yes, that’s right ladies and gentlemen. Google has officially made the interwebs chuckle until bunnies fall out of its ears. You heard it here first last. This of course is the news that YouTube has a flaw which allows an attacker to embed malicious code into the comment stream which is then executed when a user views the video of a fat lady pole dancing. Srsly.. click it.

Here’s the BBC Article.

“We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com,” a spokesperson said.

I’d like to hear feedback on this. I mean, should a company as large as Google really make such little mistakes like this?

Now my head hurts. I’ll be sure to post a better entry later tonight or tomorrow.