How I Could Have Hacked YouTube Today – Full Disclosure
Update: YouTube finally posted the video of the stream. Go http://www.youtube.com/watch?v1YYbt6FIGI8 and you can see the same url from my screenshot.
Okay so I don’t know if I’d consider this exactly a hack in the sense that I’d have been breaking in but it was a hack of sorts. YouTube earlier today did a live video broadcast to… I don’t know lots and lots of people and I was a click of a button away from taking over their broadcast. In this video I’ll show you the security flaw YouTube left open by showing too much on the screen and what I could have done to take advantage of that.
In short the issue was because they showed their full screen while hosting a google hangout. On this screen you could clearly see the URL to the google hangout and if you took that url and went to it on your own computer you could easily join the hangout even w/o being invited. This isn’t a huge problem for most people using hangouts as its unlikely someone could guess the url but if you are streaming your hangout by way of a screen capture software make sure not to show the url!
PO Box:
Urgo
PO Box 37237
Raleigh NC 27627-7237
Track your YouTube Stats
http://SocialBlade.com/youtube
Like me on facebook!
http://facebook.com/HeyUrgo
Follow me on twitter!
http://twitter.com/Urgo
Google Plus anyone?
http://plus.urgo.org
Subscribe to me on YouTube!
You’re already here just hit subscribe 🙂
Check out my second channel if you want even more!
http://YouTube.com/UrgosClips