Comments on “Is that YouTube clip you just watched booby trapped?” • The Register

Comments on: Is that YouTube clip you just watched booby trapped?

Back to the article
Comments on this article are now closed

more details please... #

By Anonymous Coward Posted Wednesday 20th June 2007 18:52 GMT

Is this a Flash vulnerability, or an EXE file masquerading as a video download, or via user-added HTML markup, or something else?

Not entirely Google's fault if the client will run anything. #

By Antony Curtis Posted Wednesday 20th June 2007 19:36 GMT

Call me "old fashioned" if you like but in my opinion, if a web server were to host a file with "Content-type: video/avi" and it actually serves a binary executable, I would expect the web browser to display an empty rectangle with perhaps a red X through it with a message saying that the data was corrupted rather than it try to decide what the file was and run it.

I would expect it to do the same if the data cannot be decoded using only the content-type information as provided by the server and if that information was somehow out of step with the data stream, it should fail and display an error message.

Alas, I know that this will never happen.

files? #

By bigfoot780 Posted Thursday 21st June 2007 12:21 GMT

wonder if it in the .flv file or .swf? strange could this burst the youtube bubble.

How many? #

By Neil Anderson Posted Sunday 24th June 2007 16:39 GMT

Is it possible for YouTube to automatically scan all uploads for malicious payloads or file types?

--

Neil Anderson

http://www.cyclelogicpress.com

where did it come from #

By Alan Donaly Posted Monday 25th June 2007 21:19 GMT

Flash content is used by advertisers

every day is this a new threat or an old

one Google knows about advertising

they know how to keep this from happening

notice we haven't

heard of this before I would think it was fairly

common if it were easy to accomplish Elreg

knows all about corrupted ad servers this

seems like that sort of exploit.