Comments on “Is that YouTube clip you just watched booby trapped?” • The Register

Comments on: Is that YouTube clip you just watched booby trapped?

Back to the article
Comments on this article are now closed

more details please...

By Anonymous Coward Posted Wednesday 20th June 2007 18:52 GMT

Is this a Flash vulnerability, or an EXE file masquerading as a video download, or via user-added HTML markup, or something else?

Not entirely Google's fault if the client will run anything.

By Antony Curtis Posted Wednesday 20th June 2007 19:36 GMT

Call me "old fashioned" if you like but in my opinion, if a web server were to host a file with "Content-type: video/avi" and it actually serves a binary executable, I would expect the web browser to display an empty rectangle with perhaps a red X through it with a message saying that the data was corrupted rather than it try to decide what the file was and run it.

I would expect it to do the same if the data cannot be decoded using only the content-type information as provided by the server and if that information was somehow out of step with the data stream, it should fail and display an error message.

Alas, I know that this will never happen.

files?

By bigfoot780 Posted Thursday 21st June 2007 12:21 GMT

wonder if it in the .flv file or .swf? strange could this burst the youtube bubble.

How many?

By Neil Anderson Posted Sunday 24th June 2007 16:39 GMT

Is it possible for YouTube to automatically scan all uploads for malicious payloads or file types?

--

Neil Anderson

http://www.cyclelogicpress.com

where did it come from

By Alan Donaly Posted Monday 25th June 2007 21:19 GMT

Flash content is used by advertisers

every day is this a new threat or an old

one Google knows about advertising

they know how to keep this from happening

notice we haven't

heard of this before I would think it was fairly

common if it were easy to accomplish Elreg

knows all about corrupted ad servers this

seems like that sort of exploit.