YouTube is reading text in users’ videos
Google keeps tabs on much of your activity, including your browsing history and your location. Now, it turns out that its YouTube service is also reading what’s in your videos, too.
Programmer Austin Burk, who goes by the nickname Sudofox, discovered the issue after discovering a cross-site scripting (XSS) flaw on another site.
In an attempt to responsibly disclose it, he uploaded a video of the exploit to YouTube as an unlisted video so that he could show it to the relevant parties.
https://nakedsecurity.sophos.com/2018/12/14/youtube-is-reading-text-in-users-videos/
Read Via Telegram
#google #youtube #privacy #url
📡@cRyPtHoN_INFOSEC_EN
Google keeps tabs on much of your activity, including your browsing history and your location. Now, it turns out that its YouTube service is also reading what’s in your videos, too.
Programmer Austin Burk, who goes by the nickname Sudofox, discovered the issue after discovering a cross-site scripting (XSS) flaw on another site.
In an attempt to responsibly disclose it, he uploaded a video of the exploit to YouTube as an unlisted video so that he could show it to the relevant parties.
https://nakedsecurity.sophos.com/2018/12/14/youtube-is-reading-text-in-users-videos/
Read Via Telegram
#google #youtube #privacy #url
📡@cRyPtHoN_INFOSEC_EN
Forwarded from BlackBox (Security) Archiv
This media is not supported in your browser
VIEW IN TELEGRAM
Allow arbitrary URLs, expect arbitrary code execution
We found and reported 1-click code execution vulnerabilities in popular software including Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble
Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction
Code execution can be achieved either when a URL pointing to a malicious executable (.desktop, .jar, .exe, …) hosted on an internet accessible file share (nfs, webdav, smb, …) is opened, or an additional vulnerability in the opened application’s URI handler is exploited
Vulnerabilities following this pattern have already been found in other software, with more expected to be revealed going forward
https://positive.security/blog/url-open-rce
#vulnerabilities #url #arbitrary #code #execution #poc #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
We found and reported 1-click code execution vulnerabilities in popular software including Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble
Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction
Code execution can be achieved either when a URL pointing to a malicious executable (.desktop, .jar, .exe, …) hosted on an internet accessible file share (nfs, webdav, smb, …) is opened, or an additional vulnerability in the opened application’s URI handler is exploited
Vulnerabilities following this pattern have already been found in other software, with more expected to be revealed going forward
https://positive.security/blog/url-open-rce
#vulnerabilities #url #arbitrary #code #execution #poc #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag