Kazan Kamil Hismatullin programmer discovered a flaw on YouTube, to delete all videos from video sharing. This he said in his blog on March 31, reports BBC News.
The vulnerability was found in the YouTube Creator Studio – a service that allows authors to view analytics on their videos uploaded through the application. Because of a bug in any movie could be removed for half a minute using a copy of the video and the reference address of the authentication token (or tokens), who works as a password.
The problem was that the system will accept any authentication token whereas according to the rules it should only recognize the token, which belongs to your account Uploader. Therefore, the copying of any token allows you to delete videos other users without any problems.
The programmer says that the discovery of a bug it took him 6 to 7 hours. Rather than remove the clips from video hosting, including clips from popular teen singer Justin Bieber as he joked Hismatullin, he decided to declare a bug of the company. He wrote Google, which owns YouTube, the vulnerability within the program was launched in January the company to find vulnerabilities in its services (Vulnerability Research Grants). Internet giant responded immediately, solving the problem for a few hours, and he received a reward of five thousand dollars, the programmer wrote. “And fortunately, none were harmed Bieber video”, – added Hismatullin.
As planned Vulnerability Research Grants, the Internet giant chooses people who regularly provide notice before Google’s problems in its services. As part of the program, the company offers programmers to do the same, but for the money. Grants involve payments of $ 500 to the amount of more than 3 thousand dollars. Previously, as an active notifier bugs Google, Hismatullin got 1337 dollars.
Camille Hismatullin now prozhivae in Kazan. In the “About Me” on his blog says that he is interested in scientific research, software development, research in the field of cyber security, movies, bike riding.
Short URL : http://softcraze.com/?p=29424
No comments:
Post a Comment