- Hulu and George Clooney strike gold with ‘Catch-22’ Today 7:00 AM
- How to cut the cord when you’re broke Today 6:30 AM
- Jazz pianist turns Cardi B flex video, James Charles apology into viral bops Today 6:28 AM
- How to watch Netflix on Linux Today 6:00 AM
- Fortnite streamer Tfue sues gaming organization FaZe Clan over contract dispute Today 12:28 AM
- Report finds some users can’t opt out of Facebook’s face recognition Monday 7:27 PM
- Get emotional over this real-life pastor baptizing an anime girl in virtual reality Monday 6:53 PM
- Twitter wants to know what Jack in the Box did to offend Kim Kardashian Monday 6:38 PM
- ‘Game of Thrones’ meme claims King’s Landing is an ‘inside job’ Monday 6:06 PM
- Report: Personal data of 49 million Instagram influencers exposed online Monday 4:57 PM
- ‘Stranger Things’ season 3 trailer teases a wet, hot American summer Monday 4:02 PM
- What Daenerys’ biggest ‘Game of Thrones’ scenes have in common with Nazi propaganda Monday 3:12 PM
- Here’s what’s coming to Amazon Prime in June Monday 2:11 PM
- Where did Jon Snow go? Unpacking the ‘Game of Thrones’ ending Monday 2:04 PM
- So, did anyone actually win ‘Game of Thrones’? Monday 1:29 PM
And you thought YouTube comments couldn’t get any worse.
YouTube comment sections are infamous as the most inane and nonsensical corners of the Internet. Maybe messing with them isn’t such a bad idea.
A pair of hackers recently discovered a vulnerability in YouTube’s code that allowed them to move, copy, and impersonate YouTube commenters without anyone being notified at all. (Perhaps that helps explain why the discussion on YouTube make so little sense.)
The bug, illustrated in a video below, allows anyone to easily steal comments and place them on a separate video at will.
The hackers, Ahmed Aboul-Ela and Ibrahim M. El-Sayed, earned $3,133.70 from Google for reporting the vulnerability, according to Aboul-Ela.
“Imagine for instance a celebrity or public figure leaving a comment on some video on YouTube saying, ‘Wow, This is an Amazing Video.’ You then come along, exploit that vulnerability, and quite simply make this comment appear on your own video instead,” Aboul-Ela wrote in a blog post.
The bug was found by looking at YouTube’s “report comment” feature. The feature leaks data, including the “video_id” and “comment_id.” By merely changing the comment_id, you can move any comment from anywhere on YouTube to any other video.
The entire process took six days from the bug being reported on March 25 to the reward being received on March 31.
A YouTube bug found earlier this month allowed a hacker to delete any video he pleased. For his trouble, that hacker earned just $1,337.
Illustration by Max Fleishman
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.