nofx

they just close the thread?

lol, interesting.

http://www.gfy.com/fucking-around-and-business-discussion/678875-gfy-embed-youtubes.html

__________________

Jace

yeah, i wish TD would expand on what exploits could be done with that youtube addition to the bbcode

i don't see how it is possible though

Tuga

My 100k users surfer board is now vulnerable, I would love to know that too

__________________

Jace

yup, me too, I don't have a crazy board with tons of members, but I have a buddy that is going to install that on his board, and if there is a vunerability, I would like to know about it

nofx

I doubt we will ever see that

__________________

minusonebit

I bet TD has his finger on the ban button... trying to restrain himself...

TexasDreams

When I see a request that is retarded, yes.

__________________
ICQ: 168-914-369 >>> sysop [at] TexasDreams [dot] com

biftek

well i haven't seen any exploits for that bbcode , but i have read about some bogus youtube clips that infect the viewer with zango
http://www.spywareremovalnews.com/ne...icle-1102.html

Jace

with what reason?

crocop

i dont see the problem with that code

__________________

fusionx

The only downside to embedding youtube and other vids is when people quote and keep the vid in the quote, and autoplay is turned on, it really fucks up your browsing experience ...

or, if multiple people post in the same thread, etc. Imagine 20 vids playing, starting at 1 second intervals

Tuga

No video in my board autoplays, what option is that?

__________________

Tuga

Oh really? Half the threads in GFY ARE RETARDED and I dont see you closing them.

The only retarded thing in that thread is.... well you know what.

__________________

TexasDreams

That's actually easier than most might think.

__________________
ICQ: 168-914-369 >>> sysop [at] TexasDreams [dot] com

DarkJedi

TexasDreams doesn't know shit about running web forums.

I don't know why adult.com won't hire a real admin.

Tuga

He is talking about FAKE you tube clips and that bbcode wouldnt work with that shit, you really dont have a clue do you? That's not a problem, noone knows everything, but you should really try to learn a little bit instead of acting like a fool. This is a webmaster board you know? Some people here know a few things about the interweb. Learn from them.

__________________

2HousePlague

__________________
tada!

Jace

most youtube videos don't autoplay when they are embedded off the youtube site

same with pornotube...hehe..but you knew that

Jace

I wish he would explain it more detail, I am genuinely curious as to what would happen in regards to security, I have seen tons of forums that did it, and not one has been hacked or ran into issues

Jace

from vbulletins site:

even the vbulletin experts say there is no security risk

Tuga

Someone should block those guys, they're retarded

__________________

Jace

hahahahaha

PMdave

uhmmm.... isn't that "youtube installs zango"-story based on the fake Yootube.info movies?

nofx

bhahahahhaha

__________________

Tuga

And how the hell is that related to what we are talking about?

__________________

EdgeXXX

Actually, the vulnerability that it opens has nothing to do with HTML or BBCode. It has to do with the possibility of malicious ActionScript embedded in the "videos". Luckily, it's not too much of a danger ATM, as most scriptkiddies haven't really taken notice of it yet. Then again, nothing is ever a problem until all hell breaks loose.

__________________
.
.
.
.

2HousePlague

__________________
tada!

Tuga

Ok now you got me interested, but I would like you to get into more detail about it. They can put a script on a video and host it on youtube? And what kind of stuff can that script do to a site that is just displaying the youtube player? I really would like to know.

__________________

stickyfingerz

I dont think youtube allows videos with action script embedded does it? I know Ive tried it with a simliar site of a pornographic nature and the video was automatically rejected.

CaptainHowdy

Someone close this thread please...

Jace

well, isn't IE7 going to be a mandatory download here soon? nothing active or action gets by IE7 for me so far....any time anything tries to run it stops it and prompts me

happened with Zango too, Zango tried to install on my computer and IE7 said NOPE!

KrisKross

If what you're suggesting is possible, then YouTube would have been raped to hell and back a long time ago.

Of course script kiddies have taken notice. Hell, I'm not even a script kiddie and it was one of the first thoughts that crossed my mind when I first came across YouTube.

__________________

madawgz

maybe have the adult team write a custom script so all we have to do is paste the youtube url, and the script will extract the code and put it on the page automatically

__________________
TAEMDLRMSKRJIXMRLSMRJ.

minusonebit

heh, see sig.

2HousePlague

__________________
tada!

Kimo

leave that boi alone

__________________
...

fusionx

yeah.. that's what the bb code mod would do

we built a media tag that plays vids, audio and flash movies from specific sites.. pretty easy for the users, and secure for us.

Jace

actually, the youtube one is even cooler

it just does this



no url even necessary

you can do the same with pornotube, no installs or code rewrites necessary

MaddCaz

Texas said FUCKIT!!!

__________________

BigCocks.com -
MatureWomen.com -
Tranny.com -
DrunkGirls.com -
TeenGirls.com -
MonsterCock.com and
many more... Click
here to see them all!

fusionx

It's dependent on the player

Bro Media - BANNED FOR LIFE

you don't know much about how YouTube works do you?

you upload a mpg, avi, or mov file, not a flash file, you cannot put actionscript for flash, in an mpg/avi/mov their servers convert it to a FLV file, not even flash, flv can't have actionscript either, so no, theres is no possible way for someone to cause harm or anything to ones computer by uploading a movie to youtube...

...plus you think Youtube/Google is stupid enough to let shit like that slide? they got programs that catch that shit, i doubt a big company like google, or hell even the guys who started youtube, being ex paypal programmers would even just "overlook" a security flaw like that...

fusionx

It's easy to modify it that way.. we allow several media sources with the same tag, so we just tell the user to paste the url supplied by the host.

studiocritic

thread.. closing..

__________________

Masterchief

FYI, there's 2 options that render those attacks completely useless, try looking up on the "allowScriptAccess" and "allowNetworking" tags.

studiocritic

this is correct.. same reason myspace allows it now. those tags render flash harmless.

__________________

AsianDivaGirlsWebDude

TD is smarter than Paypal/YouTube/Google. That's why he works for Adult.com...

ADG Webmaster

__________________
Asian Diva Girls - Exclusive Photos and Videos



Asian Diva Girls Affiliate Program (50% ccBill Revshare)

EdgeXXX

Well, the problem is not the code surviving the FLV encryption, the danger is of the malicious code hijacking the encoding subroutine before it even begins.


The problem is not so much a matter of what exploits are known at this very moment, rather what exploitable weaknesses exist that no one has discovered yet. The transition from all content (swf vids) being stored and accessed through a FMS to this new generation of dynamic-loading external FLVs has come about a much greater rate than was initially anticipated (and the increased demand is pushing up development deadlines and cutting test time prior to release).


True, but unfortunately that is only for now. Once the blackhats have time enough to play with IE7 and find it's potential weaknesses, it will be open season on IE again.

That's just it (it's kind of complicated... or at least, difficult to explain), we do know that it is possible, we just don't know how. Fortunately neither do they. Basically, it's a race to see who can figure it out first. At the moment (and for the foreseeable future), everything is fine and secure. What the future holds, however, is anybody's guess.

__________________
.
.
.
.

EdgeXXX

This is true. But what happens if someone discovers a way to circumvent or override those method tags? Keep in mind, those very methods were just recently adapted due to a weakness discovered in previous platforms.

__________________
.
.
.
.

AsianDivaGirlsWebDude

Good advice - be afraid of the unknown...

ADG Webmaster

__________________
Asian Diva Girls - Exclusive Photos and Videos



Asian Diva Girls Affiliate Program (50% ccBill Revshare)

georgeyw

How is it a vulnerability? It only plays youtube videos.

I've added it to one of my boards cos it's far better than seeing all those shitty youtube links everywhere

__________________
TripleXPrint on Megan Fox
"I would STILL suck her pussy until her face caved in. And then blow her up and do it again!"