GoFuckYourself.com - Adult Webmaster Forum
Page 1 of 2 1 2 >
Show 40 post(s) from this thread on one page

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   so if a mod makes himself look retarded... (https://gfy.com/showthread.php?t=678901)

nofx 11-19-2006 05:36 PM
so if a mod makes himself look retarded...
 
they just close the thread?

lol, interesting.

http://www.gfy.com/fucking-around-and-business-discussion/678875-gfy-embed-youtubes.html

Jace 11-19-2006 05:43 PM
yeah, i wish TD would expand on what exploits could be done with that youtube addition to the bbcode

i don't see how it is possible though

Tuga 11-19-2006 05:46 PM
Quote:
Originally Posted by Jace (Post 11348596)
yeah, i wish TD would expand on what exploits could be done with that youtube addition to the bbcode

i don't see how it is possible though
My 100k users surfer board is now vulnerable, I would love to know that too :upsidedow

Jace 11-19-2006 05:50 PM
Quote:
Originally Posted by Tuga (Post 11348612)
My 100k users surfer board is now vulnerable, I would love to know that too :upsidedow
yup, me too, I don't have a crazy board with tons of members, but I have a buddy that is going to install that on his board, and if there is a vunerability, I would like to know about it

nofx 11-19-2006 05:51 PM
Quote:
Originally Posted by Jace (Post 11348596)
yeah, i wish TD would expand on what exploits could be done with that youtube addition to the bbcode
I doubt we will ever see that

minusonebit 11-19-2006 05:53 PM
I bet TD has his finger on the ban button... trying to restrain himself...

TexasDreams 11-19-2006 05:54 PM
Quote:
Originally Posted by nofx (Post 11348573)
When I see a request that is retarded, yes.

biftek 11-19-2006 05:54 PM
well i haven't seen any exploits for that bbcode , but i have read about some bogus youtube clips that infect the viewer with zango
http://www.spywareremovalnews.com/ne...icle-1102.html

Jace 11-19-2006 05:54 PM
Quote:
Originally Posted by minusonebit (Post 11348634)
I bet TD has his finger on the ban button... trying to restrain himself...
with what reason?

crocop 11-19-2006 05:54 PM
i dont see the problem with that code

fusionx 11-19-2006 05:54 PM
The only downside to embedding youtube and other vids is when people quote and keep the vid in the quote, and autoplay is turned on, it really fucks up your browsing experience ...

or, if multiple people post in the same thread, etc. Imagine 20 vids playing, starting at 1 second intervals :)

Tuga 11-19-2006 05:56 PM
Quote:
Originally Posted by fusionx (Post 11348643)
The only downside to embedding youtube and other vids is when people quote and keep the vid in the quote, and autoplay is turned on, it really fucks up your browsing experience ...

or, if multiple people post in the same thread, etc. Imagine 20 vids playing, starting at 1 second intervals :)
No video in my board autoplays, what option is that?

Tuga 11-19-2006 05:57 PM
Quote:
Originally Posted by TexasDreams (Post 11348637)
When I see a request that is retarded, yes.
Oh really? Half the threads in GFY ARE RETARDED and I dont see you closing them.

The only retarded thing in that thread is.... well you know what.

TexasDreams 11-19-2006 05:59 PM
Quote:
Originally Posted by biftek (Post 11348638)
well i haven't seen any exploits for that bbcode , but i have read about some bogus youtube clips that infect the viewer with zango
http://www.spywareremovalnews.com/ne...icle-1102.html
That's actually easier than most might think.

DarkJedi 11-19-2006 06:01 PM
TexasDreams doesn't know shit about running web forums.

I don't know why adult.com won't hire a real admin.

Tuga 11-19-2006 06:02 PM
Quote:
Originally Posted by TexasDreams (Post 11348655)
That's actually easier than most might think.
He is talking about FAKE you tube clips and that bbcode wouldnt work with that shit, you really dont have a clue do you? That's not a problem, noone knows everything, but you should really try to learn a little bit instead of acting like a fool. This is a webmaster board you know? Some people here know a few things about the interweb. Learn from them.

2HousePlague 11-19-2006 06:13 PM
Quote:
Originally Posted by TexasDreams (Post 11348637)
When I see a request that is retarded, yes.
You can't blame me for being oblivious to security threats - I'm not a security guy. The other stuff is subjective.

2hp

Jace 11-19-2006 06:14 PM
Quote:
Originally Posted by fusionx (Post 11348643)
The only downside to embedding youtube and other vids is when people quote and keep the vid in the quote, and autoplay is turned on, it really fucks up your browsing experience ...

or, if multiple people post in the same thread, etc. Imagine 20 vids playing, starting at 1 second intervals :)
most youtube videos don't autoplay when they are embedded off the youtube site

same with pornotube...hehe..but you knew that :)

Jace 11-19-2006 06:15 PM
Quote:
Originally Posted by 2HousePlague (Post 11348712)


You can't blame me for being oblivious to security threats - I'm not a security guy. The other stuff is subjective.

2hp
I wish he would explain it more detail, I am genuinely curious as to what would happen in regards to security, I have seen tons of forums that did it, and not one has been hacked or ran into issues

Jace 11-19-2006 06:18 PM
from vbulletins site:

Quote:
Are there any security issues with this??
Quote:
The embeded flash is running off youtube's server and there's no html to embed the code. It's all bb code and you're only posting the end numerical value of the video's url.
even the vbulletin experts say there is no security risk

Tuga 11-19-2006 06:20 PM
Quote:
Originally Posted by Jace (Post 11348731)
even the vbulletin experts say there is no security risk
Someone should block those guys, they're retarded :helpme

Jace 11-19-2006 06:23 PM
Quote:
Originally Posted by Tuga (Post 11348738)
Someone should block those guys, they're retarded :helpme
hahahahaha

PMdave 11-19-2006 06:24 PM
uhmmm.... isn't that "youtube installs zango"-story based on the fake Yootube.info movies?

nofx 11-19-2006 06:24 PM
Quote:
Originally Posted by Tuga (Post 11348738)
Someone should block those guys, they're retarded :helpme
bhahahahhaha

Tuga 11-19-2006 06:24 PM
Quote:
Originally Posted by PMdave (Post 11348749)
uhmmm.... isn't that "youtube installs zango"-story based on the fake Yootube.info movies?
And how the hell is that related to what we are talking about? :error

EdgeXXX 11-19-2006 06:25 PM
Actually, the vulnerability that it opens has nothing to do with HTML or BBCode. It has to do with the possibility of malicious ActionScript embedded in the "videos". Luckily, it's not too much of a danger ATM, as most scriptkiddies haven't really taken notice of it yet. Then again, nothing is ever a problem until all hell breaks loose. :2 cents:

2HousePlague 11-19-2006 06:27 PM
Quote:
Originally Posted by EdgeXXX (Post 11348757)
Actually, the vulnerability that it opens has nothing to do with HTML or BBCode. It has to do with the possibility of malicious ActionScript embedded in the "videos". Luckily, it's not too much of a danger ATM, as most scriptkiddies haven't really taken notice of it yet. Then again, nothing is ever a problem until all hell breaks loose. :2 cents:
Is that possible? How could malicious code survive the flash encryption by Youtube?

2hp

Tuga 11-19-2006 06:28 PM
Quote:
Originally Posted by EdgeXXX (Post 11348757)
Actually, the vulnerability that it opens has nothing to do with HTML or BBCode. It has to do with the possibility of malicious ActionScript embedded in the "videos". Luckily, it's not too much of a danger ATM, as most scriptkiddies haven't really taken notice of it yet. Then again, nothing is ever a problem until all hell breaks loose. :2 cents:
Ok now you got me interested, but I would like you to get into more detail about it. They can put a script on a video and host it on youtube? And what kind of stuff can that script do to a site that is just displaying the youtube player? I really would like to know.

stickyfingerz 11-19-2006 06:28 PM
Quote:
Originally Posted by EdgeXXX (Post 11348757)
Actually, the vulnerability that it opens has nothing to do with HTML or BBCode. It has to do with the possibility of malicious ActionScript embedded in the "videos". Luckily, it's not too much of a danger ATM, as most scriptkiddies haven't really taken notice of it yet. Then again, nothing is ever a problem until all hell breaks loose. :2 cents:
I dont think youtube allows videos with action script embedded does it? I know Ive tried it with a simliar site of a pornographic nature :winkwink: and the video was automatically rejected.

CaptainHowdy 11-19-2006 06:40 PM
Someone close this thread please...

Jace 11-19-2006 06:40 PM
Quote:
Originally Posted by EdgeXXX (Post 11348757)
Actually, the vulnerability that it opens has nothing to do with HTML or BBCode. It has to do with the possibility of malicious ActionScript embedded in the "videos". Luckily, it's not too much of a danger ATM, as most scriptkiddies haven't really taken notice of it yet. Then again, nothing is ever a problem until all hell breaks loose. :2 cents:
well, isn't IE7 going to be a mandatory download here soon? nothing active or action gets by IE7 for me so far....any time anything tries to run it stops it and prompts me

happened with Zango too, Zango tried to install on my computer and IE7 said NOPE!

KrisKross 11-19-2006 07:17 PM
Quote:
Originally Posted by EdgeXXX (Post 11348757)
Actually, the vulnerability that it opens has nothing to do with HTML or BBCode. It has to do with the possibility of malicious ActionScript embedded in the "videos". Luckily, it's not too much of a danger ATM, as most scriptkiddies haven't really taken notice of it yet. Then again, nothing is ever a problem until all hell breaks loose. :2 cents:
If what you're suggesting is possible, then YouTube would have been raped to hell and back a long time ago.

Of course script kiddies have taken notice. Hell, I'm not even a script kiddie and it was one of the first thoughts that crossed my mind when I first came across YouTube.

madawgz 11-19-2006 08:01 PM
maybe have the adult team write a custom script so all we have to do is paste the youtube url, and the script will extract the code and put it on the page automatically

minusonebit 11-19-2006 08:03 PM
heh, see sig.

2HousePlague 11-19-2006 08:05 PM
Quote:
Originally Posted by madawgz (Post 11349214)
maybe have the adult team write a custom script so all we have to do is paste the youtube url, and the script will extract the code and put it on the page automatically
Actually, you don't even have to past the whole URL, just the identifier code from the end -- like this


2hp

Kimo 11-19-2006 08:19 PM
leave that boi alone

fusionx 11-19-2006 08:24 PM
Quote:
Originally Posted by madawgz (Post 11349214)
maybe have the adult team write a custom script so all we have to do is paste the youtube url, and the script will extract the code and put it on the page automatically
yeah.. that's what the bb code mod would do

PHP Code:
[youtube]http://www.youtube.com/watch?v=aAP_pxMqmr4[/youtube] 
we built a media tag that plays vids, audio and flash movies from specific sites.. pretty easy for the users, and secure for us.

Jace 11-19-2006 08:27 PM
Quote:
Originally Posted by fusionx (Post 11349361)
yeah.. that's what the bb code mod would do

PHP Code:
[youtube]http://www.youtube.com/watch?v=aAP_pxMqmr4[/youtube] 
we built a media tag that plays vids, audio and flash movies from specific sites.. pretty easy for the users, and secure for us.
actually, the youtube one is even cooler

it just does this



no url even necessary

you can do the same with pornotube, no installs or code rewrites necessary

MaddCaz 11-19-2006 08:27 PM
Texas said FUCKIT!!!

fusionx 11-19-2006 08:59 PM
Quote:
Originally Posted by Tuga (Post 11348646)
No video in my board autoplays, what option is that?
It's dependent on the player

Bro Media - BANNED FOR LIFE 11-19-2006 09:16 PM
Quote:
Originally Posted by EdgeXXX (Post 11348757)
Actually, the vulnerability that it opens has nothing to do with HTML or BBCode. It has to do with the possibility of malicious ActionScript embedded in the "videos". Luckily, it's not too much of a danger ATM, as most scriptkiddies haven't really taken notice of it yet. Then again, nothing is ever a problem until all hell breaks loose. :2 cents:
you don't know much about how YouTube works do you?

you upload a mpg, avi, or mov file, not a flash file, you cannot put actionscript for flash, in an mpg/avi/mov their servers convert it to a FLV file, not even flash, flv can't have actionscript either, so no, theres is no possible way for someone to cause harm or anything to ones computer by uploading a movie to youtube...

...plus you think Youtube/Google is stupid enough to let shit like that slide? they got programs that catch that shit, i doubt a big company like google, or hell even the guys who started youtube, being ex paypal programmers would even just "overlook" a security flaw like that...

fusionx 11-19-2006 09:19 PM
Quote:
Originally Posted by Jace (Post 11349372)
actually, the youtube one is even cooler

it just does this



no url even necessary

you can do the same with pornotube, no installs or code rewrites necessary

It's easy to modify it that way.. we allow several media sources with the same tag, so we just tell the user to paste the url supplied by the host.

studiocritic 11-19-2006 09:57 PM
http://www.lux-aeterna.com/vtimer/images/mainform.gif

thread.. closing..

Masterchief 11-19-2006 10:16 PM
Quote:
Originally Posted by EdgeXXX (Post 11348757)
Actually, the vulnerability that it opens has nothing to do with HTML or BBCode. It has to do with the possibility of malicious ActionScript embedded in the "videos". Luckily, it's not too much of a danger ATM, as most scriptkiddies haven't really taken notice of it yet. Then again, nothing is ever a problem until all hell breaks loose. :2 cents:
FYI, there's 2 options that render those attacks completely useless, try looking up on the "allowScriptAccess" and "allowNetworking" tags.

studiocritic 11-19-2006 11:28 PM
Quote:
Originally Posted by Masterchief (Post 11349805)
FYI, there's 2 options that render those attacks completely useless, try looking up on the "allowScriptAccess" and "allowNetworking" tags.
this is correct.. same reason myspace allows it now. those tags render flash harmless.

AsianDivaGirlsWebDude 11-19-2006 11:35 PM
Quote:
Originally Posted by Madrox (Post 11349590)
you don't know much about how YouTube works do you?

you upload a mpg, avi, or mov file, not a flash file, you cannot put actionscript for flash, in an mpg/avi/mov their servers convert it to a FLV file, not even flash, flv can't have actionscript either, so no, theres is no possible way for someone to cause harm or anything to ones computer by uploading a movie to youtube...

...plus you think Youtube/Google is stupid enough to let shit like that slide? they got programs that catch that shit, i doubt a big company like google, or hell even the guys who started youtube, being ex paypal programmers would even just "overlook" a security flaw like that...
TD is smarter than Paypal/YouTube/Google. That's why he works for Adult.com... :winkwink:

ADG Webmaster

EdgeXXX 11-20-2006 12:05 AM
Quote:
Originally Posted by 2HousePlague (Post 11348767)


Is that possible? How could malicious code survive the flash encryption by Youtube?

2hp
Well, the problem is not the code surviving the FLV encryption, the danger is of the malicious code hijacking the encoding subroutine before it even begins.


Quote:
Quote:
Originally Posted by Tuga (Post 11348771)
Ok now you got me interested, but I would like you to get into more detail about it. They can put a script on a video and host it on youtube? And what kind of stuff can that script do to a site that is just displaying the youtube player? I really would like to know.

Quote:
Originally Posted by stickyfingerz (Post 11348773)
I dont think youtube allows videos with action script embedded does it? I know Ive tried it with a simliar site of a pornographic nature :winkwink: and the video was automatically rejected.
The problem is not so much a matter of what exploits are known at this very moment, rather what exploitable weaknesses exist that no one has discovered yet. The transition from all content (swf vids) being stored and accessed through a FMS to this new generation of dynamic-loading external FLVs has come about a much greater rate than was initially anticipated (and the increased demand is pushing up development deadlines and cutting test time prior to release).


Quote:
Originally Posted by Jace (Post 11348811)
well, isn't IE7 going to be a mandatory download here soon? nothing active or action gets by IE7 for me so far....any time anything tries to run it stops it and prompts me

happened with Zango too, Zango tried to install on my computer and IE7 said NOPE!
True, but unfortunately that is only for now. Once the blackhats have time enough to play with IE7 and find it's potential weaknesses, it will be open season on IE again. :(

Quote:
Originally Posted by KrisKross (Post 11348975)
If what you're suggesting is possible, then YouTube would have been raped to hell and back a long time ago.

Of course script kiddies have taken notice. Hell, I'm not even a script kiddie and it was one of the first thoughts that crossed my mind when I first came across YouTube.
That's just it (it's kind of complicated... or at least, difficult to explain), we do know that it is possible, we just don't know how. Fortunately neither do they. Basically, it's a race to see who can figure it out first. At the moment (and for the foreseeable future), everything is fine and secure. What the future holds, however, is anybody's guess. :winkwink:

EdgeXXX 11-20-2006 12:20 AM
Quote:
Originally Posted by Masterchief (Post 11349805)
FYI, there's 2 options that render those attacks completely useless, try looking up on the "allowScriptAccess" and "allowNetworking" tags.
This is true. But what happens if someone discovers a way to circumvent or override those method tags? Keep in mind, those very methods were just recently adapted due to a weakness discovered in previous platforms.

AsianDivaGirlsWebDude 11-20-2006 12:21 AM
Good advice - be afraid of the unknown...

ADG Webmaster

georgeyw 11-20-2006 12:21 AM
Quote:
Originally Posted by TexasDreams (Post 11348637)
When I see a request that is retarded, yes.
How is it a vulnerability? It only plays youtube videos.

I've added it to one of my boards cos it's far better than seeing all those shitty youtube links everywhere


All times are GMT -7. The time now is 01:37 PM.
Page 1 of 2 1 2 >
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123