you don't know much about how YouTube works do you?

you upload a mpg, avi, or mov file, not a flash file, you cannot put actionscript for flash, in an mpg/avi/mov their servers convert it to a FLV file, not even flash, flv can't have actionscript either, so no, theres is no possible way for someone to cause harm or anything to ones computer by uploading a movie to youtube...

...plus you think Youtube/Google is stupid enough to let shit like that slide? they got programs that catch that shit, i doubt a big company like google, or hell even the guys who started youtube, being ex paypal programmers would even just "overlook" a security flaw like that...

It's easy to modify it that way.. we allow several media sources with the same tag, so we just tell the user to paste the url supplied by the host.

http://www.lux-aeterna.com/vtimer/images/mainform.gif

thread.. closing..

FYI, there's 2 options that render those attacks completely useless, try looking up on the "allowScriptAccess" and "allowNetworking" tags.

this is correct.. same reason myspace allows it now. those tags render flash harmless.

TD is smarter than Paypal/YouTube/Google. That's why he works for Adult.com... :winkwink:

ADG Webmaster

Well, the problem is not the code surviving the FLV encryption, the danger is of the malicious code hijacking the encoding subroutine before it even begins.


The problem is not so much a matter of what exploits are known at this very moment, rather what exploitable weaknesses exist that no one has discovered yet. The transition from all content (swf vids) being stored and accessed through a FMS to this new generation of dynamic-loading external FLVs has come about a much greater rate than was initially anticipated (and the increased demand is pushing up development deadlines and cutting test time prior to release).


True, but unfortunately that is only for now. Once the blackhats have time enough to play with IE7 and find it's potential weaknesses, it will be open season on IE again. :(

That's just it (it's kind of complicated... or at least, difficult to explain), we do know that it is possible, we just don't know how. Fortunately neither do they. Basically, it's a race to see who can figure it out first. At the moment (and for the foreseeable future), everything is fine and secure. What the future holds, however, is anybody's guess. :winkwink:

This is true. But what happens if someone discovers a way to circumvent or override those method tags? Keep in mind, those very methods were just recently adapted due to a weakness discovered in previous platforms.

Good advice - be afraid of the unknown...

ADG Webmaster

How is it a vulnerability? It only plays youtube videos.

I've added it to one of my boards cos it's far better than seeing all those shitty youtube links everywhere

50 closed threads

http://serv2.uploadengine.com/1164007616070A3.gif













WOW..............








:eek7 :ugone2far :eek7








just......................... WOW.

What are you talking about? The player is always the you tube player :error

I can say the same about hacking VB, so let's just close the board. :2 cents:

yah really interesting huh.. great idea..

Round two.... FIGHT!!!

ya my forum uses that
its cool!

he made himself look pretty foolish when he got busted with that pr-productions thread (or whatever.. the forum stealing content) where him and his buddy pretended to be the forum owner coming to gfy and taunting challenging everyone to take his site/servers down. it was clever and working until they accidentally posted from the wrong nickname and 2-3 people saw it before they could delete the post.