{"id":105130,"date":"2015-04-04T13:51:48","date_gmt":"2015-04-04T13:51:48","guid":{"rendered":"http:\/\/4cd.e16.myftpupload.com\/?p=105130"},"modified":"2015-04-04T13:54:33","modified_gmt":"2015-04-04T13:54:33","slug":"youtube-hack-threatened-bieber-videos","status":"publish","type":"post","link":"https:\/\/citifmonline.com\/?p=105130","title":{"rendered":"YouTube hack &#8216;threatened&#8217; Bieber videos"},"content":{"rendered":"<p class=\"story-body__introduction\">A Russian coder has revealed how he discovered a way to delete any video on YouTube.<\/p>\n<p>A demonstration of Kamil Hismatullin&#8217;s technique, posted online, shows that once he had copied part of a video&#8217;s web address he could use it to wipe the clip within half a minute.<\/p>\n<p>Rather than exploit the hack, he instead reported it to parent company Google,which gave him a reward.<\/p>\n<p>He joked, however, that he was tempted to wipe Justin Bieber&#8217;s music videos.<\/p>\n<p>&#8220;I spent six to seven hours [on] research, considering that [for a] couple of hours I&#8217;ve fought the urge to clean up Bieber&#8217;s channel, haha,&#8221; wrote Mr Hismatullin.<\/p>\n<p>&#8220;Although it was an early Saturday&#8217;s (sic) morning in San Francisco when I reported [the] issue, Google&#8217;s security team replied very fast, since this vulnerability could create utter havoc in a matter of minutes in the bad hands.<\/p>\n<p>&#8220;This vulnerability [might have been used] to extort people or simply disrupt YouTube by deleting massive amounts of videos in a very short period of time.<\/p>\n<p>&#8220;It was fixed in several hours, Google rewarded me $5,000 and luckily no Bieber videos were harmed.&#8221;<\/p>\n<p>Mr Hismatullin wrote that he discovered the flaw while investigating YouTube Creator Studio, a service that lets video creators see analytics data about the clips they have uploaded via an app.<\/p>\n<p><a href=\"http:\/\/4cd.e16.myftpupload.com\/wp-content\/uploads\/2015\/04\/JUSTIN.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-105131\" src=\"http:\/\/4cd.e16.myftpupload.com\/wp-content\/uploads\/2015\/04\/JUSTIN.jpg\" alt=\"JUSTIN\" width=\"660\" height=\"386\" srcset=\"https:\/\/citifmonline.com\/wp-content\/uploads\/2015\/04\/JUSTIN.jpg 660w, https:\/\/citifmonline.com\/wp-content\/uploads\/2015\/04\/JUSTIN-300x175.jpg 300w\" sizes=\"auto, (max-width: 660px) 100vw, 660px\" \/><\/a>Mr Hismatullin showed that his hack could be completed using easily-accessible tools<\/p>\n<p>The facility allows any clip to be deleted if you type in both its event ID &#8211; which can be found in its web address &#8211; and a long string of letters and numbers known as an authentication token, which is supposed to act as a kind of password.<\/p>\n<p>The problem the coder discovered was that the service was accepting any token for a takedown request, rather than requiring one that belonged to the account of the person who had uploaded the clip.<\/p>\n<p>This meant Mr Hismatullin could simply copy a token from his own account and use it to delete others&#8217; videos.<\/p>\n<p>The developer said that he had spent time searching for vulnerabilities in Google&#8217;s products after previously having been given a $1,337 (\u00a3902) grant by the firm.<\/p>\n<p>The search giant gives such payouts as part of a programme to encourage people who have previously reported flaws to hunt out more.<\/p>\n<p>The scheme puts a cap on subsequent payments, limiting the bounty Mr Hismatullin received for his findings.<\/p>\n<p>&#8220;To be honest I expected $15,000 to $20,000,&#8221; he commented.<\/p>\n<p>&#8220;I wanted to write a kind of &#8216;complaint&#8217; to Google, but first I re-read [its] rules and understood that Google could not pay me more.<\/p>\n<p>&#8220;Facebook has not got a boundary for maximum reward, so they can pay as much as they want.&#8221;<\/p>\n<p>&#8211;<\/p>\n<p>Source: BBC<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A Russian coder has revealed how he discovered a way to delete any video on YouTube. A demonstration of Kamil Hismatullin&#8217;s technique, posted online, shows that once he had copied part of a video&#8217;s web address he could use it to wipe the clip within half a minute. Rather than exploit the hack, he instead [&hellip;]<\/p>\n","protected":false},"author":14,"featured_media":30840,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jnews-multi-image_gallery":[],"jnews_single_post":[],"jnews_primary_category":[],"jnews_social_meta":[],"jnews_override_counter":[],"footnotes":""},"categories":[],"tags":[18,6],"class_list":["post-105130","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-dr-akwasi-osei","tag-togbe-afede"],"_links":{"self":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts\/105130","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=105130"}],"version-history":[{"count":0,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts\/105130\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/media\/30840"}],"wp:attachment":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=105130"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=105130"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=105130"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}