Youtube gave away user details! [usernames & passwords]

Thursday, December 4, 2008
The story began on June 1. 2006. I have been using linux just for just two or three months. I was still using Mandriva with the KDE desktop. Any way I came across a Google dork that showed the login details of all websites that hosted youtube videos. I was just browsing youtube as usual checking all the videos under "hacking," when I found this video by some one who claimed that with this google dork one could find all these logins of sites that hosted youtube videos. Sure enough I checked it out and it turned out to be true. There were more than 100 of those sites. Of course to some I could not get access to because they had some additional security features but for the majority I got access to there ftp servers.

I remember that I was very excited that day. I am telling you this because in some wired way it had a significant impact on me. You see I was not having much fun with linux at the time because I was such noob and I did not know how to do any thing on it. I was frustrated with it but I was not going to go back to windows. That simply was not a solution for me. Any way summer was around the corner and I knew that nothing exciting would happen that summer because I had only the usual stuff scheduled for that summer. One of which involved a family trip to the sea and stuff like that. So than this happened and I spent the whole day browsing these sites and I forgot for a moment what a noob I was on linux. So it came sort of at a critical moment in my life.

I never attempted to deface any of these websites. Actually I never revisited any of those websites even though I saved some of those login details. I could have gone back some time later to see if the login details had been changed or if they are still the same. I never did so because I never really wanted to do any harm. I used that to put some excitement in my life which I needed and that was it. So if any one wants to blame me for that fine but the way I see it if you put youtube videos on your site you deserve to get hacked. I would never do that if I was concerned about my security. I think it is stupid. You can always put a link to a youtube video or provide your own playback of the video. There is just a ton of options.

I could have kept the Google dork a secret but that was not my intention. I do not think that I would of have achieved any thing by doing so. So instead I posted the Google dork on the hacker websites that I frequent. So now if you Google my hacker handle among other things which you will see are also going to be references to this exploit.

It is quite an honor for me to be mentioned on other hacker websites. I am proud of that! In fact here is a site that mentions this exploit:

http://www.davidnaylor.co.uk/youtube-give-users-ftp-details-away.html

I did not forget to take snapshots of the event. In fact I made a video and posted on youtube and you can see it at this location:

0 comments: