A security snafu on YouTube allowed users in the UAE to view the account pages and preferences of other users. The bug also created a means to jump into Gmail in cases where surfers had linked their YouTube and Gmail accounts. The issue appeared to only crop up locally, within the UAE, and only for users of the Etisalat …
I have seen this
A long time ago (1997) this happened several times in different organisations. Caching web gateways set wrongly and cahing the page without any reference to teh query string or form variables.
Really nasty but easy to fix.
Why is youtube mentioned in the title? It's not youtube's fault.
Here's what happened.
Google made a secret pact with the UAE Authorities to give them access to the profiles of the people in their country (either that or have the domain banned in Arab land), unfortunately the SQL was wrong.
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- 14 antivirus apps found to have security problems
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- Feature Scotland's BIG question: Will independence cost me my broadband?
- Driverless car SQUADRONS to hit Britain in 2015