A security snafu on YouTube allowed users in the UAE to view the account pages and preferences of other users. The bug also created a means to jump into Gmail in cases where surfers had linked their YouTube and Gmail accounts. The issue appeared to only crop up locally, within the UAE, and only for users of the Etisalat …
I have seen this
A long time ago (1997) this happened several times in different organisations. Caching web gateways set wrongly and cahing the page without any reference to teh query string or form variables.
Really nasty but easy to fix.
Why is youtube mentioned in the title? It's not youtube's fault.
Here's what happened.
Google made a secret pact with the UAE Authorities to give them access to the profiles of the people in their country (either that or have the domain banned in Arab land), unfortunately the SQL was wrong.
- Leaked screenshots show next Windows kernel to be a perfect 10
- Amazon warming up 'cheapo web video' cannon to SINK Netflix
- Something for the Weekend, Sir? I need a password to BRAKE? What? No! STOP! Aaaargh!
- Episode 13 BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
- Vulture at the Wheel Ford's B-Max: Fiesta-based runaround that goes THUNK