Click here to visit our website

You can't believe all you read on the Internet

Web rumours about famous celebrities can have far more sinister motives than mere tittle-tattle. So read about the XSS flaw exploited on YouTube’s site this month and be on your guard. Remember that malicious gossip can lead to malicious code on your computer.

Let us begin by reassuring all concerned fans of Justin Bieber that he is alive and well despite Internet murmurings of a fatal car crash. Indeed, like Mark Twain before him, it seems rumours of his death have been greatly exaggerated.
 

But anyone viewing Bieber’s videos on YouTube earlier this month, had every reason to fear the demise of the teen pop sensation. Hackers had exploited a vulnerability in the YouTube comment system, allowing false postings to be made, which directed users to a variety of offensive messages and prank websites. One particular claim, which seemed to gather pace and credibility over the American Independence Day weekend, was that Justin Bieber had died.

Rumours of the death of Justin Bieber have been greatly exaggerated. So don't believe everything you read on the Internet. Your bank details may depend on it.


What is an XSS attack?

This type of website weakness is called a cross-site scripting (XSS) flaw and, on this occasion, Google (YouTube’s parent company) moved to fix it in a matter of hours. However, important lessons must be drawn from this event. XSS attacks are a serious problem as they have the potential to fool unsuspecting users into revealing login details or visiting malicious web pages.

Since these prank pop-ups originate from a trusted site, they tend to carry greater legitimacy in the eyes of the reader. Attacks have been known to fake an entire login screen encouraging users to update their passwords or give up other personal details - although neither of these is thought to have happened in the case of the Justin Bieber breach.

How to avoid becoming the next victim

In the same way we (hopefully) exercise a healthy degree of scepticism when leafing through a tabloid newspaper, it is even more important not to believe everything we read on the Internet. This may seem an obvious claim in the cold light of day, but all the evidence highlights just how easy it is to be suckered in.
 
Ensuring your antivirus protection remains up-to-date will help protect your systems from malware on rogue websites to which you may be redirected, but users must also demonstrate vigilance to prevent falling foul of phishing attacks, which request sensitive data such as passwords and bank details to be submitted.

Just because it looks like your bank login page, just because it looks like the Facebook home page, doesn’t mean it actually is. Think about the route that led you here, have your wits about and don’t believe everything you read on the Internet - except the Utilize newsletter, of course.
   
 

Return to front page

Click here to email us