News 

In an open letter to Google, Christian Matthies said he would publicly disclose over 40 bugs that he said he found on the site.

Most of the flaw concern cross-site scripting flaws which allow hackers to inject malicious code into legitimate website in order to steal personal information on website visitors. Most of the exploits allow hackers to infect user profiles with malware that could spread through the internet and steal a user's log-in details.

"Just like other major social networking sites (or even more), YouTube is responsible for the privacy and security of hundreds of millions of users," said Matthies.

"However, presently this security is not provided in the least due to a continuously increasing amount of severe security vulnerabilities on YouTube coming with each

ADVERTISEMENT

site update."

"Having security holes is one thing but not responding to vulnerability reports is totally unacceptable and certainly [does] not conform to your commitment to data security," he said. "Taking that into account I'm going to have one last try and give you two weeks from now to contact me. If you don't, I am obliged to disclose all vulnerabilities in public."

According to research from Secure Computing, cross-site scripting flaws aren't the only problems affecting the popular video sharing site.

The IT security firm said that hackers are planting fake videos on the site which infect computers with the Zlob virus. While personnel at YouTube were quick to take down the infected videos, Paul Henry, vice president of technologies at Secure Computing said that the incident heralded a new attack vector for hackers.

"The fact is no one expects to find malware hidden in YouTube files. Yet the medium's popularity is highly alluring as a mass distribution vehicle for malicious code," said Henry. The Zlob virus then installs adware and spyware that then bombards users with pornographic ads.

"What's alarming is that, from a security perspective, many users and organisations will be blindsided and potentially seriously exposed."

Henry was concerned that the virus was a prelude to hackers infecting computers with keyloggers or make them part of a botnet.