Web Security Review

YouTube became unavailable to the whole wide web for two grueling hours last Sunday due to a Pakistani government policy. The BBC has reported that Pakistan Telecom and national ISP, PCCW were directed by the Pakistani Government to block local access to video site, youtube.com for it’s offensive content. Pakistan Telecom disabled local users to access the said site while redirecting them to another site.

One way or another, the blocking leaked from Pakistan to other ISPs around the globe, hence the unavailability of the whole world to view precious youtube videos. ISPs cannot do anything to fix this mess as they don’t have control over it (OpenDNS).

Owner of Google, YouTube’s parent company said that “Traffic to YouTube was routed according to erroneous Internet protocols, and many users around the world could not access our site,” it said. “We have determined that the source of these events was a network in Pakistan. We are investigating and working with others in the Internet community to prevent this from happening again.”

By Lisa Vaas

An attacker could exploit the flaw with a malicious MP4 file to trigger the buffer overflow.

Even as Microsoft prepared to release critical updates for flaws in multimedia frameworks and APIs, proof-of-concept exploit code came out over the weekend that shows how an attacker can target the Winamp multiformat media player, a media player from Nullsoft that runs on Windows and is second only to Windows Media Player in worldwide popularity.

Symantec on Dec. 8 produced a security advisory warning that attackers can take over systems due to a vulnerability in how Winamp processes some MP4 files. Nullsoft has since addressed the issue, which boils down to a buffer overflow problem, in Winamp 5.35. The problem affects Winamp 5.02 through 5.34.

Read more from eweek.com