Browse archive

Latest news

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

A spotlight on grid insecurity

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Hacking charge stations for electric cars

Sesame Street YouTube channel hacked

Posted on 17 October 2011.

Followers of the Sesame Street YouTube channel have had a nasty surprise when they tuned in on Sunday.

Instead of the children-friendly videos they were faced with pretty explicit adult ones:

The offending material was luckily available only for 20 minutes, after which the entire channel was taken down by YouTube for "repeated or severe violations of YoutTube Community Guidelines," and is still down as I write this.

The unwelcome changes were made by a user that uses the handle "Mredxwx", who left a jumbled up message in the channel's profile claiming to have worked with his partner "Mrsuicider91".

According to Sophos, "Mredxwx" is an actual user who has since denied hacking and defacing the Sesame Street channel. "I am an honest youtuber. I work hard to make quality gameplay videos AND MOST IMPORTANT I RESPECT THE COMMUNITY GUIDELINES," he claims in a video he uploaded on his YouTube page.

Whether he is behind the hack or not, the question of how the hack was executed is still unanswered. But, as Graham Cluley points out, the probability is high that sloppy password security is to blame.