As of this morning, all of our embedded videos now display a bogus
"Video player privacy policy" message with a link to "www.youtube- nocookie.com/t/privacy" - it's obviously a phishing site (designed to
look exactly like youtube). Anyone else seen this? If so, how do we
get rid of these? (already changed all passwords, etc.) Here are
examples: http://www.kpl.gov/video/ What a pain - Thanks!
My first guess is that this was a hack now that 3rd party annotations
have been enabled. But that could just be me being paranoid again. I
did see it on your video... can you disable 3rd party annotations?
(I've tried on my videos since I saw the "feature" appear last night,
but I can't convince myself they've actually been disabled).
Wonderful.
> As of this morning, all of our embedded videos now display a bogus
> "Video player privacy policy" message with a link to "www.youtube- > nocookie.com/t/privacy" - it's obviously a phishing site (designed to
> look exactly like youtube). Anyone else seen this? If so, how do we
> get rid of these? (already changed all passwords, etc.) Here are
> examples:http://www.kpl.gov/video/ What a pain - Thanks!
In fact I try to avoid annotations entirely for anything that's not a
throwaway or a test video, since I've read that they're sometimes
impossible to delete. Still, it would be good to try it. Though
maybe you should wait until YouTube staffers have a chance to see what
their new baby has done to the carpet.
> My first guess is that this was a hack now that 3rd party annotations
> have been enabled. But that could just be me being paranoid again. I
> did see it on your video... can you disable 3rd party annotations?
> (I've tried on my videos since I saw the "feature" appear last night,
> but I can't convince myself they've actually been disabled).
> Wonderful.
> On Feb 20, 8:36 am, KalamazooLibrary wrote:
> > As of this morning, all of our embedded videos now display a bogus
> > "Video player privacy policy" message with a link to "www.youtube- > > nocookie.com/t/privacy" - it's obviously a phishing site (designed to
> > look exactly like youtube). Anyone else seen this? If so, how do we
> > get rid of these? (already changed all passwords, etc.) Here are
> > examples:http://www.kpl.gov/video/ What a pain - Thanks!
Revision... this seems to have been a hack of your embedded video
player on the Library site? It may have nothing to do with video
annotations, since it just appears in the embedded player, not while
the videos play? Does someone working on the site have a grudge, or
has someone with access to the site set-up been laid off lately?
I'd take a close look at the code for the embedded player.
> As of this morning, all of our embedded videos now display a bogus
> "Video player privacy policy" message with a link to "www.youtube- > nocookie.com/t/privacy" - it's obviously a phishing site (designed to
> look exactly like youtube). Anyone else seen this? If so, how do we
> get rid of these? (already changed all passwords, etc.) Here are
> examples:http://www.kpl.gov/video/ What a pain - Thanks!
Thanks for your input - wondered about that, but there's nothing weird
in the embedded code - other than size modification, it's clean as
provided by YouTube. You're right, though... there are no annotoations
in the video itself and the link only displays on the embedded ones.
I'll try adding a new video and see if that does it.
> Revision... this seems to have been a hack of your embedded video
> player on the Library site? It may have nothing to do with video
> annotations, since it just appears in the embedded player, not while
> the videos play? Does someone working on the site have a grudge, or
> has someone with access to the site set-up been laid off lately?
> I'd take a close look at the code for the embedded player.
> On Feb 20, 8:36 am, KalamazooLibrary wrote:
> > As of this morning, all of our embedded videos now display a bogus
> > "Video player privacy policy" message with a link to "www.youtube- > > nocookie.com/t/privacy" - it's obviously a phishing site (designed to
> > look exactly like youtube). Anyone else seen this? If so, how do we
> > get rid of these? (already changed all passwords, etc.) Here are
> > examples:http://www.kpl.gov/video/ What a pain - Thanks!- Hide quoted text -
I've put out feelers to those who know HTML and embedding far better
than I do. Hopefully someone can shed more light on this than I
have. I agree, looking at the embed code I didn't notice anything
that was different from what I see on my own cut&pasted embedded
videos on my own blog.
> Thanks for your input - wondered about that, but there's nothing weird
> in the embedded code - other than size modification, it's clean as
> provided by YouTube. You're right, though... there are no annotoations
> in the video itself and the link only displays on the embedded ones.
> I'll try adding a new video and see if that does it.
> On Feb 20, 9:12 am, ebbixx wrote:
> > Revision... this seems to have been a hack of your embedded video
> > player on the Library site? It may have nothing to do with video
> > annotations, since it just appears in the embedded player, not while
> > the videos play? Does someone working on the site have a grudge, or
> > has someone with access to the site set-up been laid off lately?
> > I'd take a close look at the code for the embedded player.
> > On Feb 20, 8:36 am, KalamazooLibrary wrote:
> > > As of this morning, all of our embedded videos now display a bogus
> > > "Video player privacy policy" message with a link to "www.youtube- > > > nocookie.com/t/privacy" - it's obviously a phishing site (designed to
> > > look exactly like youtube). Anyone else seen this? If so, how do we
> > > get rid of these? (already changed all passwords, etc.) Here are
> > > examples:http://www.kpl.gov/video/ What a pain - Thanks!- Hide quoted text -
Ahhh... interesting. The text DOES display immediately when a new
video is posted but ONLY when posted on this site - they display
normally when posted elsewhere. So, it must be a script within our cms
somewhere... Still bunk that the link leads to a bogus site.
> Thanks for your input - wondered about that, but there's nothing weird
> in the embedded code - other than size modification, it's clean as
> provided by YouTube. You're right, though... there are no annotoations
> in the video itself and the link only displays on the embedded ones.
> I'll try adding a new video and see if that does it.
> On Feb 20, 9:12 am, ebbixx wrote:
> > Revision... this seems to have been a hack of your embedded video
> > player on the Library site? It may have nothing to do with video
> > annotations, since it just appears in the embedded player, not while
> > the videos play? Does someone working on the site have a grudge, or
> > has someone with access to the site set-up been laid off lately?
> > I'd take a close look at the code for the embedded player.
> > On Feb 20, 8:36 am, KalamazooLibrary wrote:
> > > As of this morning, all of our embedded videos now display a bogus
> > > "Video player privacy policy" message with a link to "www.youtube- > > > nocookie.com/t/privacy" - it's obviously a phishing site (designed to
> > > look exactly like youtube). Anyone else seen this? If so, how do we
> > > get rid of these? (already changed all passwords, etc.) Here are
> > > examples:http://www.kpl.gov/video/ What a pain - Thanks!- Hide quoted text -
-----------------------------------------------------------------------
MarkMonitor, the Global Leader in Enterprise Brand Protection
Domain Management
Online Trademark Protection
Online Channel Protection
AntiPhishing Solutions
-----------------------------------------------------------------------
The Data in MarkMonitor.com's WHOIS database is provided by
MarkMonitor.com
for information purposes, and to assist persons in obtaining
information
about or related to a domain name registration record.
MarkMonitor.com
does not guarantee its accuracy. By submitting a WHOIS query, you
agree
that you will use this Data only for lawful purposes and that, under
no
circumstances will you use this Data to: (1) allow, enable, or
otherwise
support the transmission of mass unsolicited, commercial advertising
or
solicitations via e-mail (spam); or (2) enable high volume,
automated,
electronic processes that apply to MarkMonitor.com (or its systems).
MarkMonitor.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by this policy.
Registrant:
DNS Admin
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
US
[email address] +1.6502530000 Fax: +1.6506188571
Administrative Contact:
DNS Admin
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
US
[email address] +1.6502530000 Fax: +1.6506188571
Technical Contact, Zone Contact:
DNS Admin
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
US
[email address] +1.6502530000 Fax: +1.6506188571
Created on..............: 2009-01-23.
Expires on..............: 2011-01-23.
Record last updated on..: 2009-01-23.
> Ahhh... interesting. The text DOES display immediately when a new
> video is posted but ONLY when posted on this site - they display
> normally when posted elsewhere. So, it must be a script within our cms
> somewhere... Still bunk that the link leads to a bogus site.
> On Feb 20, 9:25 am, KalamazooLibrary wrote:
> > Thanks for your input - wondered about that, but there's nothing weird
> > in the embedded code - other than size modification, it's clean as
> > provided by YouTube. You're right, though... there are no annotoations
> > in the video itself and the link only displays on the embedded ones.
> > I'll try adding a new video and see if that does it.
> > On Feb 20, 9:12 am, ebbixx wrote:
> > > Revision... this seems to have been a hack of your embedded video
> > > player on the Library site? It may have nothing to do with video
> > > annotations, since it just appears in the embedded player, not while
> > > the videos play? Does someone working on the site have a grudge, or
> > > has someone with access to the site set-up been laid off lately?
> > > I'd take a close look at the code for the embedded player.
> > > On Feb 20, 8:36 am, KalamazooLibrary wrote:
> > > > As of this morning, all of our embedded videos now display a bogus
> > > > "Video player privacy policy" message with a link to "www.youtube- > > > > nocookie.com/t/privacy" - it's obviously a phishing site (designed to
> > > > look exactly like youtube). Anyone else seen this? If so, how do we
> > > > get rid of these? (already changed all passwords, etc.) Here are
> > > > examples:http://www.kpl.gov/video/ What a pain - Thanks!- Hide quoted text -
Just an FYI--The message showed up today at http://transportation.ky.gov in our embedded video. This leads me to believe that it is a .GOV
thing? We'll post if we find an answer/solution. We've emailed support
at YouTube, but no response yet.
> Just an FYI--The message showed up today athttp://transportation.ky.gov > in our embedded video. This leads me to believe that it is a .GOV
> thing? We'll post if we find an answer/solution. We've emailed support
> at YouTube, but no response yet.
> -----------------------------------------------------------------------
> MarkMonitor, the Global Leader in Enterprise Brand Protection
> Domain Management
> Online Trademark Protection
> Online Channel Protection
> AntiPhishing Solutions
> -----------------------------------------------------------------------
> The Data in MarkMonitor.com's WHOIS database is provided by
> MarkMonitor.com
> for information purposes, and to assist persons in obtaining
> information
> about or related to a domain name registration record.
> MarkMonitor.com
> does not guarantee its accuracy. By submitting a WHOIS query, you
> agree
> that you will use this Data only for lawful purposes and that, under
> no
> circumstances will you use this Data to: (1) allow, enable, or
> otherwise
> support the transmission of mass unsolicited, commercial advertising
> or
> solicitations via e-mail (spam); or (2) enable high volume,
> automated,
> electronic processes that apply to MarkMonitor.com (or its systems).
> MarkMonitor.com reserves the right to modify these terms at any time.
> By submitting this query, you agree to abide by this policy.
> Registrant:
> DNS Admin
> Google Inc.
> 1600 Amphitheatre Parkway
> Mountain View CA 94043
> US
> [email address] +1.6502530000 Fax: +1.6506188571
> Administrative Contact:
> DNS Admin
> Google Inc.
> 1600 Amphitheatre Parkway
> Mountain View CA 94043
> US
> [email address] +1.6502530000 Fax: +1.6506188571
> Technical Contact, Zone Contact:
> DNS Admin
> Google Inc.
> 1600 Amphitheatre Parkway
> Mountain View CA 94043
> US
> [email address] +1.6502530000 Fax: +1.6506188571
> Created on..............: 2009-01-23.
> Expires on..............: 2011-01-23.
> Record last updated on..: 2009-01-23.
> > Ahhh... interesting. The text DOES display immediately when a new
> > video is posted but ONLY when posted on this site - they display
> > normally when posted elsewhere. So, it must be a script within our cms
> > somewhere... Still bunk that the link leads to a bogus site.
> > On Feb 20, 9:25 am, KalamazooLibrary wrote:
> > > Thanks for your input - wondered about that, but there's nothing weird
> > > in the embedded code - other than size modification, it's clean as
> > > provided by YouTube. You're right, though... there are no annotoations
> > > in the video itself and the link only displays on the embedded ones.
> > > I'll try adding a new video and see if that does it.
> > > On Feb 20, 9:12 am, ebbixx wrote:
> > > > Revision... this seems to have been a hack of your embedded video
> > > > player on the Library site? It may have nothing to do with video
> > > > annotations, since it just appears in the embedded player, not while
> > > > the videos play? Does someone working on the site have a grudge, or
> > > > has someone with access to the site set-up been laid off lately?
> > > > I'd take a close look at the code for the embedded player.
> > > > On Feb 20, 8:36 am, KalamazooLibrary wrote:
> > > > > As of this morning, all of our embedded videos now display a bogus
> > > > > "Video player privacy policy" message with a link to "www.youtube- > > > > > nocookie.com/t/privacy" - it's obviously a phishing site (designed to
> > > > > look exactly like youtube). Anyone else seen this? If so, how do we
> > > > > get rid of these? (already changed all passwords, etc.) Here are
> > > > > examples:http://www.kpl.gov/video/ What a pain - Thanks!- Hide quoted text -
I think it is YouTube being smart. Both of your domains are .GOV
domains. I've copied the KYTranspo embed code directly from the source
code on the site to my own .COM and also included the default code
from the embed box on the watch page both with and without the no-
cookies option checked...neither have this privacy overlay.
http://www.burningfromice.com/youtube/kytcembed.htm
My company also has a blog that has many YouTube videos embedded into
it and non of them have the privacy policy overlay... it is also
a .COM domain.
> > -----------------------------------------------------------------------
> > MarkMonitor, the Global Leader in Enterprise Brand Protection
> > Domain Management
> > Online Trademark Protection
> > Online Channel Protection
> > AntiPhishing Solutions
> > -----------------------------------------------------------------------
> > The Data in MarkMonitor.com's WHOIS database is provided by
> > MarkMonitor.com
> > for information purposes, and to assist persons in obtaining
> > information
> > about or related to a domain name registration record.
> > MarkMonitor.com
> > does not guarantee its accuracy. By submitting a WHOIS query, you
> > agree
> > that you will use this Data only for lawful purposes and that, under
> > no
> > circumstances will you use this Data to: (1) allow, enable, or
> > otherwise
> > support the transmission of mass unsolicited, commercial advertising
> > or
> > solicitations via e-mail (spam); or (2) enable high volume,
> > automated,
> > electronic processes that apply to MarkMonitor.com (or its systems).
> > MarkMonitor.com reserves the right to modify these terms at any time.
> > By submitting this query, you agree to abide by this policy.
> > Registrant:
> > DNS Admin
> > Google Inc.
> > 1600 Amphitheatre Parkway
> > Mountain View CA 94043
> > US
> > [email address] +1.6502530000 Fax: +1.6506188571
> > > Ahhh... interesting. The text DOES display immediately when a new
> > > video is posted but ONLY when posted on this site - they display
> > > normally when posted elsewhere. So, it must be a script within our cms
> > > somewhere... Still bunk that the link leads to a bogus site.
> > > On Feb 20, 9:25 am, KalamazooLibrary wrote:
> > > > Thanks for your input - wondered about that, but there's nothing weird
> > > > in the embedded code - other than size modification, it's clean as
> > > > provided by YouTube. You're right, though... there are no annotoations
> > > > in the video itself and the link only displays on the embedded ones.
> > > > I'll try adding a new video and see if that does it.
> > > > On Feb 20, 9:12 am, ebbixx wrote:
> > > > > Revision... this seems to have been a hack of your embedded video
> > > > > player on the Library site? It may have nothing to do with video
> > > > > annotations, since it just appears in the embedded player, not while
> > > > > the videos play? Does someone working on the site have a grudge, or
> > > > > has someone with access to the site set-up been laid off lately?
> > > > > I'd take a close look at the code for the embedded player.
> > > > > On Feb 20, 8:36 am, KalamazooLibrary wrote:
> > > > > > As of this morning, all of our embedded videos now display a bogus
> > > > > > "Video player privacy policy" message with a link to "www.youtube- > > > > > > nocookie.com/t/privacy" - it's obviously a phishing site (designed to
> > > > > > look exactly like youtube). Anyone else seen this? If so, how do we
> > > > > > get rid of these? (already changed all passwords, etc.) Here are
> > > > > > examples:http://www.kpl.gov/video/ What a pain - Thanks!- Hide quoted text -
> > > > > - Show quoted text -- Hide quoted text -
> I think it is YouTube being smart. Both of your domains are .GOV
> domains. I've copied the KYTranspo embed code directly from the source
> code on the site to my own .COM and also included the default code
> from the embed box on the watch page both with and without the no-
> cookies option checked...neither have this privacy overlay.http://www.burningfromice.com/youtube/kytcembed.htm
> My company also has a blog that has many YouTube videos embedded into
> it and non of them have the privacy policy overlay... it is also
> a .COM domain.
> On Feb 20, 11:11 am, ebbixx wrote:
> > /me shakes head in amazement
> > Is this garden variety incompetence then? Or something else?
> > On Feb 20, 11:56 am, epontius wrote:
> > > Well.... the Whois lookup for YouTube-nocookie.com leads back to
> > > google
> > > -----------------------------------------------------------------------
> > > MarkMonitor, the Global Leader in Enterprise Brand Protection
> > > Domain Management
> > > Online Trademark Protection
> > > Online Channel Protection
> > > AntiPhishing Solutions
> > > -----------------------------------------------------------------------
> > > The Data in MarkMonitor.com's WHOIS database is provided by
> > > MarkMonitor.com
> > > for information purposes, and to assist persons in obtaining
> > > information
> > > about or related to a domain name registration record.
> > > MarkMonitor.com
> > > does not guarantee its accuracy. By submitting a WHOIS query, you
> > > agree
> > > that you will use this Data only for lawful purposes and that, under
> > > no
> > > circumstances will you use this Data to: (1) allow, enable, or
> > > otherwise
> > > support the transmission of mass unsolicited, commercial advertising
> > > or
> > > solicitations via e-mail (spam); or (2) enable high volume,
> > > automated,
> > > electronic processes that apply to MarkMonitor.com (or its systems).
> > > MarkMonitor.com reserves the right to modify these terms at any time.
> > > By submitting this query, you agree to abide by this policy.
> > > Registrant:
> > > DNS Admin
> > > Google Inc.
> > > 1600 Amphitheatre Parkway
> > > Mountain View CA 94043
> > > US
> > > [email address] +1.6502530000 Fax: +1.6506188571
> > > > Ahhh... interesting. The text DOES display immediately when a new
> > > > video is posted but ONLY when posted on this site - they display
> > > > normally when posted elsewhere. So, it must be a script within our cms
> > > > somewhere... Still bunk that the link leads to a bogus site.
> > > > On Feb 20, 9:25 am, KalamazooLibrary wrote:
> > > > > Thanks for your input - wondered about that, but there's nothing weird
> > > > > in the embedded code - other than size modification, it's clean as
> > > > > provided by YouTube. You're right, though... there are no annotoations
> > > > > in the video itself and the link only displays on the embedded ones.
> > > > > I'll try adding a new video and see if that does it.
> > > > > On Feb 20, 9:12 am, ebbixx wrote:
> > > > > > Revision... this seems to have been a hack of your embedded video
> > > > > > player on the Library site? It may have nothing to do with video
> > > > > > annotations, since it just appears in the embedded player, not while
> > > > > > the videos play? Does someone working on the site have a grudge, or
> > > > > > has someone with access to the site set-up been laid off lately?
> > > > > > I'd take a close look at the code for the embedded player.
> > > > > > On Feb 20, 8:36 am, KalamazooLibrary wrote:
> > > > > > > As of this morning, all of our embedded videos now display a bogus
> > > > > > > "Video player privacy policy" message with a link to "www.youtube- > > > > > > > nocookie.com/t/privacy" - it's obviously a phishing site (designed to
> > > > > > > look exactly like youtube). Anyone else seen this? If so, how do we
> > > > > > > get rid of these? (already changed all passwords, etc.) Here are
> > > > > > > examples:http://www.kpl.gov/video/ What a pain - Thanks!- Hide quoted text -
> > > > > > - Show quoted text -- Hide quoted text -
Don't look too hard for a problem on your side... Since this is also
popping up at the Kentucky Dept. of Transportation (and probably on
other local government sites that just haven't found their way here to
report it) I seriously doubt it was anyone on your end.
And FWIW, friends who know this stuff say that the www.youtube- nocookie.com/t/privacy link is actually a legit link that belongs to
Google. YouTube's tech staff have been informed and are looking into
this, but it does not *appear* to actually be a phishing expo, though
I agree it looked that way on the face of things.
It shouldn't be there, and hopefully this is a priority fix for
YouTube, or will be if its as widespread as it might be.
> Ahhh... interesting. The text DOES display immediately when a new
> video is posted but ONLY when posted on this site - they display
> normally when posted elsewhere. So, it must be a script within our cms
> somewhere... Still bunk that the link leads to a bogus site.
> On Feb 20, 9:25 am, KalamazooLibrary wrote:
> > Thanks for your input - wondered about that, but there's nothing weird
> > in the embedded code - other than size modification, it's clean as
> > provided by YouTube. You're right, though... there are no annotoations
> > in the video itself and the link only displays on the embedded ones.
> > I'll try adding a new video and see if that does it.
> > On Feb 20, 9:12 am, ebbixx wrote:
> > > Revision... this seems to have been a hack of your embedded video
> > > player on the Library site? It may have nothing to do with video
> > > annotations, since it just appears in the embedded player, not while
> > > the videos play? Does someone working on the site have a grudge, or
> > > has someone with access to the site set-up been laid off lately?
> > > I'd take a close look at the code for the embedded player.
> > > On Feb 20, 8:36 am, KalamazooLibrary wrote:
> > > > As of this morning, all of our embedded videos now display a bogus
> > > > "Video player privacy policy" message with a link to "www.youtube- > > > > nocookie.com/t/privacy" - it's obviously a phishing site (designed to
> > > > look exactly like youtube). Anyone else seen this? If so, how do we
> > > > get rid of these? (already changed all passwords, etc.) Here are
> > > > examples:http://www.kpl.gov/video/ What a pain - Thanks!- Hide quoted text -
The privacy policy link you see on your embed player is in response to
federal regulations regarding privacy on embed players. We're working
to remove it from state and local .gov sites as soon as possible.
> Don't look too hard for a problem on your side... Since this is also
> popping up at the Kentucky Dept. of Transportation (and probably on
> other local government sites that just haven't found their way here to
> report it) I seriously doubt it was anyone on your end.
> And FWIW, friends who know this stuff say that thewww.youtube- > nocookie.com/t/privacy link is actually a legit link that belongs to
> Google. YouTube's tech staff have been informed and are looking into
> this, but it does not *appear* to actually be a phishing expo, though
> I agree it looked that way on the face of things.
> It shouldn't be there, and hopefully this is a priority fix for
> YouTube, or will be if its as widespread as it might be.
> On Feb 20, 9:35 am, KalamazooLibrary wrote:
> > Ahhh... interesting. The text DOES display immediately when a new
> > video is posted but ONLY when posted on this site - they display
> > normally when posted elsewhere. So, it must be a script within our cms
> > somewhere... Still bunk that the link leads to a bogus site.
> > On Feb 20, 9:25 am, KalamazooLibrary wrote:
> > > Thanks for your input - wondered about that, but there's nothing weird
> > > in the embedded code - other than size modification, it's clean as
> > > provided by YouTube. You're right, though... there are no annotoations
> > > in the video itself and the link only displays on the embedded ones.
> > > I'll try adding a new video and see if that does it.
> > > On Feb 20, 9:12 am, ebbixx wrote:
> > > > Revision... this seems to have been a hack of your embedded video
> > > > player on the Library site? It may have nothing to do with video
> > > > annotations, since it just appears in the embedded player, not while
> > > > the videos play? Does someone working on the site have a grudge, or
> > > > has someone with access to the site set-up been laid off lately?
> > > > I'd take a close look at the code for the embedded player.
> > > > On Feb 20, 8:36 am, KalamazooLibrary wrote:
> > > > > As of this morning, all of our embedded videos now display a bogus
> > > > > "Video player privacy policy" message with a link to "www.youtube- > > > > > nocookie.com/t/privacy" - it's obviously a phishing site (designed to
> > > > > look exactly like youtube). Anyone else seen this? If so, how do we
> > > > > get rid of these? (already changed all passwords, etc.) Here are
> > > > > examples:http://www.kpl.gov/video/ What a pain - Thanks!- Hide quoted text -
|
