YouTube not responding? 500 Internal Error

Even the biggest sites suffer downtime!

Youtube.com is currently down due to unforeseen reasons, here one of our team noticed this error message.  a 500 internal server error has been reported on the video hosting website and is costing them a lot of money.

For those of you who want to decode the message here is the message in text:  Although bear in mind this error information is almost certainly encrypted.

AB38WEOPpAiKWiZIj-4nTpUzOqtuRp22BXlwzuFD2LhtH7pF11Beutva y1JNVp9ykHS4h09UEbGwLzT9ajm3mVwb591K0kxCWM_aJg9UXgw_RdZU MZk3fM1t3auSjbidlrBGmNGKayFdlL5mst_N6RkXYWFzT29WblrFDv6J SnQgtGKFv2M5Tu0LUVy7_QezXkWDhHcmpXkuitJnIYxjMFBsWKO_yAH1 HyXPpqiso2ksi8ZRobHdZnMudJNfpCn660og_PJ92c10xI_Kg_n4Z2N2 2JkpJV9Hd8FUvd0raaZWByb8qgVOLwUjr9F4aFz4SSU1zltiETlc4_52 GdLSz8RAO8rBbabN-N_cv91DolUpT5l-Z-GddLqk7Lx-oie34GYAlKbo GTHiuXKdD9xT6ynxKIKEkpn8hcfzqRt6TBJ0yrMeEZK6PKshTjbng3i8 -koGIUAUb9Yh0jopucthM79sl8U9yBxIOOnp8ehxs1IOi8KdUku7U5bE WwFAyyg02vPYerIhJYxf4p_jY2JjyhicfcuKmKvPyof5ZXxc2wyZnvfL 0Y6ybt5MDl-EomIF7dHL1dcKSCXAogUV49tGZb8m-IevSAx5LlJOa9dt t33lP6NrXnHu_qNPZmqFQVLDd0tz6CAUNmKyc6i086ShFGb_yku14sJK _qB3BqLGnzg_VW6Qugv65CE2gCWPth_ZSeDQgHv4zTI5TI0a-klUyb6f N9Apk_2eoC_cBflQGyKdDfEvQ9YgdujmDlISqRvPgLptMCnHTaSttnly 52Uj0MmKkXl8Afd7BCkY9Bi1Yi-3dycGBQI3jpgjsFE6dquBgIN99G3B 3EKyRxYaQtCS5AUxfqMr9Yq1ZHXWmPIgMTeVZwfB71F0PiuuTF6rZ8iR R_4lDY2KX15YgB8FGcElspaM6RBPfnSwBCAQKzEWwNMnddJpniqELKj- hi80M5VPLNcK1_eXWQ1PIygIszb1DTFQc-UModMzyFMvwt0wo177guih dH9AJnKdNJu6NiYRqBS1FxGMwYImRDAE-48bMospQW7kel_uS2lw2dH_ J1gDsdOCmzEDROGEhI5FlFBOj5N-ke8pUuPxcrLlFn3SE8TnU8qxQKXD VIRU1xJiAMbyJsTQQwaTiq-4AhKHofl87UETYSngotNi_I8x8acvq47e kPqcY7KxSueIriRsLJ-UyXNqihP1wKBKeC4nN6xrF8-KIj7syjVoXOxW 2ibGjBgbwidjuEUFgZd_BT1rmrhJUHgBy8Mya7Kok0c5aipNj6NbIvzT _NhDh5G94RPKS1wWJSeW9kx_w-sZvlhr2rqg-wbqzcxV6-caK3C-OUCY 0iVlO3-_vk2WGzjh2UO3y-xlT_LvRsz36vxoK1cpmH40Im0hi66G3IUL ilvojg8ugS4FTAKn7LdPfhMRD_H6F6GHeeX4smfMkTr3xpjGrweqgkHz dRSQ1PVb0Br6mA7ajZwGixkudggJNH9BPplhE_avAzkiXGtUa0O7eNhA IxnYbfKHL_dX_89UiyNcmGCZPfyzlIi3AXZuLmmb0KPJpOw7qP-XBXTg xqguhsdDe-riGOVnayHNGulcUNcsaWa6ZcCF2Pn9C_sPt_0GirNTJtUx 9aUiFJ5uM-beQqWTNWlpo8SwIsWpCmAXO6OmCXVuk1UuESiDu88nIHTS 54aKxLnEFVjBpoDbumqQ3SLmD_CvuvXu4Fm9Nzdtm-vTT3ulih3iLyYG rg5LgLZeqhReNhl7VpmvN8eWze5OOd9qKquCcK_ebow2OqE

Could this be the result of a cyber attack?  There are a number of people on the web who are claiming this is a DDoS attack, which yes it very well could be but nobody has taken responsibility…yet!

So what is a 500 error?

untitled15

Simply put an internal 500 error is that the web server running the web site encountered an unexpected condition.  It is a catch all error and as such is very general and doesn’t give too much information, and nor should it.

The sort of issue that a 500 internal error such as this one from YouTube is reporting will be logged internally and the client doesn’t really need to know much more.  The information included in the above error message that is encrypted (or at least obfuscated) could include a lot of administrative information that could help an attacker.  Things like how the site is coded, what platform, which versions and even sometimes things as silly as passwords hard coded in! Am I over egging the risk?

OWASP – Error, Exception handling & Logging.

“An important aspect of secure application development is to prevent information leakage. Error messages give an attacker great insight into the inner workings of an application.” *

Their guidance on generic error messages is as follows:

Do not expose sensitive information in exception messages. Information such as paths on the local file system is considered privileged information; any system internal information should be hidden from the user. As mentioned before an attacker could use this information to gather private user information from the application or components that make up the app.”  *

*taken from https://www.owasp.org/index.php/Error_Handling

YouTube are practicing good practice by following the OWASP (Open Web Application Security Project) and you should be as well!

 

Get Secure

Let’s work together to stay safe online. Fill out the simple form below: