It’s so obvious I’m surprised I didn’t noticed it when writing previous posts…
Let’s get back to YouTube “tabbed attack” security flaw. You don’t have to visit YouTube to be attacked from another site. It’s perfectly enough to open evil HTML document and attack will be performed. Why is it possible? Because you’re automatically logged in whenever YouTube.com is loaded. So it can be loaded into invisible iframe tag on evil website and voila! – your subscriptions on YouTube are modified.
So, automatic login based on cookie information is definetely dangerous, especially when any kind of token or session id (passed with url or with form data) is not used.
Are there any other websites, which log you in automatically? I’m really excited to find out. If I only had some time this evening… I think MetaCafe, Revver, MyBlogLog are just worth a try 
