WYP
News Guru
LMG's working with YouTube to harden the security of YouTube accounts.
Read Linus' response to today's YouTube hacks.
Read Linus' response to today's YouTube hacks.
Last edited:
Linus Sebastian releases statement following Linus Media Group Hacks
- Thread starter WYP
- Start date
AlienALX
Well-known member
In fairness it is not a Youtube issue is it? It's malware that steals your cookies. Not much Youtube can do about that.
Dawelio
Active member
Sure they can, it's their own platform.
Feels like you're giving to much cred to Youtube.
Should be some kind of security measure in place, when the channel name and picture changes. Several random streams, about something that the channel normally doesn't cover gets streamed. And the fact that several videos from that channel got deleted and even other sub channels related to that channel also got deleted basically at the same time. That should set off the alarms over at Youtube.
AlienALX
Well-known member
Why would I not give cred to Youtube? Firstly it is pretty much all I watch (ads and sponsors blocked and removed of course) and secondly it has made many a talentless boring idiot rich. Which is good in my books, because some of the channels on there are superb. Well, the ones that are not talentless boring idiots of course.
This is quite possibly an exploit in the browser. In fact, it is. But what can you do about that? it exploits the entire design of every single modern browser out there dude.
Edit. I will tell you the fix. Don't open random suspicious PDFs. You wouldn't do it from a dodgy Amazon You'rea account is susssspendid. Would you?
The fact is it was the usual way of hacking someone. On their capitalist greed. It was an email promising a sponsor and money.
Last edited:
NeverBackDown
AMD Enthusiast
So your argument here is blame the idiots for opening a PDF that looks legit, instead of Google taking ownership and fixing their exploits within their network, which I add is vast beyond your comprehension. The amount of data they collect and passes through their network they are responsible for. It's impossible yes to be 100% malware free however they could take large steps to ensure exploits are fixed promptly and quickly. Which they are not.
Chrome is a fork of Chromium, they make it closed source. As such they are responsible for maintaining their products. If they were open source they would have the world of engineers providing updates and fixes.
Yes ultimately YOU are the last line of defense. The argument that you are virtually the ONLY defense is the issue here whether or not the employee was careless.
Chrome is a fork of Chromium, they make it closed source. As such they are responsible for maintaining their products. If they were open source they would have the world of engineers providing updates and fixes.
Yes ultimately YOU are the last line of defense. The argument that you are virtually the ONLY defense is the issue here whether or not the employee was careless.
AlienALX
Well-known member
Do I really need to tell you how not to get a virus? or open Malware?
I'm not saying it wasn't a mistake, but the fact they very quickly identified that mistake? says it was a mistake.
Dude I get about 10 emails a day from various sources wanting me to open a PDF. I don't open them.
If they patch it up? there will be another exploit. It's as simple as that. Like I said in the other thread, and you doing what you do will know this full well the hackers are ALWAYS ahead. You can't identify an exploit until someone exploits it.
Whilst I don't expect for Linus to have Colton's head on a stick or to impale him Colton needs to be more careful. I mean, at the end of the day? it was nothing that could not be fixed. Linus is far from a Noob, and it was sorted quickly.
Like I said in the other thread, the reason why he keeps on bad mouthing YT is because he wants more people to use floatplane. Because you can't even watch that without paying for it, and one payment does not grant access to all of the channels. You have to pay a fee for every single one you watch. And I bet he takes a huge cut.
However, as I maintain, it's a bit crap of him to sit there and bad mouth the company who let's face it, created him. When he started uploading videos he was a gopher for "best buy". Note I put that in quotations, because it was NCIX but basically a store the same as BB.
It has given him absolutely everything he has. From his mansion, even down to the $4000 TV cabinet he bought last week. He should quit bitching about it so much, but then as I said he is doing that for a reason.
Dawelio
Active member
Again, you're talking like everyone is like you... You're one out of 8 billion people in the world.
Good on you though for knowing simple steps on how to protect yourself. Not everyone knows nor may always be that cautious of not clicking anything bad, accidentally or not.
He did mention it in the video, that Google literally owned the entire chain, from the platforms to the actual browser that was being used...
Last edited:
KingNosser
Well-known member
imho it's a mixed bag, but if the staff member is dealing with similar things daily hard to blame them or blame anyone else, but i do feel that name changes or weird activity on an account should be able to be more secure by having some kind of locks in place but that is less about anyones fault than a good suggestion.
I think the key thing here is it's not just about a linus sized channel and more about what should be in place for all channels.
but no two ways about it kinda careless, there are plenty of ways for them to get info and you'd need to be smart otherwise social engineering something like that is where they are good, good film example is hackers 2 operation takedown.
where there is a will there is a way always a way, the thing with him pointing the finger is just sharing some of the burden and imo he actually was thankful for the help he was getting.
the quickest thing they could do is allow a total sign out on all devices clearing all sessions and implement locks on content that is in place meaning you'd have to sign in to change anything that was uploaded and live.
like i said mixed bag, but there is only so much anyone can do and so hopefully something good will come out of it.
I think the key thing here is it's not just about a linus sized channel and more about what should be in place for all channels.
but no two ways about it kinda careless, there are plenty of ways for them to get info and you'd need to be smart otherwise social engineering something like that is where they are good, good film example is hackers 2 operation takedown.
where there is a will there is a way always a way, the thing with him pointing the finger is just sharing some of the burden and imo he actually was thankful for the help he was getting.
the quickest thing they could do is allow a total sign out on all devices clearing all sessions and implement locks on content that is in place meaning you'd have to sign in to change anything that was uploaded and live.
like i said mixed bag, but there is only so much anyone can do and so hopefully something good will come out of it.
looz
Active member
YouTube is a tool designed for individuals but is something organisations use. It seems their mitigations for breaches are not up to par when compared to enterprise software. It's practically impossible to keep an entire organisation clear of malware. Mistakes do happen and there should be safeguards against, for example, renaming a channel and deleting their entire video backlog.
But yeah, LMG is to blame as well, as usual their practices lag behind their growth. Someone should have documented accesses and how to terminate them. This still leaves a single point of failure with Linus' master account - but not sure if YT even allows a different approach.
But yeah, LMG is to blame as well, as usual their practices lag behind their growth. Someone should have documented accesses and how to terminate them. This still leaves a single point of failure with Linus' master account - but not sure if YT even allows a different approach.
AlienALX
Well-known member
I totally agree. Every one whose account has been hacked has opened Malware. It really is as simple as that tbh.
What I don't know (because it is risky for me to play with) is whether you can get a virus or malware scanner to realise.
looz
Active member
AlienALX
Well-known member
Nah dude it is totally malware. It's not just the password it steals. It steals a cookie that finds an exploit in the YouTube link so even if Linus continually changes the password it doesn't stop them getting back in.
looz
Active member
Ah I didn't quite read your message right first, thought you meant malware is the most common cause for account theft in general.
You're battling windmills if you expect everyone in your org to dodge malware every time. People are multitasking email, tired on some days, or simply not great with tech, and there need to be mitigations. That's simply how it is always going to be, pretending that human error doesn't exist is going to lead to problems. The organisation has to be robust enough to handle if Karen from accounting installs a rootkit.
They need to implement principle of least privilege when it comes to accessing services.
So watched a video this morning, that basically said "File is to large for virus scanners" so what the scumbags who created it are doing, is bloating it with lots of lines with a 0 or 1 in it, to make the file size to large for most virus scanners.
As soon as they removed the extra lines, and reduced it from over 700MB to 250kb or there abouts, they ran it through Virus Total as an example where it detected multiple issues, but prior to removing those lines it wouldn't detect anything.
As soon as they removed the extra lines, and reduced it from over 700MB to 250kb or there abouts, they ran it through Virus Total as an example where it detected multiple issues, but prior to removing those lines it wouldn't detect anything.
KingNosser
Well-known member
Well 700mb pdf file would put warning flags up instantly in my eyes.
kinda crazy and shows just how ineffective things can be with anti virus, had more than my share of issues with different apps they are just not always effective enough or are too strict in otherways that i've had system issues due to them trying to lock something down that isnt there often due to a windows update or change of file.
I've thought about a raspberry pi and using it as a ad blocker and such where it will lock out certain things where i can add to it as i'd need to avoid all the trash online at times. kinda like a router type thing and run the connection through that, but i'm not as techy as that myself, things changed a lot since i was smarter in that way.
kinda crazy and shows just how ineffective things can be with anti virus, had more than my share of issues with different apps they are just not always effective enough or are too strict in otherways that i've had system issues due to them trying to lock something down that isnt there often due to a windows update or change of file.
I've thought about a raspberry pi and using it as a ad blocker and such where it will lock out certain things where i can add to it as i'd need to avoid all the trash online at times. kinda like a router type thing and run the connection through that, but i'm not as techy as that myself, things changed a lot since i was smarter in that way.
