- Oct 20, 2003
- 30,277
- 10,783
- 136
Linus Tech Tips Got HACKED.... by Elon Musk ?!?
- Thread starter Captante
- Start date
- Oct 20, 2003
- 30,277
- 10,783
- 136
Somehow I can't help but recall all the disdainful commentary from LTT reviewers directed towards AV/security applications in general and the "naive boomers" who still run "auto-protect" on their PC's.
Karma can be a real bitch.
Looking forward to a video explaining how a supposed "tech-guru" and his business were taken down in literally minutes.
Karma can be a real bitch.
Looking forward to a video explaining how a supposed "tech-guru" and his business were taken down in literally minutes.
Last edited:
nakedfrog
No Lifer
- Apr 3, 2001
- 58,157
- 12,331
- 136
I wonder how large their organization is these days, only takes one schmuck to click the wrong link in an email...
Red Squirrel
No Lifer
Holy crap the LTT channel really seems to be gone.
I have seen this Tesla scam channel 1st hand myself. I was watching a video and at the end in suggested videos on the side I noticed a live stream from "tesla" about Elon stepping down from Twitter. I probably shouldn't have, but I clicked on it and then I saw the video got taken down, I was like "huh that's weird" and when I looked into it further I realized it was not the real Tesla channel.
I'm guessing there are ways for hackers to basically take over your account if you click a link, maybe it sends a control string that basically resets the password or something. I have tons of DMs on Twitter with links that go to my Instagram account (which I don't even use, it has like 1 picture) and I presume if I click on it, it gives them control of the account. I'm almost curious to try it since I don't use IG... but better off not since maybe it will also load something in my computer or somehow take over something else that I do use. Hackers are getting quite crafty now days. Gone are the days where you need to actually download something, unzip it, and execute it. It can all happen within the browser.
I have seen this Tesla scam channel 1st hand myself. I was watching a video and at the end in suggested videos on the side I noticed a live stream from "tesla" about Elon stepping down from Twitter. I probably shouldn't have, but I clicked on it and then I saw the video got taken down, I was like "huh that's weird" and when I looked into it further I realized it was not the real Tesla channel.
I'm guessing there are ways for hackers to basically take over your account if you click a link, maybe it sends a control string that basically resets the password or something. I have tons of DMs on Twitter with links that go to my Instagram account (which I don't even use, it has like 1 picture) and I presume if I click on it, it gives them control of the account. I'm almost curious to try it since I don't use IG... but better off not since maybe it will also load something in my computer or somehow take over something else that I do use. Hackers are getting quite crafty now days. Gone are the days where you need to actually download something, unzip it, and execute it. It can all happen within the browser.
Torn Mind
Lifer
- Nov 25, 2012
- 11,646
- 2,654
- 136
So Elon is Agent Smith.
A little chubbier and fatter than Hugo Weaving.
A little chubbier and fatter than Hugo Weaving.
nakedfrog
No Lifer
- Apr 3, 2001
- 58,157
- 12,331
- 136
I doubt he's capable of hacking anything himself, a Musk dick-rider could though.So Elon is Agent Smith.
A little chubbier and fatter than Hugo Weaving.
scorpmatt
Diamond Member
- Feb 8, 2001
- 7,040
- 96
- 91
Happened to Mitnick's business too due to an employee that ignored a Windows Update for too long. life... finds a way.Somehow I can't help but recall all the disdainful commentary from LTT reviewers directed towards AV/security applications in general and the "naive boomers" who still run "auto-protect" on their PC's.
Karma can be a real bitch.
Looking forward to a video explaining how a supposed "tech-guru" and his business were taken down in literally minutes.
View attachment 78564
bbhaag
Diamond Member
- Jul 2, 2011
- 6,660
- 2,043
- 146
I watch LTT on a regular basis even his live show every Friday night. He mentioned a couple of weeks ago that Linus Media Group is up over 100 employees now.
Torn Mind
Lifer
- Nov 25, 2012
- 11,646
- 2,654
- 136
Sparkychannel's original channel was done in by phishing. But well, he's part of a demographic that could fall for that....
Given these are younger folks...admin privileges+testosterone induced chasing of porn are more likely lol.
But sometimes...it's some app. As I mentioned in another thread, somebody did hack into my mobile McDonalds' account and placed an order for a McDonald's in the Bronx....nowhere near my area.
Given these are younger folks...admin privileges+testosterone induced chasing of porn are more likely lol.
But sometimes...it's some app. As I mentioned in another thread, somebody did hack into my mobile McDonalds' account and placed an order for a McDonald's in the Bronx....nowhere near my area.
Red Squirrel
No Lifer
They are huge now. They have a whole other building now that they're turning into a pretty serious testing lab. It's actually cool to see how the company has grown since I still remember when he did reviews for NCIX then turned into LTT. Their server room was in the bathroom of a house.
Red Squirrel
No Lifer
Speaking of hacking I actually had my web server hacked a bit over a year ago. It was kind of my fault, it's a leased server which means I pay per month and the only way to upgrade the OS is to lease another server, so I can then migrate stuff over. I just kept neglecting to do that due to money. Well guess there was an exploit in Apache or something and they managed to execute some code that trashed the whole installation. There was not much in the logs, it looks like whatever they did corrupted the memory though as lot of logs had tons of gibberish in them and most of the services were broken. Since I was completely dead in the water anyway I ended up just doing an insitu upgrade of the OS. Then I started to transfer backups over, and started reconfiguring stuff like DNS etc. It got hacked again overnight while the backups were transferring over. At that point the only thing running was Apache and DNS and Apache was just going to a temporary landing page, no php scripts or sites yet. So that rules out a bad php script or website related attack vector. To this day I still have no idea how they got in but at that point I got a shared hosting plan to move the more important stuff over and at least have a landing page of sorts.
I've since started to move stuff back to my own server but this time I set it up as a VM server, that enables me to spin up a new VM, install an OS and migrate stuff as needed. This will make upgrades easier so I can stay up to date more. But I'm not even convinced the hack was due to being out of date, considering the 2nd server with a new OS got hacked so quick. Seems to me it was targeted and the hacker knew what they were doing. I was also using SSH key pairs so it was not brute force either. At least I don't think so, nothing weird in the SSH logs unless they managed to clear those. In theory even keys could be brute forced I guess.
I've since started to move stuff back to my own server but this time I set it up as a VM server, that enables me to spin up a new VM, install an OS and migrate stuff as needed. This will make upgrades easier so I can stay up to date more. But I'm not even convinced the hack was due to being out of date, considering the 2nd server with a new OS got hacked so quick. Seems to me it was targeted and the hacker knew what they were doing. I was also using SSH key pairs so it was not brute force either. At least I don't think so, nothing weird in the SSH logs unless they managed to clear those. In theory even keys could be brute forced I guess.
- Oct 20, 2003
- 30,277
- 10,783
- 136
It appears that the bulk of the blame may lie with Youtube. (to the shock of nobody)
Apparently making sweeping changes like say, re-naming a 15-million + subscriber YT account, deleting all the vids and replacing them with a deep-fake phishing video is fairly easy to do?
Apparently making sweeping changes like say, re-naming a 15-million + subscriber YT account, deleting all the vids and replacing them with a deep-fake phishing video is fairly easy to do?
Red Squirrel
No Lifer
Damn, so basically something that stole the login cookie. IMO browsers in general need to be more secure when it comes to cookies. They should be encrypted, and you would have the option of setting a pin for when you open your browser, the pin would unlock the key to decrypt the cookies. It would only do it for that session. This could be annoying mind you, so it should be optional.
Also websites can steal your cookies, this to me is a big design flaw in how browsers handle cookies (and the encryption idea won't stop that) and to me, it should only be possible for a domain to get cookies from it's own domain, and that's it. It's very possible that they did not even need to install anything on their machine, simply going to a malicious site was probably enough.
What they probably need to do is like suggested in the video, only have one or few machines that is logged into the channels. This could even be a VM that everyone who needs to upload videos has access to but the point is to ensure that machine can't be used for anything else and is clean.
When coding a web based authenticator myself, I have tried to consider what happens if the login cookies are stolen, and have not figured out something to prevent that yet. The only thing that seems to make sense is to lock the session cookie to the IP address, but the issue with that is any time your IP changes you'd get logged out, so that would be quite annoying. With my authenticator it's very hard to take over an account though. You need to click a confirmation link in an email to change the password. You also need to do the same to change the email. So a hacker would also need to have access to the person's email account. Seems to me big sites like Google should be doing the same thing. They could also have a bit of intelligence where if it detects major unusual activity, like mass renaming videos, it would stop you and ask you to re-authenticate and confirm via email or 2FA.
Also websites can steal your cookies, this to me is a big design flaw in how browsers handle cookies (and the encryption idea won't stop that) and to me, it should only be possible for a domain to get cookies from it's own domain, and that's it. It's very possible that they did not even need to install anything on their machine, simply going to a malicious site was probably enough.
What they probably need to do is like suggested in the video, only have one or few machines that is logged into the channels. This could even be a VM that everyone who needs to upload videos has access to but the point is to ensure that machine can't be used for anything else and is clean.
When coding a web based authenticator myself, I have tried to consider what happens if the login cookies are stolen, and have not figured out something to prevent that yet. The only thing that seems to make sense is to lock the session cookie to the IP address, but the issue with that is any time your IP changes you'd get logged out, so that would be quite annoying. With my authenticator it's very hard to take over an account though. You need to click a confirmation link in an email to change the password. You also need to do the same to change the email. So a hacker would also need to have access to the person's email account. Seems to me big sites like Google should be doing the same thing. They could also have a bit of intelligence where if it detects major unusual activity, like mass renaming videos, it would stop you and ask you to re-authenticate and confirm via email or 2FA.
Red Squirrel
No Lifer
Torn Mind
Lifer
- Nov 25, 2012
- 11,646
- 2,654
- 136
Red Squirrel
No Lifer
Yep if it was a smaller channel they'd probably be out of luck. It looks like they even went as far as to restoring a backup since from my understanding the whole channel got sabotaged.
scorpmatt
Diamond Member
- Feb 8, 2001
- 7,040
- 96
- 91
shortylickens
No Lifer
- Jul 15, 2003
- 82,854
- 17,365
- 136
MrSquished
Lifer
- Jan 14, 2013
- 21,271
- 19,763
- 136
- Oct 20, 2003
- 30,277
- 10,783
- 136
Crazy that this stuff is even an issue for a company like Google in 2023.... what kind of "amateur-grade" operation are those id10+'s running?
Makes you wonder what unexpected/exposed personal data "surprises" Alphabet Corporation has hanging in the wind out there for us.
Frankly it's NOT just TikTok (although they are the bigger worry IMO) ALL these tech/social media companies playing fast and loose with the tatters of our privacy need to be reigned in.
MrSquished
Lifer
- Jan 14, 2013
- 21,271
- 19,763
- 136
Just ban TikTok, Facebook, and the Republican party, then the kids will be alright
Red Squirrel
No Lifer
One simple thing Google can do to prevent this is have an option to clear sessions. Like somewhere on the dashboard have a list of all the active login sessions with IP/location and other info. When changing the password have an option there too to clear all sessions. In this case it would have invalidated the cookie that got stolen and put a full stop to what the hacker was doing.
Something like this:
Should be a button somewhere to clear all sessions in one go too. Ideally just a check mark when you change your password which is how I did it. (you also need to enter existing password, and confirm to an email before the password is changed). If you feel you're being hacked the first thing to do is probably to go change your password so you'd nuke the sessions while you're there. 2nd thing to do should be to change your email account's password, in case that's compromised too. A compromised email is very bad because they can essentially fully take over all of your online accounts.
Something like this:
Should be a button somewhere to clear all sessions in one go too. Ideally just a check mark when you change your password which is how I did it. (you also need to enter existing password, and confirm to an email before the password is changed). If you feel you're being hacked the first thing to do is probably to go change your password so you'd nuke the sessions while you're there. 2nd thing to do should be to change your email account's password, in case that's compromised too. A compromised email is very bad because they can essentially fully take over all of your online accounts.
nakedfrog
No Lifer
- Apr 3, 2001
- 58,157
- 12,331
- 136
TRENDING THREADS
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 10K
-
Discussion Speculation: Zen 4 (EPYC 4 "Genoa", Ryzen 7000, etc.)- Started by Vattila
- Replies: 13K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 7K
Facebook
Twitter