@LinusTech Twitter Account Hacked

[thedarkdad3]

15 hours ago, rm -rf said:

@linustech "you should" file a police report.

 

 

No offense to his staff or him. "he's not important enough"

 

Not sure how Canada works. However , working with big companies fortune 500/financial places etc/ That is all covered on federal level. Some stuff with banks and credit cards e.g. skimmer black market. That is directly related to US Secret Service. The guy runs a tech show and what happened to him affected NO ONE except him. The Power Grid didn't go offline/ No financial data was leaked or ss numbers.

 

It's a waste of peoples time to even bother looking or opening a case.

 

 

 

 

 

 

[Centurius]

22 hours ago, thedarkdad3 said:

 

 

You've been hacked multiple times buddy. My advice Hire a new firm and take some courses on real world security.

 

 

 

 

 

 

 

 

 

It's likely there was only one single hack, once you manage to change the DNS of a domain and redirect all the mail it becomes very scary just how easily you can gain access to accounts on certain services.

[goodtofufriday]

15 hours ago, thedarkdad3 said:

-snip-

I hope you arent this way in the professional world. You would not make it past week 1 on my team. Not sure id even hire you to start. 

Edited June 30, 2016 by Blade of Grass

[KuJoe]

15 hours ago, thedarkdad3 said:

-snip-

Wow, I wasn't giving you crap or anything I was just pointing out some flaws in your argument. Try not to take things so personally especially when somebody is not acting negatively towards you. This reply makes you sound like a child when I was not attacking you in any way. You haven't a clue what I know except that you incorrectly spelled the name of one of your certificate providers in your signature. I wasn't berating you or talking condescending to you at all and my question about your signature was merely me being curious, nothing more but you apparently took my post as an attack against you and everything you stand for. Calm down, relax a bit before replying to posts, and read them for what they are and don't assume there's malice in the words you're reading.

 

As for me "knowing nothing", sure I did go to school and took a few ITSEC related classes many years ago when I was in college but the majority of my "cyber security" (for lack of a better term) I learned actually out there in the real world running my own network and ASN, managing thousands of publicly accessible servers, dealing with ISPs/upstream providers/data centers/registrars regularly, and being the constant target of script kiddies, competitors, and corporations. The amount of attacks my servers see on a daily basis is sickening and the tens of millions of packets Voxility and other anti-DDOS services mitigates for me and my clients is just as depressing. The number of times law enforcement and government agencies have contacted me over incidents much less damaging than Linus losing his domain or Twitter account puts me in a unique situation where I understand the gravity and effects this can have on a company along with the long drawn out process involved assuming they are taking legal action. So yeah, I have a slight clue about this kind of stuff.

Edited June 30, 2016 by Blade of Grass

[laminutederire]

@LinusTech @Slick

Sorry to bother you guys, but I've seen something recently, where hackers hacked in the http server of my school network in order to spread a botnet worm to all users using it. Maybe the final intention of your hackers was to try to spread a worm by the means of your forum server, using your fame to touch many users and therefore having a good basis for a botnet network.

That'd be a pretty serious attack, had it been that sneaky.

Anyways, just trying to give you ideas to assess the situation the best you can, which I am not doubting you are doing it quite well. I had a discussion with a security expert for an ISP and he explained me how these kinds of motives are sometimes overlooked, because of the distraction other actions have.

Thanks for your rx 480 review by the way, and thanks for handling the situation with the user security in mind.

[KuJoe]

3 minutes ago, laminutederire said:

@LinusTech @Slick

Sorry to bother you guys, but I've seen something recently, where hackers hacked in the http server of my school network in order to spread a botnet worm to all users using it. Maybe the final intention of your hackers was to try to spread a worm by the means of your forum server, using your fame to touch many users and therefore having a good basis for a botnet network.

That'd be a pretty serious attack, had it been that sneaky.

Anyways, just trying to give you ideas to assess the situation the best you can, which I am not doubting you are doing it quite well. I had a discussion with a security expert for an ISP and he explained me how these kinds of motives are sometimes overlooked, because of the distraction other actions have.

Thanks for your rx 480 review by the way, and thanks for handling the situation with the user security in mind.

If @LinusTech is using passwords to protect the server this forum runs on then his team needs to start writing a script for "SSH RSA keys and how to use them" video. Even with access to their e-mail, the person who did this should have no way to get access to the server even if they were able to social engineer the web hosting provider (who's pretty large and isn't known to handle support requests very well at all anyways so social engineering them is very time consuming) the hosting provider should not have access to their server at all except I believe they have an SNMP client they install by default via their deployment script for monitoring. They used to install their own SSH keys on servers in the past if I remember correctly but I don't think they do that anymore.

[thedarkdad3]

4 minutes ago, KuJoe said:

Wow, I wasn't giving you crap or anything I was just pointing out some flaws in your argument. Try not to take things so personally especially when somebody is not acting negatively towards you. This reply makes you sound like a child when I was not attacking you in any way. You haven't a clue what I know except that you incorrectly spelled the name of one of your certificate providers in your signature. I wasn't berating you or talking condescending to you at all and my question about your signature was merely me being curious, nothing more but you apparently took my post as an attack against you and everything you stand for. Calm down, relax a bit before replying to posts, and read them for what they are and don't assume there's malice in the words you're reading.

 

As for me "knowing nothing", sure I did go to school and took a few ITSEC related classes many years ago when I was in college but the majority of my "cyber security" (for lack of a better term) I learned actually out there in the real world running my own network and ASN, managing thousands of publicly accessible servers, dealing with ISPs/upstream providers/data centers/registrars regularly, and being the constant target of script kiddies, competitors, and corporations. The amount of attacks my servers see on a daily basis is sickening and the tens of millions of packets Voxility and other anti-DDOS services mitigates for me and my clients is just as depressing. The number of times law enforcement and government agencies have contacted me over incidents much less damaging than Linus losing his domain or Twitter account puts me in a unique situation where I understand the gravity and effects this can have on a company along with the long drawn out process involved assuming they are taking legal action. So yeah, I have a slight clue about this kind of stuff.

 

 

Awesome man. Would love to meet you at BlackHat or CanSec West. I'll be speaking at both you're more than welcome to give me your insight. See unlike most people I will bring it to your doorstep.

 

I don't need to argue on a Forum Board. DM ME I'll get you a badge if you can get yourself to either event.

 

 

For now like he Said/ THE THREAD NEEDS TO DIE. Quit speculating. That's all you are doing everyone.

 

[laminutederire]

5 hours ago, Sakkura said:

This is the internet. What you said will now be speculated into a confirmation of Half-Life 3.

Maybe the 3rd party is the 3rd half life...

 

2 minutes ago, KuJoe said:

 

I actually am not an IT expert, I just read DNS server got hacked, they rightfully don't disclose anything more. I was saying that IF they managed to access the server handling this forum or their company website, they could have installed a worm exploiting some windows security leak to gain privileges, just by changing some script to execute what they wanted to when you browsed the website.

I may be far off, but that won't kill anyone to point it out, right?

[KuJoe]

6 minutes ago, laminutederire said:

Maybe the 3rd party is the 3rd half life...

 

I actually am not an IT expert, I just read DNS server got hacked, they rightfully don't disclose anything more. I was saying that IF they managed to access the server handling this forum or their company website, they could have installed a worm exploiting some windows security leak to gain privileges, just by changing some script to execute what they wanted to when you browsed the website.

I may be far off, but that won't kill anyone to point it out, right?

You're not wrong, the point is a good one. I just wanted to help ease any concern some people might have before they panic.

[laminutederire]

1 minute ago, KuJoe said:

You're not wrong, the point is a good one. I just wanted to help ease any concern some people might have before they panic.

Yeah sure, it happened at my school, and it was the panic for those who actually cared (and didn't have a mac).

However our network wasn't handled professionally, so I strongly feel LMG security is faaaaar better (thank god it is though, since at my school, the students didn't even have any machine to just monitor packets going in and out)

[Rune]

[NumLock21]

My hl3 and portal 3 confirm post just got deleted?! Wth? So no hl3 and portal 3?

 

[g12601]

4 hours ago, Ryan_Vickers said:

That would actually be hilarious.  Like just be completely deadpan about it and pretend it's a totally normal show

Let the "pre-recorded" crap talk begin...

[suspiciouslyBee]

12 hours ago, Yongtjunkit said:

@LinusTech new personal twitter account?

 

 

Nah, it's from January, way too long

[AlTech]

7 hours ago, LinusTech said:

Everyone really needs to stop speculating about who the 3rd party is.

 

It does nothing but spread FUD.

Lock the topic? If it gets bad enough then you should reveal the 3rd party but until then just keep quiet and hope everyone forgets.

[Telebubbies]

Your Twitter was also "hacked" apparently. 

[NinjaJc01]

On 6/29/2016 at 2:48 AM, givingtnt said:

lol no

 

you DO NO WANT

to store passwords

ever

ever

 

till the end of time

But I store my passwords in my mind!?

[NinjaJc01]

23 hours ago, Ryan_Vickers said:

Yes, thank you

 

 

What is FUD?

[Colonel_Gerdauf]

2 hours ago, NinjaJc01 said:

What is FUD?

A falsehood, or in other words misinformation and disinformation.

 

Also, Elmer.

[vanished]

2 hours ago, NinjaJc01 said:

What is FUD?

Fear, uncertainty, and doubt

[NinjaJc01]

14 minutes ago, Colonel_Gerdauf said:

A falsehood, or in other words misinformation and disinformation.

 

Also, Elmer.

Elmer?

[GzeroD]

7 minutes ago, NinjaJc01 said:

Elmer?

The one on the left here is Elmer Fudd

 

[NinjaJc01]

2 minutes ago, GzeroD said:

The one on the left here is Elmer Fudd

 

Oh ok. I do know the character.

[crua9]

It sucks people try to break in and just wreck it for everyone.

 

For anyone says they should've known how to protect themselves because what they are. Keep in mind, like death. Hackers only have to be right 1 time