Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

wanderingfool2

Member
  • Content Count

    758
  • Joined

  • Last visited

Everything posted by wanderingfool2

  1. It's not really an exploit...just a "feature" to alert you of messages while away...so very much intentional. I've never been a fan of messaging services that also allow unsolicited chats (but that's just me) [for myself a request type should be made that shows the detailed information]. There isn't much investigating really. A typical scenario is they try figuring out of the domain is being used as spam and if so they remove it...but scammers can just pop up with a new domain, under another fake identity
  2. Oh, not denying that you can't babysit everyone...but at a certain point as well companies need to take initiative to not put up stupid interfaces or have user generated contact sent through legitimate Google domains. It's a good discussion point, I just find that assigning blame on a single individual for falling for a scam just allows companies to get away with silly design choices because you get a bunch of people who lame sole blame on the victim or the scammers. Had he been a smaller YouTuber, he likely wouldn't have gotten his account back. That again is a bit of the iss
  3. You are basing that on what? You want to know they sent back after 2 days of investigation So again, it's back to the official YouTube Support being terrible (he explained the situation and their "specialists" couldn't figure out what happened). They also said there wasn't a way for them to recover a deleted channel...guess what they recovered his deleted channel. I get that it must be very cookie cutter responses, but the fact that they eventually got him to go through very similar steps as the scammer did to recover his account I think speaks larger to how things
  4. https://www.youtube.com/watch?v=YIWV5fSaUB8 The video, so he did go to the chat [so the weird address should have been a red flag]. To clarify though, I still believe that Google needs to rectify the way things are handled. If you watch until the end, the way he finally got his channel restored was by following youtube's instructions which was "virtually the same instructions as the scammer".
  5. Google has SPF, DMARC and DKIM in place...but that doesn't matter in this case weren't spoofing emails. They simply signed up for Google's service, named themselves YouTube Support and had it appear as a valid email because that's how Google does it. I never said for them to create a full proof method, but the fact that a 5 year old could pull this off and the fact they hide key information that would help prevent this attack is just stupid. In regards to my analogy, if the criminal bypasses the lock using a simple comb pick then yea blame can still be put on the lock maker (look
  6. Well ultimately what pools would do is assign ranges, and people test within that range. If you were doing it by yourself instead of ranges you would just pick random numbers (or start at a random number and then increment by one...to make sure no duplication)
  7. Good for you that you always check first...I'm sure a guy who literally has hacked into scam operations and thwarts hackers must never have the mentality of "checking first". You are missing all of my point. I literally said in a lot of my posts that I'm not absolving him of fault...it's an important discussion and saying things like "I wouldn't have fallen for it" doesn't excuse the fact that Google clearly needs to rethink some of their design choices along with policies. Also spoofing, hacking and other ways to get around protection isn't a valid reasoning. People can get int
  8. The quick way of putting it, use analogWrite() instead of delaying yourself. If you create your own loop, which turns on and off the LED at fixed intervals you are wasting a lot of clock cycles on something that is already built in (and easy to access). There is just a lot you have to account for when you write it yourself as well. vs analogWrite you could essentially go analogWrite(ledPinNum, dimFactor); [Where dimFactor is 0 - 255 0 being off and 255 being on]
  9. Not asking for childproof. I'm asking them to not be so idiotic about their implementation of their services. It's like if Google failed to use SPF, DKIM and DMARC (of course they do used it, but if they didn't). Yes, users could spot most scams but it brings the level of attack down to the level of virtually anyone (and the ability to make it look a lot more official). Under your logic as well, I could put you at fault for getting your credit card compromised if you entered your pin on a machine that had a skimmer on it and it wouldn't be any fault of the company tha
  10. ...yes because sending a contact_us page that links to help documents or submission forms that are slightly unrelated...it's near impossible to get a response from a person at Google. You obviously have never tried contacting Google in regards to issues and stuff before. There wouldn't be any guarantee of a response. He likely would have been big enough to sign up for creator support but that's not like an instant thing...and I think that still isn't guaranteed for responses. Again, I am not saying he isn't at fault...but in no way shape or form should Google be getting a pass f
  11. Like it or not, Google also failed in this. Yes, spam/scams will always get through but it's just plain stupid of Google that it doesn't block "YouTube Support" "Google Support", etc. Again, I am not absolving him for falling for the scam, but this really should be sparking the discussion on the failing that was done. So let's say the red flags Link in email - *It is a google link to a google service* Different domain - *Depending how it was accessed it wouldn't have shown the email address* YouTube wouldn't write emails like that - *Except as I've said, I've r
  12. I think a key can be that it's regarding AdSense. They could have maybe talked him into a way of removing AdSense (which deletes the YouTube channel as well). Like I've told other people, have you ever tried contacting support from YouTube/AdSense/Google in general? Unless you know someone specifically, or have an YouTube rep, it's going to be difficult to do so. I'm not absolving him of fault, but Google has also created an eco-system that allows this kind of spam to exist. Like I've said in prior posts, Google should not be allowing people in their own system call
  13. Well what was shown was that he asked for more information, and from there the interaction is unknown (likely to become a youtube video???). To say that it's a red flag isn't really valid unless you know what else was said. Remember as well, if there was the potential that the other red flags weren't shown at that stage he could have legitimately thought it was a youtube support staff so from that stage red flags tend to be overlooked a lot easier. (To anyone saying the tone of the email was a red flag, again I've literally been sent an email from AdMob that was very similar that was valid)
  14. Yes, you are right...I had a brain fart. I knew it was averaging about 6 blocks an hour...I just wasn't thinking. Sure there would be questions if you did a few blocks a day, but I doubt that it would bring up enough heat for people to assume you had cracked the algo. Especially if you distributed it out so it doesn't appear as though one person is mining it daily.
  15. Yes, in general when crypto became a thing the incentive to actually perform a 51% attack on larger currencies dropped (it could still make sense to do a 51% on an up-and-coming crypto that isn't valued as much if you were wanting to have a different one gain a foothold...but overall I think it would be less likely). My wording was poor last night, but yes what you said was similar to my though processes. There is little incentive to attack like this. If someone were to figure out sha256 even solving a few blocks a day wouldn't bring up too much suspicion (and you wouldn't solve
  16. That is true, as long as no one figures out a way to break sha256...if that happens then a 51% attack could be feasible (but unlikely to be used as it's more profitable to hide the knowledge and use it to gain bitcoin at a steady interval...so you can gain millions on millions with virtually no resources)
  17. It depends, the first inbound emails uses no-reply@google.com. From there the @creator-partners.com is only visible in chat if using chat.google.com or the mobile version. If he happened to sign up, and go to his gmail account his initial viewing of it would just say YouTube Support (and if he is unlucky like me in browser settings, he wouldn't be able to easily get it to display @creator-partners.com). The tweet right now is definitely after the fact screen-shots (so there is a possibility that he just switched to chat.google.com to quickly access the chats...but again if his initial conve
  18. My current setup isn't really show it, had to switch browsers...likely has to do with the fact that the formatting/scaling is pushing the hangouts chat portion half-off the page. Not denying that there were red flags and this was in general an unsophisticated attack, but saying there were red flags doesn't excuse the way Google has implemented things. The email could potentially have been mostly hidden away, Google allows an no-reply@google.com email to come through with user inputted text without specifying it, Google allows people to sign up for their service with YouTube Suppor
  19. That wasn't through my phone. That is literally using my desktop computer and going to www.gmail.com. The mobile version actually shows my email. Overall this is horrible design by Google (interface design, and general practices). If Google didn't send out weird emails like this, if Google didn't set time limits on some required responses, if Google didn't have practices of shutting down people's AdSense for no reason (or explanation), or if Google actually identified user generated content (and more importantly didn't allow their own chat to have names like YouTube Support, wit
  20. "Send an email to Google"...what I have a problem with is people throwing around the word stupid for him falling for this. Saying that he should have contacted Google is wishful thinking. So in your infinite wisdom tell me, where are you suppose to email at? Also, having AdMob limited I can say they don't offer any real way to contact (and the formatting was eerily similar) [story below]. As a note, this literally is pointing them towards Google Chat, at which point they would see the "YouTube Support" still. It's like hanging up the phone and "dialing" your bank, but the scammers kept th
  21. The issue I have with this is that Google's go to was making the chat appear as an email. This should never happen, actually it should never happen where people are allowed creating an account like YouTube Support (while using google services). It should be rule 101 as well, if you are sending automated emails from a primary domain where it allows external messages add in the email address it came from (and not just go by YouTube Support). I'm not defending Jim Browning for falling for this (because it shows everyone is human when it comes to these kinds of things), but Google and the way t
  22. I know wiki isn't a great source, but it says 1000 MW = 27 tonnes (metric) To put things in perspective as well, 19 tonnes of uranium = 1 cubic meter (based on 19 grams to 1 cubic cm, this is rough math by numbers collected online so take with a grain of salt). It was said that 12,000 tonnes are created globally (632 cubic meters)...That's about the size of 3 houses (albeit there are containment chambers and stuff that aren't really factored in)...but they are building deep mine shafts in order to store nuclear waste anyways. It's important to remember, uranium is heav
  23. They are though. The switch to LED public lighting is happening, things like this just take time as it's usually switched out at the EOL (at least here). It minimizes the cost that way (and staggers everything so you don't have the failure times lining up all together). Also, the efficiencies between some of the HPS vs LED is relatively small (where LED get's the benefit of needing less maintenance which saves money overall...some of the LEDs perform worse than HPS ones) Government super computers are an important part of security. Like it or not, they are needed Ca
  24. If you seriously think that it uses 100 watts at idle you are fooling yourself. Let me guess, you just used the CNET article that said that (that was made 13 years ago...before power states really were a thing). The calculation also puts nearly 50% of the weight in a poweroff/sleep state; as an fyi. Even letting it sit on desktop, computers from 2 years ago were drawing 66 watts Would like to point out that sitting on the desktop is not the same as being in idle (as after about 10 min. of no activity it would enter into a lower power state and use even less
  25. Re-read what I said. Power consumption during idle is not a function of the OS...it's a function of the equipment you have in it. Yes, the OS does play a role in terms of figuring out when to do into idle states, but that is beside the point. This is about the fact that when it's in an idle state what is the power consumption. As much as the article and people here are jumping on the "ill thought out law" it's ignoring that the metrics are based on idle consumption and that other companies seem to manage to comply.
×