Linus Tech Tips, Tech Quickie, Tech Linked channels hacked

[TechXplore]

20 minutes ago, Birblover12 said:

I'm hopeful that they'll get their account back, wouldn't be the first time surprisingly LTT has been hacked.

Thats True...If i got a nickel for every time LTT has been hacked, I would have 2 nickels. Which isnt alot, but surprised its happened twice

[BlueSpartan]

3 minutes ago, Kilrah said:

This wasn't about "ignoring security", it's about "not wanting to be responsible for recommending security-related products".

You don't have to shill a product to make security videos. Every software solution will have flaws, poor management decisions, etc. Even if they did "grade" products like an independent lab, the onus is on the individual to make good decisions. If you watch a dated video on a security solution that's not the tech channel's fault. If I were interested in the current model of a car I wouldn't watch reviews from a 2012 model year. 

[Bitter]

Just now, Ls_2011 said:

Oh Phew!
 can relax now knowing the catstips are safe 

Pspspspsps I bet he forgot he even has that channel, and thankfully it's not folded into the main business account!

[Joshct]

2 minutes ago, BlueSpartan said:

It does make sense that in such a fast-moving area CS would not align with "evergreen" content, but that is also true of other software/hardware things they put out. Nothing is truly permanent. They did the Rubber Ducky video but it was void of any real information or capabilities. Really they just need a side channel for in-depth topics of any kind, since the main channel has to be geared toward normies. 

True and fair point. However outdated information about some cool software they find useful, and outdated information about something that might compromise account security have differeing severity of potential outcomes. 

 

Either way I guess we'll see when the channel's back. 

[Zodiark1593]

4 hours ago, TempestCatto said:

It's probably been said, but it's amazing how careful they are and yet this still happened. A newer employee could have clicked a malicious email link, Linus could have leaked the password on The WAN Show, who knows. It's just scary how this happened to such a careful and tech savvy group of people. It really can just happen to anyone. 

This had also occurred to Jim Browning last year, someone not only knowledgeable in tech, but also an expert in security. 

[Jorath13]

20 minutes ago, Bitter said:

It's all a front to push Floatplane

 

The important content is safe tho.

https://youtube.com/user/linuscattips

It's working though - I'm subscribing!

[Pawgs]

Just tryed to subscribe to floatplane. It's not possible. A error accured, try again later. 

Might be more then just youtube and forum they hit with the attack 

[Robonwars]

3 minutes ago, BlueSpartan said:

You don't have to shill a product to make security videos. Every software solution will have flaws, poor management decisions, etc. Even if they did "grade" products like an independent lab, the onus is on the individual to make good decisions. If you watch a dated video on a security solution that's not the tech channel's fault. If I were interested in the current model of a car I wouldn't watch reviews from a 2012 model year. 

ltt are not securety experts and if u want to watch content from securety experts it exist on Yt

[Itrio]

4 minutes ago, BlueSpartan said:

It does make sense that in such a fast-moving area CS would not align with "evergreen" content, but that is also true of other software/hardware things they put out. Nothing is truly permanent. They did the Rubber Ducky video but it was void of any real information or capabilities. Really they just need a side channel for in-depth topics of any kind, since the main channel has to be geared toward normies. 

Agreed on the security focused side channel, but I disagree that evergreen content is impossible. Look at NBTV, who posts regular security related videos. Yes, there are brand name drops, but the concepts are solid too. Obviously a bit of research would be needed to make such content on an LTT channel, but concepts evolve over time, but not at the rate that it's expired after just a year. Yet another example I have is FIPS 140-2, being replaced by 140-3. Stuff validated under 140-2 is still valid for 5 years from the date of it's validation for the purposes of NIST 800-171 and CMMC. I'd love to see a techquicky about these kinds of things.

[TechXplore]

Just now, Pawgs said:

Just tryed to subscribe to floatplane. It's not possible. A error accured, try again later. 

Might be more then just youtube and forum they hit with the attack 

I dont think the forum was attacked, otherwise, we probably wouldn't be able to chat anyways

[BlueSpartan]

1 minute ago, Zodiark1593 said:

This had also occurred to Jim Browning last year, someone not only knowledgeable in tech, but also an expert in security. 

David Bombal as well, and that is his expertise. In his case it ended up being an employee. The human element will always be the weakest link. LTT is a higher-profile target, so it could be a complex attack. 

[Uttamattamakin]

Aww man who the heck does Thumbnails for this guy.   Look at it.  Has Linus looking EPIC.   Random woman with a full rack in the thumbnail. LMBO

 

[BlueSpartan]

2 minutes ago, Robonwars said:

ltt are not securety experts and if u want to watch content from securety experts it exist on Yt

I never said they were. They have the capability and resources to make the videos great though if they hired people who were experts, like the one they mentioned they turned down in one of the last few WAN shows. 

[Kilrah]

7 minutes ago, BlueSpartan said:

You don't have to shill a product to make security videos. Every software solution will have flaws, poor management decisions, etc. Even if they did "grade" products like an independent lab, the onus is on the individual to make good decisions.

Sure, but the security product market is way more "sensitive" - frequent "scandals" and causing more backlash than anything else when they happen. They're not even touching VPNs anymore for that reason. 

[Robonwars]

5 minutes ago, Uttamattamakin said:

Aww man who the heck does Thumbnails for this guy.   Look at it.  Has Linus looking EPIC.   Random woman with a full rack in the thumbnail. LMBO

 

this channel is horrific he changes his channel name reguarly  made Magic the Gathering content in the past

https://youtube.fandom.com/wiki/TheQuartering#Crowdfunding

 

[Pawgs]

2 minutes ago, TechXplore said:

I dont think the forum was attacked, otherwise, we probably wouldn't be able to chat anyways

Just read some where earlier that the forum also was down. 

But yes it's working fine now. 

[BlueSpartan]

Just now, Pawgs said:

Just read some where earlier that the forum also was down. 

But yes it's working fine now. 

They likely turned everything off to secure what they still had control over and see what had been compromised. 

[Zodiark1593]

9 minutes ago, BlueSpartan said:

David Bombal as well, and that is his expertise. In his case it ended up being an employee. The human element will always be the weakest link. LTT is a higher-profile target, so it could be a complex attack. 

Given that multiple channels were hit, I suspect session hijacking, probably in combination with a phishing link to steal the cookies. I don’t think it likely that an employee would manually enter the login details for multiple accounts on a fake webpage, unless multiple employees (with the different credentials) fell for it, or passwords were shared. 

 

Session hijacking would also explain why 2FA wasn’t triggered. 
 

Channel Super Fun was probably spared as, so far as I know, it’s really only Dennis that uploads to it. 

[Uttamattamakin]

Just now, Robonwars said:

this channel is horrific he changes his channel name reguarly  made Magic the Gathering content in the past

True but gotta admit his thumbnail artist is on FIRE with that one.  Linus should hire whoever that is.
 

 

1 minute ago, Kilrah said:

Sure, but the security product market is way more "sensitive" - frequent "scandals" and causing more backlash than anything else when they happen. They're not even touching VPNs anymore for that reason. 

Like they were saying though.  LTT could make content around security practices.  Security hardware and software products are half of it.  The other half is the users.  The most secure system there is is vulnerable to us humans and our unpatched firmware (namely or social and trusting nature towards most other humans). 

[TechXplore]

1 minute ago, Pawgs said:

Just read some where earlier that the forum also was down. 

But yes it's working fine now. 

Now, we just wait for the YouTube channels to Come back, at who knows what time.

 

1 minute ago, BlueSpartan said:

They likely turned everything off to secure what they still had control over and see what had been compromised. 

That could be what happened. It wouldn't shock me, to be honest

[RoseLuck462]

Wasn’t me!

[LogicalDrm]

6 minutes ago, Pawgs said:

Just read some where earlier that the forum also was down. 

But yes it's working fine now. 

 

5 minutes ago, BlueSpartan said:

They likely turned everything off to secure what they still had control over and see what had been compromised. 

Forum was not attacked. Due to what happened, we had abnormally high traffic, causing naturally what DDoS attacks do artificially. Forums and Floatplane are hosted on dedicated hardware (OVH), not in-house at LMG.

Edited March 23, 2023 by LogicalDrm

[fun_two]

In the words of Linus, "this is more content, baby!"

[Ravinsky_pl]

SC is back.

[Robonwars]

2 minutes ago, Ravinsky_pl said:

SC is back.

short circut never was down