Linus Tech Tips, Tech Quickie, Tech Linked channels hacked

[wanderingfool2]

52 minutes ago, Kilrah said:

Malicious attachments and phishing will always work in some percentage of cases, it's basically a given and well known so extra measures need to exist to not let something that simple be able to have such a wide impact in such cases where misuse is rather obvious.

It's always that balance, security, efficiency, cost.  

[Sceptic]

1 hour ago, Arika S said:

Sure are a lot of people with "solutions" that would have prevented this only after having perfect 20/20 hindsight and guarantee that these "solutions" are not in practice by anyone suggesting them...

Especially when we all know that the real solution is firing Colton.

[dogwitch]

34 minutes ago, Sceptic said:

Especially when we all know that the real solution is firing Colton.

he the terminator... it just keep coming back....

[ZombieMan762]

9 hours ago, Spotty said:

Yeah, but it can only be done from the account that is compromised. Which likely wasn't Linus's account but one of his employees.

Let's say one of the writers google accounts is added to the Youtube channel as a manager to allow them to upload videos. Linus can't log in to that employees account and invalidate the session through the device activity page. The owner of the account would need to do that.

 

 

I saw the reddit post but it has since been deleted by the OP.

 

They use Google Workspace where you absolutely can sign them out of logged in sessions and even reset their passwords. 

 

You can also create internal organizational units for anyone with channel access that could be added to a unit specific to people who have channel access then bulk log them out and reset passwords. 

 

The problem is when something like this happens you need to know the attack vector to take proper action. Signing people out and resetting passwords would only take a couple of minutes and it would be a good idea to do a checklist item when a breach does occur. They just get a prompt to reset their passwords when they login and that resets the session cookie. 

 

Also, a good idea to add something to business email systems where people are warned the sender is from an external organization. I am also surprised Gmail filters are letting these types of attachments through with no malicious file warning or quarantine system. 

[Drazil100]

1 hour ago, Sceptic said:

Especially when we all know that the real solution is firing Colton.

I'll let you in on a secret behind Colton's employment. Colton has always been fired... Linus just doesn't have the heart to make him leave the building.

[Issac Zachary]

15 minutes ago, Drazil100 said:

I'll let you in on a secret behind Colton's employment. Colton has always been fired... Linus just doesn't have the heart to make him leave the building.

I always took "Colton being fired" or "no-longer working at LMG" as some sort of joke. I take the referrence to Colton causing the hacking and channel deletions also to be a joke. But maybe Linus was actually serious that it was Colton. I still think it was a joke and that Linus is not actually disclosing who really opened that "PDF."

[leadeater]

6 hours ago, QuantumSingularity said:

That wouldn't exactly help with the simple use of a VPN.

Yes it does, using a VPN changes your IP and IP address is a location factor so that immediately triggers impossible travel. And this isn't just theory either it happens. When people are working from home and sign in to Teams then connect to the corporate VPN they are forced to sign back in and MFA.

[RafaelSoaresP]

No WAN today? I was hoping to get more details on the issue. 

[Issac Zachary]

27 minutes ago, leadeater said:

Yes it does, using a VPN changes your IP and IP address is a location factor so that immediately triggers impossible travel. And this isn't just theory either it happens. When people are working from home and sign in to Teams then connect to the corporate VPN they are forced to sign back in and MFA.

But could you use a VPN to look like you're in Vancouver Canada even if you're somewhere else?

[Legitsu]

check twitter wan is running late but is happening

[leadeater]

47 minutes ago, TechlessBro said:

That’s a very pre pandemic thing, with work form home and global employees with home VPN etc that trigger so many false alerts. Assuming they actually have 24x7 monitoring which is unlikely as well.

If you connect the VPN first then you won't have to. Which is simply part of user education.

 

48 minutes ago, Issac Zachary said:

But could you use a VPN to look like you're in Vancouver Canada even if you're somewhere else?

If you are active on one IP and it suddenly changes and there is activity still on the other then it'll trigger.

 

47 minutes ago, TechlessBro said:

Again these attacks are more than capable of proxy through the infected PC so IP never changes.

Except this isn't that and neither would API connections be having session cookies taken like this either. It's not actually relevant to what happened here or user/user account protection for actual employees and their computers.

[leadeater]

4 minutes ago, TechlessBro said:

That’s just wishful thinking. Educating users is the last line of defence.

VPNs do not increase security. They remove redundancy and add cost, complexity and overhead.

 

VPNs have very limited use cases.

Who said anything about VPNs increasing security? Corporate VPNs have a purpose you know...

 

Edit:

P.S. If you are not implementing impossible travel detection and mitigation measures then your security is woeful and inadequate, especially if you aren't doing it on privileged accounts. You don't even have to require the same actions across all account types either.

 

I'm getting strong vibes you think you know what you are talking about but have no actual real world experience, and if so certainly not in environment with many ten of thousands of users.

[leadeater]

1 hour ago, Legitsu said:

check twitter wan is running late but is happening

Nice, thanks. Was wondering just this

 

Edit:

Yay it's live 

[Rohith_Kumar_Sp]

On 3/23/2023 at 8:10 PM, Warwagon1979 said:

With 15 million followers i'm sure people were scammed.

No not that much, about 7000$ is about how little they made if you follow the crypto address they linked. 

 

Mental outlaw made a video about this 

 

 

[WTFX]

Floatplane seems to be struggling rn, first big stream after a very big influx of users tbf, at least it's flawless on Twitch for now, I'm sure they'll sort it out for future, load balancing or whatnot.

[amsga]

Not sure if anyone else sees this but I was just searching through some content about LG TVs and notice that there were some descriptions linking to the crypto scam sites.

Not sure if it is cached or they really embedded that during the attack.

[LogicalDrm]

18 minutes ago, amsga said:

Not sure if anyone else sees this but I was just searching through some content about LG TVs and notice that there were some descriptions linking to the crypto scam sites.

Not sure if it is cached or they really embedded that during the attack.

Those both show to me with good descriptions. So it might be your side also.

 

If you go to video and it still has scam links, please post links to videos and we can let LMG know.

[rogerwilco91]

So, no WAN show today? I can understand why, but just wondering. 

[starsmine]

4 minutes ago, rogerwilco91 said:

So, no WAN show today? I can understand why, but just wondering. 

its been live for a while

 

[rogerwilco91]

12 minutes ago, starsmine said:

its been live for a while

 

Oh thanks. I didn't see it my feed for some reason. 

[LeoLehane]

I'm not sure if everyone has already noticed, but the people behind LTT'S recent hack have changed some of the video descriptions to include " Double your crypto with tesla!" and the link to the scam webiste. I have enclosed a picture of evidence. the weird thing is, I couldn't find the edited part of the description when I clicked on the video.... 

[Eida]

The team is more than likely still working on this currently.

 

It takes tons of time to fix something of this magnitude lol

[lowstrife]

Interesting. There is still a separate cached version within the search results, even though the actual video has been updated. 

[gamebrigada]

22 hours ago, ricardo248 said:

Social engineering can never be 100% secure, the only way is to have a good plan of recovery and minimize admin access as much as possible. Security awareness training is always good also

Never 100%, but without security awareness training, your average employee won't survive 20 well put together phishing emails. 

[Eida]

Truly interesting