My Channel Was Deleted Last Night.

[Fizzle]

45 minutes ago, frog water said:

As really thinking about it their are easy possible security features that you think should be in place that aren't , kina makes you wonder why aren't they a thing and what is more important to youtube .

Cost, usability and to avoid support calls.

 

So for example an obvious fix would be if session cookie suddenly jumps to a new IP  then request reauthentication.

Except now they have one more piece of data to track and a bunch of support calls from people asking why they keep getting logged out while traveling.

 

Not impossible to do though, Azure and others can use location, device, configuration and other additional factors to check the session is still legit. They would also only work with a managed device.

 

There is actually quite a lot done these days to protect your session, when I were a lad you didn't even need the funky PDF as I could have extracted your session using a JavaScript embedded in a URL (cross-site scripting) or worse still Cross Site Request Forgery would have let me send commands through your browser (with your session cookie) just because you visited my website!

 

Good to see everything back in order.

[Lanrick]

This video is a great reminder to be vigilant to emails that you get. Even the most security minded people can fall for a phishing scam. My thoughts and prayers to the LMG team.

[Paranoid Kami]

Was it my brother-in-law who hacked into your account? Wouldn't be surprised as he does things like this all the time. Anyways, an anti-virus might have saved you from this kind of attack. Windows Defender isn't very good.

[Grant112]

Glad the channel is back! I get Linus' criticism of Google on their lack of/not great communication with him during the resolution process. But I would think they know they are dealing with someone who has had their account(s) compromised. They might be worried/suspicious that hackers themselves are impersonating you as an attempt to gain information (how much they've discovered and what they're doing to repair it), maybe in an attempt to fight back or keep it longer. Especially if you're communicating via email  (as shown in the video). Which is understandable. Although, we don't have all the information, maybe he was able to confirm his identity somehow. 

[Big Chungus]

https://www.mxhero.com/email-security-governance would have prevented all of this as the attachments are automatically scraped and placed in cloud storage (like Box) for display in a browser

[MootEndymion752]

I was super confused when on the "Subscriptions" tab, seeing Teckquickie & LTT missing.

[aisle9]

#LinusTechRIPs

 

I'm disappointed with myself for not following the interwebz yesterday and missing out on the chance to make that joke.

[kuro68k]

A simple mitigation against this is to use Group Policy to make your documents and download folders no execute.

 

Any malware saved there, like if you download a "pdf" or try to open it, you will get an error from Windows.

[adamhawree]

i found that microsoft is also trying to stop this due to the text saying "microsoft defender smartscreen" in tesla2ai.net and im gonna investigate the code in it

[adamhawree]

1 minute ago, adamhawree said:

i found that microsoft is also trying to stop this due to the text saying "microsoft defender smartscreen" in tesla2ai.net and im gonna investigate the code in it

mhm found it in the code : <!--
Copyright (C) Microsoft Corporation. All rights reserved.
Use of this source code is governed by a BSD-style license that can be
found in the LICENSE file.
-->

[Zacher]

I'm sure I'm very late to the topic, but as an IT specialist in an organization that grew in the approximate same amount, including a service like KnowBe4 has been super valuable.  They have training, phish links, testing to bring awareness to those that don't know.  Dramatic change in employee reactions.

[wanderingfool2]

3 hours ago, Spotty said:

Watch the video they posted a link to.

I get that most of the world does not use ASCII and that the particular unicode character needs to exist...but boy, MS really should add in at least some form of protection against executable file types.  This trick is something that I could see even a seasoned IT person falling for if they see it on someone's computer.  If anything, the presence of a file where the unicode character is present at a non-zero index should instantly set up a red flag (and a massive warning message before it's allowed to be run).

 

 

Regarding to the video, YouTube/Google really does need to change...this has been going on for literally years now and the fix could be so simple as well.  It would be interesting to see the internal conversations at Google regarding this, I'm betting it's along the lines "We should do this" "Okay, lets do a study on impact to users" [Study takes a half a year] "Lets do an experimental deployment and see if users complain".  (Too many management decisions to be made in-between, Google no longer is an agile company).

 

Changes I'd like to see on Google's end:

  - Changing password requires the 2FA

  - Changing the 2FA requires the password

  - Changing channel name password/2FA

  - Changing channel name locks livestreaming for 24 hours or at minimum if the name include "Tesla" or "Mr Beast" it should be limited to 24 hours

  - Sessions should be linked to IP...or at minimum geolocated to roughly the same area.

 

While blame still falls on Linus and his team, it's a difficult decision really when allowing things like zip/rar files.  There was a time-clock company I had to work with that would constantly require me to send them files after renaming the .zip file to .zipc...simply because their email server bounced all zip files (and even then it was a struggle getting them necessary files that was needed for them to fix a mix up on their end).

 

Even with proper training, I could see how a normal user could make the mistake as well or how preventing this could also create a hindrance to the company (slowing down communication or putting up too many barriers to the point sponsors might not want to work with you).  Even with proper training as well, you will have users who break that since it creates too much of an inconvience.

 

One thing I did when I managed the Exchange servers at my place of work before was anytime an email came through with a zip file, I set a very bold and very obvious text prepended to the beginning of the file stating "Treat zip files with caution contact [my name, phone, and email] me before opening or ask the sender to send the attachment without the zip file".  I only had to deal with it once or twice a week, but in one case it actually was a poisoned docx file; so it was well worth...I actually had a specific offline thin client that I used for it...so everytime I reset the machine it would essentially go back to fresh as well (technically it still could have infected the machine and traveled to the USB the next time I plugged one in but that was within my tolerances).

 

[Birblover12]

I'm actually relieved that Linus isn't punishing whoever is the culprit, generally yelling and scolding people who don't know any better about what they did only makes the entire situation worse. Instead, I think a global, companywide training session about what happened and how to prevent it in the future is a much, MUCH better way at mitigating the issue in the future.

 

I'm wondering if there would even be any way to mitigate the issue in the future (other then Google picking up the slack and doing what Linus said), especially since as the saying goes, your security is only as strong as your weakest link. Regardless, glad the channel is back!

[Sir Beregond]

9 hours ago, CurryMantou said:

Two lessons: Don't open suspicious emails. Wear pants.

I don't know. Seems weird to have cameras all over the inside of your house, but maybe that's just me.

[bluehawk]

Meanwhile I use my VPN and every other page Google is having me input captcha to show I'm not a bot. Oh and my Google account was compromised the other year and it got banned for content uploaded to the drive and there was no one from google I could talk to to get my account back so I lost my emails and all my google photos. Thanks google. 

[Shimejii]

43 minutes ago, Sir Beregond said:

I don't know. Seems weird to have cameras all over the inside of your house, but maybe that's just me.

When you have potential for breaking into your house because famous, you pretty much need cameras at all times. Matters a lot more in states where you can shoot to kill home invaders so you can show they broke in and such. But its almost always about making sure the house and whatever in it is safe.

 

There has been quite a few youtubers that have had their house broken into, thats why hes been trying VERY hard to hide where his house is, and having a few stupid mistakes like listing its exact address on live stream didnt help. People suck.

 

 

On topic: I still dont think they needed access to the Youtube channel. Just having machines that can deal with potential issues like this as disposable and shut down fast without any real threat for just marketing and potential deals sounds a lot safer. But theyve only had two issues for such a large channel.

[Soundbored]

Well, we know for a fact, according to the video, that it was most definitely not colton.

[My_BallsUK]

Im really glad you got this sorted. It sounds like that youre implementing some necessary processes. Can i suggest one to look at... Email gateway...

Im a sysadmin and we have had Mimecast implemented since 2010... yes it can be expensive (£20k over 3yrs for 100 users) but it really does help and it will alleviate a lot of worry.

i have it nailed down so that any attachment gets striped and users get a safe version. (which would have stopped your attack before it began).

Theres so many security features too many mention here, but you should have a look.

anyway, (if you do see this, it will prolly get lost in the ether) keep up with the good work and stay safe.

[AnonymousGuy]

Kinda amusing Youtube doesn't prompt for a password to change a channel name.  

 

And install an actual AV on the machines of people who are public-facing.  You don't need to do all this NSA shit scrubbing emails in a VM on an air gapped blah blah.   An actual AV wouldn't allow a random executable go off and query shit from browser folders.

 

[KazInVan]

18 minutes ago, My_BallsUK said:

Im really glad you got this sorted. It sounds like that youre implementing some necessary processes. Can i suggest one to look at... Email gateway...

Im a sysadmin and we have had Mimecast implemented since 2010... yes it can be expensive (£20k over 3yrs for 100 users) but it really does help and it will alleviate a lot of worry.

i have it nailed down so that any attachment gets striped and users get a safe version. (which would have stopped your attack before it began).

Theres so many security features too many mention here, but you should have a look.

anyway, (if you do see this, it will prolly get lost in the ether) keep up with the good work and stay safe.

Any good endpoint AV tool should have stopped this as well.  It's a failing of the whole security stack, which includes the training of staff.

[Sir Beregond]

1 hour ago, Shimejii said:

When you have potential for breaking into your house because famous, you pretty much need cameras at all times. Matters a lot more in states where you can shoot to kill home invaders so you can show they broke in and such. But its almost always about making sure the house and whatever in it is safe.

 

There has been quite a few youtubers that have had their house broken into, thats why hes been trying VERY hard to hide where his house is, and having a few stupid mistakes like listing its exact address on live stream didnt help. People suck.

 

 

On topic: I still dont think they needed access to the Youtube channel. Just having machines that can deal with potential issues like this as disposable and shut down fast without any real threat for just marketing and potential deals sounds a lot safer. But theyve only had two issues for such a large channel.

I guess makes sense. Just seems weird having cameras watching you on your computer in your underwear.

[bluehawk]

1 hour ago, Shimejii said:

When you have potential for breaking into your house because famous, you pretty much need cameras at all times. Matters a lot more in states where you can shoot to kill home invaders so you can show they broke in and such. But its almost always about making sure the house and whatever in it is safe.

 

There has been quite a few youtubers that have had their house broken into, thats why hes been trying VERY hard to hide where his house is, and having a few stupid mistakes like listing its exact address on live stream didnt help. People suck.

 

 

On topic: I still dont think they needed access to the Youtube channel. Just having machines that can deal with potential issues like this as disposable and shut down fast without any real threat for just marketing and potential deals sounds a lot safer. But theyve only had two issues for such a large channel.

 

Next up Linus creates a smart turret system for his home defense 

[Shimejii]

13 minutes ago, bluehawk said:

 

Next up Linus creates a smart turret system for his home defense 

Not in Canada  Unless his smart defense includes Moose, Polar Bears, and angry Geese.

[lukeis2k20]

EDIT - >>>NOW THIS GOES TO THE NORMAL LTT youtube


is it just me or is there another FAKE LTT on youtube at the moment?

i searched for "linus" and "linus tech tips" and found the same thing both times

you can see the URL to the fake account in the bottom left but in the search results it looks very real

clicking on it takes me to a totally fake account

(tagging LMG staff and moderators in the hope they see this)

@CPotter @LinusTech @Crunchy Dragon @mynameGeoff @BellLMG @Shahrad

[Kilrah]

8 minutes ago, lukeis2k20 said:

is it just me or is there another FAKE LTT on youtube at the moment?

If you click on it you'll see it directs you to the actual LTT channel.