News Linus Tech Tips YouTube Channel Hacked to Promote Crypto Scams

RichardtST

Respectable
May 17, 2022
241
268
1,960
And it's only going to get worse, even as more and more people slowly realize what a complete farce computer security is. When the solution is always "Add more hardware. Add more software. Add more complexity", the result is always the same. The KISS PRINCIPLE has long been abandoned.
 

gfg

Distinguished
Mar 30, 2005
93
27
18,670
There are already many important channels and with several million subscribers who suffer the same robbery and by the same subjects, with the same Tesla farce.
This has been going on for several months and Google hasn't fixed anything.
 

Giroro

Splendid
Is today the ideal day to finally get back on YouTube?

Prompt: Generate a highly overphotoshopped and misleading technicolor picture with an ugly face, giving an expression that makes an overly positive ad for a forgettable mouse appear to be about the worst disaster in human history
 
Last edited:
  • Like
Reactions: heynow

heynow

Distinguished
Mar 30, 2010
106
0
19,340
At this point, if people have anything to do with crypto, I have zero sympathy for them. Fools always have money and they continually get parted from it.
 
tbh YT (Google) is issue here.

no plan for them have options to require authentication if new ip address is used.

they should require 1-2 forms of it if new ip is logged in before able to publish/change anything.

its basic security 101. you never let a dif ip not need authenticating. (even some games require this and lock down selling/deleteing items/characters.)
 

Giroro

Splendid
tbh YT (Google) is issue here.

no plan for them have options to require authentication if new ip address is used.

they should require 1-2 forms of it if new ip is logged in before able to publish/change anything.

its basic security 101. you never let a dif ip not need authenticating. (even some games require this and lock down selling/deleteing items/characters.)
Not sure how 2FA is supposed to solve any of Google's problems. You log into YouTube using Gmail. You think somebody who can get a password to a Google account can't also get a password to that same Google account?

It seems like a major annoyance to the user with no actual security benefit.
 

tekwiz

Distinguished
Nov 11, 2010
10
3
18,515
Not sure how 2FA is supposed to solve any of Google's problems. You log into YouTube using Gmail. You think somebody who can get a password to a Google account can't also get a password to that same Google account?

It seems like a major annoyance to the user with no actual security benefit.

Well usually the Gmail account password is the same as to the Google account isn't it? But yeah, by default, Google doesn't ask for anything more than the password and it alerts the user there has been a login from a new device, I guess it's up to the user to decide if they want some kind of 2FA...
 
Last edited:
Mar 23, 2023
20
2
15
I was wondering what the heck happened and then I came here to look something up and now I know. You would think they had 2FA enabled on the accounts. Mind-blowing stuff.
 

tekwiz

Distinguished
Nov 11, 2010
10
3
18,515
I was wondering what the heck happened and then I came here to look something up and now I know. You would think they had 2FA enabled on the accounts. Mind-blowing stuff.

Linus explained how this happened, someone in the office got an email, which seemed to be a PDF, but it wasn't, it was some kind of exploit, so when it didn't open they moved on but the exploit let the hacker copy the whole browser including the session key, so they were able to gain access to the Youtube accounts without even knowing the password... eMails with attachments are always risky, if you're not careful.
 
Last edited:

tekwiz

Distinguished
Nov 11, 2010
10
3
18,515
Apparently this happens through email spoofing. You get an email that appears to be from a legitimate company asking to work with you as a creator, or start some ad campaign, and if you aren't careful about verifying the emailer is the real thing, you can easily fall for it. This happens to YouTube creators all the time, someone just isn't careful, but can happen to anybody in any situation. For example, someone is selling or buying a house and then someone emails them pretending to be someone they are in contact with, and can end up sending money to the wrong party! Gotta watch those emails and verify the addresses actually match whom you expect them to.

Anyway Linus was back up within the day, Youtube was very helpful to him, and he made a video about it. Linus explained how this happened, someone in the office got an email, which seemed to be a PDF, but it wasn't, it was some kind of exploit, so when it didn't open they moved on but the exploit let the hacker copy the whole browser including the session key, so they were able to gain access to the Youtube accounts without even knowing the password... eMails with attachments are always risky, if you're not careful.
 
Last edited:
  • Like
Reactions: atomicWAR