rjohnson11
EVGA Forum Moderator
- Total Posts : 102323
- Reward points : 0
- Joined: 2004/10/05 12:44:35
- Location: Netherlands
- Status: offline
- Ribbons : 84
https://overclock3d.net/news/misc_hardware/linus_sebastian_releases_statement_following_linus_media_group_hacks/1 Linus Sebastian responds to Linus Media Group YouTube account hacksFollowing the hacking to the Linus Tech Tips YouTube channel and the subsequent hacks of the Tech Quickie and TechLinked YouTube channels earlier today, Linus Sebastian, the owner and operator of Linus Media Group, has released the following statement on Floatplane regarding the attack. Regarding the YouTube channel hack, we are now on top of it with Google's team now. Everything should be locked down and we are getting to the bottom of the attack vector with the (hopeful) goal of hardening their security around YouTube accounts and preventing this sort of thing from happening to anyone in the future.
You can expect a more detailed update on WAN show at some point in the future. Not sure if it'll happen this week since this is still a developing situation.
Good news is that you can expect to get your LTT fix on Floatplane as usual.
Today multiple YouTube channels from Linus Media Group were attacked by hackers who utilised the reach of of the organisation's YouTube channels to promote a cryptocurrency scam, using the Tesla brand name and imagery of Elon Musk to direct viewers to a website where users could get scammed. These types of YouTube hacks and cryptocurrency scams are all too common on YouTube, with most of these scams using the concept of a crypto giveaway to entice victims into sending cryptocurrency to scammers. The scammers claim that users will be sent more money in return than they send to the scammers, a promise that is not kept. Our advice is to avoid any kind of crypto giveaway, and to keep an eye open for scammers on YouTube. It looks like Linus Media Group and YouTube are on their way towards restoring the Linus Tech Tips YouTube channel and other affected channels. Hopefully, this hack will result in a hardening of YouTube's security mechanisms and prevent similar hacks from occurring in the future. Obviously YouTube needs a massive security overhaul.
|
transdogmifier
CLASSIFIED ULTRA Member
- Total Posts : 6116
- Reward points : 0
- Joined: 2003/09/05 14:26:21
- Location: Orlando, Fl
- Status: offline
- Ribbons : 17
Re: Linus Sebastian releases statement following Linus Media Group Hacks
2023/03/24 04:49:28
(permalink)
I never watch his channel..I prefer Jay....Linus just grates my nerves..
However, I'd say it's a combination of security and users with channels that are desirable to hack being smarter about their passwords and such..
AMD Ryzen 7900x3d Deepcool LT720 Gigabyte Aorus Elite AX X670 (Might change..don't like this board) eVGA GeForce RTX 3090 FTW3 Ultra Gaming (Hybrid kit on it) Asus ROG Swift PG43UQ 4k Monitor eVGA 1600W Supernova T2 PSU 32GB Kingston 6000 DDR5 (2x16GB) Fury Corsair MP600 Pro 2TB (Boot) Corsair MP600 2TB (Games/Data) Phanteks P500A Case
|
the_Scarlet_one
formerly Scarlet-tech
- Total Posts : 24581
- Reward points : 0
- Joined: 2013/11/13 02:48:57
- Location: East Coast
- Status: offline
- Ribbons : 79
Re: Linus Sebastian releases statement following Linus Media Group Hacks
2023/03/24 05:00:18
(permalink)
transdogmifier
I never watch his channel..I prefer Jay....Linus just grates my nerves..
However, I'd say it's a combination of security and users with channels that are desirable to hack being smarter about their passwords and such..
If you watch his video and listen to what happened, it had nothing to do with passwords, and everything to do with basically the cookies and security tokens not even requiring passwords.
|
ty_ger07
Insert Custom Title Here
- Total Posts : 21174
- Reward points : 0
- Joined: 2008/04/10 23:48:15
- Location: traveler
- Status: offline
- Ribbons : 270
Re: Linus Sebastian releases statement following Linus Media Group Hacks
2023/03/24 07:25:56
(permalink)
Gotta love a poisoned cookie session hijack. If the allegations are true, the Youtube team shouldn't have a hard time correcting it. Edit: after reading further, it was a sponsorship PDF with malware in it which stole their YouTube session cookies. Ha ha ha! Sweet justice for a channel so focused on the mighty sponsor dollar. Seems like there isn't much YouTube could do to beef up their session cookies except force re-login and two factor authentication when big changes are made to a channel. Allegedly, Linus had a dozen different staff with logged-in access to the youtube channel and company email simultaneously, so it was just a matter of time before it happened. For big high-risk channels, it is being recommended that the computer with channel access is segregated from the computers which perform other company tasks.
post edited by ty_ger07 - 2023/03/26 13:54:57
ASRock Z77 • Intel Core i7 3770K • EVGA GTX 1080 • Samsung 850 Pro • Seasonic PRIME 600W Titanium
My EVGA Score: 1546 • Zero Associates Points • I don't shill
|
kougar
CLASSIFIED Member
- Total Posts : 3034
- Reward points : 0
- Joined: 2006/05/08 10:11:19
- Status: offline
- Ribbons : 22
Re: Linus Sebastian releases statement following Linus Media Group Hacks
2023/03/26 22:35:38
(permalink)
Pretty crazy that an IP address from an entirely different country didn't trigger at least a basic password prompt, nor that Youtube didn't request a password to make major changes to the channel. Even my small regional bank tracks IP locations and has better security than that.
 Have water, will cool.
|
ty_ger07
Insert Custom Title Here
- Total Posts : 21174
- Reward points : 0
- Joined: 2008/04/10 23:48:15
- Location: traveler
- Status: offline
- Ribbons : 270
Re: Linus Sebastian releases statement following Linus Media Group Hacks
2023/03/27 04:51:07
(permalink)
kougar
Pretty crazy that an IP address from an entirely different country didn't trigger at least a basic password prompt
The IP address thing is a little tricky. You don't want to annoy users. If you have the session cookie based on IP address, every time your phone switches from wifi to cellular service due to a temporary lapse in wifi coverage as you move around your property, you would need to re-login to anything using a session during that period of time. That annoys people. You could say, fine, make the determination based on IP geolocation, but that really doesn't work due to IP addresses having some pretty messed up distributions depending on location and service provider; especially in the age of VPN. It's pretty common for sessions not to be based on IP address. It's something youtube will have to reconsider. The amount of change which was able to be made to the channel though without needing to re-login, is a bit shocking. That needs work. And maybe youtube will need to consider channel size in order to do more things which will annoy users when their channel reaches a certain size, like the ip address thing, for their own good.
ASRock Z77 • Intel Core i7 3770K • EVGA GTX 1080 • Samsung 850 Pro • Seasonic PRIME 600W Titanium
My EVGA Score: 1546 • Zero Associates Points • I don't shill
|
GTXJackBauer
Omnipotent Enthusiast
- Total Posts : 10323
- Reward points : 0
- Joined: 2010/04/19 22:23:25
- Location: (EVGA Discount) Associate Code : LMD3DNZM9LGK8GJ
- Status: offline
- Ribbons : 48
Re: Linus Sebastian releases statement following Linus Media Group Hacks
2023/03/27 05:37:46
(permalink)
transdogmifier
I never watch his channel..I prefer Jay....Linus just grates my nerves..
It's the opposite for me. I think Jay's a marketing shill and Linus is respected for being around in the space for many years, way before any of the 'influencers' started their channels. The only guy I go to for info is Gamer Nexus and the guy that I can't recall his name or channel where the last video I watched from him several years back had health issues. I just remember him being a older bald guy from techpowerup or motherboards or what have you.
post edited by GTXJackBauer - 2023/03/27 05:40:40
Use this Associate Code at your checkouts or follow these instructions for Up to 10% OFF on all your EVGA purchases: LMD3DNZM9LGK8GJ
|
ty_ger07
Insert Custom Title Here
- Total Posts : 21174
- Reward points : 0
- Joined: 2008/04/10 23:48:15
- Location: traveler
- Status: offline
- Ribbons : 270
Re: Linus Sebastian releases statement following Linus Media Group Hacks
2023/03/27 05:54:25
(permalink)
GTXJackBauer
transdogmifier
I never watch his channel..I prefer Jay....Linus just grates my nerves..
It's the opposite for me. I think Jay's a marketing shill and Linus is respected for being around in the space for many years, way before any of the 'influencers' started their channels.
You don't think Linus is a shill? They will say anything for enough money. There are some funny videos highlighting how far they go sometimes to report complete nonsense about scam products without even testing the product for themself, and without any warning that the claims are not their own and have not been substantiated by them. They will say it as fact, because they were paid to do so; and since there is no warning or explanation, and no specific statement about what product is sponsored or which part of what they are saying is a sponsored claim versus a tested claim, people will believe that the supposedly reputable channel is saying what is true. I don't watch either Jay or Linus. They both annoy me and I don't trust either one. I don't watch anyone specifically. When I want to know something, I search, see what makes sense, seems reputable, and has multiple confirmations. If I do just browse in curiosity, it's pretty much only Der8auer, Buildzoid (AHOC), or GamersNexus. I've tried some others, and they just didn't feel right. Even GamersNexus feels a bit off some times, regardless of how much effort they put into avoiding deals, partnerships, and conflicts of interest.
post edited by ty_ger07 - 2023/03/27 12:20:01
ASRock Z77 • Intel Core i7 3770K • EVGA GTX 1080 • Samsung 850 Pro • Seasonic PRIME 600W Titanium
My EVGA Score: 1546 • Zero Associates Points • I don't shill
|
veganfanatic
CLASSIFIED Member
- Total Posts : 2119
- Reward points : 0
- Joined: 2015/06/20 18:08:41
- Status: offline
- Ribbons : 1
Re: Linus Sebastian releases statement following Linus Media Group Hacks
2023/03/27 11:48:25
(permalink)
this is why I used very strong passwords which are resistant to some abuses, unfortunately weak security is pervasive
  Corsair Obsidian 750D Airflow Edition + Corsair AX1600i PSUMy desktop uses the ThinkVision 31.5 inch P32p-20 Monitor.My sound system is the Edifier B1700BT
|
ty_ger07
Insert Custom Title Here
- Total Posts : 21174
- Reward points : 0
- Joined: 2008/04/10 23:48:15
- Location: traveler
- Status: offline
- Ribbons : 270
Re: Linus Sebastian releases statement following Linus Media Group Hacks
2023/03/27 12:07:07
(permalink)
veganfanatic
this is why I used very strong passwords which are resistant to some abuses, unfortunately weak security is pervasive
In this instance, no password was used. They used malware to gather the browser's session data and hijack the session from a different computer.
ASRock Z77 • Intel Core i7 3770K • EVGA GTX 1080 • Samsung 850 Pro • Seasonic PRIME 600W Titanium
My EVGA Score: 1546 • Zero Associates Points • I don't shill
|
Hoggle
EVGA Forum Moderator
- Total Posts : 10103
- Reward points : 0
- Joined: 2003/10/13 22:10:45
- Location: Eugene, OR
- Status: offline
- Ribbons : 4
Re: Linus Sebastian releases statement following Linus Media Group Hacks
2023/03/27 19:32:14
(permalink)
Makes you want to use the software of Linus sponsor today to keep your passwords safe doesn't it....  Sorry but I am not really a major fan of his video where like 3 times in a video he has to break away to talk about a sponsor.
|
808sting
iCX Member
- Total Posts : 462
- Reward points : 0
- Joined: 2012/04/13 15:04:51
- Location: US
- Status: offline
- Ribbons : 6
Re: Linus Sebastian releases statement following Linus Media Group Hacks
2023/03/28 00:08:24
(permalink)
Linus strays away from Enterprise solutions that cost money. If he's into opensource and "value" solutions, his weakest link is non-technical workers and training.
He took responsibility and eventually needs to consider end-point controls if he has a large non IT-technical computer user base.
i9 13900KS, Asus ROG Hero Z690 MB, 32GB G.Skill DDR5-6400Gigabyte 4090 Gaming OCExternal open-loop w/Velocity2 WBCorsair 900D CaseFirecuda SSD 1TB & 2TB, EVO 970P 1TB, Black 8TBAsus & LG BD-RECorsair AX1600i PSLG 38GL950B-G
|