Jump to content

Brothgar's Youtube was hacked


Recommended Posts

1 hour ago, RonEmpire said:

Based on reading the above,  "cookies" hacking  is in the ream of possibilities.
I've always suspected that it's possible to  exploit cookies over an network.

At least its  good thing that his  actual Google Account wasn't compromised.    

YouTube need to upgrade their security checks and authentication.

 

^^

Google is YouTube..
There are places, where you can buy such accounts in masses and it's not really expensive.
Never think, that because your acc is not compromised, it must be safe.
Sometimes, even when they have full google access, they compromise only partial sectors of the accs, because not all users reset everything back then and they can reaccess it later easy..
 

Link to comment
Share on other sites

7 hours ago, RonEmpire said:

Based on reading the above,  "cookies" hacking  is in the ream of possibilities.
I've always suspected that it's possible to  exploit cookies over an network.

Unless the browser is defective, basically only XSS and CRSF can do that as the same-origin policy prevents cookie stealing. But browsers can be defect and it just takes one wrong click in the worst case to have a cookie stolen.

Link to comment
Share on other sites

On 2/9/2020 at 4:06 AM, Oozinator said:

Phishing is not really a security hole..

Phishing exploits the problem that exists between the keyboard and the chair of the system.  It is unfortunate that even given an infinite number of code re-writes, this vulnerability can not be eliminated.   There has been some success with teaching the carbon-based AI that exists between the keyboard and the chair, but tragically there is no guarantee as the AI is quite capable of ignoring directives even when the continuing functionality of the AI is at stake.  Any programmer seeking to reduce the impact of the Phishing exploit should spend some time watching "Hold my beer" videos on YouTube to get an idea of the scale of the problem.

Link to comment
Share on other sites

6 hours ago, KittenIsAGeek said:

There has been some success with teaching the carbon-based AI that exists between the keyboard and the chair, but tragically there is no guarantee as the AI is quite capable of ignoring directives even when the continuing functionality of the AI is at stake. 

In my system the carbon-based AI sits on a couch so I guess the system is immune to phising ;)

Link to comment
Share on other sites

Still no Brothgar?

What a disgrace, I complained few times now on his channel about the crypto scam to try and get it back.  

Things need changing at YouTube, esp for those who get money from their videos.  Just gets worse and worse for them as the neo-technocracy-tyranny grows.

Is there even anything we can do as a community or individually to try and get it back?

Link to comment
Share on other sites

Based on some research - the exploit  is really a result of the user who got  phished.

Seems like Brothgar might have clicked on some wrong emails.  Wonder if he went through all his emails to see how he got phished.


You can'y fault YouTube/Google  too much for end-user getting phished.   Only thing you can blame them for is not being better equipped for  'restoring' a users account from a "back-up".    All video playlists, likes, comments etc should be 'restored'  from a backup database state.   They just need better database backup.   

I mean hell, if google wanted make more money offering bigger storage for  backups  they could charge for this.  Saying we can offer you a $X per month protection  with backup service.

Link to comment
Share on other sites

2 hours ago, RonEmpire said:

Based on some research - the exploit  is really a result of the user who got  phished.

Seems like Brothgar might have clicked on some wrong emails.  Wonder if he went through all his emails to see how he got phished.


You can'y fault YouTube/Google  too much for end-user getting phished.   Only thing you can blame them for is not being better equipped for  'restoring' a users account from a "back-up".    All video playlists, likes, comments etc should be 'restored'  from a backup database state.   They just need better database backup.   

I mean hell, if google wanted make more money offering bigger storage for  backups  they could charge for this.  Saying we can offer you a $X per month protection  with backup service.

That is a good idea.

Does seem like YouTube is missing a trick, plenty of YouTubers would pay for a premium support/backup service for their channel.

Only thing is greedy company like Google probably gonna degrade anyone who does not pay's service even further.  Carrot + stick.  I said many times these companies Google/Facebook/Youtube are so big, ubiquitous that they need to stop being treated as privately owned companies and start being treated as a public utility like water, gas, electricity.  They pretty much cannot be lived without in this day and age.  Censorship is rife in these services and the first amendment is just a joke to be laughed at, yet they have made it so they cannot be held accountable as a publisher, and they just squash any views they disagree with.  Neo-technocratic-tyranny.

23 minutes ago, Oozinator said:

If you can, you can!

 

 

Sorry mate, I dont get this joke, no idea what you trying to say here!

Link to comment
Share on other sites

15 hours ago, KittenIsAGeek said:

Phishing exploits the problem that exists between the keyboard and the chair of the system.  It is unfortunate that even given an infinite number of code re-writes, this vulnerability can not be eliminated.   There has been some success with teaching the carbon-based AI that exists between the keyboard and the chair, but tragically there is no guarantee as the AI is quite capable of ignoring directives even when the continuing functionality of the AI is at stake.  Any programmer seeking to reduce the impact of the Phishing exploit should spend some time watching "Hold my beer" videos on YouTube to get an idea of the scale of the problem.

For the forum here, an adequate image would be to think of the typical user as about as competent about security as the average Dupe. Think Meep and the Musher from the Klei short ;)

There is something that can be done though: 2 Factor Authentication done right with 2 really separate devices. I.e. no "soft token" on the same phone as the YouTube app, no sms token to the same phone as the app, etc. But that costs money and costs even more because many users do not see the point and may stop using the service (Dupe-level "insight" again...) hence even banks find it difficult to establish this.

And, of course, basically using a web-browser to read email is pure insanity. I use mutt and my email gets displayed by less. As some people cannot refrain from sending HTML-email, I use Lynx (text-mode browser) as a filter, but Lynx does not do active content or auto-magic (or rather "auto-mess") opening of a browser or the like. Hence most email issues just pass me by. But users want their features, regardless the cost.

 

Link to comment
Share on other sites

5 hours ago, Gurgel said:

I use Lynx (text-mode browser) as a filter,

Lynx FTWs!  Mom called me up the other day, "Why can't I open this email?"  So I used Lynx to hit her gmail account and looked at the mail in question.  "Um, because its a redirection to a phishing site."  My mom said, "Well, fix it so I can open it!"  ... *sigh*

Link to comment
Share on other sites

Brothgar has uploaded an update video on the hack on one of his other channels.

He says he has his original videos (or at least some of them), but he is concerned about re-uploading them at this time due to potential automated copyright problems, and he may resume uploading new videos on (I believe) this channel.  

https://www.youtube.com/channel/UCVklElF803kHQPEFVl_RjEg

 

Also, the real Litecoin Foundation responded to Brothgar's tweet saying that this is not them and calling out the scams.  I would like to point out, assuming that the Litecoin Foundation is not responsible for the hack, that there is nothing they can really do.  They have no power over Youtube, nor do they know the password just because their name is on the channel. 

I would like to hope that if they changed the channel name to the Zarquan's Litecoin Raffle or something like that, that people would not assume that I have any power over what they are doing, nor that I am in any way responsible.  Remember to blame the scammers, not the group they are impersonating.

 

Link to comment
Share on other sites

2 hours ago, KittenIsAGeek said:

Lynx FTWs!  Mom called me up the other day, "Why can't I open this email?"  So I used Lynx to hit her gmail account and looked at the mail in question.  "Um, because its a redirection to a phishing site."  My mom said, "Well, fix it so I can open it!"  ... *sigh*

Hahahaha, excellent!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Please be aware that the content of this thread may be outdated and no longer applicable.

×
  • Create New...