How To Not Get Your Channel Hacked...
ฝัง
- เผยแพร่เมื่อ 2 เม.ย. 2023
- Hello guys and gals, it's me Mutahar again! This time we followup on Linus Tech Tips channel hack and look at how it happened, how to avoid it and how to secure not just one account but all your accounts in an easy way. Thanks for watching!
Like, Comment and Subscribe for more videos!
Check out the newest podcast episode: • We Watched Velma For T... - เกม
![[TH] VCT Masters Shanghai Playoffs DAY 4 // 100T vs GEN | G2 vs TH](http://i.ytimg.com/vi/UkTGSxdCUQw/mqdefault.jpg)
Check out the newest podcast episode: th-cam.com/video/7fzk-QmDkvo/w-d-xo.html
Hi
no
Hi
Futahar
@@plugg4mb bruh
The OBS case just goes to show that adblocking solutions are not just a convenience but actually a critical part of your security solution and you should never browse the internet without one.
@Bill Clinton Enjoyer Nah, plenty do. Just depends upon how full of themselves they are.
@Bill Clinton Enjoyer some, if not many, will be ok from people using them. They know people DO use adblocks, might not something they actively promote, but most will tolerate them just fine, and still make decent revenue (from other ways)
@Bill Clinton Enjoyer Linus attacked people who use adblockers and called them thieves which is ironic considering this is a comment in a video about Linus.
Or just dont be an NPC and click on something that says "Ad" or "Sponsored". Never download something from an ad or sponsor.
@@painengineer there have been cases of drive-by downloads delivered through ad networks. blocking ads is actually important.
The best way to not get your channel hacked is by not even having a channel at all.
???
@@GokuSolosAnime hes based
Facts
Watch out for ip grabbers as well!
Big brain move
Linus Security Tips
You’d think Linus Sex Tips himself would know about using proper protection.
@@sorimasn true, but he didn't use protection and one of his PCs got compromised
*linux take tips*
Linus licks tips
More like muta security tips
also VERY important NEVER mix your WORK pc with your PERSONAL pc, NEVER use your PERSONAL phone with WORK related services
BUT MUTAH, if you're going this far, you might as well have your virtual machine's disk images encrypted as well and enter a password every time you boot it up. More sophisticated malware could find said disk images and read the data from them.
Actually, that's not even the worst part. While malware is gonna have a VERY hard ass time trying to get out of the virtual machine, what it CAN do if the virtual machine has access to the internet is travel to any other connected device on the network. Some routers have wireless device isolation which prevents this, but not all of them do, and even if you do have that, you have to turn it on. It's not turned on by default.
@@arnox4554 that would involve a zero day vulnerability to be found in windows or whatever OS you'd uuse
@@arnox4554s there any other sort of fail-safe to prevent the malware from pinging other devices on the router? (Might be butchering the use of the word ping)
@@arnox4554 How can we check if the router has that defence and how can we turn it on?
@@Valkbg You need to go into the router by typing its IP address in the address bar of your browser. It varies by modem but if you go into the command prompt and type in "ipconfig", it should be your Default Gateway.
After that, you'll need the username and password of your router. It should have come with your router at install time, but if you got your router from your ISP, and they're particularly awful, they may not let you have it, in which case, you need to either try to buy and use your own router, switch ISPs, or deal with it.
Once you're in the router settings, it should be in the wireless settings or advanced setup. Should have "isolation" in the name like device isolation. If it's not there then you'll need to buy and use your own router.
For a TH-camr who knows a lot about technology, not even a tech guy like Linus is safe from those hackers.
80+ employees and a phishing attack
It was the marketing department opening a PDF from a supposed sponsor.
Anyone can potentially be caught by a hacker or social engineering when they let their guard down for a moment. Linus has been a victim of business email compromise wire fraud before. In this case, it wasn't because of Linus himself, but because not everyone in his company was trained to be up to date with these security threats.
Linus and his employees arent Cyber Security Specialist like Muta and other Channels, he is a Tech Channel. Even if they were there are always ways round things. Even if they aren't available now they will be. Like Muta said, the landscape changes every day at the least.
@@boat02 Which imho is kinda ironic because his entire company was literally based around Technology.
I mean yeah at one you cannot expect people to just be up to date with everything especially in a era of Information Overload right now, but at the same time for a Company to existed around Technology they're like supposed to be the frontline of knowing about this type of Information.
@Azazelivae 「安倍」 But technology is such a broad word. I mean, MKBHD is also a tech channel, but i wouldn't be shocked he got hacked.
Absolutely love the emphasis to sandbox everything that you can -- and super appreciate the shoutout! ♥
You know Muta was grinning ear to ear knowing he could talk about virtual machines today 😉
I'm already paranoid enough with how much the world has descended into madness as of late but now Muta has me at advanced paranoia. I can't fathom how much I'd be sweating in panic if I followed through with becoming a TH-camr.
man the paranoia gets way worse when you study cybersecurity lol
@@IceFire1800 I'm an IT student, and even though I'm not in security department, I'm pretty paranoid already
You're just getting to adv paranoia now? You must've missed the 90s. Lol
The lengths that Elon Musk went to to become as popular and influential as LinusTechTips is insane
"Keeping your TH-cam channel safe is crucial to protecting your hard work and content. To avoid getting hacked, make sure to use a strong, unique password and enable two-factor authentication. Be cautious of suspicious emails or messages asking for personal information and always keep your software and browser up to date. Remember, prevention is key, so stay vigilant and take steps to secure your account before it's too late!"
If you run a personal channel like me or most others do yeah that's a given and should keep you safe. However if you run a company like Linus does that's where you run into an issue.
Most info is shared through a server with employee's so they can write, upload videos to post daily. Due to that.. all it takes is one person to make a mistake. Most, if not all Hacks are caused by Human error by clicking on phishing links through emails, social media links etc.
I'm not saying that's what happened to Linus but If I had to bet.. It was a factor.
ayo gimme your channel i’ll keep it safe for you bro
@Cecil's Wayback Gaming Machine someone got a scam email for a sponsorship and clicked the link lol.
@@vroomzoom4206 oh? i thought it was the pdf that was bad not the actual email?
@@CecilTheDarkKnight234 I mean linus literally states that an employee downloaded a fake sponsor pdf that grabbed their session token. Neither the password nor 2fa was compromised
This was very educational and enjoyable to watch. I love when you cover things like this a do walk throughs!
I feel like just writing a small client that prompts the user to clear the session tokens on restart would be needed. Or restrict what devices can access those tokens. Like have people use remote machine for channel interaction
Regardless of how good you are in something, someone from your team can always screw up for everyone
got hacked recently and it really can fuck u over(dude bought a surface laptop lmao). everyone should hear this because it can literally happen to anyone just from dataleaks, password managers/authenticators should be used for everything 100% and VMs lowkey the move to be safe completely. muta spittin fr
Virtual machines are the reason i found your channel and subscribed back in the day, should do more content wit them. Maybe more safety tips. And how to detect if you had malware for morons. Keep up the work.
3:00 definitely this. I've had accounts broken into before and making sure no other session is logged in that you don't know about/don't remember is very important.
I've been waiting for this. Thanks Muta.
VMs are no-brainers. The real challenge is the setup and that’s about it. Opening a VM in your desktop is akin to opening a web browser twice.
Such little action with major effectiveness regarding security.
Thank you for making this video, I will be definitely going down this rabbit hole to protect my accounts
Muta: ppl hate logging in all the time because it’s inconvenient
Also Muta: so the solution is make virtual machines everytime you want to log in
I can't tell if you're joking, but in case you're not, you make the virtual machine once
@@storm_at3039 To pretend a virtual machine is like this water tight box you can keep a pet monster in, is very misleading though. The end-user can still screw up bigtime and infect their actual PC.
@@PHeMoX ?? I agree with you, and never said otherwise, I'm just clarifying what was said
I really hate keep logging in and logging out on my account but google might change that thanks to the stupidity of this youtubers. It should be optional.
@@greatveemon2 I very much doubt that will happen
worth mentioning that there are many lightweight applications for Linux and even whole lightweight distros which allows virtual machines that consume even less resources
also pretty funny to keep the environment inside your virtual machine safe from any unsafe stuff you run outside of it because it'll be relatively safe even if your pc goes to shit, instead of running all unsafe stuff in the vm
Thanks for the tutorial.
Will do that eventually 👍
Do you have other channels to recommend, that explain security precautions? Perhaps even deeper. I want to understand if I can figure out whether I got scripted, or want to know what to look out for if it happens. I can do basic programming. Is there checks I can run on my PC by myself for example?
I managed to get you onto a cinema screen where a star wars movie was supposed to be played. Everyone saw Mutahar for 5 minutes.
I def agree with the VMs, but one big one is running all downloads through virus total. I don't know if it would have helped Linus, but in general just making sure that any download is clean is a good step and it doesn't take much time to do
Muta never fails to make a great video
THIS WAS GREATLY NEEDED thank you muda
Thank you for this upload, love your channel 😎
I appreciate your guidance, mutahar. With your help, I installed a virtual machine and ran linux mint on my windows system. I am more confident about my security now, and I plan to explore sandboxie as well.
you keep reccommending these usb security key things, could you do a dedicated video on what they are, how to use them, how they workm etc? would also let you link to it every time you mention them, probably increase the ammount of people following through with it
This is where I feel app stores will be more widely adopted. Although they're by no means a total defence, they at least add some layer of security.
This is great. My friend says that all new computers are so advanced now that you can pour water on your computer and it doesn't do anything. Can you please try it as he's adamant it works! Thanks Muta, love your content!
This man is paranoia incarnated. Love you Mutah
I actually learned about session hijacking from your Discord malware videos.
I've been waiting like a week for this video.
Valuable info Muta! I think you should do more of this kind of content 🙏🏽
imagine if Muta gets somehow hacked after this video goes up 💀
Edit: I called it! Muta just posted a video saying he got hacked LMAO
But Muta, how do I protect myself from creepypastas? Not even VMs can stop them!
The Windows Sandbox is a really neat alternative. Only downside is it's kind of weak. Not really a full sandbox.
Thanks this is literally something I will need to do. I just reformatted my hard drives and reinstalled windows this morning (...). This might be useful to do now.
What your describing is backwards. You should be accessing the suspect files/programs/etc from a virtual machine. If you opened a sketchy pdf on your host system, it could still (in theory) pull your credentials from the VMs you have installed. I don't think there's anything out there that would actually do that at this time, but from a stricter security standpoint running the "access-youtube" browser in a VM is a lot less secure than accessing the questionable documents from the VM.
tldr; Run sketchy software and open untrusted documents in a VM, never on your host!
I've missed these big brain Muta videos.
cant tell if all time that passes i know less about the internet or if i just am learning more about what i dont know .
In this case it's the latter. Most of this kind of stuff is old news.
Just don't ever stop wanting to learn new stuff even if it is old news. Getting lazy is how you get victimized hardest.
this was really informative thanks muta.
Muta could have dissappointed in this video but no one knows yet cause it's been out for 2 minutes
Thanks Mutahar, for being such a great help to us all. He always knows what’s right.
bot
Bot
Bot
Not a bot.😁
@@LoveHandle4890 bots say that too
Is there a way to set up a VM and have someone using that VM as a PC?
Maybe control it from a tablet or phone?
11:36 if you're on windows it's gonna prompt you to download an installer instead, you can change your use agent to anything other than windows and it will give you the actual ISO.
A little side note: If Microsoft's website detects you're on a Windows OS, instead of offering a nice and easy way to download an ISO, they instead require you to download a tool, which when run then asks if you wanna download an ISO or create one from the current installed system.
I’ve seen people say Windows is only an issue because of the market share. Maybe a chat on how the core design of Windows make it possible and market share really doesn’t matter.
It’s crazy to me that Linus got hacked. If Linus gets hacked we have no hope.
its well known phenomena that shows the people who believe they can never be scammed end up being scammed applies here
as his company grow so does the weakness on their system
Linus drop tips has entered the chat
It does suck how it happened tho
It was an employee who most likely didn’t know proper phish link avoidance tips
Buddy. _Jim Browning_ got tricked. I lost hope a fair bit ago.
Muta u have an "cut" error there while editing ig at 7:51 just wanna let ya know. Thanks for the vid btw
Curious. Does macOS provide any extra protection to this attack vector using safari? I get plenty of pop ups and warnings in macOS about stuff. Wondered if macOS is just as susceptible.
Your original video on Linus' channel being hacked is actually what made me buy a Yubikey
I really don’t know why the session cookie isn’t signed with the specific browser you are using. Maybe I am to dumb to understand it, but it would be an intuitive way to make sure, that you didn’t temper with the cookies in any way.
One thing that might get tidus but is safe if is have somewhere written your main passwords and keep it near your pc or somewhere you know is safe, and don't use the chrome save pass
Ey Muta, windows also has Hyper-V built in, you just have to enable it, it's pretty easy to set up a VM there, no need for virtualbox or vmware
Windows also has an inbuild 'sandbox' which allows you to run a disposable Windows. No need to create virtual machines. This feature from Windows is unfortunately not well known. I believe you do need 'Windows Pro' for this though. It runs isolated and is indeed disposable; when you close the window it is entirely gone.
what about a macbook? any options for mac os?
Good explanation of grabbing session tokens.
"Two presentations in one" time, you spoil us Mutahar
Speaking of VM's, could you make a video about Qubes os?
😂 when you get the Linus Tech Tips Build Redux ad before this video 😂
Bruh Muta is going on fire 🤙🏻🤙🏻🤙🏻
18:05 Well, I guess a programmer here, just gonna say using a VM for Ubuntu and Kali on my 2017 budget gaming laptop runs perfectly fine. Not like 60fps gaming or anything, but it runs this sort of stuff perfectly fine. Now, if you're training AIs or something, that's something else I can't really comment on, but for my purposes, even writing code and compiling on a VM isn't really an issue on modern hardware. (For context, I give my VMs 8GB RAM)
2:10 - We can dream, can't we?
Between this and the fact I'm studying cybersecurity, I'm actually kinda mad that I'm genuinely considering going the whole Virtualization sandbox route now...
Time to go buy some extra RAM i guess
The fact you’re doing more to educate creators about this than TH-cam itself is nuts.
Could livestreaming be done within the same sandboxed environment for uploading youtube videos?
Moral of the story: trust no one, not even your mom
Tf u mean moral of the story? U havent even watched the video yet
@@Petrela I watched MANY other videos about this malware attack used to steal cookies from your browser.
I had two different suspicious logins occur into my Twitter account yesterday. I changed my password to try and thwart the first threat, but hours later it happened again and I had to change my password a second time. I rarely ever use my Twitter account, and I never even finished my profile, so there isn't much to steal from me.
Thanks for this man
A small TH-camr named HerbMessiah also got hacked like what happened to Linus. It was such a shocking experience seeing what happened, but at least he got his account back.
Most of the people who got hijacked did get their account back. Even tiny less than a hundred subscriber channel did.
Never save your passwords to your devices.
Never use anything but a password & multi-authentication.
Always check your devices on your accounts.
Always clear cache & scan devices.
Im in the IT field. I'm currently working as a field technician and I'm basically ruining my car in the process for low pay. Do you have any recommendations on certifications to get in your expertise?
The vtuber Momo also just had her channel hacked and deleted by cryptobros, as well as her Twitter accounts. It's really becoming a huge epidemic.
What do you think of the Brave Browser Muta?
I did not even know session tokens existed
Hackers: Our time is here!
Mutah: Virtual Machines, Son!
I got a text with a 2fa security code while watching this... Now I'm freaked out since it doesn't say what service they were trying to sign into... What are the odds
On Linux we have SELinux Sandbox, Podman, OCI containers, Flatpak and other tools to sandbox applications
would love to see a Linux Muta collab
Its crazy how companies dont have SAT in place for their employees or dont have MSPs.
That's because MSPs cost money, and sometimes MSPs can practice bad security. But linus shouldn't need one, he should know how to practice good security on his own. But really the solution is to train less tech-savy staff, and harden your pcs to limit outside sources.
I love how Muta started to shill his "vmification" Absolutely love it. I'm now a VM lover. I now game on a windows VM with full GPU passthrough. That's why I got two GPUs inside the case.
Also I installed the w11 VM. For the TPM I emulated it through virtual box
So a VPN would not be of any help in this situation? Is it even worth having a VPN running on current setups? Or is this like totally unrealated and, im big dumb (lol) for asking?
Sorry it won’t help. This attack relies on target downloading a fake pdf that is an executable that steals the cookies
I'd wanna see a part two to this with splitting network access for machines in the router.
And by the way, you can boot directly into the bios by holding [Shift] and initiating a reboot.
That was very authoritative. Does your magical [Shift] reboot work on every system out there, or are you just blowing smoke out your ass?
@@theritchie2173 Windows has it on the bottom of the screen before starting up, how is that magical? 😂
@@sourgreendolly7685 Is everybody device out there Windows? What does Windows even have to do with selecting boot options before Windows even starts?
This is massively appreciated
at this point i wouldn't be surprised if Muta is doing the hacking with all of them VM'S that he uses
He’s doing it to spread VM propaganda
@@user-yk5ql9gz9b Propaganda?! Lol
@@user-yk5ql9gz9b 😂
I'm still waiting on a CubesOS review Muta.
If you use flatpaks do you have some kind of a sndbox which makes it safer as a normal package. But not everything is in suxh sandboxes
Cool vid bro.😺
I wonder if running something that comes on low end machines like chrome OS makes sense for something like this. It might be easier than installing a light Linux vm.
Great vid
Colton's never gonna hear the end of this, the poor man
shadow background goes hard
I took Muta's advice in many videos he did ago on his rant to stop using windows and i've switched over to a Linux system and it is impossible to be hacked. You should all do the same...
Appreciate this a lot muta.
Always love to watch ur videos
Thank you I don't have vex without a condom so I appreciate the vm birds and the bees
I would love to run the penguin I'm just to worried. I feel like I don't know enough about windows as is
Hey Mutahar, how long does it take you to make a usual video?
Delete your channel to avoid them hacking it🧠
Fr
Big brain move
But how do you avoid having your life hacked?