Linus and Luke Discuss the LTT Hack
Вставка
- Опубліковано 26 бер 2023
- Linus Tech Tips, TechLinked, and Tech Quickie all got hacked. Linus and Luke respond. (Sleep deprived edition. (For more information, see our video breaking down the timeline of the hack and the method behind it step-by-step - • My Channel Was Deleted... )
Watch the full WAN Show: • Our Worst Week in Year...
► GET MERCH: lttstore.com
► LTX 2023 TICKETS AVAILABLE NOW: lmg.gg/ltx23
► GET EXCLUSIVE CONTENT ON FLOATPLANE: lmg.gg/lttfloatplane
► SPONSORS, AFFILIATES, AND PARTNERS: lmg.gg/partners
► OUR WAN PODCAST GEAR: lmg.gg/wanset
FOLLOW US ON SOCIAL
---------------------------------------------------
Twitter: / linustech
Facebook: / linustech
Instagram: / linustech
TikTok: / linustech
TikTok (LMG Clips): www.tiktok.com/@_lmgclips_
Twitch: / linustech - Наука та технологія
This isn’t a clip… it’s an extended mag
BELT FED
@@Slug99 There is a very fitting Tachanka quote for this
LMG MOUNTED AND LOADED
@@ericmiles11 WOW LMAO
@@Gwizz1027 lmao
@@ericmiles11
Luke is the physical embodiment of "I don't like the consequences but I sure do love the chaos"
*starts joker theme*
Luke is the best
That's why he paid the hackers to do it :D
I'm the same way, I absolutely love working in what can be cordially referred to as pure chaos, there is just something about it
Hey, he is Like by the way! Remember the Skywalker
I love how this clip is longer than the WAN show used to be
I put my hamster in a sock and slammed it against the furniture
@@TippyHippy Place the towel gently over the rat.
And then, grasp the rat carefully around the body.
Grab the towel around the rat, being sure not to obstruct the rat's nose.
@@TippyHippy nice one, thats an old refference there good sir, keep it alive while its still allowed
@@TippyHippy I don’t know where this from and I suspect it’s just a random comment. But that’s funny af
@@doglookingatcamera7954 It's from a song i suppose. "Ladies man"? or something.
In an alternate reality Luke is a firefighter just absolutely jazzed to go put out giant fires as quickly as possible.
Yeah. Same energy.
Firefighting is a dangerous job.
ua-cam.com/video/KxMMYKkVbwA/v-deo.html
In another reality, he's a TV producer going into his 17th hour of live tornado weather coverage.
If I remember right his family is full of emergency and first responders so its an environment he's familiar with
uhh... Luke IS a firefighter IRL
Luke is EXACTLY the kind of person you want when crap hits the fan because he's the kind of person who is built for crisis management. Ready to go, proactive, problem solving, diagnosing potential issues, hard to truly overwhelm, focused, etc.
Guy gets it done.
I love how no one seems to be talking about how Dennis has had to edit naked linus so much he developed a very smart technique of just blurring the whole screen and decreasing the size of the blur in order to avoid having to see it more than he has already.
having employees who get excited to help with something like this is proof the dimensions are merging
the Dimensional Merge is definitely happening, first this, then today Chris-Chan just got released from jail
@@onemorescout I'm fucking sorry, what? He got RELEASED?!
@@Guru_1092 iirc he got bailed out by someone
@@Guru_1092 yep
@@Guru_1092 bailed
With clips this long the LMG Clips channel will need it's own Snippet channel.
@@SimonWoodburyForget LMG clips clips tips
clip doesn’t mean short video, it means a segment from a video, which this is
@@peen2804 🤓
@@SimonWoodburyForget new new lmg clips
@@peen2804r/whoosh
This isn't a clip anymore, this is full on belt-fed.
_I love it._
it's a mag
CHARLIE WAIT!! w-wh..What should i do chat?
@@brigaderog177 I mean, an open cycle machine gun could fire using either Clips or Belts.
@@brigaderog177 or a drum magazine
@@brigaderog177 "you absolute buffoon! What you have there is not "clips", THESE ARE MAGS"
Man, I have never identified with Luke more, I, too, absolutely **thrive** on the chaos of everything going to shit and patching every hole that comes up ad hoc. I should also work in disaster response more often 🤣
I’m exactly the same. Chaos is fantastic. I thrived in the early days of Covid. I get anxious and bored when everything is operating normal.
It's funny, I have terrible anxiety when I'm stuck in a situation that feels like it's just happening around me. But, give me a situation like this where I'd feel able to do something and game face is on and I'll be in my element getting down to work doing what needs doing. I guess it's just that I love a challenge where I get to put my skills to work though.
Lemme guess you like colony / factory management games?
@@AngeloXification They should like Frost Punk then. That game is fun and chaotic
You can tell how much fun Luke is having by the length of the clip.
Case in point: first clip about ChatGPT.
The funny thing is sometimes when you have a VPN running or you activate it during a session, Google will throw up a message saying something like "We noticed weird traffic coming from your device" and refuse to let you interact with any services for a while. But when the tokens are hijacked and used on an entirely different machine they're like "Yeah okay" 🤣
To save resources, they only do actual checks during login but not during a continuation of a session...
@@brunoais I never said this only happens during login though. If you were logged in and use a VPN this sometimes just happens out of the blue.
@@dienand_ I understand what you mean but there's actually two different cookies. There's the session cookie and there's the session restore cookie. Does this happen in situations when you login then you turn on VPN very shortly after? If so, then you are right and something even more wrong is happening!
@@brunoais Yeah, usually I get it when I originally logged in to Google before I turned on the VPN. A hypothetical scenario would be if I logged in to Google on a browser for the first time and then use it for a while and then later (that day or the next day maybe) I turn on the VPN I would get such errors. Not always, but sometimes. This has happened to me with multiple VPN providers.
Anyway, I can kinda understand getting the error since to Google it would seem like you're connecting from an entirely different place. However, in my opinion, stealing the session token and using it on an entirely different machine and network should present you with a similar error...
I want to work on a team with someone like Luke
Hell no, sounds horrible. Peer pressuring each other to pull all-nighters and being overworked as a badge of achievement. Even Linus was shaking his head
@@malfaroangel3896 He didn't peer pressure anyone. The team Luke has assembled all have a common goal. They were logged on without him even knowing or asking
@@stevenblakesley I believe following a leader like that can show how strong a team and it's leader can be.
@@malfaroangel3896 Clearly you've never worked a job that you enjoyed with people you actually like.
I'd love too
The floatplane chat bug, if it's similar to a bug I've encountered in the past on my own apps, should be easily circumnavigated by reversing the order of your chat message array and then having a reverse flex column. CSS takes care of the scroll-to-bottom for you without any janky JS breaking it apart
Css solutions are always the best solutions, even if they're jank.
When I saw that LTT was hijacked by some crypto bros I felt absolutely shocked but at the same time I knew UA-cam would be able to restore the channels because the same thing had happened to other youtubers I follow. Still I was sure Linus and the crew where going through though times now mater how easy it was to fix
I knew they'd recover, and I also knew they'd make some good videos about it.
At the very least, there should be a check box on your account for "Require sign in from unknown IP" where you must enter your credentials any time you attempt to log in from a new IP/location. You should also have to enter your credentials for any major change such as changing the name of your channel, or before deleting videos.
There should be a "high sensitivity mode" for any kind of input that comes from a new/logged off IP
While stronger Rules for new IPs/Location can Help Sometimes, those UA-cam content creator Hacks already have mitigations in place. The previous three attacks I heard of, already used the infected Computer as a Proxy Server to redirect the dataflow.
The exploit bypasses logging in entirely.
Agreed. Google should allow user to decide what the level of convenience Vs risk balance they which to take when it comes to security.
Yeah, the option for this is good, but mandatory will be a nightmare. I live in a unfree country and i daily drive a dozen of vpn, proxies and other obfuscation tech and mandatory password checks for a simple thing like ip location change would be a nightmare.
"Some of us had kids to feed!" "And that was great, because there was more for me to do" Luke I love you
I wish more workplaces were ran in a way where we as employees would want to drop everything and help when the preverbial hits the fan.
I hope linus does something fantastic to show his gratitude for the team.
I'm sure hope he does! His employees were ready for war!!! 😆 🤣
@Simon Woodbury dont Forget this is a rare occurrence I doubt they constantly work thier work employees like this I reckon he will do something to show them gratitude. As they said they didn't ask thier employees to start early they just have the passion for the company and offered thier help
@@SimonWoodburyForget So enjoying your job is considered terrible work life balance?
@@SimonWoodburyForget what does having the freedom and access to be able to get right to work on a problem that you personally want to start working on have to do with working too much? This isn’t exactly an everyday situation, we’re talking about being able to take action quickly in edge case scenarios, so why are you acting as though this is representative of a typical day?
Even if the general work life balance is bad, that still doesn’t have anything to do with what’s being talked about here. Doubly so when none of what was being done was mandatory, no one was told to work more or come in early/stay late.
@@SimonWoodburyForgetit happened once, was voluntary and actually mattered
At the first LTX i asked luke how long he had been up, and his answer was somewhere in the neighbourhood of 2 days, i always thought he was smiling just because it was a Q&A, but now....
It always baffled me that Google are happy to send me Notifications on my phone when anyone logs into one of my accounts from a different browser, but won't do anything to stop somebody clearly logging in from another country.
Luke, I feel you. Had a 34h marathon myself and just being engulfed by chaotic energy is a pure blast. It's a rollercoaster that has no predetermined path and just goes on for as long as it has to. You don't know what will come, you don't know how to manage it, you don't know how long it'll last, but you know that you'll figure out what you have to do and anything is possible!
This WAN show was insanely good, everybody in the room was absolutely crashed from being tired and sleep deprived and it was borderline unhinged.
Now get some good rest this week everybody.
Bruh this one “clip” is half as long as the whole ass show was a year ago. At this rate, they’ll be doing 34 hour long WAN shows by Christmas.
5 hour wanshow when
2:59 - 3:16 so Luke is an adrenalin junkee
this just shows how great a environment working for LMG!
That moment when a clip is longer than most of the videos on the main channel.
I vibe with luke on the stress helping.
I went from manufacturing worrying about shutting 2-4 lines down that pulled $30k~ a minute in production.
To service where my worst mistake could cost $4-5k (same company. Was a promotion)
And people freak out like "we only have 3 days to figure this out" like... ok... this was something we had 3 hours to do over there...
God I miss the stress. Its hard to keep motivated now.
In every high risk system I have worked on. There is always a large Disaster Recovery File(physical file) that all engineers was made aware off, with exact non physical documents stored on a secured sever. It was our responsibility to make sure everything is always up to date. There was always a "what if" mindset. What if the building burned down. What if the sever crashed. What if we got hacked. We always had access to the Disaster Recovery document in the event a some major event
21:03 I can personally speak about because I have to constantly VPN from SE Missouri to Dallas Texas, and while I get some issues with using a VPN, none of those issues, including UA-cam/Google, log me out when I suddenly teleport hundreds if not 1,000 miles away.
The LMG team came together to get this sorted...was nice to hear Linus shout out his crew in the video about the hack. Quality people.
I remember once working 50 hours straight without rest (database event). It was rough. Remember that after 20 hours of work without proper rest, you become impaired and is no longer safe (and I believe no longer legal) to drive. It is important to be able to hand over the work in progress to a colleague and take a taxi. I do agree that the true reward is succeeding to restore services after surmounting impossible odds.
This entire saga has shown how skilled and experienced the entire LMG team really is. An absolute masterclass in damage control.
When Luke said VM provider from Germany that made perfect sense to me. There are a few hosting services in Germany that provide really cheap VMs, which often get hijacked and used for botnets and to proxy attacks. I used to see a lot of those in WAF logs and stuff. In fact that's how I used to look for cheap hosting services.
kudos to how they handled it, and how no one is in trouble for this. emotions must've been high for a few hours but now that its all done and gone, its nice to see the work environment at LTT is so healthy and chill.
Wow, Luke is kind of making me miss the old days when I was the layout editor for my local community college newspaper. Because early college kids suck, pretty much every article would come in the due date for the printer and we had to work our asses off to get that paper together. I had some days that went from noon to 5am.
Me: I refuse to watch the WAN show, it’s too long.
Also me: Hmm, yes this 57 minute LMG clip is perfectly fine.
Time is an illusion. - luke
5 minutes in and I already adore Luke and the other relevant employees. Such a good team... Keep being awesome!
The LMG team is just a blessing to us all
Listening to how the team reacted to all the problems was very inspiring, I whish you guys could produce something about leadership, and how you got to that level of commitment.
I'm so proud to support LTT
Thank you for being such a pinnacle in this industry
Production Issues are always an amazing experience and also a great learning experience. It bonds teams and colleagues too like nothing else.
I don’t mind having this clip to be almost an hour long because this topic can’t be sub 20-30 long. I’d rather have all the details than skimming the story. I’m just glad LTT got their channel back
Luke is the definition of chaotic good
Session tokens need to be reset if they are used on another machine (Hardware ID, System ID, IP, and other options to ID sessions tokens to connect it to a machine) so in a case of stolen session token, the system could detect that and ask for authentication.
That would require the browsers to check that, best case, else you are sending your computer info over the internet and that can just be spoofed.
Smartcard/Yubekey for the second factor
Yeah, LTT has its haters but the sheer number of people responding positively and joining Floatplane just proves how much most of us enjoy the content. A hot cup of tea and LTT videos can really help me unwind sometimes.
The wan show is great
They're crew sounds fucking amazing. Like a group of friends.
Oh boy I love feature-length LMG clips
22:50 if the location changes, if they can query device info, that would let them rule out if it’s probably the same device or something different. like is it the same browser, is the operating system the same, etc, because no normal user is going to copy a session token to avoid logging in again on a different browser or another os partition on the same device.
That information comes form the browser’s user agent and can be fairly easily spoofed to match the target
@@Scott-1317 i’m pretty sure not all of it is from the user agent (tho you’re right about what i listed), because it seems like user fingerprinting would be a lot harder if browsers just decided to stop voluntarily sharing as much info. there’s an api for real location access that iirc bypasses the browser permission, i have an extension that blocks that, most sites don’t care but it makes soundcloud break.
Happy you got ot resolved this fast, and Linus said it already, but I wish for smaller creates the process could be this smooth as well. i understand YT is corporate so for larger channels it will be faster, but still some channels can't even fix this problem in even a week.
Love the energy from this topic. Imagine if your employee had the training to not open that email. Everything would still be business as normal. And we wouldn’t know more about this large UA-cam issue.
Hi Linus, another good thing that came from this, I heard it first on the Dutch radio (free advertising), and they also criticized UA-cams security.
The speed at which this was fixed is a good showing as to the quality of Linus's skills as a ceo, bringing all the right people together through the years and keeping them close, him and evon(? Sorry I don't know how to spell her name) are both absolutely amazing, as is everyone involved in having fixed the situation
I personally had issues on my own UA-cam channel when using VPN. UA-cam did required TFA when I was on VPN (different country).
Luke here saving the day once again March should be Luke Appreciation Month. Everyone was already saying during the hack Wan show would be lit.
If this is a clip, than what is a full video? A movie?
luke’s discussion of recovery time after Emergency Mode makes me think about how i used to be able totally tank my way through so much throughout undergrad but weeks later i started grad and my entire Soul was just like nah i peace out at 8pm now
Was there a presentation/talk about this at LTX 2023?
An actual, good work environments where people do extra work because they like working there and the company actually means something to them because they helped build it and are treated accordingly instead of being "incentivized" or forced to?? Healthy work environments are so rare in the tech space so this is really cool to hear.
well MS on the other hand would constantly log me out when I switched between different IPs - work, home and phone as hotspot so they have/had the location thing covered unlike google
to make it harder to steal a session the browsers should encrypt the session keys, like windows 11 and if its enabled in windows 10 has a TPM that can be used to encrypt.
I have also seen ads pointing to the "Tesla" streams. Also seen a Microsoft version of that.
what is the web site that he mentions 12:33, that you can search by subtitles?
Linus mentioned FiLMoT, it's useful, but personally not a fan since you have to navigate to a separate website. I prefer YCS (UA-cam Comment Seartch) the browser extension that shows up below the video description and above the comments section, so in between, even when watching a video. Very useful, in fact, I used it to find your comment about it. lol
I was most worried about Linus Cat Tips, glad everything is alright!
Could you guys make a video with a list of suggestions to follow to have a safer experience while using UA-cam as a smaller creator? I know about not opening files that I don't recognise, checking mail addresses, etc, but I'm hearing a lot of methods for high-jacking accounts and I feel that I'm totally outdated every 2 weeks or so.
Another thing that UA-cam could do for a declared hack, Linus calls a super secret youtube help desk and gives a voice person to person only pin/password whatever and these guys can just immediately invalidate all the open session tokens - everyone now has to login again. Perhaps at the same time they lock down the world facing site to as LTT employees login they can re-build the site quickly.
The main idea is still an out of band contact that an officer of LTT can employ that can invalidate all session tokens at once
Luke, having that reaction from your staff shows great leadership. Well done :)
I'm like Luke, I just grow in that problems. I actually also missed them, so I'm starting a new company 😂. Being responsible for the tech during those moments are stressful as hell, but you put your whole brain into it and that's amazing.
I wish everyone in this world had a job where the pay is a nice extra. Linus proves the a good wage and a nice company culture causes people to see their job as a hobby and it def. increases productivity.
OMG, I've been looking for that filmont site for like 5 years, I just forgot the name, thank you!
What's the site name for youtube subtitle search at 12:34? I couldn't understand the name.
are these available as podcasts?
been waiting for this
Couldn't the session tokens store the hardware configuration reported by the browser at the time it was created, and then if it no longer matches it is invalid?
one thing I don't get is how they could change that much without UA-cam going "hang on, this isn't right" and asking for reauthorization. also how did it not see that it was logged in on a a desktop and realise?
8:15 it is. anyone who is into it would know exactly how luke feels... it is cool.. specially with your "dream team".. if anything, that adrenaline and crunch is the only thing i miss about working in the field
Maybe Google can introduce quick PIN option for channels that want it. Just like on your mobile phone when you go to unlock it you need a 4 digit pin. Any time you go to yt website it asks you for the pin so your account is protected at any time even when you are logged in.
You got so much coverage because we the fans care about your channels hope all is well
Maybe you need some kind of kill switch for the channels, or if someone attempts to log in without you, knowing you need something that copy's their ip (so you can supply that to police or someone like that.) and and sends a virus that only you can disarm into the attacking pc. One of my friends built an auto-hacking system that was designed to attack unauthorised access, only there's could do many things like firing a charge of electricity into the attacker power supply or even take down the power of the local area wear threat came from.
23:58 Was that the clothes captioning [cc] feature of UA-cam? 😁
I mean... next to a 5 hour wan shown, 56 minutes is a clip haha haha. LOVE IT!!!!!
The IR reminds me of a compromised email account I was working with once. The threat actor used the account to make a free Azure trial, and was using that to host phishing infrastructure. We had already revoked the tokens, but had to wait for the session timeout to force reauthentication. I sat in the VM blade watching them create servers, then I'd delete them. So they'd recreate them. I'd delete them again. For about 45 minutes. Had I known then what I know now, I probably would have left the servers and tried disassociating the public IPs until the sessions timed out, but I was having fun at the time.
I've unfortunately dealt with a situation where one of our customer support reps got their session keys to our dispatch portal hijacked. To summarise the result was rather similar to what you describe here but the VM's were being spawned across tens of thousands of physical servers. Unfortunately there was an unknown vulnerability that also allowed them to circumvent the systems we had in place that should have allowed us to force the logout before the cookies actually expired. Suffice to say it was a long few hours in the middle of the night while we were also trying to figure out exactly how they were pulling that part off and were able to deploy a hotfix to patch that vulnerability. I initially tried playing a hopeless game of whack a mole too until I realised some time in that the attackers did not have access to the BGP routers connecting our servers to the rest of the network. I then improvised up a script to automatically generate filter rules that stopped the newly spawned VM's from communicating outside our own network. That fortunately dealt with the immediate problem in the sense of stopping them using our hardware to engage in further attacks etc, but the problem of actually locking them out of spawning the VM's and dealing with the fact the dispatch system was full of nonsense orders even after we were able to resolve that took even longer.
Is there a link to that photo of Linus past out after his post?
55:00 i did not consider that someone would be editing the naked footage of Linus 😂😂😂😂
26:38 sounds like an adrenaline rush. A kick out of the normal everyday life. It also makes your feel incredibly important. Got that feeling many times in the military.
The response by Lukes team says a lot about the environment they are working in. You don't get people with that kind of dedication without an extremely healthy work environment.
Please tell me I am not the only one that thought Linus had a sour gummy worm on his hoodie.
Corridor Crew had the same thing happen this week as well.
My company recently introduced a feature where it logs you out when you change country.
Luke's brain is broken, and I'm here for it 😂
I remember a few other big channels get taken by stealing session tokens last year. How hasn't google fixed this? It seems a massive security flaw and totally undermines MFA confidence.
Remember when the wan show as a whole was this long? Honestly tho, im all for these long segments.
Do you think implementing a IAM solution like the cloud provides like AWS, Azure or GCP have, would help channels like yours that have a high number of creators or at least people that upload videos and do stuff with the channel(s)?
There should be an “unplug the server” option, like they give you a special password, you link it to as many accounts as you want, and when you go to whatever special site it’d be, from absolutely anywhere, then every user is logged out, including whatever device was used to lock down, every thing being done on the account is halted, all access is revoked, except on preauthorised devices, requiring multiple factors, and you can go through your settings, even if it takes 10 minutes to log in and validate, you can be certain absolutely nothing will be done while you’re fixing it.
We need a clip of the clip
When I use my VPN and have a UA-cam Tab open that updates it prompts me to do a captcha and that's about it. I can close the tab and open a new one and no sign in is needed. They detect it but don't really do anything that would hinder malicious activities.
The beep was a bit off on the f bomb.
Glad you got your accounts recovered hopefully things are holding up these days
So question, how would you recover from a randsomware attack? What if they gained access to petabyte and the archive and just boom, its all gone? If all machines on the network got compromised.
Not Linus almost leaking the password in the video about being hacked 😂 46:24
I watch linus because he spends time packing his kids lunches instead of fixing his life's work on the channel hack, I have to like him more after this lol
I mean what's he gonna do, starve his kids lol