How can youtube have such horrible security

Galdorf

Galdorf

Well-Known Member
Reaction score
502
Location
Ontario, Canada
The hackers have been able to get around 2 factor authentication lots of channels have been taken over.
this explains it better.

 
So, what is Youtube supposed to do about a Youtuber's personal computer inundated with Malware and viruses?

4:39 - "I was hacked on 11/11/19... ... the infected computer I no longer use, I used my secure phone and turned on 2-step security..."

Well, a little late on that!

5:30 - "Is it too much to ask, for the BIGGEST tech company in the world to maybe, maybe stay one step ahead of hackers!?"

Screams the guy that obviously doesn't know how this works yet. We should just invent nuclear cold fusion before knowing how to do it, that makes sense.

6:06 - "...until Youtube gets some better security options, I will also not be the last... at the end of the day, the problem was my own fault." "I was baited to click a phishing link in my email"

9:45 - Ircha's account was hacked via a phishing email.


So, what do you propose Youtube do? Re-write the entirety of "Web-Services" by themselves so the entire world can follow that instead?

Sorry your accounts got hacked, better wise-up and stop clicking on links like "wikreate.su", along with writing your passwords on sticky notes for you live stream, and everything else. Hard to hold Youtube accountable for that.

Welcome plebs, this is the internet. A global cesspool of misfits and opportunists. Welcome kids!
 
phaZed said:
So, what is Youtube supposed to do about a Youtuber's personal computer inundated with Malware and viruses?

4:39 - "I was hacked on 11/11/19... ... the infected computer I no longer use, I used my secure phone and turned on 2-step security..."

Well, a little late on that!

5:30 - "Is it too much to ask, for the BIGGEST tech company in the world to maybe, maybe stay one step ahead of hackers!?"

Screams the guy that obviously doesn't know how this works yet. We should just invent nuclear cold fusion before knowing how to do it, that makes sense.

6:06 - "...until Youtube gets some better security options, I will also not be the last... at the end of the day, the problem was my own fault." "I was baited to click a phishing link in my email"

9:45 - Ircha's account was hacked via a phishing email.


So, what do you propose Youtube do? Re-write the entirety of "Web-Services" by themselves so the entire world can follow that instead?

Sorry your accounts got hacked, better wise-up and stop clicking on links like "wikreate.su", along with writing your passwords on sticky notes for you live stream, and everything else. Hard to hold Youtube accountable for that.

Welcome plebs, this is the internet. A global cesspool of misfits and opportunists. Welcome kids!
Click to expand...
I love reading your replies. Sometimes they make my day.
Insightful, witty and honest.
Thank you. :D
 
Yeah... there was so much whine here...

But let me pose this question... all these "professionals", that spend thousands on audio/video gear, and make their living off on of the largest cloud hosted services on the planet...

And do you think, any of them... ANY OF THEM AT ALL... hired someone like us to help them secure their environments?

They didn't plan to fail, they failed to plan... and paid the price for it.
 
They didn`t steal the users passwords they stole the browsers session cookies bypassing both password and 2nd factor auth sure it was the users fault clicking on malware but this is Google we are talking about they should force person trying to change ownership to input that info into form using No CAPTCHA reCAPTCHA.
The girl didn't have 2 factor turned on her fault but other users did have it on both parties are at fault does not matter what kind of auth is being used it was bypassed anyways also is the fault of any security software they were using at the time.
 
Last edited:
Galdorf said:
sure it was the users fault clicking on malware but this is Google we are talking about they should force person trying to change ownership to input that info into form using No CAPTCHA reCAPTCHA.
Click to expand...

So, what do you think a CAPTCHA is going to do? When the hacker on the other side takes over the session, they get to enter the CAPTCHA. Sure it limits bots, but it does diddly squat for a real person.

Well, I see that Ircha and some of the others (all of them?) got their accounts back on the 13th or 14th.

"The Quartering" gives an awful lot of credit to "the fans", his channel and other 'Youtubers' - for #TeamYoutube's response.
It would be interesting to see what Youtube's response, WITHOUT all of the hubbub, would have been. Probably 48-72 hours, a standard corporate response, like what happened WITH "The Quartering's" help.

IMO, TheQuartering is like a loud neighbor. When the cops, firetruck and ambulance come for the house fire across the street, TheQuartering is the guy that can't wait to help, with no experience, just to get in the way and have one of the firemen escort him to the sidewalk, "You see, it's already under control, but now I have to take time to escort you to the sidewalk instead of fighting the fire."

I only mention it because every time some Youtuber gets in a pickle, this guy can come help and grow his own channel - all for an issue that would likely resolve itself naturally within 48-72 hours. Get it while the gettin' is hot! There's nothing wrong with helping people or growing a channel, but rather, which of those two are the prime motivator.


6:40 - "I know we've had[made] a difference, a lot of you have found new content, a lot of you have met friends now, on Twitter and other places by coming together and fighting for good! That's always way better than raging against some blue-haired crazy person."
Click to expand...

Yeah, it's much better to rage against the red YT logo - and meet friends, subscribe and get on your tweeter, in the name of "good"!
This guy is marketing for Social Media, c'mon.

Oh, wait for it.. here it comes..
7:00 - ".. but there's one more! One more time. Once more into the gray. The channel is called Vivalafifa... ...it's exactly the same as all the rest (PC Hacked), I'm hoping we can ask Youtube to look at one more account.. .. hopefully we [viewers and "TheQuartering"] can fix this for them."
Click to expand...

No, thanks. I'm sure Youtube will fix it for them.

8:37 - In reference to the new channel that needs 'help' - "This case is particularly interesting because they[Vivalafifa] sent an email to Youtube support, but are getting a generic reply back that says, 'Thanks for contacting the creative support team, you're getting this response because you've reached out to an email address that is no longer supported from early 2020 on-wards.' "
Click to expand...

Um, hello!? Vivalafifa's computer is infected. That's why they're getting the "response" - he's been DNS'ed, proxied or Redirected. I'm sure his "Google contact page" is phishing him.

Sorry, this guy's a tool. He's got 8 video's in the past week complaining about Youtube. His whole channel is a big complaint. Mostly tabloid complaints of no substance and BS right-wing talking points. Is he a single 32yo living in his parents house playing video games all day, complaining(projecting!) about SJWs calling single people Incels? Yep, sure looks like it. Snowflake! Get them bootstraps, boy!
 
Last edited:
phaZed said:
So, what do you think a CAPTCHA is going to do? When the hacker on the other side takes over the session, they get to enter the CAPTCHA. Sure it limits bots, but it does diddly squat for a real person.
Click to expand...

What i was talking about filling out the form was kill all browser sessions log out user delete any cookie sessions put up a username password form with CAPTCHA then run 2nd factor auth if enabled verify then allow a user to change password or add another user to account ect.
Atm all you have to do is be logged in to account and you can do anything from deleting your account to adding users or change passwords ect. other companies big online game s log you out of your browser sessions and kill cookies then ask to verify your info including secret questions like what is you pets name or favorite high school teacher which Google should also add after verify user and password on form.

change-password.png


not-a-robot.png
 
Last edited:
"all you have to do is be logged in to account and you can do anything from deleting your account to adding users or change passwords ect"


That's completely false. If you try most of those things, you will be asked again to prove your identity with the security set up on your account. Hijacking the session doesn't mean you have access to any of that.
 
14049752 said:
"all you have to do is be logged in to account and you can do anything from deleting your account to adding users or change passwords ect"


That's completely false. If you try most of those things, you will be asked again to prove your identity with the security set up on your account. Hijacking the session doesn't mean you have access to any of that.
Click to expand...

I was able to add a user to my account with admin access it did not ask anything that may have been changed past few weeks but in july i added my friend to my account and all i had to do was be logged in and add him was not logged out of session or asked anything.
 
You must log in or register to reply here.

Similar threads

lan101
Youtube TV Google account management change payment information
Replies
17
Views
2K
lan101
lan101
GTP
Activate any version of Windows, Windows Server, Office etc...
Replies
5
Views
1K
fincoder
fincoder
thecomputerguy
Is there anyway to add 'groups' as teams members?
Replies
4
Views
852
Sky-Knight
Sky-Knight
thecomputerguy
Receiving large files from external members...
Replies
2
Views
457
thecomputerguy
thecomputerguy
HCHTech
Lenovo TIO Power Supply issues
Replies
0
Views
366
HCHTech
HCHTech
Back
Top