LTT, TechLinked, TechQuickie were hacked

lockhrt999 · Mar 24, 2023

TLDR, A malware disguised in sponsorship email stole chrome session cookies.

I have been writing about this serious flaw in Windows security for some time now (maybe mac os has this flaw too, I dunno). I have written about it several times on TE itself. There's gotta be an inbuilt mechanism to stop any random program reading the data that it's not supposed to.

lockhrt999 said:
Your data including passwords saved in chrome can be read by any of the 1000s of programs running on your computer. It's as simple as that.

If you ever had shared a random folder from C drive then your passwords can be read through network too.

Microsoft and google believe in security based on honor.

lockhrt999 said:
If you ever had a virus on your computer and if you save passwords in chrome then your passwords have already been stolen.

Stealing passwords or session cookies is the same thing as they are found in the same place. There's a way to block this kind of attack that I know of and use. We can protect Google folder using windows security > ransomware protection > controlled folder access. Google folder is inside your app data folder.

Linus should have called out Microsoft too for this too mammoth of a flaw. I know Windows is legacy and poop. But at some point MS has to start building a truly next gen of OS. It gotta open some Doors.

BullettuPaandi · Mar 24, 2023

I was online on YouTube when the Tesla stream had just started. It was in my subscriptions page. I looked into the channel as I was sure I never subscribed to Tesla's YouTube channel. It looked like the legit channel. Every video there was about a product or something related to Tesla, and I think I saw videos dated back, like 2 weeks ago, 1 month ago, etc. Still confused about this.

cattynip · Mar 24, 2023

I've also heard that apps on android/iOS can read your clipboard. so if you're copy-pasting your passwords from a password manager, there are apps out there that can read that info.

BullettuPaandi · Mar 24, 2023

cattynip said:
I've also heard that apps on android can read your clipboard. so if you're copy-pasting your passwords from a password manager, there are apps out there that can read that info.

I don't know if this is a common feature, but I use Resurrection Remix OS in my Android. There is an option to have a toast popup whenever the clipboard is accessed, which usually seems to happen, at least with the apps I use, whenever I hold the cursor to select or looking to cut/copy/paste; except for browsers, where the clipboard is accessed looking for links, whenever I tap on the address bar.

n1r0 · Mar 24, 2023

cattynip said:
I've also heard that apps on android/iOS can read your clipboard. so if you're copy-pasting your passwords from a password manager, there are apps out there that can read that info.

Clipboard and app notifications (think OTP SMS) could be read by any app on your android phone last time I checked. The Read SMS permission is to be able to access them at any time, directly from the database. Just think of how many apps offer to fill in OTP while making payments, but never ask to Read SMS.

A good password manager should have it's own keyboard to avoid copy-pasting.

lockhrt999 said:
Stealing passwords or session cookies is the same thing as they are found in the same place. There's a way to block this kind of attack that I know of and use. We can protect Google folder using windows security > ransomware protection > controlled folder access. Google folder is inside your app data folder.

Linus should have called out Microsoft too for this too mammoth of a flaw. I know Windows is legacy and poop. But at some point MS has to start building a truly next gen of OS. It gotta open some Doors.

Cookies can also be stolen from any device on your network, don't even need a malware on your PC. Accessing browser files is just one way to do it - they chose to run that file after all. Wonder how a pdf could perform those actions. Was it actually file.pdf.exe and they had disabled Show Extensions?

However Google allowing channel name changes without 2FA/relogin confirmation is ridiculous.

enthusiast29 · Mar 24, 2023

n1r0 said:
Was it actually file.pdf.exe and they had disabled Show Extensions?

Most definitely. It had to be an executable.

lockhrt999 · Mar 24, 2023

cattynip said:
I've also heard that apps on android/iOS can read your clipboard. so if you're copy-pasting your passwords from a password manager, there are apps out there that can read that info.

That's biggest flaw no. #2. I have written on this as well.

Security Software - How to secure against clipboard snooping?

All of the operating systems we use, be it windows, linux, mac, android or iOS let any application running in the background read your clipboard. Be it some proprietary source code, passwords or credit card numbers, I'm always anxious when I'm copying something on my computer or mobile. Many...

techenclave.com

As long as these exploits aren't exploited on massive scale nothing's going to change. It's an honorary security system.

n1r0 said:
Cookies can also be stolen from any device on your network, don't even need a malware on your PC.

I have no idea in what way you think it's possible but I know this is to be true. I have written about it on a different forum. If we have a shared folder on C drive then everything on that drive become accessible on the network, including Windows and Users directory. I had a shared folder on C drive on all of the computers in my house for several years and one day I discovered this. Microsoft's response was, 'it's as per design.'.

n1r0 · Mar 24, 2023

lockhrt999 said:
It's an honorary security system.

No honour amongst thieves... Clipboard should only be pasteable, not readable by background apps. That's the only solution I can think of.

lockhrt999 said:
I have no idea in what way you think it's possible but I know this is to be true

Just run a basic packet sniffer. You can see the cookie text. Copy that to your browser and "you're in". I used to pentest my own network and was shocked to see how much info someone can sniff out of the air.

lockhrt999 said:
If we have a shared folder on C drive then everything on that drive become accessible on the network, including Windows and Users directory. I had a shared folder on C drive on all of the computers in my house for several years and one day I discovered this. Microsoft's response was, 'it's as per design.'.

Did you share C drive as a whole or just C:/some_folder?

gourav · Mar 24, 2023

I'm no security expert, but I think session tokens should have some kind of signature to ensure they can't be copied over to another computer and used. I believe UPI and banking apps do something of that sort on phones.

Psycharge · Mar 24, 2023

lockhrt999 said:
That's biggest flaw no. #2. I have written on this as well.

Do they have access to the most recently copied text or the entire log offered by Gboard?

lockhrt999 · Mar 24, 2023

n1r0 said:
ust run a basic packet sniffer. You can see the cookie text. Copy that to your browser and "you're in". I used to pentest my own network and was shocked to see how much info someone can sniff out of the air.

That''ll only work for the websites that don't use HTTPS/SSL. But most of the websites these days use HTTPS. To sniff encrypted packets, user will have to install forged trusted certificate in the operating system.

n1r0 said:
Did you share C drive as a whole or just C:/some_folder?

Yup. C:/some_folder.

n1r0 · Mar 24, 2023

gourav said:
I'm no security expert, but I think session tokens should have some kind of signature to ensure they can't be copied over to another computer and used. I believe UPI and banking apps do something of that sort on phones.

I am not sure if browsers on Windows do that, but android apps certainly can access a lot of hardware info. UPI apps even need your SIM no. to match. They will log out if you open them without the authenticated SIM inserted.

lockhrt999 said:
That''ll only work for the websites that don't use HTTPS/SSL. But most of the websites these days use HTTPS. To sniff encrypted packets, user will have to install forged trusted certificate in the operating system.

There's HTTPS & DNS spoofing for that, but I digress

lockhrt999 said:
Yup. C:/some_folder.

Damn. Will look into this.

ibose · Mar 24, 2023

Yawn .... zzzz

https://www.ghacks.net/2023/03/24/hacking-contest-pwn2own-ubuntu-tesla-macos-and-windows-11-cracked/

princeoo7 · Mar 24, 2023

No one is safe in digital world. It's just a myth

lockhrt999 · Mar 24, 2023

ibose said:
Yawn .... zzzz

https://www.ghacks.net/2023/03/24/hacking-contest-pwn2own-ubuntu-tesla-macos-and-windows-11-cracked/

It least these guys are exploiting the bugs. Hackers of LTT didn't have to use any bug. 'It was all by design.'

ibose · Mar 24, 2023

lockhrt999 said:
It least these guys are exploiting the bugs. Hackers of LTT didn't have to use any bug. 'It was all by design.'

Bugs are by design until they aren't

lockhrt999 · Mar 27, 2023

n1r0 · Mar 27, 2023

So it was the extension, damn! Showing extension and hidden files is one of the first things I do on a fresh install.

booo · Mar 28, 2023

This clearly shows that LTT is not techy at all... I always cringed when they posted videos about their petabyte storage builds and lost their storage server once losing data. Everyone knows these type of pdf exploits happen a lot (especially on windows) and atleast they should have been using linux/mac for marketing team instead of windows. Also, who gives full access to the channel for everyone...?

LTT, TechLinked, TechQuickie were hacked

lockhrt999

Not a Fan.

BullettuPaandi

cattynip

BullettuPaandi

n1r0

enthusiast29

lockhrt999

Not a Fan.

Security Software - How to secure against clipboard snooping?

n1r0

gourav

Psycharge

lockhrt999

Not a Fan.

n1r0

ibose

princeoo7

On a Journey called Life :P

lockhrt999

Not a Fan.

ibose

lockhrt999

Not a Fan.

n1r0

booo

BA BA BA BABANANA