Boogie (fat nerd guy) gets banned on YT

[mikeymikec]

meaning google's awesome security is actually breachable.

man-made security is actually breachable? Say it ain't so!

 

[John Connor]

Wouldn't have worked if he did 2FA with an authenticator app and time based cypher.

Aren't all 2FA Apps time based? Meaning you have to enter the code in about 20 seconds until you get a new one and the old code doesn't work?

 

[Mark R]

.. i dont even know what that means ...

Prior to SMS 2FA, the conventional way of 2FA was to use a dongle device.

The device had a clock in it, a secret key, and an encryption engine. The device would take the date/time to the nearest minute, encrypt it with the key, and display the result on an LCD. The remote server would calculate the code using the same method, and would verify the code you entered to ensure it matched. (The process is slightly more involved, to allow for the time on the dongle to drift a bit, but that's basically it).

These days, you can get apps which do the same thing. They run on a smart device, and use the date/time and a secret key to generate a short-lived code.

 

[Thebobo]

Nothing? How about a video of the space shuttle viewed from an airplane? https://www.youtube.com/watch?v=GE_USPTmYXM

That is so cool. Here is another, folks are all excited, makes you feel good folks are so interested in space. Either that or the all have been drinking. https://www.youtube.com/watch?v=O1SmCnElDa0

Ops and back on topic.

What?

 

[Anubis]

Unreal! After responding to the two-factor thread I was in the pool thinking about how a hacker could circumvent that and wondered if Telcos could be hacked and lo and behold we have a perfect example right here!

considering Verizon just gave out his info 2FA wasn't gonna do shit

 

[Ichinisan]

considering Verizon just gave out his info 2FA wasn't gonna do shit

A non-SMS implementation of 2FA (Authenticator app with time-based cypher) would have done just fine.

I use Google Authenticator with various services including Gmail, Hotmail, and Dropbox.

 

[Phanuel]

considering Verizon just gave out his info 2FA wasn't gonna do shit

How would 2FA have done nothing? Unless Verizon also disabled the 2FA at the same time as they handed out his account info.

 

[Anubis]

verizon gave someone access to his phone account
dude changed phone sim to his
2 factor now sends auth to hackers phone


that is exactly what happened
as Ichinisan said it would not have happened with some other form of 2FA but pmuch everyone uses SMS based

 

[Hugh Jass]

For those who dont know:

Dude is one of the exact things wrong with the internet.

 

[Anubis]

Dude is one of the exact things wrong with the internet.

hes actually not

 

[Elixer]

For those who dont know:

Is this the new Rick roll?

 

[Hugh Jass]

hes actually not

Yeah...he is.

 

[KeithP]

there are two interesting bits of info here. one, that a hacker has managed to get access to his account, through youtube exploits, meaning google's awesome security is actually breachable.

second, there are no humans supervising the bans on youtube.

What youtube exploits are you talking about? The guy posted the following on reddit…

Hey guys. Boogie here.
Looks like we got hacked again. Someone manage to steal my phone number and used it to gain access to everything.

That sounds to me like he was using multi factor authentication and instead of using the Google Authenticator app, he used text messaging to his phone. His mistake. Plus notice he said "hacked again." Clearly this guy doesn't have a clue about security.

This info was in the video link posted.

-KeithP

 

[Minerva]

For those who dont know:

Chumlee is a big gamer after the fallout with Gold&Silver Pawn.

 

[Aikouka]

That sounds to me like he was using multi factor authentication and instead of using the Google Authenticator app, he used text messaging to his phone. His mistake. Plus notice he said "hacked again." Clearly this guy doesn't have a clue about security.

GMail allows you to add a phone number for account recovery purposes. The hacker was able to steal his Verizon number using social engineering (it would be interesting to see how the hacker convinced Verizon), and then used the account recovery to gain access to his Google account. Since the Google account is tied to various other services such as YouTube, it isn't that hard to screw with things, and since Boogie makes his money off YouTube, that's a serious thing to screw with.

I recall Ars having an article on something similar to this happening to one of their writers. In that case, I think it was someone stealing information through Amazon by constantly fishing for bits of information.

 

[Anubis]

GMail allows you to add a phone number for account recovery purposes. The hacker was able to steal his Verizon number using social engineering (it would be interesting to see how the hacker convinced Verizon), and then used the account recovery to gain access to his Google account. Since the Google account is tied to various other services such as YouTube, it isn't that hard to screw with things, and since Boogie makes his money off YouTube, that's a serious thing to screw with.

I recall Ars having an article on something similar to this happening to one of their writers. In that case, I think it was someone stealing information through Amazon by constantly fishing for bits of information.

it was a guy at Wired but close enough, and it was apple that fed as well as amazon. IIRC it all came about because he had a really unique twitter ID or something and people wanted it


http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/

 

[slayer202]

what losers

 

[shortylickens]

what losers

who?
Me?
You?
Anandtech?
Francis?
Youtube?
Youtube viewers?

 

[master_shake_]

who?
Me?
You?
Anandtech?
Francis?
Youtube?
Youtube viewers?

i'll take all of the above for 300 alex.

 

[foghorn67]

verizon gave someone access to his phone account
dude changed phone sim to his
2 factor now sends auth to hackers phone


that is exactly what happened
as Ichinisan said it would not have happened with some other form of 2FA but pmuch everyone uses SMS based

Setup a verbal password with your network provider. Anybody that requests changes to the account will need a password.

Sent from my SM-G930T using Tapatalk