One Simple Change In Windows Could Have Prevented The Linus Media Group Hack!

As some of you might be aware, a social engineering “trick” suckered and bamboozled one of Linus Sebastian’s employees into accidentally running malware. This exploit resulted in the security token — And Google/Youtube’s jokeworthy handling of them — with access to all their YT accounts giving complete access. This video here explains the damage:

A friend of mine rightly and insightfully called this a “bastard combination of the perfect storm and a comedy of errors”, and there are a lot of things that surprised me on the Youtube side of things. Such as good practices that SHOULD have made this impossible.

So many simple steps were clearly skipped by the great tech giant Google. Tie an IP address check to the session, regenerate the cookie ID’s on every page load, have code that if the site owner does a password change you invalidate ALL associated session tokens. This is basic shit that apparently is nowhere to be found!

And people wonder why when you tell me “Oh Google uses this tech” or “It’s from…