The OBS case just goes to show that adblocking solutions are not just a convenience but actually a critical part of your security solution and you should never browse the internet without one.
@Bill Clinton Enjoyer some, if not many, will be ok from people using them. They know people DO use adblocks, might not something they actively promote, but most will tolerate them just fine, and still make decent revenue (from other ways)
@Bill Clinton Enjoyer Linus attacked people who use adblockers and called them thieves which is ironic considering this is a comment in a video about Linus.
BUT MUTAH, if you're going this far, you might as well have your virtual machine's disk images encrypted as well and enter a password every time you boot it up. More sophisticated malware could find said disk images and read the data from them.
Actually, that's not even the worst part. While malware is gonna have a VERY hard ass time trying to get out of the virtual machine, what it CAN do if the virtual machine has access to the internet is travel to any other connected device on the network. Some routers have wireless device isolation which prevents this, but not all of them do, and even if you do have that, you have to turn it on. It's not turned on by default.
@@arnox4554s there any other sort of fail-safe to prevent the malware from pinging other devices on the router? (Might be butchering the use of the word ping)
@@Valkbg You need to go into the router by typing its IP address in the address bar of your browser. It varies by modem but if you go into the command prompt and type in "ipconfig", it should be your Default Gateway. After that, you'll need the username and password of your router. It should have come with your router at install time, but if you got your router from your ISP, and they're particularly awful, they may not let you have it, in which case, you need to either try to buy and use your own router, switch ISPs, or deal with it. Once you're in the router settings, it should be in the wireless settings or advanced setup. Should have "isolation" in the name like device isolation. If it's not there then you'll need to buy and use your own router.
Anyone can potentially be caught by a hacker or social engineering when they let their guard down for a moment. Linus has been a victim of business email compromise wire fraud before. In this case, it wasn't because of Linus himself, but because not everyone in his company was trained to be up to date with these security threats.
Linus and his employees arent Cyber Security Specialist like Muta and other Channels, he is a Tech Channel. Even if they were there are always ways round things. Even if they aren't available now they will be. Like Muta said, the landscape changes every day at the least.
@@boat02 Which imho is kinda ironic because his entire company was literally based around Technology. I mean yeah at one you cannot expect people to just be up to date with everything especially in a era of Information Overload right now, but at the same time for a Company to existed around Technology they're like supposed to be the frontline of knowing about this type of Information.
I'm already paranoid enough with how much the world has descended into madness as of late but now Muta has me at advanced paranoia. I can't fathom how much I'd be sweating in panic if I followed through with becoming a RUclipsr.
"Keeping your RUclips channel safe is crucial to protecting your hard work and content. To avoid getting hacked, make sure to use a strong, unique password and enable two-factor authentication. Be cautious of suspicious emails or messages asking for personal information and always keep your software and browser up to date. Remember, prevention is key, so stay vigilant and take steps to secure your account before it's too late!"
If you run a personal channel like me or most others do yeah that's a given and should keep you safe. However if you run a company like Linus does that's where you run into an issue. Most info is shared through a server with employee's so they can write, upload videos to post daily. Due to that.. all it takes is one person to make a mistake. Most, if not all Hacks are caused by Human error by clicking on phishing links through emails, social media links etc. I'm not saying that's what happened to Linus but If I had to bet.. It was a factor.
@@CecilTheDarkKnight234 I mean linus literally states that an employee downloaded a fake sponsor pdf that grabbed their session token. Neither the password nor 2fa was compromised
I feel like just writing a small client that prompts the user to clear the session tokens on restart would be needed. Or restrict what devices can access those tokens. Like have people use remote machine for channel interaction
got hacked recently and it really can fuck u over(dude bought a surface laptop lmao). everyone should hear this because it can literally happen to anyone just from dataleaks, password managers/authenticators should be used for everything 100% and VMs lowkey the move to be safe completely. muta spittin fr
@@storm_at3039 To pretend a virtual machine is like this water tight box you can keep a pet monster in, is very misleading though. The end-user can still screw up bigtime and infect their actual PC.
I really hate keep logging in and logging out on my account but google might change that thanks to the stupidity of this youtubers. It should be optional.
VMs are no-brainers. The real challenge is the setup and that’s about it. Opening a VM in your desktop is akin to opening a web browser twice. Such little action with major effectiveness regarding security.
Virtual machines are the reason i found your channel and subscribed back in the day, should do more content wit them. Maybe more safety tips. And how to detect if you had malware for morons. Keep up the work.
worth mentioning that there are many lightweight applications for Linux and even whole lightweight distros which allows virtual machines that consume even less resources also pretty funny to keep the environment inside your virtual machine safe from any unsafe stuff you run outside of it because it'll be relatively safe even if your pc goes to shit, instead of running all unsafe stuff in the vm
3:00 definitely this. I've had accounts broken into before and making sure no other session is logged in that you don't know about/don't remember is very important.
I appreciate your guidance, mutahar. With your help, I installed a virtual machine and ran linux mint on my windows system. I am more confident about my security now, and I plan to explore sandboxie as well.
you keep reccommending these usb security key things, could you do a dedicated video on what they are, how to use them, how they workm etc? would also let you link to it every time you mention them, probably increase the ammount of people following through with it
A little side note: If Microsoft's website detects you're on a Windows OS, instead of offering a nice and easy way to download an ISO, they instead require you to download a tool, which when run then asks if you wanna download an ISO or create one from the current installed system.
What your describing is backwards. You should be accessing the suspect files/programs/etc from a virtual machine. If you opened a sketchy pdf on your host system, it could still (in theory) pull your credentials from the VMs you have installed. I don't think there's anything out there that would actually do that at this time, but from a stricter security standpoint running the "access-youtube" browser in a VM is a lot less secure than accessing the questionable documents from the VM. tldr; Run sketchy software and open untrusted documents in a VM, never on your host!
In this case it's the latter. Most of this kind of stuff is old news. Just don't ever stop wanting to learn new stuff even if it is old news. Getting lazy is how you get victimized hardest.
I’ve seen people say Windows is only an issue because of the market share. Maybe a chat on how the core design of Windows make it possible and market share really doesn’t matter.
I def agree with the VMs, but one big one is running all downloads through virus total. I don't know if it would have helped Linus, but in general just making sure that any download is clean is a good step and it doesn't take much time to do
Never save your passwords to your devices. Never use anything but a password & multi-authentication. Always check your devices on your accounts. Always clear cache & scan devices.
I love how Muta started to shill his "vmification" Absolutely love it. I'm now a VM lover. I now game on a windows VM with full GPU passthrough. That's why I got two GPUs inside the case. Also I installed the w11 VM. For the TPM I emulated it through virtual box
I really don’t know why the session cookie isn’t signed with the specific browser you are using. Maybe I am to dumb to understand it, but it would be an intuitive way to make sure, that you didn’t temper with the cookies in any way.
Between this and the fact I'm studying cybersecurity, I'm actually kinda mad that I'm genuinely considering going the whole Virtualization sandbox route now... Time to go buy some extra RAM i guess
Windows also has an inbuild 'sandbox' which allows you to run a disposable Windows. No need to create virtual machines. This feature from Windows is unfortunately not well known. I believe you do need 'Windows Pro' for this though. It runs isolated and is indeed disposable; when you close the window it is entirely gone.
Thanks this is literally something I will need to do. I just reformatted my hard drives and reinstalled windows this morning (...). This might be useful to do now.
One thing that might get tidus but is safe if is have somewhere written your main passwords and keep it near your pc or somewhere you know is safe, and don't use the chrome save pass
11:36 if you're on windows it's gonna prompt you to download an installer instead, you can change your use agent to anything other than windows and it will give you the actual ISO.
I'd wanna see a part two to this with splitting network access for machines in the router. And by the way, you can boot directly into the bios by holding [Shift] and initiating a reboot.
Setting up a vm takes 5 minutes, the longest part is downloading the ISO you want to use. I recomend windows 10 IOT edition its basically a clean version of windows 10 without any of the bloatware.
A small RUclipsr named HerbMessiah also got hacked like what happened to Linus. It was such a shocking experience seeing what happened, but at least he got his account back.
So a VPN would not be of any help in this situation? Is it even worth having a VPN running on current setups? Or is this like totally unrealated and, im big dumb (lol) for asking?
I got a text with a 2fa security code while watching this... Now I'm freaked out since it doesn't say what service they were trying to sign into... What are the odds
Curious. Does macOS provide any extra protection to this attack vector using safari? I get plenty of pop ups and warnings in macOS about stuff. Wondered if macOS is just as susceptible.
18:05 Well, I guess a programmer here, just gonna say using a VM for Ubuntu and Kali on my 2017 budget gaming laptop runs perfectly fine. Not like 60fps gaming or anything, but it runs this sort of stuff perfectly fine. Now, if you're training AIs or something, that's something else I can't really comment on, but for my purposes, even writing code and compiling on a VM isn't really an issue on modern hardware. (For context, I give my VMs 8GB RAM)
I took Muta's advice in many videos he did ago on his rant to stop using windows and i've switched over to a Linux system and it is impossible to be hacked. You should all do the same...
Can you have a shortcut for a app inside the vm on desktop. Like office is installed inside the vm but outside there will be a shortcut or smthng so that whenever i open some file it opens inside the vm or a container type of thing
I like you dude but quit pushing fear as if anybody besides people like Linus or yourself have to really worry about a lot of this. Expecting the average user to use a VM to isolate internet browsing is absurdly out of touch.
That's because MSPs cost money, and sometimes MSPs can practice bad security. But linus shouldn't need one, he should know how to practice good security on his own. But really the solution is to train less tech-savy staff, and harden your pcs to limit outside sources.
Every night before I turn off my computer,I delete my browser history. I then go into my anti virus program and use the shredder option to delete temporary internet files and use the quick clean option, as well as, do a short virus scan.The entire thing is,it only takes one cookie left on your computer to screw you.Just don't give them that crumb. It also helps to turn off your computer every night. This also makes my computer run much faster as a bonus.
When I shut down my PC everything outside of essentials get automatically deleted, they are only stored temporarily until a reboot, nothing can make permanent changes unless I explicitly allow it. Nothing even knows anything else exists because everything is separated.
@@phil4986 Everything is just stored on tmpfs for me outside of some of my user files and core system components, so it all goes bye on shutdown, they never even touch my SSD.
It's nice that someone is out here preaching about how dangerous the internet is. It has never been a safe place and never will be, and pretending it can be is only detrimental.
To me it baffle me how easy it is for a hacker to steal your ID token and use it on their own device. I feel like it shouldn't be that hard for an entity like Google to have a double check when an ID Token is being use at new location with "new" hardware. First, when the same ID Token is being use by a new IP address, check if hardware are the same component. If not then check for the MAC address, if still not match invalidate ALL Session Token on ALL PC. Would it be that hard to do this?
Im in the IT field. I'm currently working as a field technician and I'm basically ruining my car in the process for low pay. Do you have any recommendations on certifications to get in your expertise?
I had two different suspicious logins occur into my Twitter account yesterday. I changed my password to try and thwart the first threat, but hours later it happened again and I had to change my password a second time. I rarely ever use my Twitter account, and I never even finished my profile, so there isn't much to steal from me.
Check out the newest podcast episode: ruclips.net/video/7fzk-QmDkvo/видео.html
Hi
no
Hi
Futahar
@@GoatedLuhTyler bruh
The OBS case just goes to show that adblocking solutions are not just a convenience but actually a critical part of your security solution and you should never browse the internet without one.
@Bill Clinton Enjoyer Nah, plenty do. Just depends upon how full of themselves they are.
@Bill Clinton Enjoyer some, if not many, will be ok from people using them. They know people DO use adblocks, might not something they actively promote, but most will tolerate them just fine, and still make decent revenue (from other ways)
@Bill Clinton Enjoyer Linus attacked people who use adblockers and called them thieves which is ironic considering this is a comment in a video about Linus.
Or just dont be an NPC and click on something that says "Ad" or "Sponsored". Never download something from an ad or sponsor.
@@DeathTVOfficial there have been cases of drive-by downloads delivered through ad networks. blocking ads is actually important.
Absolutely love the emphasis to sandbox everything that you can -- and super appreciate the shoutout! ♥
Linus Security Tips
You’d think Linus Sex Tips himself would know about using proper protection.
@@sorimasn true, but he didn't use protection and one of his PCs got compromised
*linux take tips*
Linus licks tips
More like muta security tips
The best way to not get your channel hacked is by not even having a channel at all.
???
@@GokuSolosAnime hes based
Facts
Watch out for ip grabbers as well!
Big brain move
also VERY important NEVER mix your WORK pc with your PERSONAL pc, NEVER use your PERSONAL phone with WORK related services
BUT MUTAH, if you're going this far, you might as well have your virtual machine's disk images encrypted as well and enter a password every time you boot it up. More sophisticated malware could find said disk images and read the data from them.
Actually, that's not even the worst part. While malware is gonna have a VERY hard ass time trying to get out of the virtual machine, what it CAN do if the virtual machine has access to the internet is travel to any other connected device on the network. Some routers have wireless device isolation which prevents this, but not all of them do, and even if you do have that, you have to turn it on. It's not turned on by default.
@@arnox4554 that would involve a zero day vulnerability to be found in windows or whatever OS you'd uuse
@@arnox4554s there any other sort of fail-safe to prevent the malware from pinging other devices on the router? (Might be butchering the use of the word ping)
@@arnox4554 How can we check if the router has that defence and how can we turn it on?
@@Valkbg You need to go into the router by typing its IP address in the address bar of your browser. It varies by modem but if you go into the command prompt and type in "ipconfig", it should be your Default Gateway.
After that, you'll need the username and password of your router. It should have come with your router at install time, but if you got your router from your ISP, and they're particularly awful, they may not let you have it, in which case, you need to either try to buy and use your own router, switch ISPs, or deal with it.
Once you're in the router settings, it should be in the wireless settings or advanced setup. Should have "isolation" in the name like device isolation. If it's not there then you'll need to buy and use your own router.
For a RUclipsr who knows a lot about technology, not even a tech guy like Linus is safe from those hackers.
80+ employees and a phishing attack
It was the marketing department opening a PDF from a supposed sponsor.
Anyone can potentially be caught by a hacker or social engineering when they let their guard down for a moment. Linus has been a victim of business email compromise wire fraud before. In this case, it wasn't because of Linus himself, but because not everyone in his company was trained to be up to date with these security threats.
Linus and his employees arent Cyber Security Specialist like Muta and other Channels, he is a Tech Channel. Even if they were there are always ways round things. Even if they aren't available now they will be. Like Muta said, the landscape changes every day at the least.
@@boat02 Which imho is kinda ironic because his entire company was literally based around Technology.
I mean yeah at one you cannot expect people to just be up to date with everything especially in a era of Information Overload right now, but at the same time for a Company to existed around Technology they're like supposed to be the frontline of knowing about this type of Information.
@Azazelivae 「安倍」 But technology is such a broad word. I mean, MKBHD is also a tech channel, but i wouldn't be shocked he got hacked.
I'm already paranoid enough with how much the world has descended into madness as of late but now Muta has me at advanced paranoia. I can't fathom how much I'd be sweating in panic if I followed through with becoming a RUclipsr.
man the paranoia gets way worse when you study cybersecurity lol
@@IceFire1800 I'm an IT student, and even though I'm not in security department, I'm pretty paranoid already
You're just getting to adv paranoia now? You must've missed the 90s. Lol
"Keeping your RUclips channel safe is crucial to protecting your hard work and content. To avoid getting hacked, make sure to use a strong, unique password and enable two-factor authentication. Be cautious of suspicious emails or messages asking for personal information and always keep your software and browser up to date. Remember, prevention is key, so stay vigilant and take steps to secure your account before it's too late!"
If you run a personal channel like me or most others do yeah that's a given and should keep you safe. However if you run a company like Linus does that's where you run into an issue.
Most info is shared through a server with employee's so they can write, upload videos to post daily. Due to that.. all it takes is one person to make a mistake. Most, if not all Hacks are caused by Human error by clicking on phishing links through emails, social media links etc.
I'm not saying that's what happened to Linus but If I had to bet.. It was a factor.
ayo gimme your channel i’ll keep it safe for you bro
@Cecil's Wayback Gaming Machine someone got a scam email for a sponsorship and clicked the link lol.
@@vroomzoom4206 oh? i thought it was the pdf that was bad not the actual email?
@@CecilTheDarkKnight234 I mean linus literally states that an employee downloaded a fake sponsor pdf that grabbed their session token. Neither the password nor 2fa was compromised
This was very educational and enjoyable to watch. I love when you cover things like this a do walk throughs!
Speaking of VM's, could you make a video about Qubes os?
I feel like just writing a small client that prompts the user to clear the session tokens on restart would be needed. Or restrict what devices can access those tokens. Like have people use remote machine for channel interaction
Regardless of how good you are in something, someone from your team can always screw up for everyone
got hacked recently and it really can fuck u over(dude bought a surface laptop lmao). everyone should hear this because it can literally happen to anyone just from dataleaks, password managers/authenticators should be used for everything 100% and VMs lowkey the move to be safe completely. muta spittin fr
Muta: ppl hate logging in all the time because it’s inconvenient
Also Muta: so the solution is make virtual machines everytime you want to log in
I can't tell if you're joking, but in case you're not, you make the virtual machine once
@@storm_at3039 To pretend a virtual machine is like this water tight box you can keep a pet monster in, is very misleading though. The end-user can still screw up bigtime and infect their actual PC.
@@PHeMoX ?? I agree with you, and never said otherwise, I'm just clarifying what was said
I really hate keep logging in and logging out on my account but google might change that thanks to the stupidity of this youtubers. It should be optional.
@@greatveemon2 I very much doubt that will happen
Thank you for making this video, I will be definitely going down this rabbit hole to protect my accounts
VMs are no-brainers. The real challenge is the setup and that’s about it. Opening a VM in your desktop is akin to opening a web browser twice.
Such little action with major effectiveness regarding security.
I managed to get you onto a cinema screen where a star wars movie was supposed to be played. Everyone saw Mutahar for 5 minutes.
Virtual machines are the reason i found your channel and subscribed back in the day, should do more content wit them. Maybe more safety tips. And how to detect if you had malware for morons. Keep up the work.
I've been waiting for this. Thanks Muta.
worth mentioning that there are many lightweight applications for Linux and even whole lightweight distros which allows virtual machines that consume even less resources
also pretty funny to keep the environment inside your virtual machine safe from any unsafe stuff you run outside of it because it'll be relatively safe even if your pc goes to shit, instead of running all unsafe stuff in the vm
3:00 definitely this. I've had accounts broken into before and making sure no other session is logged in that you don't know about/don't remember is very important.
I appreciate your guidance, mutahar. With your help, I installed a virtual machine and ran linux mint on my windows system. I am more confident about my security now, and I plan to explore sandboxie as well.
This man is paranoia incarnated. Love you Mutah
you keep reccommending these usb security key things, could you do a dedicated video on what they are, how to use them, how they workm etc? would also let you link to it every time you mention them, probably increase the ammount of people following through with it
A little side note: If Microsoft's website detects you're on a Windows OS, instead of offering a nice and easy way to download an ISO, they instead require you to download a tool, which when run then asks if you wanna download an ISO or create one from the current installed system.
Thanks Mutahar, for being such a great help to us all. He always knows what’s right.
bot
Bot
Bot
Not a bot.😁
@@LoveHandle4890 bots say that too
What your describing is backwards. You should be accessing the suspect files/programs/etc from a virtual machine. If you opened a sketchy pdf on your host system, it could still (in theory) pull your credentials from the VMs you have installed. I don't think there's anything out there that would actually do that at this time, but from a stricter security standpoint running the "access-youtube" browser in a VM is a lot less secure than accessing the questionable documents from the VM.
tldr; Run sketchy software and open untrusted documents in a VM, never on your host!
imagine if Muta gets somehow hacked after this video goes up 💀
Edit: I called it! Muta just posted a video saying he got hacked LMAO
Muta never fails to make a great video
This is where I feel app stores will be more widely adopted. Although they're by no means a total defence, they at least add some layer of security.
The fact you’re doing more to educate creators about this than RUclips itself is nuts.
cant tell if all time that passes i know less about the internet or if i just am learning more about what i dont know .
In this case it's the latter. Most of this kind of stuff is old news.
Just don't ever stop wanting to learn new stuff even if it is old news. Getting lazy is how you get victimized hardest.
I’ve seen people say Windows is only an issue because of the market share. Maybe a chat on how the core design of Windows make it possible and market share really doesn’t matter.
It’s crazy to me that Linus got hacked. If Linus gets hacked we have no hope.
its well known phenomena that shows the people who believe they can never be scammed end up being scammed applies here
as his company grow so does the weakness on their system
Linus drop tips has entered the chat
It does suck how it happened tho
It was an employee who most likely didn’t know proper phish link avoidance tips
Buddy. _Jim Browning_ got tricked. I lost hope a fair bit ago.
I def agree with the VMs, but one big one is running all downloads through virus total. I don't know if it would have helped Linus, but in general just making sure that any download is clean is a good step and it doesn't take much time to do
Is there a way to set up a VM and have someone using that VM as a PC?
Maybe control it from a tablet or phone?
I actually learned about session hijacking from your Discord malware videos.
Muta could have dissappointed in this video but no one knows yet cause it's been out for 2 minutes
Never save your passwords to your devices.
Never use anything but a password & multi-authentication.
Always check your devices on your accounts.
Always clear cache & scan devices.
But Muta, how do I protect myself from creepypastas? Not even VMs can stop them!
I love how Muta started to shill his "vmification" Absolutely love it. I'm now a VM lover. I now game on a windows VM with full GPU passthrough. That's why I got two GPUs inside the case.
Also I installed the w11 VM. For the TPM I emulated it through virtual box
THIS WAS GREATLY NEEDED thank you muda
I really don’t know why the session cookie isn’t signed with the specific browser you are using. Maybe I am to dumb to understand it, but it would be an intuitive way to make sure, that you didn’t temper with the cookies in any way.
2:10 - We can dream, can't we?
Thank you for this upload, love your channel 😎
what about a macbook? any options for mac os?
Thanks for this man
Moral of the story: trust no one, not even your mom
Tf u mean moral of the story? U havent even watched the video yet
@@Petrela I watched MANY other videos about this malware attack used to steal cookies from your browser.
Muta u have an "cut" error there while editing ig at 7:51 just wanna let ya know. Thanks for the vid btw
The Windows Sandbox is a really neat alternative. Only downside is it's kind of weak. Not really a full sandbox.
The vtuber Momo also just had her channel hacked and deleted by cryptobros, as well as her Twitter accounts. It's really becoming a huge epidemic.
Your original video on Linus' channel being hacked is actually what made me buy a Yubikey
"Two presentations in one" time, you spoil us Mutahar
Between this and the fact I'm studying cybersecurity, I'm actually kinda mad that I'm genuinely considering going the whole Virtualization sandbox route now...
Time to go buy some extra RAM i guess
Hackers: Our time is here!
Mutah: Virtual Machines, Son!
Windows also has an inbuild 'sandbox' which allows you to run a disposable Windows. No need to create virtual machines. This feature from Windows is unfortunately not well known. I believe you do need 'Windows Pro' for this though. It runs isolated and is indeed disposable; when you close the window it is entirely gone.
😂 when you get the Linus Tech Tips Build Redux ad before this video 😂
Thanks this is literally something I will need to do. I just reformatted my hard drives and reinstalled windows this morning (...). This might be useful to do now.
I've been waiting like a week for this video.
Good explanation of grabbing session tokens.
I've missed these big brain Muta videos.
What do you think of the Brave Browser Muta?
One thing that might get tidus but is safe if is have somewhere written your main passwords and keep it near your pc or somewhere you know is safe, and don't use the chrome save pass
11:36 if you're on windows it's gonna prompt you to download an installer instead, you can change your use agent to anything other than windows and it will give you the actual ISO.
Valuable info Muta! I think you should do more of this kind of content 🙏🏽
I'd wanna see a part two to this with splitting network access for machines in the router.
And by the way, you can boot directly into the bios by holding [Shift] and initiating a reboot.
That was very authoritative. Does your magical [Shift] reboot work on every system out there, or are you just blowing smoke out your ass?
@@theritchie2173 Windows has it on the bottom of the screen before starting up, how is that magical? 😂
@@sourgreendolly7685 Is everybody device out there Windows? What does Windows even have to do with selecting boot options before Windows even starts?
Setting up a vm takes 5 minutes, the longest part is downloading the ISO you want to use. I recomend windows 10 IOT edition its basically a clean version of windows 10 without any of the bloatware.
A small RUclipsr named HerbMessiah also got hacked like what happened to Linus. It was such a shocking experience seeing what happened, but at least he got his account back.
Most of the people who got hijacked did get their account back. Even tiny less than a hundred subscriber channel did.
So a VPN would not be of any help in this situation? Is it even worth having a VPN running on current setups? Or is this like totally unrealated and, im big dumb (lol) for asking?
Sorry it won’t help. This attack relies on target downloading a fake pdf that is an executable that steals the cookies
I got a text with a 2fa security code while watching this... Now I'm freaked out since it doesn't say what service they were trying to sign into... What are the odds
Could livestreaming be done within the same sandboxed environment for uploading youtube videos?
Curious. Does macOS provide any extra protection to this attack vector using safari? I get plenty of pop ups and warnings in macOS about stuff. Wondered if macOS is just as susceptible.
shadow background goes hard
18:05 Well, I guess a programmer here, just gonna say using a VM for Ubuntu and Kali on my 2017 budget gaming laptop runs perfectly fine. Not like 60fps gaming or anything, but it runs this sort of stuff perfectly fine. Now, if you're training AIs or something, that's something else I can't really comment on, but for my purposes, even writing code and compiling on a VM isn't really an issue on modern hardware. (For context, I give my VMs 8GB RAM)
at this point i wouldn't be surprised if Muta is doing the hacking with all of them VM'S that he uses
He’s doing it to spread VM propaganda
@@J25-p3h Propaganda?! Lol
@@J25-p3h 😂
I took Muta's advice in many videos he did ago on his rant to stop using windows and i've switched over to a Linux system and it is impossible to be hacked. You should all do the same...
this was really informative thanks muta.
"Hello guys and gals, it's me Mutahar, and boy oh boy!" is the classic beginning.
I did not even know session tokens existed
Can you have a shortcut for a app inside the vm on desktop. Like office is installed inside the vm but outside there will be a shortcut or smthng so that whenever i open some file it opens inside the vm or a container type of thing
Moist video from Muta! 11/10 -IGN
If you use flatpaks do you have some kind of a sndbox which makes it safer as a normal package. But not everything is in suxh sandboxes
Hey Muda… any reason you didn’t mention Hyper-V Manager?
I like you dude but quit pushing fear as if anybody besides people like Linus or yourself have to really worry about a lot of this. Expecting the average user to use a VM to isolate internet browsing is absurdly out of touch.
On Linux we have SELinux Sandbox, Podman, OCI containers, Flatpak and other tools to sandbox applications
Just wait till AI can do the hacking for hackers
when AI starts hacking on its own its GAME OVER for the telecommunications industry
Its crazy how companies dont have SAT in place for their employees or dont have MSPs.
That's because MSPs cost money, and sometimes MSPs can practice bad security. But linus shouldn't need one, he should know how to practice good security on his own. But really the solution is to train less tech-savy staff, and harden your pcs to limit outside sources.
3:33 might actually get one of those... how do you get them?
Ey Muta, windows also has Hyper-V built in, you just have to enable it, it's pretty easy to set up a VM there, no need for virtualbox or vmware
Man he really wanted to talk about virtual machines
The solutions come in 2 forms:
A. Windows alternatives
B. How to jump through hoops just so you can use Windows safely
Every night before I turn off my computer,I delete my browser history. I then go into my anti virus program and use the shredder option to delete temporary internet files and use the quick clean option, as well as, do a short virus scan.The entire thing is,it only takes one cookie left on your computer to screw you.Just don't give them that crumb. It also helps to turn off your computer every night. This also makes my computer run much faster as a bonus.
When I shut down my PC everything outside of essentials get automatically deleted, they are only stored temporarily until a reboot, nothing can make permanent changes unless I explicitly allow it.
Nothing even knows anything else exists because everything is separated.
@@benign4823 me too, I still boot the deletion programs up mechanically just to make sure. A clean computer is a happy, fast computer.
@@phil4986 Everything is just stored on tmpfs for me outside of some of my user files and core system components, so it all goes bye on shutdown, they never even touch my SSD.
It's nice that someone is out here preaching about how dangerous the internet is. It has never been a safe place and never will be, and pretending it can be is only detrimental.
Bruh Muta is going on fire 🤙🏻🤙🏻🤙🏻
Thanks muta, now i only have 100 viruses on my computer, instead of 1000!
To me it baffle me how easy it is for a hacker to steal your ID token and use it on their own device.
I feel like it shouldn't be that hard for an entity like Google to have a double check when an ID Token is being use at new location with "new" hardware. First, when the same ID Token is being use by a new IP address, check if hardware are the same component. If not then check for the MAC address, if still not match invalidate ALL Session Token on ALL PC.
Would it be that hard to do this?
Im in the IT field. I'm currently working as a field technician and I'm basically ruining my car in the process for low pay. Do you have any recommendations on certifications to get in your expertise?
I had two different suspicious logins occur into my Twitter account yesterday. I changed my password to try and thwart the first threat, but hours later it happened again and I had to change my password a second time. I rarely ever use my Twitter account, and I never even finished my profile, so there isn't much to steal from me.