LTT YouTube hacked!

[SpyderTracks]

If the session cookie only worked on the browser it was created for, and was hashed as such, it would never have been able to be used to login anywhere else anyway. With all of this stuff I would go to the root cause. The root cause is that the session cookie was duplicated.

From here there are a chain of events, any break in the chain would potentially stop the event from happening. I think that shows that there are many shortcomings still in internet/browser security. I'm not surprised by any of that and I was aware of just about every step in the chain. The one thing that I didn't realise is that any cookie can be opened from any system anywhere as long as you are using the same browser (you can likely even use a different browser). I thought session cookies were more secure, but I guess they just store the session code/identification unhashed..... rather than being secure.

If the session cookie was hashed and linked to the browser that created it to generate the hash, this would never have happened.
If the server recognised or took action from a session being created in one location and then accessed from a different location, this would never have happened.
If the platform requested confirmation of credentials for notable requests/actions, this would never have happened.

All 3 areas should be patched. My point is that I wasn't actually aware of the first. The latter 2 have always been about simplicity and ease of access, different for typical end users though compared to businesses. There should be additional checks for higher profile accounts regardless.

It's not even that difficult from a security perspective, hash to the browser that's hashed to the specific systems UEFI block.

That would surely be as bulletproof as UEFI which let's face it is the best security we currently know on hardware?

 

[AgentCooper]

I hand on heart didn't realise you could clone a browser history and use it without any sort of difficulty.

Me neither! Someone will be in for a shock if they clone my browser history 😶

 

[Scott]

It's not even that difficult from a security perspective, hash to the browser that's hashed to the specific systems UEFI block.

That would surely be as bulletproof as UEFI which let's face it is the best security we currently know on hardware?

Exactly, and this is why I cannot believe that it's not employed. The fact that it's not, why does Chrome not just share the entire biscuit tin across the different platforms using an account repository? If it did, I wouldn't have been so obtuse to this use and would be less surprised. It doesn't make any sense to me. You can share your passwords across the account using the login so it would stand to reason that you could share the sessions too, it's no less secure after all

Me neither! Someone will be in for a shock if they clone my browser history 😶

To be honest I don't think anyone would be in for a shock

 

[Martinr36]

Me neither! Someone will be in for a shock if they clone my browser history 😶

Does Mrs C know..................

 

[SpyderTracks]

Me neither! Someone will be in for a shock if they clone my browser history 😶

Is it just a long list of Barbie histories and needlepoint? That would shock me.

If it were John Wick style meanderings down the dark web I'd be more comfortable 😂

 

[AgentCooper]

To be honest I don't think anyone would be in for a shock

Does Mrs C know..................

Is it just a long list of Barbie histories and needlepoint? That would shock me.

If it were John Wick style meanderings down the dark web I'd be more comfortable 😂

What can I say, I’m a medical man, I have to research anatomy.

FYI, don’t ever do a Google image search for Fournier’s gangrene. That’s stuff you can’t unsee.

 

[HomerJ]

FYI, don’t ever do a Google image search for Fournier’s gangrene.

i took the bait,




ahhhhhhhhahahahahhahahahahahhahahadeargodkillitwithfireahhhhhhhhhhaaaaaaaaaaaaah


as I said nothing to worry about

 

[AccidentalDenz]

FYI, don’t ever do a Google image search for Fournier’s gangrene.

Fine. I will absolutely not do that.

 

[HomerJ]

Fine. I will absolutely not do that.

you can,

just be prepared to NEVER SLEEP EVER AGAIN

 

[SpyderTracks]

I do really like these guys, even though they're quite biased some times

 

[HomerJ]

I do really like these guys, even though they're quite biased some times

lol, they parodied the film office space printer smash scene

 

[SpyderTracks]

lol, they parodied the film office space printer smash scene

Family Guy did it as well

Apparently the Office Space sketch was based on a scene in Casino where Joe Pesci is made to witness a friends battering in a cornfield. I won't link it as it's rather graphic.

 

[HomerJ]

Family Guy did it as well

Apparently the Office Space sketch was based on a scene in Casino where Jo Pesci is made to witness a friends battering in a cornfield. I won't link it as it's rather graphic.

a parody of a parody of a parody

this parody has more layers than nesting dolls