On Sun, 20 Sep 2020 17:46:14 +0000 coderman <coderman@protonmail.com> wrote:
more common than attacking 2nd factor is session riding or browser jacking, using the existing auth token exfiltrated. you're then "the target" and can do as you please (until session expires).
ah yes, I overlooked that possibility. But even if you hijack a session, wouldn't the system still re-check that you have access to your phone before allowing you to change all your passwords? It seems to me that it should? (but prolly doesn't because it's too 'inconvenient' for the user?)
if you can attack over wifi or LAN, this is almost always easiest.
He's talked to jewtube and he might get the account back.
they can identify this behavior as "anomalous". if they want to help or not, good luck...
yeah we were expecting youtube to close the channel at any moment (they did delete a few videos), so the 'hacking' may turn out to be a convenient excuse. I guess it's wait and see now.
So at face value this was an ordinary hack, but it seems it's also possible that, say, the argie government got the channel closed by indirect means.
the oldest tricks still the best tricks. if you can jack session and achieve ends, without exotic exploits or extraordinary access, all the better!
yeah good point. His PC doesn't run a hardened linux or anything like that...
*he had at least one video with +1 million visits and tens of videos with 100-200k views.
sounds like a target :)
best regards,