Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.
posted by NCommander on Wednesday June 03 2020, @09:37PM   Printer-friendly
from the protect-yourself dept.

[Speaking as the de-facto leader of SoylentNews, I know this community is very sensitive to self-promotional "Slashvertising" and similar. Since our inception, we've prided ourselves on listening to our community and taking those views into account. I've walked a bit of a fine line with that with my original content articles both recently and in the past. I do not want to be a rule unto myself so if this post ends up crossing that line, mention it in the comments and we'll take those lessons to heart. Also, we haven't had a community roundtable here at SN in quite a long time, so I'm going to schedule one go to live on Monday.]

[NB: Yes, "original content" articles are welcome here. If anyone is considering it, please try to keep them tech-related and provide supporting links. Also provide contact info (email address) so any issues or questions can be discussed as needed. --martyb]

The simple fact is that in the last few weeks, the world, especially in the United States has become a very different place. Here in New York City, there's been constant protests and escalation between the police and protesters. In an era where drones are being used to track and monitor protesters, digital security is more important more than ever. I want to do my bit on trying to help people keep themselves safe and secure in these times.

Normally, I try not to push self-promotion here, and I've made sure that my recent original content articles are not pushing that line. I mentioned in my last article that I host a weekly hacking show called HACK-ALT-NCOMMANDER, as part of DEFCON 201, the local DEF CON group for the New Jersey area. Usually, I cover some bit of retro-tech, random reverse engineering, and other random and strange things. Not today.

This time, I've decided to cover these topics:

  • email security
  • a quick primer on GnuPG and S/MIME
  • understanding Tor
  • basic OPSEC (using Windows as a base)

I'll also be fielding questions in real-time. If you're interested, please tune in at 8PM Eastern Daylight Time (24:00 UTC) to the DEFCON 201 video streams (see links below). I may also cover aspects of securing systems for IT administrators depending on how chat directs me.

Twitch:https://www.twitch.tv/defcon201live
YouTube:https://www.youtube.com/channel/UCYDQaOHbK5trRU2CDgb0qSg
dLive:https://dlive.tv/defcon201
Invidious [TOR]:http://axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion/channel/UCYDQaOHbK5trRU2CDgb0qSg
Periscope:https://www.twitter.com/defcon201nj

73 de NCommander, hoping that you're all safe

Related Stories

Community Roundtable: Monday, June 8th, 2020 242 comments

As promised, here's the round-table discussion post that I said on Wednesday was coming. We have a long history at SoylentNews of listening and responding to our community; I genuinely hope that never changes. I also recognize that I may have ruffled some feathers in the last few weeks with original content postings so here's the best place to get this all out.

I am mindful of the community's support and goodwill; I don't want to squander any of it. Yes, there are times where my hand may be forced (e.g., DCMA takedowns). Still, I'm always a bit hesitant whenever I post on the main site for anything that isn't site update news or similar. I may be the de facto site leader, but I want my submissions to be treated like anyone else's — I want no favoritism. The editorial team does review my stories and signs off before they go live (unless it's an "emergency" situation such as the last time we blew up the site). However, as the saying goes, the buck stops with me.

SoylentNews accepts original content. I'm also aware that I've probably submitted the most original content so far (See "Previously", below for some examples). I'm grateful for the community's apparent acceptance of my submissions and the positive responses to them. What I don't know is if there is an undercurrent of displeasure with these. Maybe everyone thinks these are all fine. Then again, maybe somebody has an issue with them. Rather than assume anything, let's get it all out in the open.

What I want to cover in this round-table discussion is original content and having images in posts as well as topics such as yesterday's Live Show on Improving Your Security -- Wednesday June 3rd, 2020.

So, contributors and commenters to SoylentNews, get that Reply button hot and let me hear your feedback. As usual, either a member of staff or I will respond to your comments below,

73 de NCommander

Previously:
(2020-06-03) Live Show on Improving Your Security -- Wednesday June 3rd, 2020
(2020-05-24) Retrotech: The Novell NetWare Experience
(2020-05-14) Exploring Windows for Workgroups 3.11 - Early 90s Networking
(2020-05-10) Examining Windows 1.0 HELLO.C - 35 Years of Backwards Compatibility
(2020-05-15) Meta: Having a Chat about SoylentNews' Internet Relay Chat
(2018-10-25) My Time as an ICANN Fellow
(2017-10-09) soylentnews.org experiencing DNSSEC issues
(2017-04-20) Soylentnews.org is Moving to Gentoo...
(2017-04-17) SN Security Updates: CAA, LogJam, HTTP Method Disable, and 3DES
(2017-03-13) Xenix 2.2.3c Restoration: Xrossing The X (Part 4)

YouTube Channel Linus Tech Tips Terminated After It Was Hacked to Show Crypto-Scam Videos 9 comments

https://www.techspot.com/news/98047-youtube-channel-linustechtips-terminated-after-hacked-show-crypto.html

What just happened? Linus Tech Tips, one of the largest and most popular technology YouTube channels on the platform, has been hacked. It was used by the hackers to show pre-recorded 'live-streaming' crypto-scam videos, featuring former Twitter CEO Jack Dorsey and Tesla CEO Elon Musk. The channel is now showing a message stating it has been shut down for violating YouTube's community guidelines, but it appears Linus' other channels are also being abused.

Linus Sebastian's Linus Tech Tips YouTube channel has been running since 2008 and has amassed 15.8 million subscribers. The Canadian has several channels under the Linus Media Group banner, including TechLinked, but the main one remains the most popular. Sadly for all involved, it's become the latest high-profile channel to be hacked.
[...]
YouTube has shuttered the channel for violating its guidelines, but it seems the hackers have now gone after other Linus Media Group accounts. TechLinked has been renamed Tesla and is showing the same Musk livestream.
[...]
While all the content from the channels has been deleted, Linus previously created several videos showing off the high-end hardware used to store the terabytes of backups the company created over the years.

[UPDATE: After taking back control of the channels, he released a video explaining how it all went down by way of a little bit of social engineering resulting in the attacker gaining their browser session token --hubie]

Also:
Linus Tech Tips YouTube Channel Hacked to Promote Crypto Scams
Linus Tech Tips YouTube Channel Is Down After Crypto Scammer Hack
VERGE STUPIDLY MAKES THEIR TITLES IMAGES NOW (Though, it could just be the one article. This is also an article on the Linus Tech Tips YouTube channel hack.)

Related:
Live Show on Improving Your Security -- Wednesday June 3rd, 2020 (NCommander - 2020)
Security Warning For 23 Million YouTube Creators Following 'Massive' Hack Attack (2019)


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Insightful) by DannyB on Wednesday June 03 2020, @09:51PM (9 children)

    by DannyB (5839) Subscriber Badge on Wednesday June 03 2020, @09:51PM (#1002950) Journal

    basic OPSEC (using Windows as a base)

    Why anyone running Windows would care about OPSEC is definitely a mystery worth learning about.

    --
    Santa/Satan maintains a database and does double verification of it.
    • (Score: 5, Insightful) by NCommander on Wednesday June 03 2020, @10:38PM (4 children)

      by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Wednesday June 03 2020, @10:38PM (#1002971) Homepage Journal

      Because most people use Windows, and right now, if I tell someone "Use Tails, install 30+ privacy stuff, etc.", they're not going to bother. If I can get some using protonmail, and switch away from Chrome, it's steps in the right drection.

      --
      Still always moving
      • (Score: 0) by Anonymous Coward on Thursday June 04 2020, @01:08AM

        by Anonymous Coward on Thursday June 04 2020, @01:08AM (#1003005)

        I guess you hang out in different circles than I do. No one uses Windoze there. If I advise someone "Use Tails, install 30+ privacy stuff, etc.", they may not bother, but I couldn't care less.

      • (Score: 0) by Anonymous Coward on Thursday June 04 2020, @01:25AM (2 children)

        by Anonymous Coward on Thursday June 04 2020, @01:25AM (#1003013)

        Exactly. Don't let the perfect be the enemy of the good.

        • (Score: 2) by DannyB on Thursday June 04 2020, @02:22PM (1 child)

          by DannyB (5839) Subscriber Badge on Thursday June 04 2020, @02:22PM (#1003198) Journal

          This message brought to you by the NSA.

          --
          Santa/Satan maintains a database and does double verification of it.
          • (Score: 0) by Anonymous Coward on Thursday June 04 2020, @08:33PM

            by Anonymous Coward on Thursday June 04 2020, @08:33PM (#1003351)

            If that's your attitude, then any steps to secure your systems are futile and shouldn't be taken. After all, it just takes one crack and and your system is fucked. And you'd better believe the bad guys, however you define them, know plenty of cracks.

    • (Score: 0) by Anonymous Coward on Wednesday June 03 2020, @11:09PM (3 children)

      by Anonymous Coward on Wednesday June 03 2020, @11:09PM (#1002976)

      Were you serious or poking fun?

      • (Score: 2) by DannyB on Thursday June 04 2020, @02:24PM (2 children)

        by DannyB (5839) Subscriber Badge on Thursday June 04 2020, @02:24PM (#1003200) Journal

        If you poke fun, does fun not bleed?

        --
        Santa/Satan maintains a database and does double verification of it.
        • (Score: 2) by Freeman on Thursday June 04 2020, @03:01PM (1 child)

          by Freeman (732) on Thursday June 04 2020, @03:01PM (#1003214) Journal

          No, it just deflates.

          --
          Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
          • (Score: 2) by DannyB on Thursday June 04 2020, @03:31PM

            by DannyB (5839) Subscriber Badge on Thursday June 04 2020, @03:31PM (#1003236) Journal

            Sort of like the autopilot.

            --
            Santa/Satan maintains a database and does double verification of it.
  • (Score: 0, Offtopic) by Anonymous Coward on Wednesday June 03 2020, @10:41PM

    by Anonymous Coward on Wednesday June 03 2020, @10:41PM (#1002973)

    In Tijuana, the live shows have donkeys.

  • (Score: 5, Interesting) by richtopia on Wednesday June 03 2020, @10:51PM (4 children)

    by richtopia (3160) on Wednesday June 03 2020, @10:51PM (#1002974) Homepage Journal

    I appreciate your dilemma here. And I'm unsure what to recommend. I think plugging your blog/stream is a promotion of independent journalism, and I appreciate NCommander's post here. However, you could imagine more of a grey story where you promote your blog/stream which is a revenue source. My first reaction to a monetized blog is also acceptable, given the topic is relevant to the audience. Lastly, what if you were promoting a product, like NCommander's pre-configured virtual machines for old operating systems. Assuming that the sales are legit, I still would consider it a grey area, assuming the product is relevant to the SN audience.

    I'm not really proposing answers here, but rather I'm attempting to facilitate some dialogue. Here are some rules of thumb I would provide:
    1. Say no to product placement. Even if it is tech-related, I would keep the precedent as no products. Maybe an exception for non-profit stuff
    2. Permit links to blogs/vlogs. I really like the summary from the SN front page, but for archival purposes it is a good idea to maintain your own blog or post to a site like YouTube
    3. Use seinority/activity as a judgement call. This depends on the editors, but if you are debating if a post is valid, I would say yes to active community members

    Any other opinions?

    • (Score: 3, Interesting) by NCommander on Wednesday June 03 2020, @10:58PM (2 children)

      by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Wednesday June 03 2020, @10:58PM (#1002975) Homepage Journal

      We've (DEFCON 201) raised money for COVID-19 research, but our fundraiser just ended. Speaking from my seat in SoylentNews PBC's board of directors, we bring in subscribers to keep the lights on as best we can but we don't have "promoted content" in the sense that we accept money to run articles. The concept was discussed here a few times and the community overwhelmingly said no.

      We (now speaking from DC201) are just a small hacker group; no one is profiting from this aside from whatever ads are being placed by Twitch/YouTube/etc but we don't see a cent of that.

      --
      Still always moving
      • (Score: 0) by Anonymous Coward on Wednesday June 03 2020, @11:13PM (1 child)

        by Anonymous Coward on Wednesday June 03 2020, @11:13PM (#1002977)

        Can you release a recording of the talk? I can spare a few mins here and there for commentary here but won't be able to watch the full live stream.

        As for promotional stuff, maybe a separate section on SN with a sidebar box "Promotional Journals" or something with a "last updated" date instead of a list of items? Or just like the journal section but below? I think it would be interesting to have a community bazaar.

        • (Score: 4, Informative) by NCommander on Wednesday June 03 2020, @11:16PM

          by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Wednesday June 03 2020, @11:16PM (#1002979) Homepage Journal

          The talk automatically gets exported as a VoD on Twitch and uploaded to the DEFCON 201 YouTube page. It won't be edited. My previous shows usually go for several hours.

          --
          Still always moving
    • (Score: 2) by All Your Lawn Are Belong To Us on Friday June 05 2020, @07:00PM

      by All Your Lawn Are Belong To Us (6553) on Friday June 05 2020, @07:00PM (#1003895) Journal

      Nicely said, especially #3. One can take into account whether it is a long term contributor to discussion versus someone who just registered an account to try and get quick promotion for their ideas and then leave.

      --
      This sig for rent.
  • (Score: 0) by Anonymous Coward on Wednesday June 03 2020, @11:41PM

    by Anonymous Coward on Wednesday June 03 2020, @11:41PM (#1002982)

    some dude once analysed that communication needs (at least) two end points: a sender and a receiver.
    most of the receivers (or was it senders, nevermind?) just won't bother with "security" and just accept what comes out of the box.
    i have tried stuff (tor, pgp, dht, etc.) but, well, it's kindda like "my internets not work - did you connect the phone line to the modem?" or "my printer isn't printing - did you add paper to paper tray?" situation.
    it's cool and all but i got old and don't have much hope anymore(*). i think the last straw that broke the camels back was when i saw news that people were queueing and camping infront of smart phone outlet for version 87 for over 12 hours ... (only to be left "unupgradable" a few years later.
    anyways, good luck and thanks for new info.
    (*) also realizing that lots of people don't like computers and are just "forced" to use it to get work done.

  • (Score: 3, Funny) by Rosco P. Coltrane on Wednesday June 03 2020, @11:42PM (4 children)

    by Rosco P. Coltrane (4757) on Wednesday June 03 2020, @11:42PM (#1002984)

    hosted on Periscope, Youtube, Twitch... all cloud services run by companies hell-bent on invading your privacy and selling your personal information.

    The irony is high with this one.

  • (Score: 0) by Anonymous Coward on Thursday June 04 2020, @02:47AM (1 child)

    by Anonymous Coward on Thursday June 04 2020, @02:47AM (#1003041)

    Just looked at the livestream and will download it later for sure. Nice to see a face to put with a username.
    Dear Canonical, they have lost their way. You must check out the May News on LinuxMint.com - sigh, 20.04 and Snap. Its the Amazon thing all over again. At this point for me we are down to two distros: Mint and Manjaro. Some others may still be viable, but you can count them on one hand.

    • (Score: 2) by Freeman on Thursday June 04 2020, @03:09PM

      by Freeman (732) on Thursday June 04 2020, @03:09PM (#1003220) Journal

      Last I tried MX Linux, it was very usable. Most of my Linux tinkering has involved reviving old laptops and MX Linux fit the bill for the last one.

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
  • (Score: 1, Informative) by Anonymous Coward on Thursday June 04 2020, @06:25AM (1 child)

    by Anonymous Coward on Thursday June 04 2020, @06:25AM (#1003090)

    basic OPSEC (using Windows as a base)

    Get back to us when there's free and open source Windows with reproducible builds.

    Otherwise, it's like pouring perfume on a pig.

    You cannot defend against the unknowns in proprietary code.

    Most people use Windows is not a good excuse or reason.

    • (Score: 2) by Freeman on Thursday June 04 2020, @03:18PM

      by Freeman (732) on Thursday June 04 2020, @03:18PM (#1003226) Journal

      https://reactos.org/ [reactos.org] It's not Windows, but it's an open source implementation, that's being designed to be a drop in replacement.

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
  • (Score: 1, Insightful) by Anonymous Coward on Thursday June 04 2020, @02:35PM (1 child)

    by Anonymous Coward on Thursday June 04 2020, @02:35PM (#1003208)

    The simple fact is that in the last few weeks, the world, especially in the United States has become a very different place.

    The simple fact is that this is not true. In the last few weeks, protests and violence have happened in several large cities. In a vast majority of the United States, nothing in particular has happened. I know it's not PC to say that, but it's the truth. As for the "world", that again really hasn't changed in the last few weeks.

    • (Score: 0) by Anonymous Coward on Monday June 08 2020, @03:15PM

      by Anonymous Coward on Monday June 08 2020, @03:15PM (#1004847)

      I know it's not PC to say that, but it's the truth.

      I keep hearing people talk about the world being a "very different place" over the course of the last few weeks. I'm starting to wonder if they're simply repeating it over and over in hopes that if they do so enough times, it will become true by making so many people believe it (whether or not most of those people who believe it actually hate it).

(1)