1 comment

[ 3.3 ms ] story [ 15.4 ms ] thread
So yes, he did a dumb thing and clicked on a malicious file. What's mind boggling to me (and him!) is it appears that the attackers, just by having a copy of his Google session cookie, were able to then impersonate him and change his Google account (and thus YouTube account) two factor and passwords - thus locking him out of his own account.

As he says, how is it possible you can make an authentication change without requiring a two factor challenge/response? Seems like a HUGE gaping hole and hopefully someone from Google will respond or even better fix it!

BTW - if you are into home automation, his channel is awesome. I don't always agree with his conclusions (who does?) but I sure enjoy the heck out of his content and have discovered some great stuff and ideas while being entertained. Not a bad deal.