It was a windows executable disguised as a .scr file, no ... • Aaron Parecki

Photo - “Wear a damn mask” - Joseph https://twitter.com/photojoseph • Sep 10
Damn. So the download was a virus, or keylogger? You on Mac or PC? We Mac users like to think we’re immune to stuff like this but probably not…

It was a windows executable disguised as a .scr file, no keylogger needed for this, it was able to pick up the browser cookies from the hard drive. It could have happened on Mac just as easily.

Portland, Oregon • 68°F

Thu, Sep 10, 2020 7:07am -07:00

1 like 11 replies
- Photo - “Wear a damn mask” - Joseph
Have you written a response to this? Let me know the URL:
- Aaron Parecki twitter.com/aaronpk
  
  I just might do that haha. The shirt i'm wearing today says "I find your lack of security disturbing"
  
  Thu, Sep 10, 2020 3:57pm +00:00 (via brid-gy.appspot.com)
- Photo - “Wear a damn mask” - Joseph twitter.com/photojoseph
  
  WOW. You should put that on a Tshirt. “IT Security… it’s best if you don’t think about it”
  
  Thu, Sep 10, 2020 2:52pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki twitter.com/aaronpk
  
  tbh it's like the "security" involved in writing checks, it's best if you don't think too much about it
  
  Thu, Sep 10, 2020 2:35pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki twitter.com/aaronpk
  
  The browser doesn't have access to the MAC. Google *could* (and probably is) checking the IP address, but it's all heuristics because your IP address may change at any time, e.g. cell phones have very unstable IPs, hop in a plane and land with an IP from another country, etc.
  
  Thu, Sep 10, 2020 2:34pm +00:00 (via brid-gy.appspot.com)
- Photo - “Wear a damn mask” - Joseph twitter.com/photojoseph
  
  And the cookie doesn’t verify the machine it’s on? You’d think it’d only work if the MAC address and IP address were a match. This seems so very insecure.
  
  Thu, Sep 10, 2020 2:31pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki twitter.com/aaronpk
  
  💯 There aren't really any other tools browsers can use for this right now. The process of logging in looks like basically: you type your password in google, google gives you back a cookie, your browser makes a request with that cookie and the server knows who it's for.
  
  Thu, Sep 10, 2020 2:25pm +00:00 (via brid-gy.appspot.com)
- Photo - “Wear a damn mask” - Joseph twitter.com/photojoseph
  
  That is CRAZY that all you need is the cookies to access any account — especially a google one! So if I just sent you my cookies folder… you’d have access to anything I was logged into?!
  
  Thu, Sep 10, 2020 2:22pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki twitter.com/aaronpk
  
  Interestingly that doesn't even matter for this since it wasn't the "normal" phishing style attack. Don't open files you download is the only safe thing, or open them on a machine that isn't logged in to anything. That obvs isn't practical, so it's a lot harder in practice.
  
  Thu, Sep 10, 2020 2:15pm +00:00 (via brid-gy.appspot.com)
- Gary twitter.com/every_daydad
  
  So would have two separate email accounts help? One solely for the YouTube channel, and one for business in case of a malignant file?
  
  Thu, Sep 10, 2020 2:13pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki twitter.com/aaronpk
  
  No, the cookies are how the browser is logged in to google. No passwords needed, 2fa doesn't matter. I'm thinking I might need to make a video on this.
  
  Thu, Sep 10, 2020 2:09pm +00:00 (via brid-gy.appspot.com)
- Photo - “Wear a damn mask” - Joseph twitter.com/photojoseph
  
  And the browser cookies had the passwords stored in a way that was readable?!
  
  Thu, Sep 10, 2020 2:08pm +00:00 (via brid-gy.appspot.com)

Posted in /replies using indigenous.abode.pub/ios