Yt DM me. Have to be careful on sponsorship deals. wasn’t some random link. I don’t think im that stupid. I had been negotiating with them on a legit product for a couple days. with a person who is legit in the company they are spoofing. link for talking points that’s what did it

Damn. So the download was a virus, or keylogger? You on Mac or PC? We Mac users like to think we’re immune to stuff like this but probably not…

It was a windows executable disguised as a .scr file, no keylogger needed for this, it was able to pick up the browser cookies from the hard drive. It could have happened on Mac just as easily.

And the browser cookies had the passwords stored in a way that was readable?!

No, the cookies are how the browser is logged in to google. No passwords needed, 2fa doesn't matter. I'm thinking I might need to make a video on this.

That is CRAZY that all you need is the cookies to access any account — especially a google one! So if I just sent you my cookies folder… you’d have access to anything I was logged into?!

💯 There aren't really any other tools browsers can use for this right now. The process of logging in looks like basically: you type your password in google, google gives you back a cookie, your browser makes a request with that cookie and the server knows who it's for.

And the cookie doesn’t verify the machine it’s on? You’d think it’d only work if the MAC address and IP address were a match. This seems so very insecure.

tbh it's like the "security" involved in writing checks, it's best if you don't think too much about it

WOW. You should put that on a Tshirt. “IT Security… it’s best if you don’t think about it”