Comment by wepple

2 months ago

> Threat actors buy vulnerabilities that fit into existing business processes

Selling crazy stories to the media is as old as time.

This vuln would give you a lookup table from email->YT

SELECT * FROM table WHERE email LIKE “%.gov”

6 comments

wepple

And? So what. You can spam them?

Come on.

wepple 2 months ago
You don’t think there are folks with content they’d very much not like to be directly associated with them? Comments, videos, likes, etc
- nickelpro 2 months ago
  
  There's no existing black market of criminals extorting politicians and celebrities over Youtube comments (also how you go from an email address to an identity is itself iffy).
  You are imagining a potential market, the exploits are priced against markets that are real and pay out today. Security researchers aren't traveling salesmen going around to every shady character on the internet and pitching them on the potential of a new criminal enterprise.
- UncleMeat 2 months ago
  
  And so what's going to happen? Are there blackmailing rings that are in active need of ways of tying youtube comments to work accounts that are paying out the nose?
  
  1 reply →
alt227 2 months ago

Or spear-phish, with a high degree of accuracy knowing the target.