I used GPT and Home Assistant to Fight Back.

Подписаться 14 тыс.

Просмотров 15 тыс.

50% 1

😱 Ever had your account HACKED? Well I have and i'm not taking it sitting down! In this video where I share my story and reveal how Home Assistant is helping me take charge again. This won't happen twice.
#Cybersecurity #HomeAssistant #DigitalSecurity #HackedFacebook #TechSolutions #OnlineSafety #FightBackAgainstHackers
Enjoying the content? Feel free to Buy Me Coffee
bmc.link/mmontaque
Music
Boo! By Dresden, The Flamingo - TDXIQHJZTCDKPXDR
Kyoto by Lunareh - BVXELRWCCO5SPDUT
Saved by the Tell by Sam Barsh - R9EO0EKNYPNPIMMR
Take It Outside by Dr. Delight - 3YFMEGSSE5BPTPD5
Edited with Gling AI: bit.ly/46bGeYv
Gear I used for this video
- Sony A7S iii: www.amazon.com/Sony-Mirrorles...
- Aputure Light Dome: www.amazon.com/gp/product/B08...
- Aputure Amaran 200X S: www.amazon.com/gp/product/B0B...
- Neewer Heavy Duty Light Stand: www.amazon.com/gp/product/B08...
- Sony a6300: www.amazon.com/Sony-Alpha-a63...
- 18-105 Lens: www.amazon.com/Sony-SELP18105...
DISCLAIMER: Links included in this description might be affiliate links. If you purchase a product or service with the links that I provide I may receive a small commission. There is no additional charge to you! Thank you for supporting me so I can continue to provide you with dope free content!

Наука

Опубликовано:

5 дек 2023

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 134

@devinhedge 7 месяцев назад

Your production is really pulling me in. GREAT JOB!

@technithusiast 7 месяцев назад

I appreciate the encouragement and I’m glad you like it!

@Matthewwwwwwwwwwwww 7 месяцев назад

Hey, that’s me! Thanks for the mention. I realized after posting my comment there wasn’t really anything actionable as an automation but too late for me to make a ton of changes and additions without a ton of edits. The “disavow” link is a great idea and I’m going to raise a feature request for my company to add it to our application. Thank you for elevating that comment

@technithusiast 7 месяцев назад

No, Thank you for contributing to the conversation! It really help create and spread new ideas. 🙌🏾

@MacDork 4 месяца назад

that upset partner anxiety is all too relatable 😂😂😂

@technithusiast 4 месяца назад

that feeling lingers over all our backs 😛

@jann_marx 7 месяцев назад

Im loving your content, its inspiring me to get back into HA and playing with/rejuvenating my automations.

@technithusiast 7 месяцев назад

Thanks and now is the time! Idk when the last time you tinkered with it but they have been pumping out interesting features this year.

@stevea6131 7 месяцев назад

The problem with logging out all the systems everywhere is that when the original owner tries to prove that they own the account they often can't. This is because the attackers change the details - emails, date of birth, address etc. Thus when you try to quote data from the account it no longer matches what is stored. Some vendors record the old data, but many do not. Therefore, the phone in your hand maybe the only way for you to access the account, see the changed details and to be able to understand what has happened so you can fight back. Good video tho, and I like the though process you go through. Finally, if you hade MFA on your account, that issue would have not occurred.

@technithusiast 7 месяцев назад

Your right as that’s what happened to me in the video. hackers typically change to data on the account to make it difficult for the owner to reclaim it. That’s why I like the disavow link idea. The first email a user typically gets is usually along the lines of “someone logged in from (insert foreign location)”. Depending on how aggressive you want your automation, the moment the email is received the automation would trigger the link. The hacker would need to be very fast to switch enough information to prevent access.

@waynenocton 7 месяцев назад

Production value great as always, and I haven’t seen a video of yours I didn’t hit like on so far, doesn’t seem likely to change!

@technithusiast 7 месяцев назад

Thank you and I’m glad these videos hit different for you 😁 I’m always grateful for the support!

@TobyDIOK 6 месяцев назад

Im not sure why you dont have more subscribers because you deserve them. Awesome content bro. If i were to give you one suggestion it would be to maybe consider using node-red dark theme since the light theme sometimes really breaks the emerssion in the videos. especially when watching them in a dark room. More than. once i had to adjust brightness on tv or phone because of it! Otherwise keep up the great work!

@technithusiast 6 месяцев назад

I’m glad you like the videos and thank you for the suggestion! I never considered changing the theme and I think that would help both the viewing experience as well as my editing! 🙌🏾🙌🏾

@FutureProofHomes 7 месяцев назад

Great vid! Production quality is awesome too. Keep doing you! One optimization that might work though - consider using Gmail’s filtering capabilities to automatically label emails that are from:”fb” AND not: “friend requests”…. THEN point your HA IMAP integration to only that Gmail label/directory and process THOSE emails via GPT to find positives. Perhaps this will decrease your CPU & GPT costs?

@technithusiast 7 месяцев назад

Thank you and That’s a great idea! I explored filtering it but then I encountered a trade off. I have a lot of different online accounts so much so, that it’s not scalable for me to filter for them all. Any one of the those accounts could get hacked so I wanted a wide net which is what I ended with but to your point, if there are specific accounts that I care about only then filtering is definitely something I would do. Thanks for the input!

@FutureProofHomes 7 месяцев назад

@@technithusiast totally makes sense if you’re targeting multiple social accounts. Cheers man! Good topic for vid!

@tmnt9001 7 месяцев назад

Nice job mixing both approaches. I was already tipping the comment suggesting that before I reached that part of the video. 😅

@technithusiast 7 месяцев назад

Lololol great minds….

@NunoSoares22 7 месяцев назад

U got some great skills man. Lov your content and how you communicate!

@technithusiast 7 месяцев назад

I appreciate it and and I’m glad your feeling my vids 😁

@DLWertz 7 месяцев назад

Great video! I really like how you went through your thought process of building this.

@InmortalMe 7 месяцев назад

The only RU-vidr I am subscribed to! Great work man! Keep it up!

@technithusiast 7 месяцев назад

I appreciate the sub! Thank you!

@mfrantz932 7 месяцев назад

I really like your content and enjoy watching. Would you consider either going into more depth or adding a link to you page so we could see how you did all the things you do with more detail? Keep up the good work.

@technithusiast 7 месяцев назад

I’m glad you enjoy the content! Keep checking back. Im planning a deep dive series where I’ll go into detail for a lot of these automations.

@CyrisCloete 7 месяцев назад

Just discovered this channel and what a gold mine. Loving it. Got lots of videos to catch up on.

@technithusiast 7 месяцев назад

Welcome aboard! Just a warning, my earlier content is a bit cringy so if you wanna end on a high you should start form back to front 😬

@CyrisCloete 7 месяцев назад

@@technithusiast I made one video then gave up, so anything is better than mine 😆 Looking forward to it.

@technithusiast 7 месяцев назад

@@CyrisCloete Lolol Happy Watching!

@sdfhjklhsfdjdsflhkds 7 месяцев назад

HA has critical notifications - who knew? Great video (as always) but I truly did learn something new. Possibly something to add to my Actionable Notification subflow. Thanks!

@technithusiast 7 месяцев назад

I’m glad you not only enjoyed the video but that I was able to provide some new information! Lemme know who your updated automation turn out 😁

@manukalias 7 месяцев назад

❤ Came across your video for the 1st time but it's impressive and will make me subscribe 👍🏻 For any such critical event triggered and confirmed by a condition, I would have gone aggressive on Home Assistant though, Like flashing lights, Ringing doorbell, making weird notification sounds at Google Home Mini and Alexa, alerting all devices with HA installed to wake me up ASAP. A confirmed critical issue should have all authority to make you very very uncomfortable in that sweet sweet Nap. My 220v door bell alerts does something similar, 3 active mobile users get to know instantly, And if only 1 members are at home and not active in last 10+ minutes, You can guess what a mess I've automated to at least check the CCTV if not answering the door 😅😅

@technithusiast 7 месяцев назад

I’m glad you enjoyed this video!l and thank you for the sub!!

@quentinwolf 7 месяцев назад

Fantastic idea and great video as always! Mind if I ask which Node/Flow you're using for the "Ask GPT" node?

@greglastname1545 7 месяцев назад

I never click links in emails that claim a security concern. I always to go the site directly to find details. A fake security email is one of the phisher tools.

@technithusiast 7 месяцев назад

Ooooo fair point and great callout! Since home assistant runs in a separate machine or environment (like docker or VM) would it pose the same risk to activate the link on your behalf?

@greglastname1545 7 месяцев назад

@@technithusiast It seems like that would be less risky, especially if HA didn't actually do anything with the page's HTML returned by following the link. However, I'm not sure I would want an automation to click links on my behalf in a security email. What if it's the "Yes, that was me" link or the "Unsubscribe" link?

@technithusiast 7 месяцев назад

@@greglastname1545 “activate link on your behalf” was bit of an ambiguous phrase. Automations have the beast user experience when they ask you what you want to do as opposed to automatically doing an action so the automation would still flag the email and ask. And since IMAP returns the email as a plain text (including the links) it can always specify what it’s clicking: “I see an email from indicating a security concern. Should I press the ? But I agree with you. These can possess their own security problem and could be exploited if hackers knew

@stefan39289 7 месяцев назад

How do you handle scam-emails that pretend that your account has been hacked? This would also trigger some false positives I assume? And probably analysing the email metadata for common scam/spam patterns would be quite an overhead…?

@esfsmartien4684 7 месяцев назад

You can use the dmarc record in the header to detect that the envelope is authentic. The result is a true or false based on accumulation of spf, dkim and domain. The better solution would be to just activate multifactor authentication on the Facebook account, but hey....this keeps the author busy. 😅

@thngzys 7 месяцев назад

I would also check the email's SSL certs, just so that those scammy emails automatically do not quality.

@missdee212 7 месяцев назад

How about having it read the email headers? You can go/do something to your account and open the email the site sends and view the headers then you can Put exactly the email address they send from. To make it more editable make things where you can update those email addresses or add.

@dirkwilken8664 7 месяцев назад

Great vid. Sorry for your account being compromised. Always enable MFA/2FA on your email/socials.

@MichaelArthur4eva 7 месяцев назад

Doesn't matter for Facebook, there is no 2FA verification when changing phone and email, let alone any verification at all. Facebook just straight up doesn't care.

@technithusiast 7 месяцев назад

Glad you enjoyed the vid 😁

@ericapelz260 7 месяцев назад

I wear my Samsung smartwatch at night for sleep tracking in Sleep as Android. I suspect Home Assistant could send a silent notification to it. I already use vibrate for my alarm, so I am used to waking up to it.

@technithusiast 7 месяцев назад

Sooo true! I never thought of triggering smart watches. If you try it let me know how it works out 😁

@jeremybraband6567 7 месяцев назад

In addition to that 'Lockdown' or disavow link you mention toward the end, I have long wanted services to have an account setting that prevents the account's email from being changed without first verifying a MFA token. It's not perfect, but at least puts another roadblock in the hacker's path. Heck, all critical account setting changes could require verification through email or MFA token! Don't even get me started on my bank that only offers SMS verification for MFA. Not a small bank either.

@technithusiast 7 месяцев назад

So true. Even though MFA can be annoying at times it’s better to be safe than stolen!

@the_smart_home_maker 7 месяцев назад

Great video as usual! 👍🏻👍🏻👍🏻

@technithusiast 7 месяцев назад

Thank you I appreciate the encouragement!

@MichaelArthur4eva 7 месяцев назад

The fact is Facebook doesn't give a shit if your account gets compromised. I've had friends accounts compromised and Facebooks recovery process once they've changed your email and phone is impossible to recover the account especially if the old email address is no longer in service (email previous to the one they've changed). No one to contact, no way of verifying the account. The fact someone used an existing session to access your account (correction in this case it was compromised password) that was geo-located elsewhere, its clear to Facebook that its been compromised. sessions should be geo-locked, email and phone details should require password and email verification to change (which they don't on Facebook).

@technithusiast 7 месяцев назад

Yeah… it was a very difficult process to get my account back. I ran into the very same problem you described: no one to contact, their verification process doesn’t work, and in my case, some of their “safeguards” was exploited against me since the hackers also changed my FB named to a deceased actor.

@jeepdog5 7 месяцев назад

Nice vid! keep the content coming!

@technithusiast 7 месяцев назад

Glad you enjoy and will do! 👌🏾

@SlackerLabs 7 месяцев назад

Man, Awesome content sir!

@technithusiast 7 месяцев назад

Thank you! I really appreciate it! I’ve seen a lot of your content and know you’ve been in the space for a minute so it’s cool knowing you enjoy it 😁

@simonsayshomeassistant 7 месяцев назад

You have such a great sense of humor mate!

@technithusiast 7 месяцев назад

I appreciate it!

@Brendan945 7 месяцев назад

Such a cool concept. Love it.

@technithusiast 7 месяцев назад

Thanks I’m glad you enjoyed!

@itzKal 7 месяцев назад

Were they able to bypass 2FA, or was it not enabled in the first place?

@technithusiast 7 месяцев назад

Sadly it wasn’t enable :/ I had my Fb account since I was in highschool when FB was created and when security practices were simple pinky-promises. I haven’t been in there in years so I guess it was a matter of time. 😪

@Kruszcontrol 7 месяцев назад

2:10 that's the look of a man who means business.

@traskth 7 месяцев назад

You just got yourself a like, sir I watch HA youtubers to get ideas for my own smart home. Until now, i didnt know an IMAP integration existed. Now, i plan on implementing something similar

@technithusiast 7 месяцев назад

Great! Then I count this video as successful! Do you know what you want to build?

@traskth 7 месяцев назад

@@technithusiast similar to yours, though i dont use node red or chatGPT, And adding server breaches to the list of screened words.

@technithusiast 7 месяцев назад

The concept I present is flexible and so you can definitely do it without GPT and NodeRed. It’s exciting to see how others make the idea their own 😁

@danight 7 месяцев назад

I have been in your shoes. Got facebook hacked, email attempted, even my mobile number was about to be stolen. I really like your idea. Any chance to get access to the code as I have home assistant as well, and would like to try this out (not as tech savvy to build it from scratch up unfortunately... )

@technithusiast 7 месяцев назад

Sorry to hear you got hacked too. It’s not a great feeling. The good thing is you don’t need GPT to do this automation and i you should be able to do it via Home Assistants native automation GUI

@ha_tinkerer1191 7 месяцев назад

Hi. Love the videos and differentiated content! Would you please share the regex code or provide a pastebin for the NR flow? Or, maintain a GitHub? Thanks!

@MrPecky 7 месяцев назад

Lockdown link is a great idea, as long as it did 2FA. I’d like to see a “standard” text to make it easy to filter on, like AUTH.ISSUE buried in the body.

@BGraves 7 месяцев назад

I feel like you could use a feature in your email that could mail another email to yourself with a much more straightforward title to reduce the complexity

@technithusiast 7 месяцев назад

Thanks for the suggestion! If I understood correctly, with that approach we wouldn’t need GPT and would need to use the filtering rules similar to option 1?

@BGraves 7 месяцев назад

@@technithusiast yeah, but it would have to be a feature of your email provider or if you self Hosted, your email server software

@BGraves 7 месяцев назад

@@technithusiast I think it's a creative second line of defense but I think you would be better served by using randomly generated passwords, a trusted password manager, and 2 factor authentication everywhere. Your solution seems more like goalkeeping than tackling the root issue. Your Facebook account was compromised because of your bad security discipline, not Facebook. 2FA would have prevented this

@transatlant1c 7 месяцев назад

And I’m sure you enabled MFA on your account now too right? :)

@technithusiast 7 месяцев назад

I like living life on Hard. Even made my password 12345 😂

@technithusiast 7 месяцев назад

On a serious note Thanks for the concern! I got it locked up tight now :)

@TheRealAnthony_real 7 месяцев назад

Well .. your automations will only work if the provider understands someone tries to hack your account .. First rule when you access anyone else's account you don't change passwords ;) which means the provider won't know .. and this can get even more complicated ..

@technithusiast 7 месяцев назад

True. If the provider doesn’t know you’re being hacked then this won’t work but then that would b a bigger problem because if the provider doesn’t know you’re being have then I seriously doubt the individual would know either 🤔

@i_am_not_a_pro_but_lets_try 7 месяцев назад

damn, that is a great idea - now to set it up for myself - a year late, but never mind :D

@technithusiast 7 месяцев назад

It’s never too late to try and it’s pretty simple And flexible too!

@i_am_not_a_pro_but_lets_try 7 месяцев назад

@@technithusiast I can see it will be flexible, and have a few ideas about some WLED strips and alerts, but I'm having trouble getting it to fire when the emails arrive - I think i'm too tired, so will need to look at it when I've had some sleep.

@samuraiintellectual 7 месяцев назад

How did you get hacked, reused password, poor quality password, etc?

@technithusiast 7 месяцев назад

My guess is that a separate site had their user account information leaked and the hackers went around trying username and password in other big named sites. I haven’t been on FB in years so it wasn’t updated or have 2FA

@supernova8962 7 месяцев назад

Wait a minute....I guess you wasn't prepare....you should see Linus Tech and Phil Hibbert ....We upgrade our security afterwards.

@GregoriusAM 7 месяцев назад

I enjoy your videos but I can’t watch them for more than a minute or so with the loud music while you are talking. Please consider no music while you are taking. Thanks. 😊

@technithusiast 7 месяцев назад

Quick question: do you listen with or without headphones?

@GregoriusAM 7 месяцев назад

I listen on a calibrated 5.1 speaker home theatre.

@technithusiast 7 месяцев назад

@@GregoriusAM oooo I’ve just been using cheap headphones 😛

@GregoriusAM 7 месяцев назад

Yeah. Makes a huge difference. I even have the bass turned down. Great editing by you. Just the music is quite loud. I’d love it if you didn’t have the music when you are talking and giving great information. 😊

@-Mark_Hamill 7 месяцев назад

Where is the Buy Me Coffee link?

@technithusiast 7 месяцев назад

Lolol in the description, the end credits and now this comment 😬 www.buymeacoffee.com/mmontaque

@luixmod1 7 месяцев назад

GPT is internet base? you said you want to stay local.

@technithusiast 7 месяцев назад

Yeah the ideal case would be to have a completely local llm but I conceded that was not possible at the moment so I’m sticking with GPT

@luixmod1 7 месяцев назад

@@technithusiast do you know some git project to have gpt local? good job with the video. I like your style ;)

@technithusiast 7 месяцев назад

@@luixmod1 thanks! There are a few projects that boast a great local LLM but I prefer GPT since their improvements are rapid and stable. But there will come a point when the local version will reach parity with what I need and I wouldn’t mind forking the project and trying it out.

@mtnsolutions 7 месяцев назад

Bet you didn’t know you were my hero

@technithusiast 7 месяцев назад

😮. I guess it’s true not all heroes wear capes 💪🏾

@Hamish_A 7 месяцев назад

Or put 2fa in place and sleep soundly through the night.

@technithusiast 7 месяцев назад

Lol that goes without saying. However not every site gives that option ( it’s 21st century and you’d think this would be standard practice). Also I had Facebook (along with a lot of other sites before 2FA was a thing) but I haven’t been on it in years there is feasibly no way for me to know which of these archaic sites are still vulnerable that I have a membership with. An automation like this is simple a guard dog that helps you watch the dark spots of this type of scenario

@andersonimes1892 6 месяцев назад

I'm hoping Facebook enables Passkeys in 2024.

@Thiniking 7 месяцев назад

Not sure why you don't have more subs. It's excellent balance between method, information and content.

@technithusiast 7 месяцев назад

Thanks and I’m Not sure either. I’m sure others will come and find this content soon 😁

@repairman2be250 7 месяцев назад

This feels like watching a music video - voice and sound at same level. Not Good.

@MrBriansaunders 7 месяцев назад

I didn't have this issue when watching.

@technithusiast 7 месяцев назад

Interesting. Curious, do you listen with or without headphones?

@repairman2be250 7 месяцев назад

@@technithusiast without.

@wildekek 7 месяцев назад

Stop saying "i was hacked" and educate people to use a password manager and 2fa. This is like adding a water sensor to Home Assistant because you have a leaking roof.

@technithusiast 7 месяцев назад

I was legitimately hacked my guy and I see where you’re coming from. But I am curious, what did you expect to see when you saw the title of this video? I thought it was straightforward and on-brand for my channel’s niche but your comment seems… passionate.

@kinggubbydesigns545 6 месяцев назад

😂😂

@DrakeStardragon 7 месяцев назад

smh.. let me know how this works out for you.. when you get hacked again. And a better way to not have your FB account hacked is not use the garbage that is FB. You get what you ask for.

@technithusiast 7 месяцев назад

Lemme know when you build an unhackable social media site and I’ll use it 😬

@DrakeStardragon 7 месяцев назад

That's it? That's all you got? It's not really that hard. You just have to put security over profit. But why do that when there are people that will use your broken product. You. Get. What. You. Ask. For.@@technithusiast

@technithusiast 7 месяцев назад

I wish it was that simple. You seem like a person who likes to challenge and I imagine a person with technical skills and your level of tenacity would be able to find a way to exploit anything. As long as a human makes something, it will be flawed. So I say let people use Facebook or whatever sketchy site they want as long as they understand the risk.

@DrakeStardragon 7 месяцев назад

Hey, people wanna support the pos person that is Zuckerburg, that does everything he can to exploit people and their data, you care so little about yourself and others that you will promote that, go for it. Again. You get what you deserve@@technithusiast

@technithusiast 7 месяцев назад

Agree to disagree 🤷🏾‍♂️