Edit: I've since realized that no one reads the description. Pls read the description for extra notes/corrections. If you reply to this comment with any corrections I will add it to the description. Original comment: Is the audio quality worse in this video than the last one? Didn't notice with my headphones/speakers, just my phone. Feels like there's too much midrange
Initially I thought the voiceover was ai generated, I think the audio from your last video sounded better. The video is great, but I found the voice a bit distracting.
htis is my first video from you that i've seen, however from first impressions i do believe some EQ work would benefit greatly! :) otherwise i really enjoyed it, sat here and watched it while i played minecraft!!!!
1990's teaching people how to create web servers: - Create SQL database - Create webpage and give it direct access to said database - Expose CRUD logic directly as UI
There were a lot of failure points, here, but the fact that they didn't guard against SQL injection is inexcusable. This company that handles credit card data is less secure than my student project that let you report celebrity sightings.
You are missing the fact that nowadays even basic software is protected vs SQL injection, but 2008 were completly different times. Now cybersecurity is lot more important and the software is way more robust. Still there will always be a way, but no so straightforward
Fair enough. I didn't start programming seriously until 2013. Even today, though, I still see people use raw SQL execs with unsanitized user input, bypassing the built-in protections. Not everybody knows to use prepared statements. Important for senior devs to check what the juniors are doing.
@@DonaldSubert I would argue that 99% of SQL injections issues nowadays are due to senior devs ignoring current industry practices and not because of junior devs. Most ORMs nowadays (and I say most because I'm sure there is at least kne popular ORM I've never used that contradicts my point) are extremely cautious towards not allowing SQL injections. Problem is senior devs trying to "bypass" utilizing the ORMs and directly writing SQL, mostly because it may just be quicker to them. Some are also the classical kind of crazy tech guy "I know better than the tooling!!!!". Then, they write complex queries where they miss this one spot which allows insecure inputs or simply leave the code for a junior to go "monkey sees, monkey does". This is especially relevant in the shitty Java environment dominated by abominable dinosaurs that still believe in Oracle BS usage of stored procedures
It is just sql but does two good things. 1. Can use specific kind of db and sql to full extent of posibilites and go with maximum efficiency and clearly mantian proper logic state of database and proper use of transactions (in very short time spans) 2. Keeps one source of truth, promoting DRY i and KISS in some sense and creates level of abstraction and sepearation of concerns. Develoler more specialzed in SQL can focus clearly on his job and other developers don't bothered by SQL internals. Drawnacks are that this specialization is needed, also tempting tendency to move bisness logic to SP, when this happen project becomes very hard to move to other database technology.
Number 0: Don't build your SQL by concatenating data and code. SQL has supported placeholders since...um...forever. (Back in the days before dynamic SQL, statements had to be compiled and installed together with the programs. Building them dynamically wasn't even an option.) Using string operations to form SQL commands is simply inexcusable. (And it also is wasteful. The server can cache the access plans for commands with placeholders, but if you concat in the data, you're sending a completely different command every time.)
I like how companies show off their fancy security features when some parts of their system rely on software that was written by cavemen on walls in prehistoric times
Kinda like how the IRS still uses (at least in virtualized form) IBM mainframe systems from around the time of the Kennedy Administration. Things like that are why there are still jobs in writing COBOL.
SQL injection is the software equivalent of breaking a lock by hitting it with a hammer. Which is to say, the fact that it works as often as it does (i.e. at all) is extremely alarming.
I was relatively new in the payments industry when this occurred. Now over 15 years on this has been a great trip down memory lane with a well articulated story line. You’ve got a new subscriber.
I use SQL Sprocs and Shell via Task Scheduler to automate all kinds of stuff. Files land in a network folder, task scheduler behaves like a cron and fires a shell script every x minutes. Shell scans dir for files, finds them, bundles data into JSON, sends via REST to endpoint, etc. It works well in some very specific scenarios, most of the time you get cockblocked by airlocker or solarwinds
I don't usually post comments on youtube. But your video is of extremely high quality. Very comprehensive and well thought out. As soon as a question popped out in my brain you would immediately answer it right after. Good job, sir.
I was watching one of your other videos and the failure analysis presented here is just as good as what the UCSB does on their investigations and recommendations. Great video, and good job!
This doesn't surprise me. I work with HPS and I often scratch my head and wonder why they haven't moved on from the 70s and 80s yet. I've worked at plenty of financial institutions, so I know they are usually resistant to change, but come on. I think being 40 years behind in technology is probably a little bit too far. Their systems and especially their modes of integration are so antiquated. Our company is moving on from them as fast as we can unwind our existing financial agreements, but they are being sunset quickly. We have had nothing but problems with them.
Because the only way to make a computer unhackable is to keep it off the internet. And even that sometimes isn't enough. There's still that one Janet Jackson song that destroys hard drives
Stock for Heartland Payment systems didn't suffer much, and in 2015 they were sold to Global Payments Inc which has almost doubled from the sale price. Proving there's money in payment system software, as Mastercard and Visa can also attest.
I work in cyber security and have for over 10 years. This was a great video! I worked in the PCI for a huge portion of my career and dealt with quite a few of these types of attacks.
These videos are so so good. Super well explained., you're able to keep it simple while still explaining more complicated parts like NTLM authentication
From having read the specs of the payment processing systems back when debit cards were becoming a thing, I discovered that the "end to end" encryption was not really end to end. What happens if that at each hop your data is decrypted, possibly operated on and then re-encrypted. A payment processor would have to be able to decrypt the data in order to do their jobs.
All you need to do to prevent sql injection is to bind your input variables and not build the query by appending strings. The developers are really ignorant if they allow this.
Extended Stored Procedures run (or at least ran) on the database engine memory space. A badly done one could corrupt the database. No responsible company would use them not only because of the hackers, but because there was no need, they were dangerous and much more complex to write. Only by reading the documentation of MS SQL Server you were strongly discouraged to use them. They did that to themselves...
This was a SQL Server 2000 database. Back then, SQL Server did not have many of the admin tools that it has today. XP procs were used to perform many of those tasks. For example to set permissions or change a password.
@@alexaneals8194 Worse yet. But I used SQL server before 2000 when it was yet based on Sybase and both had he grant command. It was inexcusable then as it is inexcusable now. If I earned 2 bucks every time someone said "It can't be done without a cursor" or "It can't be done without an XP" I would be rich now.
A sequel is a continuation in a series, not a database querying language, the later would be pronounced "S-Q-L". This a my cozy hill and I will die on it.
6:31 One thing that could have happened during the development of this system: project manager: “What’s taking you so long?” Dev: “Christ, this pyramid of privileges, it’s so complicated.” Project manager: “Just use the sysadmin account for everything and move on!”
Using NoSQL or SQL frameworks that prevent SQL injections is not just a trend, but a highly recommended practice in modern web development. These frameworks provide an extra layer of security and help safeguard sensitive data from malicious attacks. It's crucial for developers to prioritize implementing these frameworks to ensure the integrity and safety of their websites. Stay secure, everyone!. 😁
Lmao how does Nosql prevent an sqli attack? Do you realize sql os still used to interrogate an sql db? An what the fuck even is a SQL framework lmao, i think you are referring to something like JPA that handles sql queries for you.
Cool video, but the initial description about how Amazon works is most probably wrong. You don't usually implement search (especially not Amazon) as a full text search over a table in a relational database. What companies usually do is to use technologies like Apache Solr, Lucene or Elasticsearch, for instance they could use a cronjob to periodically update an Elasticsearch index using data taken from the actual database.
I am a software developer with 15 years experience, few things are not OK with this company 1. Every developer learned SQL injection at college 2. Database doesn't store a password but it stores an encrypted string of the password, so any command will go through encryption logic with a salt, so if a user types ' or 1 = 1 ' that will be encrypted say to 'xmfkfkfkfjfjfjfjdjdjdjd' 3. On a login screen you only throw a message that says invalid password, everything goes through a try and catch, an app should not display a sensitive data to the end user as the enduser wont be able to fix the issue, but the only error that should be displayed to the end user is the data validation error. 4. The account that runs the web portal should have a limited access, it should not perform any admin tasks.
I have been really enjoying your vids with two small exceptions. As a criticism, I don’t believe comedy is your strong suit. Nor are the voiceovers. They detract from what is otherwise some very well done research and story telling. Keep up the good work.
It's crazy how places that are allowed to store your data at all, let alone do it badly. Companies that store any amount of data beyond what is required should just be shut down entirely at this point, either that or the owner of the company should be forced to give every single bit of their personal information (including passwords) up to everyone affected, seeing how they love to store other peoples sensitive information and all :p
"Dll files are files that contain code, usually C++" Eh? No? DLL files are compiled into machine code just like an executable, except it doesn't have an executable header and no entry point. It's a library of machine code that can be addressed by function names being resolved into offsets and code length. At least as far as Windows goes. There's also DLL's that contain IL (Intermediate Language) code that runs in a virtual machine of sorts, which allows C# or other IL languages to run through a JIT (Just In Time) compiler. The point here though is that in neither case is there any high level code in any DLL and what sets them apart is what part of the system handles the execution of said code. Be it machine code (processor instructions) or IL. (interpreted instructions) DLL's can also, just like any executable, contain resources and data.
Amazon uses DynamoDB for its product catalog which is a NoSQL database, however, you may be able to query it like that. I'm not super familiar with DynamoDB queries compared to SQL.
Seeing videos like this always makes me wonder: all that time and energy that the hackers have invested, couldn’t they have invested it in a normal job? I mean, it sounds very difficult and they were never sure it was ever going to pay off. In fact, some of them landed in prison.
okay, but the one recommendation i don't see is "don't run ancient garbage, especially if it's developed by microsoft". also known as "properly maintain your systems".
I understood almost none of this, but for some reason the first step strikes me as similar to what happens to when you can get infinite items of choice from stardew valley by renaming your character a special line
"Why would you want to run shell commands in your SQL client? Well, use cases generally involve wiping the entire server- I mean..." 😂 that is so randomly funny
There's so much in this fantastic 13 minute video to comment on (MORE EXPLOSIONS PLZ), but let's focus on a few things people haven't mentioned yet. First, nice Doug DeMuro reference at 2:37. Second, I think there's a whole video worth devoting to the grey area that companies like Trustwave (5:40) operate in. While independent auditors like Trustwave exist, who audits the auditors? How can we, the people, create an authentication or certification course/levels/tree that gives people and businesses confidence that the proclaimed proficiency is met? And what happens when these auditors give a passing grade to organizations whose current setup is woefully insecure by vague industry standards?
I completely agree with this take, I think replacement of software engineers definitionally doesn't make sense, I believe it requires a very specific, and very unlucky form of intelligence to arise and plateau for such a situation to exist. I think there are 3 situations and ways ai can ultimately impact software engineering. 1) Remains at current form, no higher level form of intuition, or understanding. A chatbot is likely comparable to a young child at the moment, maybe 4-5, years of age, and so their reasoning abilities are poor, this results in AI being a less accurate but more comprehensive Google, This increases productivity, and likely increases the demand for programers as we are able to develop more complex code, fulfilling more peoples needs. As software engineers made their jobs easier, there just seems to be more code to write, more programers necessary to write software. The advent of cloud, or garbage collectors all made our jobs easier, and its hard to argue that such advancements created less jobs.
Edit: I've since realized that no one reads the description. Pls read the description for extra notes/corrections. If you reply to this comment with any corrections I will add it to the description.
Original comment:
Is the audio quality worse in this video than the last one? Didn't notice with my headphones/speakers, just my phone. Feels like there's too much midrange
Sounds good. Btw great content, you're like @chubbyemu version of tech.This channel will blow up
On my phone it sounds a bit midrange heavy too, and maybe could use some more compression?
Initially I thought the voiceover was ai generated, I think the audio from your last video sounded better. The video is great, but I found the voice a bit distracting.
Yes, it was worse imo.
htis is my first video from you that i've seen, however from first impressions i do believe some EQ work would benefit greatly! :) otherwise i really enjoyed it, sat here and watched it while i played minecraft!!!!
1990's teaching people how to create web servers:
- Create SQL database
- Create webpage and give it direct access to said database
- Expose CRUD logic directly as UI
Sadly that's still common today..
Managers: *laugh in minimal viable product*
.
.
.
.
Managers: *Pikachu surprised face*
There were a lot of failure points, here, but the fact that they didn't guard against SQL injection is inexcusable. This company that handles credit card data is less secure than my student project that let you report celebrity sightings.
You are missing the fact that nowadays even basic software is protected vs SQL injection, but 2008 were completly different times. Now cybersecurity is lot more important and the software is way more robust. Still there will always be a way, but no so straightforward
@@Teeeh4723 Funnily, if we go back in time another 15 years, we're now looking at a time when protection against SQL injection was the norm.
Fair enough. I didn't start programming seriously until 2013. Even today, though, I still see people use raw SQL execs with unsanitized user input, bypassing the built-in protections. Not everybody knows to use prepared statements. Important for senior devs to check what the juniors are doing.
@@DonaldSubert I would argue that 99% of SQL injections issues nowadays are due to senior devs ignoring current industry practices and not because of junior devs. Most ORMs nowadays (and I say most because I'm sure there is at least kne popular ORM I've never used that contradicts my point) are extremely cautious towards not allowing SQL injections. Problem is senior devs trying to "bypass" utilizing the ORMs and directly writing SQL, mostly because it may just be quicker to them. Some are also the classical kind of crazy tech guy "I know better than the tooling!!!!". Then, they write complex queries where they miss this one spot which allows insecure inputs or simply leave the code for a junior to go "monkey sees, monkey does".
This is especially relevant in the shitty Java environment dominated by abominable dinosaurs that still believe in Oracle BS usage of stored procedures
@@HenryLoenwind Yet it's still a top 10 vulnerability lol
"Recommendation: use passwords" had me do a double take
As a former T-SQL dev who wrote many stored procs, I can confirm that it is indeed just SQL with a fancy hat.
lmao
it really is a nice hat though
It is just sql but does two good things.
1. Can use specific kind of db and sql to full extent of posibilites and go with maximum efficiency and clearly mantian proper logic state of database and proper use of transactions (in very short time spans)
2. Keeps one source of truth, promoting DRY i and KISS in some sense and creates level of abstraction and sepearation of concerns.
Develoler more specialzed in SQL can focus clearly on his job and other developers don't bothered by SQL internals.
Drawnacks are that this specialization is needed, also tempting tendency to move bisness logic to SP, when this happen project becomes very hard to move to other database technology.
Meanwhile on Oracle DB, PL/SQL is basically a dialect of Ada that took some Duolingo courses on SQL.
@@D0Sampif you don’t like setting money on fire MySQL and Spring Boot can basically be turned into poor man’s oracle with much more 💪
This video is insanely good and for such a small channel. This channel is going to skyrocket.
thank you, random user, for predicting the future
I just subscribed to this channel and realized that this channel only got 22k subscriber. The content for such a small channel is great.
you jinxed it
Nah I fell asleep
Hopefully invest in Russian accent training 😂.
Quite hilarious that a company working with sensitive data didn't prepare for the most basic of attacks - SQL injection
Cheap, inexperienced staff to cut costs. Project managers with unrealistic scheduling expectations (guesswork).
What could possibly go wrong.
It wasn't very much of a exploit, they took months to get a admin user and just brute forced the passsord.
You can find a lot of modern websites which are still vulnerable to SQL Injection.
Was SQL injection around before then? Was it taught in schools?
@@OppieT30 I'm pretty sure SQL injection isn't taught in schools now either
Number 0: Don't build your SQL by concatenating data and code. SQL has supported placeholders since...um...forever. (Back in the days before dynamic SQL, statements had to be compiled and installed together with the programs. Building them dynamically wasn't even an option.) Using string operations to form SQL commands is simply inexcusable.
(And it also is wasteful. The server can cache the access plans for commands with placeholders, but if you concat in the data, you're sending a completely different command every time.)
What I like is not just that the video is great but you provide sources and clarifications in the description. Love to see it!
"And windows will continue to support it until the heat death of the universe" gotta love microsoft
why progress with technology when you can be stuck thirty years in the past for some shmuck who doesnt want to change instead 😎
As of June 2024, NTLM is finally deprecated.
I like how companies show off their fancy security features when some parts of their system rely on software that was written by cavemen on walls in prehistoric times
Sometimes that cavemen code will be better than modern one though. Really depends on the exact code
@@jan-lukas Once I attempted to rewrite the 1986 SML business logic in F#. Once.
@@sycration LOL!
Kinda like how the IRS still uses (at least in virtualized form) IBM mainframe systems from around the time of the Kennedy Administration. Things like that are why there are still jobs in writing COBOL.
SQL injection is the software equivalent of breaking a lock by hitting it with a hammer. Which is to say, the fact that it works as often as it does (i.e. at all) is extremely alarming.
I was relatively new in the payments industry when this occurred. Now over 15 years on this has been a great trip down memory lane with a well articulated story line. You’ve got a new subscriber.
this is super informative and funny at the same time. Absolutely love it
I use SQL Sprocs and Shell via Task Scheduler to automate all kinds of stuff.
Files land in a network folder, task scheduler behaves like a cron and fires a shell script every x minutes.
Shell scans dir for files, finds them, bundles data into JSON, sends via REST to endpoint, etc.
It works well in some very specific scenarios, most of the time you get cockblocked by airlocker or solarwinds
And rightly so. Your "cockblocking" is in response to a massive security hole you've just opened up with sloppy coding because you know no better.
I don't usually post comments on youtube.
But your video is of extremely high quality. Very comprehensive and well thought out.
As soon as a question popped out in my brain you would immediately answer it right after.
Good job, sir.
Love your style, rhythm, content -- everything!! Please keep posting videos like these!!
I was watching one of your other videos and the failure analysis presented here is just as good as what the UCSB does on their investigations and recommendations.
Great video, and good job!
you're such a high value subscription for me, I love your content. you make normally dry technical stuff interesting and comical. never change mate.
Thanks for adding actual captions for the Deaf
This doesn't surprise me. I work with HPS and I often scratch my head and wonder why they haven't moved on from the 70s and 80s yet. I've worked at plenty of financial institutions, so I know they are usually resistant to change, but come on. I think being 40 years behind in technology is probably a little bit too far. Their systems and especially their modes of integration are so antiquated. Our company is moving on from them as fast as we can unwind our existing financial agreements, but they are being sunset quickly. We have had nothing but problems with them.
Because the only way to make a computer unhackable is to keep it off the internet. And even that sometimes isn't enough. There's still that one Janet Jackson song that destroys hard drives
Stock for Heartland Payment systems didn't suffer much, and in 2015 they were sold to Global Payments Inc which has almost doubled from the sale price. Proving there's money in payment system software, as Mastercard and Visa can also attest.
i love this chanel. it has alot of humor, and my favorite, -human suffering- i mean explosions
I work in cyber security and have for over 10 years. This was a great video! I worked in the PCI for a huge portion of my career and dealt with quite a few of these types of attacks.
Very cool video and I love all the hidden references. It's been a while since I've seen hunter2, and I wonder how many other ones I've missed.
The easy-to-follow explanations, visualizations and humor in this video are awesome!
Even today some developers (mostly from frontend background) still use string concatenation in SQL queries
I'd say "most".
These videos are so so good. Super well explained., you're able to keep it simple while still explaining more complicated parts like NTLM authentication
love your editing style and the way you break down the complex stuff , awesome video
From having read the specs of the payment processing systems back when debit cards were becoming a thing, I discovered that the "end to end" encryption was not really end to end. What happens if that at each hop your data is decrypted, possibly operated on and then re-encrypted. A payment processor would have to be able to decrypt the data in order to do their jobs.
How are you videos so good, yet you only have 17k subs? This shit is god-tier levels of content, I'm not even a coder but this stuff is gripping.
Holy shit this was 8hrs ago and he had 17k? 19.1k now
I wish the example you gave for SQL was THAT simple. Amazon uses hundreds of microservices to process their requests and rely mostly on DynamoDB
God this channel is sick, I loved the editing at 9:07 Made me giggle way more than it should have 🤣
what a gem of a channel, cya in a year with over a million subs
The Nuke API graphic had me rolling lmfaoo redis into k8s then to a nuclear missile
All you need to do to prevent sql injection is to bind your input variables and not build the query by appending strings. The developers are really ignorant if they allow this.
Extended Stored Procedures run (or at least ran) on the database engine memory space. A badly done one could corrupt the database. No responsible company would use them not only because of the hackers, but because there was no need, they were dangerous and much more complex to write.
Only by reading the documentation of MS SQL Server you were strongly discouraged to use them.
They did that to themselves...
This was a SQL Server 2000 database. Back then, SQL Server did not have many of the admin tools that it has today. XP procs were used to perform many of those tasks. For example to set permissions or change a password.
@@alexaneals8194 Worse yet. But I used SQL server before 2000 when it was yet based on Sybase and both had he grant command. It was inexcusable then as it is inexcusable now. If I earned 2 bucks every time someone said "It can't be done without a cursor" or "It can't be done without an XP" I would be rich now.
The animation is as good as the information provided! And the information here is 💯
The more I learn while studying computer science degree, the funnier these videos become
A sequel is a continuation in a series, not a database querying language, the later would be pronounced "S-Q-L". This a my cozy hill and I will die on it.
People who call it sequel never read a good book about SQL. Usually the first chapter is about this topic and the origin of SEQUEL. Which is not SQL.
It's pronounced "SQUEEL"
Much like the SQL star wars movies
Your videos are funny and educational both at the same time! I like the insiders too. Very awesome!!
I love the editing of this video, from the explosions to the video game and anime references. Good job. 👍
6:31 One thing that could have happened during the development of this system: project manager: “What’s taking you so long?” Dev: “Christ, this pyramid of privileges, it’s so complicated.” Project manager: “Just use the sysadmin account for everything and move on!”
Using NoSQL or SQL frameworks that prevent SQL injections is not just a trend, but a highly recommended practice in modern web development. These frameworks provide an extra layer of security and help safeguard sensitive data from malicious attacks. It's crucial for developers to prioritize implementing these frameworks to ensure the integrity and safety of their websites. Stay secure, everyone!. 😁
Lmao how does Nosql prevent an sqli attack?
Do you realize sql os still used to interrogate an sql db?
An what the fuck even is a SQL framework lmao, i think you are referring to something like JPA that handles sql queries for you.
I think you are refering to a part of a larger dev. Framework which prevents SQL Injections. These exist and are highly recomended.
Discovered your channel like an hour ago and I'm already addicted your videos rule so hard
Wow the production quality of this video is so high. Nice work!! Great video.
Cool video, but the initial description about how Amazon works is most probably wrong. You don't usually implement search (especially not Amazon) as a full text search over a table in a relational database. What companies usually do is to use technologies like Apache Solr, Lucene or Elasticsearch, for instance they could use a cronjob to periodically update an Elasticsearch index using data taken from the actual database.
It was just an example using a well-known website, not meant to be taken seriously
@@therealjib yeah I know, I just wanted to point that out because some people might get the wrong ideas on how complex search functionalities work.
Discovered your channel yesterday via the Cloudbleed video. Loving the content!
I am a software developer with 15 years experience, few things are not OK with this company
1. Every developer learned SQL injection at college
2. Database doesn't store a password but it stores an encrypted string of the password, so any command will go through encryption logic with a salt, so if a user types ' or 1 = 1 ' that will be encrypted say to 'xmfkfkfkfjfjfjfjdjdjdjd'
3. On a login screen you only throw a message that says invalid password, everything goes through a try and catch, an app should not display a sensitive data to the end user as the enduser wont be able to fix the issue, but the only error that should be displayed to the end user is the data validation error.
4. The account that runs the web portal should have a limited access, it should not perform any admin tasks.
I only know a little SQL but I feel like I learned so much from this video!
Please keep doing these videos, they're great!
Dlls don't contain c++ code, they contain native assembly
Correct. makes you question what else he doesn't understand.
I think he meant native code written using C++
@@williamdrum9899 yeah maybe, seems he could've just added "machine code which was usually written in c++"
Great video! I felt like I was watching a spy movie the whole time!
This was great! Dangerously close to being a cyber security beat poem.
2:48 i was distracted while this was playing on my headphones and i thought something happened when i heard you read off the list
Great explanation of everything, this video deserves a hell of a lot more views
This was an excellent video. Your explanations were succinct and informative. Thanks!
This video was very well paced
The eXPlosions were just perfect 😂
wow, I'm really impressed by the quality of this video. Great job! You've earned a sub :)
I have been really enjoying your vids with two small exceptions. As a criticism, I don’t believe comedy is your strong suit. Nor are the voiceovers. They detract from what is otherwise some very well done research and story telling.
Keep up the good work.
It's crazy how places that are allowed to store your data at all, let alone do it badly. Companies that store any amount of data beyond what is required should just be shut down entirely at this point, either that or the owner of the company should be forced to give every single bit of their personal information (including passwords) up to everyone affected, seeing how they love to store other peoples sensitive information and all :p
I like how the hacker schedule at 0:41 only includes showering once a week 😂
Your vids are fascinating! Amazing work
man I am loving this channel
"Dll files are files that contain code, usually C++"
Eh? No?
DLL files are compiled into machine code just like an executable, except it doesn't have an executable header and no entry point.
It's a library of machine code that can be addressed by function names being resolved into offsets and code length. At least as far as Windows goes.
There's also DLL's that contain IL (Intermediate Language) code that runs in a virtual machine of sorts, which allows C# or other IL languages to run through a JIT (Just In Time) compiler.
The point here though is that in neither case is there any high level code in any DLL and what sets them apart is what part of the system handles the execution of said code. Be it machine code (processor instructions) or IL. (interpreted instructions)
DLL's can also, just like any executable, contain resources and data.
ayo do you still play Space Engineers?
I love the editing style
Absolutely great video. Thanks Kevin!
Such a well-made, executed, and entertaining video! Kudos from me!
Loving this content!
Amazon uses DynamoDB for its product catalog which is a NoSQL database, however, you may be able to query it like that. I'm not super familiar with DynamoDB queries compared to SQL.
nah
This is fantastic video, keep up the good stuff!
Seeing videos like this always makes me wonder: all that time and energy that the hackers have invested, couldn’t they have invested it in a normal job? I mean, it sounds very difficult and they were never sure it was ever going to pay off. In fact, some of them landed in prison.
They can and likely do have normal jobs
okay, but the one recommendation i don't see is "don't run ancient garbage, especially if it's developed by microsoft". also known as "properly maintain your systems".
Bro your videos are freaking hilarious
I understood almost none of this, but for some reason the first step strikes me as similar to what happens to when you can get infinite items of choice from stardew valley by renaming your character a special line
don't mind me, just laterally hopping between meatballs and Lamborghini endpoints
Holy cow. Love these videos!!! Please more
That was crazy awesome! Thank you, author!
10:30 is all you need to see to realize what an amazing channel this is
Fantastic content and coverage man.
+1 subscriber 😀
"Why would you want to run shell commands in your SQL client? Well, use cases generally involve wiping the entire server- I mean..." 😂 that is so randomly funny
I love that things randomly explode sometimes
I wonder how many such hacks go unnoticed right now at this moment. We only hear about the ones that get caught.
There's hundreds out there, mostly from crap software vendors who hire cheap, inexperienced low knowledge developers.
Great job on this video
Love this Channel!!
Do not ever build SQL queries by string concatenation. Use a prepared statement or use parameters ALWAYS!
Yes, it is a ridiculous recommendation to escape single quotes. Parameters are the way to go.
That's what you get for using microsoft products instead of open source solutions
Loving these vids
How did a security firm deem them compliant when they were using such outdated tech?
Cries in COBOL
I subbed haha made me laugh many times and was very informative and interesting
Great video. Keep up the good work
The amount of explosions in this video is impressive
There's so much in this fantastic 13 minute video to comment on (MORE EXPLOSIONS PLZ), but let's focus on a few things people haven't mentioned yet.
First, nice Doug DeMuro reference at 2:37.
Second, I think there's a whole video worth devoting to the grey area that companies like Trustwave (5:40) operate in. While independent auditors like Trustwave exist, who audits the auditors? How can we, the people, create an authentication or certification course/levels/tree that gives people and businesses confidence that the proclaimed proficiency is met? And what happens when these auditors give a passing grade to organizations whose current setup is woefully insecure by vague industry standards?
As a fancy hat🎩, I can confirm that TSQL is just a regular SQL.
The once a week shower fucking floored me
I completely agree with this take, I think replacement of software engineers definitionally doesn't make sense, I believe it requires a very specific, and very unlucky form of intelligence to arise and plateau for such a situation to exist. I think there are 3 situations and ways ai can ultimately impact software engineering.
1) Remains at current form, no higher level form of intuition, or understanding. A chatbot is likely comparable to a young child at the moment, maybe 4-5, years of age, and so their reasoning abilities are poor, this results in AI being a less accurate but more comprehensive Google, This increases productivity, and likely increases the demand for programers as we are able to develop more complex code, fulfilling more peoples needs. As software engineers made their jobs easier, there just seems to be more code to write, more programers necessary to write software. The advent of cloud, or garbage collectors all made our jobs easier, and its hard to argue that such advancements created less jobs.
12:00 did he say "use passwords"!? Who the hell wasn't using passwords?
LMAO ur videos r fires n love the references esp the one at 10:04 LFMAOAO
Keep up the good content!