Damn Jonathan was a really good dude. As most of us were distracted with our social media and games, guys like him would use their time to fix these kind of problems on their own time. RIP brother.
Condolences to Jonathan's family how very sad. What a great thing he has done, he will be missed. Jack how fortunate you had a chance to interview him and share this with us. Thanks again for such a good pod cast.
I have only just started dabbing in website creation and building - this episode is a life saver - as much as I want everything as secure as possible it is a maze out there on how... This has given me a lot to think about thank you. Moral of the story - Be careful what extras you add to your websites if you did not write the code yourself.
I have been yelling about this problem since facebook started pushing React.js.. Eventually linking a website to some code that the developer didn't make could very easily lead to all kinds of exploits.. The thing thing now is attacking API's and it for this exact reason.. Nobody read the code.. They where rushed to create a over stylised generic product because of the bean counters and cyber security professionals win again..
Jack, this kind of story telling is amazing. I’ve listened to hours of your videos, your cadence is similar to Ira Glass, the editing like “Serial” or “This American Life”, only better :). So engaging, more interesting to me as the subjects are in my line of work.
Sad to hear Jonathan Passed away, especially at just 29. It's also sad to see the the company he worked for was bought by microsoft. You can not trust microsoft as far as you can throw them.
true. otherwise they would have closed those holes that allow links / attachments opened in AN email to start executing software. That fact alone is scandalous, and even worse is the way that is possible, namely without the computer's user / owner even being aware, without him getting informed, without it even being visible to him, let alone with him agreeing on it. and the fact they have never addressed that so serious problem (easily THE very most serious threat a pc user faces) and have not plugged that gaping hole in... how long? 40+ years? is the most absolute proof of the fact you cannot trust that company
Thank you for creating this video... I had to cancel/close like 3-4 debit cards between Aug and Oct of this year, and this explains so much since I was also purchasing stuff from NewEgg around that time. I had wondered how the hell my card data kept getting stolen.
I burnt that many ,but across 3 years one was both party's fault , actually all 3 shop LC- not telling me they use a different name to use on your monthly payments and didn't specify to my bank aswell and me the bank didn't know about this and encourage me to a new card, second was a call received by faimily member in another state calling him with threats of fraud or non payment medical bill like from 10 years ago for 3-5 k $ from some lawyer he said it was legit addy number business etc and prompt me to self investigation it turned out it was from an injury I got where an ex roommate set up a broke beer bottle in the pathway to garbage dumpster and woke me that trash was on way to hurry and empty it so I did barefooted and it went to the bone! Well didn't go to hospital till years after it messed me up badly where I could only walk on it for a few hours then never so I went to a clinic ,they gave me Tylenol X-ray my foot and found nothing they had said it could be high crystal form from my diet what ever that was it wasn't I'm sure it hit a tendon that should had been stitched and tore it took years to heal while forced to work but I had a girl I trusted pay two thousand to pay off this nurse/ Dr I'm sure I could have fought it but I had it and paid so I don't have faimily getting messed with and me but this let her in opposite of country I met online tempted and had 100$ set up on prepaid card she said it was an accident haha so I let her keep it after dogging the shlt our her and burnt it up chopped it up for her lawyer fee! Then a friend in my town begged me to use my cc to use to talk to his girlfriend in jail and to set up food bank for a set price we both agreed on but he screen shot my cc and put another 100$ that we didn't agree on-:🔥🔥🔥then a ex clan mate of mine did one via messenger through a shared video / picture some how it had all my Google and personal data on It so I immediately deleted it from our clan chat but 120$ was missing and it was through Google books in his state the books put himself guilty in my eyes when he talked about reading and books as would an ex librarian 😂🔥🔥🔥🔥
Bruh, I was totally floored at the ending 😢 your content is amazing and I love the editing. I can always tell how much care and attention goes into the editing of these videos. Such an amazing job like & Subscribed.
A subtle habit I've formed is placing my fingers over every key whenever using a credit card reader. Using thermal cameras, criminals can see the keys pressed and with heat dissipating, the order.
Why not just hold your hand over the keys for another 20 seconds? Or wipe your hand over the whole terminal afterwards? How prevalent do you think this even is? Bruh
Those sites that load scripts from other places can EASILY be fixed by using checksums! The HTML script tag has an attribute called "integrity" which you can set to a certain string containing the hash and some metadata about the hash (I think it's like the format of the hash or something) and the script won't run if the checksum fails. You'd need to set up bundling n stuff in a specific way to make this work with your own JS, but for libraries and other stuff that's usually gonna be constant, it's as easy as pasting the URL into this online tool and copying over the integrity into your HTML.
@@JWSmythe You can always update the hash... That's the whole point. You can't control the script's host but you can control the hash that you use to check it, and if you want to update, you just have 1 extra step. (usually the big libraries will give you the integrity attribute in their "copy this into your HTML" sections)
What do you know about the Cult of the Dead Cow, and their malware "Back Orifice" from the early 2000's - Is there a DarkNet Diaries story there? I remember when this infection was very widespread, compromised systems everywhere
Jack, I heard that microdosing LSD is pretty prevalent amongst programmers at tech companies. I think it would make for an awesome episode if you did a story on it
@olUwUlo True enough, but it's bigger than that. Nutropics going strong, & nothing can stop the benefits of psychedelics forever. Matter of time, but instead of bringing us closer to nature, tolerance increases as you need it to self medicate daily for productivity. But the border open & cities losing their police, the war on drugs is really becoming absurd. Sounds like our moral compass as a flailing culture, just my 2c.
@olUwUlo Didn't make any claims as to their usefulness, just said people are constantly being driven to "make graph go up - all else be damned." So yeah, all the things will be used. Psychedelics I will make the claim are beneficial on many levels. My cynacism was towards replacing a very ancient experience that is only finally getting some of the attention it deserves. I imagine microdosing would be better than SSRIs altogether, but again, tolerance creep is a problem. Very cynical on the entire pharma side having had a lot of unfortunate decisions made at a young age, the past 3 yrs in particular (wasn't science, that is clear). 3-5 meds are pulled Yearly from these companies for a myriad of reasons. Hence the swipe at make graph go up, microdose all the employees thing. Def better than untested nu stuff, speed, etc. Modafinil is prob the king productivity wise, but Idk if I buy the lack of addiction potential they claim. (Coffee equivalent has been made.) If so, far better than amphetamine salts, etc w/ 1/200 developing early onset schizophrenia. Ironically, benzos right there w/ early dementia/alzheimers, but even that doesn't explain all the %+. Corruption, lack of accountability, (immunity), junk "science", pop control/eugenic agenda, crazy time. Think we're in agreement here mostly. Cheers.
@@Whisper-yb2uu like sorts of nana mosquito bots that has face recognition and ability to extract /implant DNA and other nefarious concoctions? As a year of silicon valley had the first ones was when Bill G🌉s volunteer 3-4 million into labs to " come up with a fix " to stop/ end the " malaria caused death" occuring in Florida!?? Only months prior feds issued " warning on DNA genealogy test" turned a future for any from " third party" attacks to use to kill u and or faimily members????
I honestly love your content. I’ve been itching to get into IT and computer sciences in general and your page popped up on my home page and its gotta be a sign. Thanks for your work dude! It’s much appreciated❤❤❤
My personal intranet page, my website, and another website I maintain are completely hand coded by me in pure html. They are functional pages with no frills but the only thing I have to worry about is keeping up my self hosted web servers. I do use Cloudflare. I like this model for those pages because they don't update frequently. I can ignore them accept for some automated checks and an occasional visit.
@@Premier-Media-Group Cloudflare DNS and Google email(grandfathered plan). I will probably be switching most of my email accounts away from Google in favor of something more customizable. I plan to create an mail server that works primarily as a receive gateway. Sending mail is more difficult the receiving mail due to spam prevention measures IMHO.
I love your podcast and videos & often listen to them as I am sleeping or cleaning. Your voice is super relaxing! I find this content so interesting as I’ve always had an interest in computing and cybersecurity. Thanks Jack ☺️
Edit: (RUclips won’t let me edit my original comment): I just finished the podcast. So saddened to hear Jonathan passed away 😞😔 what an interesting life he had and he was a fountain of knowledge. It’s so sad his life was cut so short. He helped save people from becoming victims and looked out for them. I hope he is no longer in pain and is with the Lord in Heaven
Technically they can only emboss the number onto a blank credit card, because even if you have card information you cannot just program into magstripe because of the discretionary data that comes after card information so banks will deny any swiped transactions without that data..
I am sad to hear that Jonathan past away I would have liked to have listened to much more of his knowledge and wisdom he sounds like a whole world library, he's was fantastic sadly this is the first time I have met his late acquaintance would have loved to have been his student.👍.
If using wordpress and a store - do you think it might be worth putting the payment pages on a seperate website so that they are seperated as much as possible and then you could have hardly any add ons there - as far as I know on wordpress - all the addons are on every page no matter what - i could be mistaken about that obv
Interesting . Why do I get the idea that most of this issue is from Magento themes that have been injected with malicious code? Example a web developer from company installs theme onto his companies e-commerce website . Unbeknownst to him/her … that theme has some malicious code.
I work at a CTI in Brazil for some banks, we are not only scraping websites, but also whatsapp, telegram, discord and IRC groups, we search for leaked credit cards and credentials, we also look for phishing websites for those banks and copyright infringements.
Thats why i block every script, inspect it by hand before i let it run in my browser, have an addon checking it against know threats and also analyze general behavior against known malicious behavior, block every new in or out connection with a software firewall that i have to approve by hand and can double check domain certificates, have my own DNS server running with block lists and alerts when i would connect to a changed or new routed domain, have my hardware firewall do a deep packet inspection, and use a one time use only generated credit card on a bank account that holds as little as possible….. to then buy toilet paper on amazon 😮💨
:3 Florida reports on a lot of news, whereas many states don't, I've heard. I was born and raised in infamous Miami, FL, USA, and thankfully I don't live in any of those three places anymore. Lol
This is so interesting I don't think that I will become a hacker but it does gi me a quiet a lot of information to help me guide myself around the internet a bit more safely sort of , I say that because I know that new technology arrives everyday making all this obsolete. Thanks so much for sharing this information ❤
I don't know how people don't realize buying gift cards with illicit credit card info, doesn't obscure anything. The gift card has a unique number on it, that identifies each individual card. The number on the gift card is an account number. When you buy the card and load it with money, the money is transferred from the credit card account to the gift card account. Gift cards aren't anonymous. There's a digital record of where the funds came from. Not only from the bank that processed the transaction, but at the store that made the sale also. Anyone who thinks they can't track a stolen credit card number to a gift card is an idiot.
@Jack Rysider. Should we all stop shopping online with our credit cards? The Chinese CCP is being given carte Blanche by our “wonderful “ government controllers. Shouldn’t we at least use our credit cards minimally online?? Pls respond.
Did the fake credit cards bear the real owner names, or those of the criminals making the purchase? Were they allowed to make these purchases without ID? I once tried to use my sister's Gap store credit card (with her permission), and the cashier asked for ID said I could only use if I had a letter from her (which would have been easy to forge).
Am I the only one that finds it strange that every time someone does work like this they always tend to die mysteriously. I mean he said he was 27 right has anyone tested his water for POP's
Most concerning is the GDPR profits while affected citizens see no benefit for their trouble. And Jonathan is proof that only the good die young. Tragic loss for good!
CSP headers are a hot mess, and asking devs to work around them is nearly impossible; better tooling needs to be built around that, as its asking way to much for small teams.
i use csp headers but also only allow my website to not only work if loaded directly from my web address but also only if loaded through cloud flare, so there is no way to skim data of my websites, you cant even know which backend framework its using
I did not know they hacked the S3 buckets... Interesting. Firefox is your friend. Use no script where you can. Look at what scripts are running especially third party scripts. Don't run them if you dont' need them. If you notice a weird URL look it up. Stay safe.
why do they register new domains and stuff they can just use discord server or some other public server, to store the data and download from there they can just encrypted the whole thing with a public key so only they can read it etc
I think part of the reason I'd that it's easier to for formatting and less noticable. Like if you were someone in Newegg and you were checking the code for the checkout system and saw that analytics were being collected and sent to a neweggstats website you wouldn't be that suspicious, plus with that when you're writing code you just have an easy simple IP address to drop in as opposed to having to make a complicated system of creating a way for the check out system to send everything to a user account that exists within a sub domain in discord or something
@@mxcollin95 that depends on the bank and the country you're in. In Portugal we have a service called mbway and we can generate limitless cards that are accepted on every site just like a regular card. We choose the limit, if it's for one use only or recurrent monthly. It works very well and if someone gets that card number, they still won't have access to anything else.
Always keep money in savings not your current account because direct transfer to other peoples account is impossible via savings to other... Only current to other works .. keep money safe in savings!
More likely they polluted global npm with a rogue version of modernizer. That way the BA build process would likely install it during the Dev/Ops build process. No need to compromise the company directly.
Congrats on 100k!! I've been wonderin', what exactly did/do you use to create the video / animation? This is a brilliant means of having a video to accompany an otherwise strictly verbal story.
Should've gone to mexico or canada at the very least if they can afford to travel this far anyway lmao That's how chechnyans do it, transfer it all to russia or even central asian -stans... While working from France! PS I personally am so paranoid about skimming I always check what I can without alerting security myself at ATMs inside banks on 24/7 cameras. Because who knows. And online? Burner cards,some third party processors offer them "for free" (or rather in pack with standard services)
Damn Jonathan was a really good dude. As most of us were distracted with our social media and games, guys like him would use their time to fix these kind of problems on their own time. RIP brother.
Rip Johnathan. You fought hackers, helped millions of people and companies and you battled cancer. A true warrior
Condolences to Jonathan's family how very sad. What a great thing he has done, he will be missed. Jack how fortunate you had a chance to interview him and share this with us. Thanks again for such a good pod cast.
I have only just started dabbing in website creation and building - this episode is a life saver - as much as I want everything as secure as possible it is a maze out there on how... This has given me a lot to think about thank you.
Moral of the story - Be careful what extras you add to your websites if you did not write the code yourself.
I have been yelling about this problem since facebook started pushing React.js.. Eventually linking a website to some code that the developer didn't make could very easily lead to all kinds of exploits.. The thing thing now is attacking API's and it for this exact reason.. Nobody read the code.. They where rushed to create a over stylised generic product because of the bean counters and cyber security professionals win again..
I think you meant dabbling brother. dabbing is something different, but sometimes you need to feed your head.
I love waking up to see a new episode! My morning commute is almost exactly the episode length too. Thank you Jack!
Jack, this kind of story telling is amazing. I’ve listened to hours of your videos, your cadence is similar to Ira Glass, the editing like “Serial” or “This American Life”, only better :). So engaging, more interesting to me as the subjects are in my line of work.
For anyone that may not be aware, use virtual accounts online. Your cc or bank likely supports it.
Sad to hear Jonathan Passed away, especially at just 29. It's also sad to see the the company he worked for was bought by microsoft. You can not trust microsoft as far as you can throw them.
true. otherwise they would have closed those holes that allow links / attachments opened in AN email to start executing software. That fact alone is scandalous, and even worse is the way that is possible, namely without the computer's user / owner even being aware, without him getting informed, without it even being visible to him, let alone with him agreeing on it. and the fact they have never addressed that so serious problem (easily THE very most serious threat a pc user faces) and have not plugged that gaping hole in... how long? 40+ years? is the most absolute proof of the fact you cannot trust that company
Thank you for creating this video... I had to cancel/close like 3-4 debit cards between Aug and Oct of this year, and this explains so much since I was also purchasing stuff from NewEgg around that time. I had wondered how the hell my card data kept getting stolen.
I burnt that many ,but across 3 years one was both party's fault , actually all 3 shop LC- not telling me they use a different name to use on your monthly payments and didn't specify to my bank aswell and me the bank didn't know about this and encourage me to a new card, second was a call received by faimily member in another state calling him with threats of fraud or non payment medical bill like from 10 years ago for 3-5 k $ from some lawyer he said it was legit addy number business etc and prompt me to self investigation it turned out it was from an injury I got where an ex roommate set up a broke beer bottle in the pathway to garbage dumpster and woke me that trash was on way to hurry and empty it so I did barefooted and it went to the bone! Well didn't go to hospital till years after it messed me up badly where I could only walk on it for a few hours then never so I went to a clinic ,they gave me Tylenol X-ray my foot and found nothing they had said it could be high crystal form from my diet what ever that was it wasn't I'm sure it hit a tendon that should had been stitched and tore it took years to heal while forced to work but I had a girl I trusted pay two thousand to pay off this nurse/ Dr I'm sure I could have fought it but I had it and paid so I don't have faimily getting messed with and me but this let her in opposite of country I met online tempted and had 100$ set up on prepaid card she said it was an accident haha so I let her keep it after dogging the shlt our her and burnt it up chopped it up for her lawyer fee!
Then a friend in my town begged me to use my cc to use to talk to his girlfriend in jail and to set up food bank for a set price we both agreed on but he screen shot my cc and put another 100$ that we didn't agree on-:🔥🔥🔥then a ex clan mate of mine did one via messenger through a shared video / picture some how it had all my Google and personal data on It so I immediately deleted it from our clan chat but 120$ was missing and it was through Google books in his state the books put himself guilty in my eyes when he talked about reading and books as would an ex librarian 😂🔥🔥🔥🔥
Best way is to set up a pre paid load able card and add what you want to through in the wind weekly or monthly!👌🏻
Bruh, I was totally floored at the ending 😢 your content is amazing and I love the editing. I can always tell how much care and attention goes into the editing of these videos. Such an amazing job like & Subscribed.
It’s always a Florida man😅
Haha😂
America’s @sshole:)
Always has been.
It's always a bennie man..
Florida man "insert cretinous behaviour here" is in custody.
Banks and credit cards should give us the ability to generate a one time use payment number.
They are in Europe from what I have been reading.
From what I understand this is how tap to pay works.. not to mention it bypasses that skimmer
You have a remarkable ability to captivate your audience with every upload.
here is another one with big feelings of my own feels!! Jonathan appears to have enjoyed even his work. If only I did, I could enjoy this life.
Find yourself and what you enjoy
A subtle habit I've formed is placing my fingers over every key whenever using a credit card reader. Using thermal cameras, criminals can see the keys pressed and with heat dissipating, the order.
Why not just hold your hand over the keys for another 20 seconds? Or wipe your hand over the whole terminal afterwards? How prevalent do you think this even is? Bruh
Better use your tongue next time, way more effective
Yeah, I truly doubt they are doing this regularly
What in the 007... ?!
Mind you the key logger grabbed it all lmaoo
really sad to hear he passed away after this interview, RIP and salute to his good work in the field
Those sites that load scripts from other places can EASILY be fixed by using checksums! The HTML script tag has an attribute called "integrity" which you can set to a certain string containing the hash and some metadata about the hash (I think it's like the format of the hash or something) and the script won't run if the checksum fails. You'd need to set up bundling n stuff in a specific way to make this work with your own JS, but for libraries and other stuff that's usually gonna be constant, it's as easy as pasting the URL into this online tool and copying over the integrity into your HTML.
If you do that, and a security flaw was discovered, your code will refuse to run the fixed version.
@@JWSmythe You can always update the hash... That's the whole point. You can't control the script's host but you can control the hash that you use to check it, and if you want to update, you just have 1 extra step. (usually the big libraries will give you the integrity attribute in their "copy this into your HTML" sections)
No wonder I’ve keep getting spam emails nonstop about purchases I never ordered from Amazon.
What do you know about the Cult of the Dead Cow, and their malware "Back Orifice" from the early 2000's - Is there a DarkNet Diaries story there? I remember when this infection was very widespread, compromised systems everywhere
lol
This is why I use privacy. Let's you instantly create cards and set single use total amounts or anything like that
Condolences to the Klijnsma family. Many of us in Cyber will miss him.
I had to check this wasn't an old episode when I heard you mention Flash.... :)
Jack, I heard that microdosing LSD is pretty prevalent amongst programmers at tech companies. I think it would make for an awesome episode if you did a story on it
A Biohacking video would be awesome
@olUwUlo True enough, but it's bigger than that. Nutropics going strong, & nothing can stop the benefits of psychedelics forever. Matter of time, but instead of bringing us closer to nature, tolerance increases as you need it to self medicate daily for productivity. But the border open & cities losing their police, the war on drugs is really becoming absurd. Sounds like our moral compass as a flailing culture, just my 2c.
@olUwUlo Didn't make any claims as to their usefulness, just said people are constantly being driven to "make graph go up - all else be damned." So yeah, all the things will be used. Psychedelics I will make the claim are beneficial on many levels. My cynacism was towards replacing a very ancient experience that is only finally getting some of the attention it deserves. I imagine microdosing would be better than SSRIs altogether, but again, tolerance creep is a problem. Very cynical on the entire pharma side having had a lot of unfortunate decisions made at a young age, the past 3 yrs in particular (wasn't science, that is clear). 3-5 meds are pulled Yearly from these companies for a myriad of reasons. Hence the swipe at make graph go up, microdose all the employees thing. Def better than untested nu stuff, speed, etc. Modafinil is prob the king productivity wise, but Idk if I buy the lack of addiction potential they claim. (Coffee equivalent has been made.) If so, far better than amphetamine salts, etc w/ 1/200 developing early onset schizophrenia. Ironically, benzos right there w/ early dementia/alzheimers, but even that doesn't explain all the %+. Corruption, lack of accountability, (immunity), junk "science", pop control/eugenic agenda, crazy time. Think we're in agreement here mostly. Cheers.
@@garrett3117 I concur sir, sadly.
@@Whisper-yb2uu like sorts of nana mosquito bots that has face recognition and ability to extract /implant DNA and other nefarious concoctions?
As a year of silicon valley had the first ones was when Bill G🌉s volunteer 3-4 million into labs to " come up with a fix " to stop/ end the " malaria caused death" occuring in Florida!?? Only months prior feds issued " warning on DNA genealogy test" turned a future for any from " third party" attacks to use to kill u and or faimily members????
I honestly love your content. I’ve been itching to get into IT and computer sciences in general and your page popped up on my home page and its gotta be a sign. Thanks for your work dude! It’s much appreciated❤❤❤
So that is how they got my credit card from Newegg! I have spent a lot of money at Newegg as well as my clients using their cards too. Ill be damned!
This just popped up and played I started listening and got interested quick. Thank you great video and I really appreciate it.
I love your narration Jack it's really calm informative and your funny too.🔥😊
My personal intranet page, my website, and another website I maintain are completely hand coded by me in pure html. They are functional pages with no frills but the only thing I have to worry about is keeping up my self hosted web servers. I do use Cloudflare. I like this model for those pages because they don't update frequently. I can ignore them accept for some automated checks and an occasional visit.
What web server are you using? Apache or NGINX?
And what email service for your mx records etc?
@@RickBeacham NGINX
@@Premier-Media-Group Cloudflare DNS and Google email(grandfathered plan). I will probably be switching most of my email accounts away from Google in favor of something more customizable. I plan to create an mail server that works primarily as a receive gateway. Sending mail is more difficult the receiving mail due to spam prevention measures IMHO.
Where is part 2 of the beanie baby story???
Me waiting on that story as well...
maybe check Spotify, he's already on episode 129 there.
I listened to it yesterday on Google podcast. Gollumfun pt 2. It was good!
I love your podcast and videos & often listen to them as I am sleeping or cleaning. Your voice is super relaxing! I find this content so interesting as I’ve always had an interest in computing and cybersecurity. Thanks Jack ☺️
Edit: (RUclips won’t let me edit my original comment): I just finished the podcast. So saddened to hear Jonathan passed away 😞😔 what an interesting life he had and he was a fountain of knowledge. It’s so sad his life was cut so short. He helped save people from becoming victims and looked out for them. I hope he is no longer in pain and is with the Lord in Heaven
Technically they can only emboss the number onto a blank credit card, because even if you have card information you cannot just program into magstripe because of the discretionary data that comes after card information so banks will deny any swiped transactions without that data..
With the 3-dip method they can bypass that but they’ll only be able to use the card once
Okay my Interest is fully peaked
What is this 3 dip method you speak of?
I am sad to hear that Jonathan past away I would have liked to have listened to much more of his knowledge and wisdom he sounds like a whole world library, he's was fantastic sadly this is the first time I have met his late acquaintance would have loved to have been his student.👍.
I was just thinking about this podcast. I opened RUclips and was gonna look it up but bam it was the first video
If using wordpress and a store - do you think it might be worth putting the payment pages on a seperate website so that they are seperated as much as possible and then you could have hardly any add ons there - as far as I know on wordpress - all the addons are on every page no matter what - i could be mistaken about that obv
It's not fair I don't have time to listen to the whole episode and I'm two episodes behind!!😭😭😭😭.. I'm gonna have to binge later this week😂😂😂
RIP. Thanks for your reporting. The transition from 47:08-20 was a little... unnatural?
I love your podcasts, thank you Jack!
Interesting . Why do I get the idea that most of this issue is from Magento themes that have been injected with malicious code? Example a web developer from company installs theme onto his companies e-commerce website . Unbeknownst to him/her … that theme has some malicious code.
I work at a CTI in Brazil for some banks, we are not only scraping websites, but also whatsapp, telegram, discord and IRC groups, we search for leaked credit cards and credentials, we also look for phishing websites for those banks and copyright infringements.
Wow dude, really sad ending. RIP brother. You will be remembered and missed.
Thats why i block every script, inspect it by hand before i let it run in my browser, have an addon checking it against know threats and also analyze general behavior against known malicious behavior, block every new in or out connection with a software firewall that i have to approve by hand and can double check domain certificates, have my own DNS server running with block lists and alerts when i would connect to a changed or new routed domain, have my hardware firewall do a deep packet inspection, and use a one time use only generated credit card on a bank account that holds as little as possible….. to then buy toilet paper on amazon 😮💨
And the dumb dumbs think you're paranoid.
Just pay in cash.
would love a piece about the breach at 23 and me from you 😎😍
:3 Florida reports on a lot of news, whereas many states don't, I've heard. I was born and raised in infamous Miami, FL, USA, and thankfully I don't live in any of those three places anymore. Lol
This is so interesting I don't think that I will become a hacker but it does gi me a quiet a lot of information to help me guide myself around the internet a bit more safely sort of , I say that because I know that new technology arrives everyday making all this obsolete. Thanks so much for sharing this information ❤
This is on the podcast from Nov ‘19, if u have wondered if u have already listened to it. I thought it sounded familiar.
I don't know how people don't realize buying gift cards with illicit credit card info, doesn't obscure anything. The gift card has a unique number on it, that identifies each individual card. The number on the gift card is an account number. When you buy the card and load it with money, the money is transferred from the credit card account to the gift card account. Gift cards aren't anonymous. There's a digital record of where the funds came from. Not only from the bank that processed the transaction, but at the store that made the sale also. Anyone who thinks they can't track a stolen credit card number to a gift card is an idiot.
Scriptkiddies aren't always known for being smart.
The show is great, I always enjoy it listen, wondering what you used for the animation?
@Jack Rysider. Should we all stop shopping online with our credit cards? The Chinese CCP is being given carte Blanche by our “wonderful “ government controllers. Shouldn’t we at least use our credit cards minimally online?? Pls respond.
This is a legit show!
Clap your hands everybody, if you got what it takes! Cuz I’m Jack Rhysider and I’m on the mic and Master Cylinder’s on the brakes!
Did the fake credit cards bear the real owner names, or those of the criminals making the purchase? Were they allowed to make these purchases without ID? I once tried to use my sister's Gap store credit card (with her permission), and the cashier asked for ID said I could only use if I had a letter from her (which would have been easy to forge).
Sometimes they use old credit cards, and write the data on the magstrip. We had that happen at my Walmart like fourteen years ago.
Just print a fake name on the card and have that name associated with a similarly fake ID card.
This video got me excited then kicked me in the teeth at the end. RIP we lost a wealth of knowledge.
Am I the only one that finds it strange that every time someone does work like this they always tend to die mysteriously. I mean he said he was 27 right has anyone tested his water for POP's
Rip Jonathan & thanks for sharing your knowledge with us.
story telling is amazing
Most concerning is the GDPR profits while affected citizens see no benefit for their trouble. And Jonathan is proof that only the good die young. Tragic loss for good!
Johnathon did a very commendable job and may he rest in peace.
A bit odd going straight into funky music after the condolences for Jonathan. May he rest in peace.
OMG?I am so sorry 😢R.I.P. Jonathan 😒😥sounds like you was a really nice guy. Amen.
Ugh thank God I needed this lol
Show this to you next employers that says they NEED you to use some obscure JS library.
Wow condolences to Jonathan’s family.
dude im new and im on episode 54 where is your podcast at bro where can i subscribe and watch live i mean
Addicted to your channel!!
CSP headers are a hot mess, and asking devs to work around them is nearly impossible; better tooling needs to be built around that, as its asking way to much for small teams.
i use csp headers but also only allow my website to not only work if loaded directly from my web address but also only if loaded through cloud flare, so there is no way to skim data of my websites, you cant even know which backend framework its using
ooh you can do ads with csp headers, and also web analytics you have to know how to set up the headers correctly
Have credit card companies STILL not implemented chip technology, which would make physically cloning credit cards impossible ??
you think the flippr zero couldnt do it?
Why did Jonathan pass? Sorry I’m a newbie here. Was he a narrator here?
Great episode, Thanks Jack!
the bottom half of your video would be a perfect animation for flipper zero
I did not know they hacked the S3 buckets... Interesting.
Firefox is your friend. Use no script where you can. Look at what scripts are running especially third party scripts. Don't run them if you dont' need them. If you notice a weird URL look it up. Stay safe.
Azure has been hacked as well.. Saw that at blackhat..
Another great video!!
Ridiculous amount of prison time. People get less time for rape and murder. The justice system needs to be revamped.
Are these data breaches happening nonstop??
Awww john we miss ya bud, see ya in the next go around
why do they register new domains and stuff
they can just use discord server or some other public server, to store the data and download from there
they can just encrypted the whole thing with a public key so only they can read it etc
I think part of the reason I'd that it's easier to for formatting and less noticable. Like if you were someone in Newegg and you were checking the code for the checkout system and saw that analytics were being collected and sent to a neweggstats website you wouldn't be that suspicious, plus with that when you're writing code you just have an easy simple IP address to drop in as opposed to having to make a complicated system of creating a way for the check out system to send everything to a user account that exists within a sub domain in discord or something
Keep the content coming!
My girl is going through stage 4 cancer. She will expire soon. I know how you feel. I’m here if anyone needs to talk.
“She will expire soon” is crazy
Sounds like advertising on domains should fizzle out for security.
RIP Jonathan
Is there a phone # to report hacks on our accounts.?
“It’s safe and secure, it’s owned by Adobe.
That’s an oxymoron.
Who the hell still uses adobe?
RIP Jonathan fought hackers and fought cancer!!Condolences to his family!!F#ck cancer!!!
Condolences to Jonathan's family how very sad
PCI DSS requirements 6 Develop and maintain secure systems and applications
You can't buy gift cards with a credit card where I live. Doesn't make sense they would even allow it.
Kinda think we all know that 3 letter code or 4 in the case of AMEX is known as the CVV...
You need credit in heaven . Meanwhile a hacker in hell can u be rich and have a good life. What the f*** is wrong with this world
Not clear
#incoherent library
Newegg is now under Chinese control
And now I've decided to never shop there ever again
Virtual cards. Create one for every purchase you make online.
There, problem solved. 😉
Sounds good but how?
@@mxcollin95 that depends on the bank and the country you're in. In Portugal we have a service called mbway and we can generate limitless cards that are accepted on every site just like a regular card. We choose the limit, if it's for one use only or recurrent monthly. It works very well and if someone gets that card number, they still won't have access to anything else.
Go on.....
Always keep money in savings not your current account because direct transfer to other peoples account is impossible via savings to other... Only current to other works .. keep money safe in savings!
How dose web crawler works??? Any free web crawler available for use??
- Python
* Beautifulsoup
If carlos just did a gigabyte at petrol pumps, that's all you need to live comfortably, but greed got carlos.
God Speed, Brother!
Sounds like "Magecart Group 4" is North Korean...perhaps others, as well.
More likely they polluted global npm with a rogue version of modernizer. That way the BA build process would likely install it during the Dev/Ops build process. No need to compromise the company directly.
I'm I the only one that thinks the creation Node.js was unnecessary?
RIP to a real one.
Congrats on 100k!! I've been wonderin', what exactly did/do you use to create the video / animation? This is a brilliant means of having a video to accompany an otherwise strictly verbal story.
😢😢😮
Rest in Peace.
Oh wow that is really sad news at the end :(
Should've gone to mexico or canada at the very least if they can afford to travel this far anyway lmao
That's how chechnyans do it, transfer it all to russia or even central asian -stans... While working from France!
PS I personally am so paranoid about skimming I always check what I can without alerting security myself at ATMs inside banks on 24/7 cameras. Because who knows. And online? Burner cards,some third party processors offer them "for free" (or rather in pack with standard services)
R.I.P to Jonathan💐💐💐