Concise and informative. Currently if someone steals your house key they can pinch a few items from your home. What you describe represents the thief's possession of your key giving them complete ownership of your house and all its contents with little remit for recovery.
And that the legal greyzone it is all in. Obviously it is some form of stealing, but is it? The law hasn't yet been applied fully to the whole Web 3.0 so.
Also seems like a good way to get framed by another hacker for their misdeeds and considering powerful organizations tend to delete their mistakes and put it on others, IE buy/sell things under your identity and/or use it as a mule/intermediary for their own finances.
Bro you are so soft spoken! EDIT: I think the only thing you can do about this is give people the CHOICE to use a specific-service based, centralized wallet (with the benefits of the humans to support you in fraud etc) or self-custody (minimal fraud support).
Blockchains are cool in some ways, and they might end up proving to be useful, but I am almost certain its usefulness is still going to depend on centralized trust. I know a lot of people really want decentralization...but I'm pretty sure it's literally impossible to build a system that is both decentralized AND safe/secure/reliable/efficient.
Been in crypto for about 2 or so years in the DeFi (Decentralized Finance) space, and I agree. Just the sheer amounts of hack thats taken place with multi million dollars worth of money lost at this point. A question I have is how exactly do you fix this web3 thing? I agree with your last point that's right now, there's no real way of it to be secure, but it's definently an interesting question to think about.
The information was good and very informative. However, I never saw a video in RUclips with so much ads as this one, for 11 mins of video at least 15 ads...🤔
I agree with you. And your explenations are prefect! You deserve more views and subs, especially for your fame in the cybersec area. I feel like nobody knows you are a content creator!
Glad to see someone else sharing the same ideas about web3. Cheers on the video. Tried to argue something similar last year and been shutdown immediately... especially on the security layers for transactions and money.
Amazing video, keep them coming. Constructive feedback: While the information delivered is great, the production could go up. The video ends in three dots, I checked my browser to make sure it didn't bugged. Don't know if you are interested in making RUclips a job, however if you do, you should pay more attention on some of these minor details, because damn, you do have a lot to offer and you are worth watching.
5:20 Re: IoT: it also does not help that in many cases industrial HW engineers were in charge, and because "security is easy, we don't need anyone extra for it". We've seen what security HW engineering (or basically anyone NOT in security) results in: WEP. And all the factory/etc industrial compromises.
@@MalwareTechBlog no worries....my dumbass had a trezor and everything. I put my private key in a text field anyway lol... It was an erc20 token that like 10x'ed in a few weeks after launch. I got the tokens from an ICO with about 3 ETH($900 in value at the time) that I bought for like $11 a ETH in january '17, so technically I only lost like $35 lol.....it wasn't all my holdings so 2017 was still a great year for me 😆
Another horrible thing that's even worse than losing a few crappy shitcoins is losing your KYC ( your proof of identity) to hackers because the exchange that you went through was insecure or reselling customer data.
One thing to consider is the approach society has set up for physical theft. Especially something like gold. This is where insurance, minting, storage and limits on movement have helped. Gold still gets stolen, melted and sold on but there’s still measures we as a society have taken to reduce the likelihood, not eliminate it entirely. With that said, I completely agree with your adoption point. Web3 is nowhere near technology for the masses and a ‘normal’ person should stay clear for a while.
IoT security is a dumpster fire. The majority of IoT device manafacturers are trying to make devices as cheaply as possible. Security is a cost so it gets ignored.
Something else to note is that even though exchanges may hold on to tokens if they end up getting hacked or just want to steal your coins there's nothing stopping them from not having to pay you back.
Thank you for the is video, love your channel. I have some different idea to share regarding web3, mainly about the weakness of “not your key not your money” that you referred. It’s true in bitcoin, but in some other newer innovations, there are well written smart contracts can deal with this type of problems. For example, you can pre-define a set of wallets your friends or family or whatever you trust, they can be a pool of people vote on approving a transaction on your wallet when you lost your private key. There is also time delay build in so you can vital the transaction if it’s invalid or vesversa. I am just hoping these type of innovation can be widely adopted by mainstream, vs all the ico and nft hypes.
just thinking of the top of my head u could enforce a sort of insurance like policy where if your key gets stolen and your money gets taken then its your fault and nothng can be done but what if simiilar to insurance they said u have to have a hardware wallet and register it or something and if your money still gets stolen or whatever then they will assist u which then puts the security onto the user themselves aswell. how they would help u idk cus like id imagine yur the only person with the key and its a peer to peer thing but idk just a thought
Do you think that the limitations proposed by Web3 will spark things like crypto phishing insurance for consumers? Web3 is pushing for a more wild wild west culture like Web1. But the problem is that from our history, this has led to bad results.
It's possible that security could be enforced through the insurance side, but that depends on whether insurance companies are willing to take on the huge risk required to insure high value assets that aren't recoverable.
@@MalwareTechBlog Also adding real world asset insurance into Web3 would create a offramp from inflated Web3 asset prices, so the ones doing it would probably not be in the game for long.
I'm kinda going through a faze where I live just because of my online purchases. It is akin to Stock Market Candles and the tranaction speed or just outright misuse of company info about me. Terrible when my card is locked and it is a weekend.
I convinced my mom to invest a thousand dollars into crypto. Overnight the money in her wallet disappeared. I keep blaming myself for it because she was very skeptical about it and the money was kinda hard to come by tbh at the time. It's scary in the crypto space
Woah, These are some genune concerns here! and ummm I never thought of them... Cause all these Defi protocols seems quite secure. For example , D/Bond(Debond), Its an amazing platform for trading and they developed ERC 3475 protocol which is the most secure Defi protocol. Maybe you could tell me more about it??
Decentralized ID tackles the security problem within web3 technology. thanks to DID only the person can decide what information he or she wanna share. And the problem of tracking and selling personal data (what corporations do!) disappears! Fractal ID is a great player in this market, for example. Here the user dispose of his info. And it should be so - this IS security
In the case of the recent Solana wallet hack the back end of a wallet was hosting an unencrypted /unsalted json file with over 8,000 WIF keys. 😂 Imagine.
I have a fair few counter arguments to play devil advocate (because you make so great points), but main point is that if we implement web3 and provide resources to people on sec, we will build a stronger level of sec at the user level. The human is usually the weakest link, but they can also be the strongest link. Give people the right training and they will pick up on oddities and possible hacks that computers might miss. Bringing that to web3, if we help users to be trained in sec, then we can have a much stronger user level and controlled sec. Humanity grows with technology, we've seen it before many times. There will always be teething problems with new tech, but we always eventually adjust.
It's also extremely bad for the environment, crypto transactions require a lot of energy. and don't call me uncool because I said that, I am just concerned about the future. I also don't like the idea of the Metaverse, think about it: What a poor society do we have to be to create another world just to escape from reality, instead of solving the problems we really have.
You are seeing this from a very privileged point of view. Sure banks in the developed world can do lots of good things. But crypto allows people who migrate to keep the funds safer than a pouch on the balls, or being able to buy digital dollars where its illegal to do so. Also sending remittances to family instantly and virtually free compared to existing options. When there is a war, the first thing that happens is banks disabling withdraws. There are lots of good things in web3, but I agree that we must improve the UX and safety. Also using crypto is not exclusive. You can keep using your banks. Diversify your finance is key.
While a lot of those things are true this video was focused on the security of web3 and why it's a farce. Not that the actual protocols that run on it are useless themselves.
Is nice to see you are more active in RUclips now after David video, hope to continue with the good work we can learn a lot from you.
i noticed his more active presence on here, too!! i absolutely love marcus' insights. c:
Marcus’s tonality is calm and easy to listen to and understand his explanations…keep it coming!!
Very interesting, I had never really thought of the security implications of these decentralized networks before.
Brilliantly informative, thanks my dude!
Please upload more RUclips videos! Im a huge fan and it’s so great seeing your content, super informative!! You should game too!
so nice to hear you talk about this in such a calm way
(also sweet thumbnail haha
I totally agree with you! And the way you explain is perfect. You deserve more views and subs.
Inbox me to hack or recover All kinds of social media platform
Concise and informative. Currently if someone steals your house key they can pinch a few items from your home. What you describe represents the thief's possession of your key giving them complete ownership of your house and all its contents with little remit for recovery.
And that the legal greyzone it is all in. Obviously it is some form of stealing, but is it? The law hasn't yet been applied fully to the whole Web 3.0 so.
Good points, after learning more about smart contract vulnerabilities I am super paranoid about interacting with any of them
Totally agree with you. I feel the same way about web3 and with this video I get a more complete picture of it. Keep it up.
Thank you for making this video. I found you on David's video as well. I'm just learning all this stuff and you are FANTASTIC!
Also seems like a good way to get framed by another hacker for their misdeeds and considering powerful organizations tend to delete their mistakes and put it on others, IE buy/sell things under your identity and/or use it as a mule/intermediary for their own finances.
Bro you are so soft spoken!
EDIT: I think the only thing you can do about this is give people the CHOICE to use a specific-service based, centralized wallet (with the benefits of the humans to support you in fraud etc) or self-custody (minimal fraud support).
Blockchains are cool in some ways, and they might end up proving to be useful, but I am almost certain its usefulness is still going to depend on centralized trust. I know a lot of people really want decentralization...but I'm pretty sure it's literally impossible to build a system that is both decentralized AND safe/secure/reliable/efficient.
Agreed!
Been in crypto for about 2 or so years in the DeFi (Decentralized Finance) space, and I agree. Just the sheer amounts of hack thats taken place with multi million dollars worth of money lost at this point. A question I have is how exactly do you fix this web3 thing? I agree with your last point that's right now, there's no real way of it to be secure, but it's definently an interesting question to think about.
The information was good and very informative. However, I never saw a video in RUclips with so much ads as this one, for 11 mins of video at least 15 ads...🤔
i think a mix of both methods is the best way from both a security and privacy standpoint
I agree with you. And your explenations are prefect! You deserve more views and subs, especially for your fame in the cybersec area. I feel like nobody knows you are a content creator!
Glad to see someone else sharing the same ideas about web3. Cheers on the video.
Tried to argue something similar last year and been shutdown immediately... especially on the security layers for transactions and money.
Amazing video, keep them coming.
Constructive feedback:
While the information delivered is great, the production could go up. The video ends in three dots, I checked my browser to make sure it didn't bugged. Don't know if you are interested in making RUclips a job, however if you do, you should pay more attention on some of these minor details, because damn, you do have a lot to offer and you are worth watching.
5:20 Re: IoT: it also does not help that in many cases industrial HW engineers were in charge, and because "security is easy, we don't need anyone extra for it". We've seen what security HW engineering (or basically anyone NOT in security) results in: WEP. And all the factory/etc industrial compromises.
I’m an engineer and I got phish for 5figures worth of crypto in fall of 2017 lol…some of these phishing schemes are top notch 😂
Sorry to hear that :(
@@MalwareTechBlog no worries....my dumbass had a trezor and everything. I put my private key in a text field anyway lol... It was an erc20 token that like 10x'ed in a few weeks after launch. I got the tokens from an ICO with about 3 ETH($900 in value at the time) that I bought for like $11 a ETH in january '17, so technically I only lost like $35 lol.....it wasn't all my holdings so 2017 was still a great year for me 😆
Another horrible thing that's even worse than losing a few crappy shitcoins is losing your KYC ( your proof of identity) to hackers because the exchange that you went through was insecure or reselling customer data.
If I get to choose between Piracy and Security, I'll definitely choose Security.
One thing to consider is the approach society has set up for physical theft. Especially something like gold.
This is where insurance, minting, storage and limits on movement have helped.
Gold still gets stolen, melted and sold on but there’s still measures we as a society have taken to reduce the likelihood, not eliminate it entirely.
With that said, I completely agree with your adoption point. Web3 is nowhere near technology for the masses and a ‘normal’ person should stay clear for a while.
IoT security is a dumpster fire. The majority of IoT device manafacturers are trying to make devices as cheaply as possible. Security is a cost so it gets ignored.
Great information, thank you!
Omg, please do a podcast or just read books for us. Your voice is so calm and smoothing, like a soft pillow. Sry, if that sounds weird.
Something else to note is that even though exchanges may hold on to tokens if they end up getting hacked or just want to steal your coins there's nothing stopping them from not having to pay you back.
Informative!!!! Love it from🇧🇩🇧🇩🇧🇩
Go ahead👍👍👍
Yes this video was great, and I see exactly where you’re coming from. Web 3 will require new forms of security that we have not seen yet
Love your videos Marcus, keep up the good work
You obviously don’t need me to validate your opinion , but very valid points and interesting arguments.
Great point. Did not look at it like this
Great rundown!
Thank you for the is video, love your channel. I have some different idea to share regarding web3, mainly about the weakness of “not your key not your money” that you referred. It’s true in bitcoin, but in some other newer innovations, there are well written smart contracts can deal with this type of problems. For example, you can pre-define a set of wallets your friends or family or whatever you trust, they can be a pool of people vote on approving a transaction on your wallet when you lost your private key. There is also time delay build in so you can vital the transaction if it’s invalid or vesversa.
I am just hoping these type of innovation can be widely adopted by mainstream, vs all the ico and nft hypes.
Are there any RUclips videos talking about this?
just thinking of the top of my head u could enforce a sort of insurance like policy where if your key gets stolen and your money gets taken then its your fault and nothng can be done but what if simiilar to insurance they said u have to have a hardware wallet and register it or something and if your money still gets stolen or whatever then they will assist u which then puts the security onto the user themselves aswell. how they would help u idk cus like id imagine yur the only person with the key and its a peer to peer thing but idk just a thought
Invaluable advice.
Dude thank you,i hope you write a book or something👍👍
i hope to see the next video about IT Security :)
great video, but the thumbnail is really funny lmao
Do you think that the limitations proposed by Web3 will spark things like crypto phishing insurance for consumers? Web3 is pushing for a more wild wild west culture like Web1. But the problem is that from our history, this has led to bad results.
It's possible that security could be enforced through the insurance side, but that depends on whether insurance companies are willing to take on the huge risk required to insure high value assets that aren't recoverable.
@@MalwareTechBlog It won't happen. Web3 claims to be international without governing. That's the point.
@@MalwareTechBlog Also adding real world asset insurance into Web3 would create a offramp from inflated Web3 asset prices, so the ones doing it would probably not be in the game for long.
At some point you'll get enough xp to evolve to a 4th monitor and thick glasses. For now you're a mere 3 monitor hacker but don't lose hope
can you take video about different ways of creating FUD malware? it would be awesome to know how malwares are undetectable from AVs
…and I was suspicious of going paranoid seeing it this way… :-)
I'm kinda going through a faze where I live just because of my online purchases. It is akin to Stock Market Candles and the tranaction speed or just outright misuse of company info about me. Terrible when my card is locked and it is a weekend.
is it stealing if it is "code is law"
Only people who learn to manage their own digital security will survive the next decade.
I convinced my mom to invest a thousand dollars into crypto. Overnight the money in her wallet disappeared. I keep blaming myself for it because she was very skeptical about it and the money was kinda hard to come by tbh at the time. It's scary in the crypto space
I'm so guilty of naively believing that the cool new tech new technology is inherently more secure or better in general. Thanks for pointing that out!
Spot on. As much as we dont want to admit, governance is needed simply because end users are and will always be the weakest link.
this is why i like the cardano ecosystem, they build their smart contracts from the viewpoint of security.
Woah, These are some genune concerns here! and ummm I never thought of them... Cause all these Defi protocols seems quite secure. For example , D/Bond(Debond), Its an amazing platform for trading and they developed ERC 3475 protocol which is the most secure Defi protocol.
Maybe you could tell me more about it??
Decentralized ID tackles the security problem within web3 technology. thanks to DID only the person can decide what information he or she wanna share. And the problem of tracking and selling personal data (what corporations do!) disappears! Fractal ID is a great player in this market, for example. Here the user dispose of his info. And it should be so - this IS security
I don’t like the look of people constantly getting hacked and getting massive amounts of money stolen with no way to recover it
This is why i still have a hard time believing blockchain projects like FLUX pushing web3 quite a lot in their PR/marketing strategy :$
Since when do you have a youtube channel, and how is it not bigger?
Valuable info!
I've discovered the perfect way to never get phished. I just never check my email.😅
If you have ever had to do form field validation on a web form you know how horrible users are.
no money no problems
I'm learn English with him 😊
Hello Marcus Hutchins what age r u may I ask
2022-1994=?
Bro plz make more videos on reverse engineering plz!
Truth
In the case of the recent Solana wallet hack the back end of a wallet was hosting an unencrypted /unsalted json file with over 8,000 WIF keys. 😂 Imagine.
I have a fair few counter arguments to play devil advocate (because you make so great points), but main point is that if we implement web3 and provide resources to people on sec, we will build a stronger level of sec at the user level.
The human is usually the weakest link, but they can also be the strongest link. Give people the right training and they will pick up on oddities and possible hacks that computers might miss.
Bringing that to web3, if we help users to be trained in sec, then we can have a much stronger user level and controlled sec.
Humanity grows with technology, we've seen it before many times. There will always be teething problems with new tech, but we always eventually adjust.
Great points though Marcus and great video to stimulate considerations about web3
I have been saying this for ages.
we will need more security experts to know rust and solidity
👍
L3
Marcus Hutchins is less secure than you though he was xD
thats a joke but i hate web3 regardless (heck im the founder of Hate for web3 LOL)
Lets play Overwatch!
It's also extremely bad for the environment, crypto transactions require a lot of energy. and don't call me uncool because I said that, I am just concerned about the future. I also don't like the idea of the Metaverse, think about it: What a poor society do we have to be to create another world just to escape from reality, instead of solving the problems we really have.
You are seeing this from a very privileged point of view. Sure banks in the developed world can do lots of good things. But crypto allows people who migrate to keep the funds safer than a pouch on the balls, or being able to buy digital dollars where its illegal to do so.
Also sending remittances to family instantly and virtually free compared to existing options.
When there is a war, the first thing that happens is banks disabling withdraws.
There are lots of good things in web3, but I agree that we must improve the UX and safety.
Also using crypto is not exclusive. You can keep using your banks. Diversify your finance is key.
While a lot of those things are true this video was focused on the security of web3 and why it's a farce. Not that the actual protocols that run on it are useless themselves.
@@internetwarrior666 fair
That
First
first to reply to comment
The bitcoin algo is amazing, trustless consent. Everything else so far as sucked xD
p͓̽r͓̽o͓̽m͓̽o͓̽s͓̽m͓̽ ⭐