I have used a unique email address per account since 2002 on a dedicated domain-name i own. I am glad to see the practice of using a unique email address per account is finally becoming main stream. But I see companies like Apple and Proton mail, like to use their domain, instead of one you own yourself.
I worked for an ISP that purposly low prioritsed torrent traffic. When I worked night shift I would guide customers on how to increase their torrent speeds. I always had the best customer satisfaction score and my colleagues never connected the dots.
You could easily bypass that with a proxy or VPN since they were most likely using stateful packet filtering. lol The difference in the Korean case, is that the provider had full access to the router their customer must use as their gateway.
Human rights and online freedom, lol. No, this is normal in Korea and this is their law. And you can't even use banks without installing application on your pc (anti-keylogger, antivirus from the banks) Human rights? Walk to the f**king bank, then. You act as if European and American law support freedom 100%, it does not.
"a single quote is all that's needed to send the machine into an unresponsive state" *_Bobby Tables (and a large chunk of Ireland) has entered the chat_*
My last name has an apostrophe in it. It is scary how many website forms refuse to accept it. Heaps do, and its clear the lazy coding that makes the others fail
The O'YOLO isn't fixed everywhere. Another thing about them is that you can make legit reservations through them and even get an invoice at the end. Don't ask me how I know :D
Why would the rest of the world need to care, it only matters to koreans. If only they're affected by their unhelpful laws and submissive people, then the rest of the world should be fine. Too bad if you are someone that recognizes and suffers from the issues living in korea
4:14 _"It's only available to law enforcement in the most extreme of circumstances"_ Like activism, journalism, or organizing events for example... And who decides what constitutes an "extreme circumstance"?
Just have part of the passwords on paper and the other in your head (have something reminding you which is for which though, like +++ + !!! or something), with burner passwords for sites you know are likely to have data breaches and you don't care about. Even if a pass gets leaked and the pass fragment on your memory is on multiple passwords, attackers still need the part in paper to get to any other accs, and, if you want to, that gives plenty of time to change those. Plus the part in paper is useless to most people.
Mullvad VPN is better, they do what they preach (raided in 2023 by Swedish Police on behalf of German Police, Swedish Police left empty handed as they had no customer information including logs) and is affordable.
Lots of wild crap in this one. I don't know what's more crazy, a legitimate cybersecurity company breaking multiple laws or an ISP literally installing malware on their customer's computers.
Re: KT, so, this means people are going to jail, right? I mean they supposedly PURPOSELY infected their customers with malware, that means jail, no? I guess we'll see but I'm guessing 'being big company' means: here's a little fine, please don't do it again...
The thing is, companies don't "go to jail". People do. The company can just continue operation, left for the shareholders to dissect and resurrect the company with new crimin- I mean ... CEO's as head of the company.
Nobody will go to jail. Best case scenario, the government forces KT to stop doing it. Worst case scenario (and probably the most likely one) is that the SK government forces KT to provide all of the technical details on how they did it. Under that scenario, the SK government will almost certainly provide detailed information on the subject to all of it's diplomatic allies.
I can't wait for Certik to claim that tornado cash money laundering was "just a test" like the captain of the Costa Concordia claiming that getting into a taxicab and fleeing the accident was "looking for help"
This makes Chatcontrol in EU look tame. Other videos claim you must install ISP software to connect to internet. This would make it easy to do whatever they want.
It's a bit more nuanced, I believe you need to install software to visit certain websites, the software isn't from the ISP. Look up: VeraPort This is from the same country where you needed IE because it supported Active X
@@Anti-FreedomD.P.R.ofSouthKorea it's because in other cultures/countries this would be irrational what the ISP did and possibly impossible if the file sharing application was build in a modern way.
Tech news is like how people used to describe “the news” to us kids: it’s so sad and you are so powerless, don’t bother watching it. Lol. I swear tho, if my hotel ever has a self service station I’m gonna find the human responsable
Bell Canada, a major ISP in Québec, used to throttle torrents traffic back in 2005. I was one of their customer at that time and since it's perfectly illegal, and I am part of a class action on that matter. In 2024 it is still not over. I guess that now as the VPN got mainstream, ISP no not lost their time with that. If I would still torrenting, I would surely use my VPN to do so to avoid ISP to see which kind of packets transiting on my isp modem.
At least there was a class action done against the people for that! There is none of that in South Korea, simply none. Similar things have occurred by the Korean ISPs before, and no reprimands whatsoever which should have been conducted by the government. The people yet keep using the same ISPs that scammed over them, the people allow this
by far some of the best coverage of these topics ever. im totally dumb but i can still follow these vids which is a huge compliment haha. thanks for your hard work!!
Well I'll just say it here, ISP's must learn this. Copyright is not Infringement!. Showing TV, even RUclips, for free sure ads but still free, could be claimed as infringing of Copyright too. Doesn't mean that it is. When its totally new, that makes sense in trying to make money. A general Time limit!
its the nature of ipv4. 4 billion public ip addresses were never enough. everyone from now on will be behind cgnat. wish ipv6 gets adopted fully but then again, ISPs would lose money
@@durururururururu I pay 3€/mo for a static public IPv4, and get a free static public IPv6 (that I'm not using because I'm too stupid to learn IPv6) :)
WebHard is like the concept they use in the TV show silicon valley for their product "pied piper" except in the show what makes the concept work is godlike compression
@@Samstercraft77 youtube server side ad injection might break it (and manual subtitles as well, but if they don't that's just something sponsorblock can use to work again).
At&T too. I specifically mention them because I have proof. They helped Progressive Auto insurance get into the contacts list of someone I know while they were in the middle of an insurance claim. Started calling people in their contacts list. Didn't know I was a cracked security researcher. They know now though 😂
The worse thing my ISP ever did was block 4chan for a week when I was 15. Needless to say that didnt last. And Then one time they got on me for hosting people via a VPN who where know for deploying "Botnets". I was letting people pay good money for my IP. Made me have to shut it down before the FBI kicked in my door.
It sounds like somebody working *for* Certik might have been using the bug bounty and "whitehat" card as plausible deniability for a multi-million dollar heist. The heist went obviously bad and it took them a bit too long to realize they couldn't keep the money.
As for the hotel bug. I have known, a doctor's surgery to show the Windows desktop. But with no keyboard I just reported it. On a more serious note. I thought the server databases being used were supposed to be air-gapped or firewalled but in today's virtual server environments where multiple servers may be on the same physical machine what about memory or buffer overflows. In the said example how much data did the terminals in question have? I remember in my PHP days error checking was a pain and if the code was not audited correctly BANG. Even in my FORTRAN days, every function should have an error routine. That's it from an old codger.
You can use torrents without encryption so they might have taken advantage of this. If the clients being used werent also checking the hashes that might be why
I wondered whether I was affected too from this. Cos I had my setup currently and then I could see that lots of scripts ran through my actual PC too as well... and then... I just switched off my machine overnight instead and keep rebooting etc. So...
i think the certic case is one of a rouge employe, blindet by the monny, that culd explain also the 5 days days, say an employe finds the bug, sits 5 days on it abusing it, and only after that the "post nut clearity kinks in, realizing that someone fuckt up, after all mistakes are humen, and Never attribute to malice that which is adequately explained by stupidity.
For the p2p network there will be a trust anchor problem. Each node participating can't use public certs tied to DNS, so need a private cert authority or self signed certs. If each node carrying a self signed then trivial to mitm if you operate the network traffic is passing over (bgp vodoo being an option). If private PKI then isp can submit their own csr and be valid on the network... If isp has access to a ca in public PKI well they can Mint any kinda tls cert they like. There are probably convergence/poison attacks as well ie for distributed hash if you own 51% of network (or can modify its traffic) that blocks hash is whatever you say it is
In today's episode: Company commits MAJOR crimes! Company almost certainly commits large crimes and engages in terrible business practice! Company engages in terrible business practice!
Where's the contradiction? You pay for a service, not for the source code. Red Hat is one of the largest open-source contributors relative to their size, but, of course, all of their products are subscription-based.
But Proton is running servers in a datacenter to store encrypted data from their clients. That's a thing that costs them money, hence they charge you. And yes, you could download their software, compile it and run in on your server, but *you'd still be paying for your own servers, running that open software.*
@@theloststarbounder I don't see in what sense could that be possible. They proved that development of open-source projects, which includes upstream contributions to 3rd-party repos, is a profitable business model. The Venn diagram of Red Hat product users and people who care about FOSS likely has virtually no overlap, so I don't understand what your point is. They don't represent FOSS in any way. They're just a corporation that also contributes to FOSS projects.
Hi, South Korean person. We're just as angry at what the elite are doing to this country as you. It's extremely hard to change; if it were easy it would have been done already given our work ethic. Please remember there are innocent people who are implicated in every sweeping generalization and insult.
Then actually stand up against it...? I swear, if there is one country in this entire world which the elites can freely do whatever they want- be it the large companies or the government- and still get away with it due to no actual retaliation from the people, it is South Korea. Sounds much like the North, but the thing that the South counterpart has in common is that the people are simply so, sooooo submissive to tyranny, when in other developed and so-called democratic countries would have had protests all over the place. And the comparison I made just now, if you were to say this as a Korean yourself on the Korean internet sphere, you will be called an extortionist, traitor, 간첩, 조선족 and etc.- just all kinds of name calling without any effort nor intelligence to even see the point. Which just makes things even better as for people being so suitable to be ruled over. Abuse and torture in military when you have no choice but 98%+ to be consribed just because you are a male, with there being no guaranteed reparations shall you suffer through abuse. One of the least sums of government financial aids given during the COVID pandemic despite the quarantine lasting for the longest in OECD-qualified countries, the ISP literally working as some kind of gangster organization that can do illegal things and scam off the customers while legally being able to sell off your personal data despite actually going through the contract yourself and checking everything. Banning majority of foreign imports you can order as an individual. The list goes on and on... You should notice the one thing that differs South Koreans from the rest of the world that runs on a template of democracy, is that the core notion that people should rule and participate just seems to be totally annihilated and absent in place of submission and allowance of soft-power and governance tyranny. So basically the politicians and any people of power can do whatever they want, or whatever they wish, when there is effectively 0 retaliation from the people or just the response coming from the people either being totally wrongly informed and driven anyways. If you are a citizen of a democratic country that refuses to rule and protest, then expect to be ruled over. Do not complain when the elites rule over you guys furthermore and these just ridiculous new bills and societal phenomenon increases in your country as time goes on.
Then actually stand up against it...? I swear, if there is one country in this entire world which the elites can freely do whatever they want- be it the large companies or the government- and still get away with it due to no actual retaliation from the people, it is South Korea. Sounds much like the north, but the thing that the South counterpart has in common is that the people are simply so, sooooo submissive to tyranny, when in other developed and so-called democratic countries would have had protests all over the place. And the comparison I made just now, if you were to say this as a Korean yourself on the Korean internet sphere, you will be called an extortionist, traitor, and etc.- just all kinds of name calling without any effort nor intelligence to even see the point. Which just makes things even better as for people being suitable of being ruled over. Abuse and torture in military when you have no choice but 98%+ to be consribed just because you are a male, with there being no guaranteed reparations shall you suffer through abuse. One of the least sums of government financial aids given during the pandemic despite the social distancing judristrictions lasting for the longest in OECD-qualified countries, the ISP literally working as some kind of gangster organization that can do illegal things and scam off the customers while legally being able to sell off your personal data despite actually going through the contract yourself and checking everything. Banning majority of foreign imports you can order as an individual. The list goes on and on... You should notice the one thing that differs South Koreans from the rest of the world that runs on a template of democracy, is that the core notion that people should rule and participate just seems to be totally alienated and absent in place of submission and allowance of soft-power and simple governance tyranny. So basically the politicians and any people of power can do whatever they want, or whatever they wish, when there is effectively 0 retaliation from the people or just the response coming from the people either being totally wrongly informed and driven anyways. If you are a citizen of a democratic country that refuses to rule and protest, then expect to be ruled over. Do not complain when the elites rule over you guys furthermore as the time goes on.
This shit wouldn’t happen if bug bounty programs actually paid researchers instead of just taking their work, making an excuse, and disclosing it to the company as free research. Bug bounty is a fat joke.
crashing from a single apostrophe sounds like an overstrict parser in whatever code it's in. /war flashbacks to trying to get something to work in a JSON file
As someone said on a other video, theres no point in taking 3 mill. You could have just taken a couple hundred. If you decided to take 3 mill to "really get the point accross" then you should just have taken a ridiculous amount like a couple hundred mills. 3 mill just makes it look like you were half way between trying to be legit and seeing if you could get away with the money.
11:15 Nah. They don't say "thank you" because there is no gratitude. Fixing such issues just costs money, which increases business expenses. Higher mgmt wants none of that. Welcome to metastatic end-stage capitalism.
About the kraken thing , yeah, its extortion. Please don't do this people, it makes things harder for the rest of us. On the other hand, I do understand where they're coming from, since this bug is worth a hefty price and it's likely judging by krakens accusations that they may try to rip the researcher off. Which is well within their rights, but I won't sit here and pretend that I have no clue why these guys would do such a thing.
they tryed to make it look like it. the thing about cracen is they do refuse to pay for critical and downgraded it to lower priority, So in this case you have to demonstrate it is indeed a critical bug. Problem with critical bugs is not a $ that have to be payeed it is someone has to be fired. They tried to cover it but as it get publicity its been resolved as it supposed to be.
I heard the "is a crypto mixer service that was sanctioned by the US" and had to do a double take... then remembered sanctioned has 2 meaning that are exactly the opposite. English you know, I sanction it.
@@lussor1that's not really the substance of OP's comment, which is more just a negative generalization of an entire country. I'm also angry at the censorship.
@@BillAnt pretty certain it was something like VeraPort that helped create this situation, by installing a CA which allowed them to inject their program.
South Koreans haven't had privacy on the internet in a very long time. When signing up for _any_ services, they have to supply their legal name (which will be used as their public display name, no aliases allowed) and national ID number (which has the secondary effect of ensuring those internet services are only accessible to Koreans, foreigners are both implicitly and explicitly banned from using those sites)...
you dont understand how things need to be done in business, you cant just ask for money then give it to someone, it has to go thought several people with at lest 3 different higher up signing off on it, or there WHOLE board signing off, and fuck ton of paper work in order for them to keep them self legally safe and everyone covered if something goes wrong. there not just a ONE person, giving an other person money, no where neer as simple as that, not matter the transaction.
Proton Pass 👉 proton.me/pass/seytonic
I have used a unique email address per account since 2002 on a dedicated domain-name i own. I am glad to see the practice of using a unique email address per account is finally becoming main stream. But I see companies like Apple and Proton mail, like to use their domain, instead of one you own yourself.
I'd subscribe if Proton would let me pick any available/unused email address as an temporary one. The ones they generate look kind of silly. imo
Self host vaultwarden ftw
Nah vaultwarden > bitwarden >> proton
@@SlitheringDemon agreed honeybooboo
I worked for an ISP that purposly low prioritsed torrent traffic. When I worked night shift I would guide customers on how to increase their torrent speeds. I always had the best customer satisfaction score and my colleagues never connected the dots.
I suspect it was windstream, do tell…
My isp always slows down when i use torrents & access twitch lol. Luckily it can easily be fixed by using vpn
wich country ? Is it a legal thing to reduce speeds purposefully ?
@@UltraPatatenot in the US i think
You could easily bypass that with a proxy or VPN since they were most likely using stateful packet filtering. lol The difference in the Korean case, is that the provider had full access to the router their customer must use as their gateway.
Black Hats just got a brand new target to play with...
It's attack on human rights and online freedom. Unbelievable.
Human rights and online freedom, lol. No, this is normal in Korea and this is their law. And you can't even use banks without installing application on your pc (anti-keylogger, antivirus from the banks) Human rights? Walk to the f**king bank, then. You act as if European and American law support freedom 100%, it does not.
Agreed. I'm South Korean and furious at this. Wish us luck in trying to take down the elites, it's been a hard battle that we're still losing
IF it is correct.
Should this be true, I hope they get sued into the ground.
i agree this wrong, but "human rights"?
thinking that the internet is a human right is peak judeo-commie talk
but you support it when your gov does it to other countries.
"a single quote is all that's needed to send the machine into an unresponsive state"
*_Bobby Tables (and a large chunk of Ireland) has entered the chat_*
came here to comment on the sqli, seems like a better one already existed
My last name has an apostrophe in it. It is scary how many website forms refuse to accept it. Heaps do, and its clear the lazy coding that makes the others fail
The O'YOLO isn't fixed everywhere. Another thing about them is that you can make legit reservations through them and even get an invoice at the end. Don't ask me how I know :D
They just created about 5 million Irish hackers by simply entering their name. lmao
If this ISP doesn't get shutdown, then they've just declared war against all Internet users globally.
Waiting for 4chan to find out about this
A nation of lies filled with extreme bubbles. not only this one. this similar country is everything ruined - korean normal people
Why would the rest of the world need to care, it only matters to koreans. If only they're affected by their unhelpful laws and submissive people, then the rest of the world should be fine. Too bad if you are someone that recognizes and suffers from the issues living in korea
😆
@@RonKan69 4chan isn't some secret hacking society, and it's not 2012 anymore. It's literally just a forum.
4:14 _"It's only available to law enforcement in the most extreme of circumstances"_
Like activism, journalism, or organizing events for example...
And who decides what constitutes an "extreme circumstance"?
feminist Agency. familly Agency is lie. korean word say that is woman Agency. everything is lie
Just have part of the passwords on paper and the other in your head (have something reminding you which is for which though, like +++ + !!! or something), with burner passwords for sites you know are likely to have data breaches and you don't care about. Even if a pass gets leaked and the pass fragment on your memory is on multiple passwords, attackers still need the part in paper to get to any other accs, and, if you want to, that gives plenty of time to change those. Plus the part in paper is useless to most people.
Mullvad VPN is better, they do what they preach (raided in 2023 by Swedish Police on behalf of German Police, Swedish Police left empty handed as they had no customer information including logs) and is affordable.
Lots of wild crap in this one. I don't know what's more crazy, a legitimate cybersecurity company breaking multiple laws or an ISP literally installing malware on their customer's computers.
Re: KT, so, this means people are going to jail, right? I mean they supposedly PURPOSELY infected their customers with malware, that means jail, no? I guess we'll see but I'm guessing 'being big company' means: here's a little fine, please don't do it again...
Korea is a cyberpunk dystopia with how much big companies get away with
The thing is, companies don't "go to jail". People do.
The company can just continue operation, left for the shareholders to dissect and resurrect the company with new crimin- I mean ... CEO's as head of the company.
@@kv4648 companies literally control everything. Most KTs gonna have to do is let this pass and be forgotten again.
Nobody will go to jail. Best case scenario, the government forces KT to stop doing it. Worst case scenario (and probably the most likely one) is that the SK government forces KT to provide all of the technical details on how they did it. Under that scenario, the SK government will almost certainly provide detailed information on the subject to all of it's diplomatic allies.
@@kv4648Well still better than north korea
I can't wait for Certik to claim that tornado cash money laundering was "just a test" like the captain of the Costa Concordia claiming that getting into a taxicab and fleeing the accident was "looking for help"
This makes Chatcontrol in EU look tame.
Other videos claim you must install ISP software to connect to internet. This would make it easy to do whatever they want.
It's a bit more nuanced, I believe you need to install software to visit certain websites, the software isn't from the ISP.
Look up: VeraPort
This is from the same country where you needed IE because it supported Active X
They took over the entire broadband, the ISP software you install in your pc is just a tip of the iceberg really
Seems like the news only partially went overseas but honestly I'm even surprised at how foreign media is even responding to this at all
@@Anti-FreedomD.P.R.ofSouthKorea it's because in other cultures/countries this would be irrational what the ISP did and possibly impossible if the file sharing application was build in a modern way.
You know it's a good day when a Seytonic video drops!
A company operating a Ponzi scheme running to the police to report extortion is hilarious to me.
Tech news is like how people used to describe “the news” to us kids: it’s so sad and you are so powerless, don’t bother watching it. Lol. I swear tho, if my hotel ever has a self service station I’m gonna find the human responsable
Bell Canada, a major ISP in Québec, used to throttle torrents traffic back in 2005. I was one of their customer at that time and since it's perfectly illegal, and I am part of a class action on that matter. In 2024 it is still not over. I guess that now as the VPN got mainstream, ISP no not lost their time with that. If I would still torrenting, I would surely use my VPN to do so to avoid ISP to see which kind of packets transiting on my isp modem.
At least there was a class action done against the people for that! There is none of that in South Korea, simply none. Similar things have occurred by the Korean ISPs before, and no reprimands whatsoever which should have been conducted by the government. The people yet keep using the same ISPs that scammed over them, the people allow this
by far some of the best coverage of these topics ever. im totally dumb but i can still follow these vids which is a huge compliment haha. thanks for your hard work!!
Crazy! Thank you for sharing all this information
3:00 sounds like a hell of a lot of lawsuits heading KTs way or it should be getting them.
Its like in Switzerland... corrupt ISP and VPNs
ISP's injecting malware into customers is criminal to say the least.....
Seems like Little Bobby Tables or 1 of his classmates strikes again...
Well I'll just say it here, ISP's must learn this. Copyright is not Infringement!. Showing TV, even RUclips, for free sure ads but still free, could be claimed as infringing of Copyright too. Doesn't mean that it is. When its totally new, that makes sense in trying to make money. A general Time limit!
The sad thing is that people are still gonna consume their product.
People paying high Mbps/Bandwidth Wi-Fi.
Yet this ISP in Korea Hates it.
My reaction to story 1: wtf
My reaction to story 2: wtf
My reaction to story 3: wtf
thank you for posting
Hey Seytonic, You should talk about the recent incident about Indonesian Data Center. Love your content
Fun fact: Xfinity still isn’t giving access to port forwarding.
Bridge your modem?
Tunnel it through a proxy or VPN, there's nothing they can do. ;)
You can port forward with xfinity, you just have to do it through their app.
its the nature of ipv4. 4 billion public ip addresses were never enough. everyone from now on will be behind cgnat. wish ipv6 gets adopted fully but then again, ISPs would lose money
@@durururururururu I pay 3€/mo for a static public IPv4, and get a free static public IPv6 (that I'm not using because I'm too stupid to learn IPv6) :)
I wouldn't be surprised if the encryption was bypassed bc of how tls tends to be done in korea
How is it done?
I think it's useful to mention the program VeraPort
@@RonKan69tls isn't a lawful mandate for many webservices in korea
@@RonKan69 adding random ass cert authorities is a way more common practice for one thing
WebHard is like the concept they use in the TV show silicon valley for their product "pied piper" except in the show what makes the concept work is godlike compression
I think Mental Outlaw did a vid on this, too.
Hoping the grey hats watching this look into kt.
Someone has to say it: When the ad slot is more than 10% of the video, you're doing it wrong.
just get sponsorblock instead of complaining
@@Samstercraft77 youtube server side ad injection might break it (and manual subtitles as well, but if they don't that's just something sponsorblock can use to work again).
accepting a proton slot is bad in it's own.
@@germanelkapo1 ublock fixes that
10:32 immagine installing ransomware through that :D
Lol I always watch your videos even though sometimes I can barely comprehend what's being said
Still the best channel on YT
Petition to bring back hello world intro
Money does weird things to people.
Spectrum and Verizon also MITM their customers lol
At&T too. I specifically mention them because I have proof. They helped Progressive Auto insurance get into the contacts list of someone I know while they were in the middle of an insurance claim. Started calling people in their contacts list. Didn't know I was a cracked security researcher. They know now though 😂
PITM, man is not inclusive, we use person now sweaty
@@joeri5678 sorry I’ll be more inclusive when I describe who’s invading my privacy 😘
do you have a source for this? a quick search didn't turn up anything for me
@@bombus_ my guess is there is a clear and obvious reason you won't find that info on the internet easily
On Krahen,and Certik, they wanted to assure reward price scale.
The worse thing my ISP ever did was block 4chan for a week when I was 15. Needless to say that didnt last. And Then one time they got on me for hosting people via a VPN who where know for deploying "Botnets". I was letting people pay good money for my IP. Made me have to shut it down before the FBI kicked in my door.
It sounds like somebody working *for* Certik might have been using the bug bounty and "whitehat" card as plausible deniability for a multi-million dollar heist. The heist went obviously bad and it took them a bit too long to realize they couldn't keep the money.
Look at guys thumbs holding the CERTIK tablet 😂
I wonder what shenanigans ISPs in the US will start doing once net neutrality is abolished. It gives me shivers down my spine.
한국인이지만 정말 어이가 없습니다...
당해도 싸!!!!!! 당해라!!!!!!!!!!! 더 당하고 그냥 더 당해버려라!!!!!!!!!!!!!!!!!
As for the hotel bug. I have known, a doctor's surgery to show the Windows desktop. But with no keyboard I just reported it.
On a more serious note. I thought the server databases being used were supposed to be air-gapped or firewalled but in today's virtual server environments where multiple servers may be on the same physical machine what about memory or buffer overflows. In the said example how much data did the terminals in question have? I remember in my PHP days error checking was a pain and if the code was not audited correctly BANG. Even in my FORTRAN days, every function should have an error routine. That's it from an old codger.
How the ISP doing MIM is - by deploying their own Certificate on clients computer, so fhey can do packet decryption by acting as proxy.
6:23 100% Black Marketing.
And it feels like they wanted more credit and recognition:)
Just so you're aware, on the Kraken story, they actually completed it in one hour and 40-something minutes, it says in the tweet
That kiosk company really messed up my god
why would you need high speed internet if not for torrenting ?
yes proton sponcerd someone lets go
Great video! But please fix your mic/audio. The humming noice is annoying
You can use torrents without encryption so they might have taken advantage of this. If the clients being used werent also checking the hashes that might be why
I wondered whether I was affected too from this. Cos I had my setup currently and then I could see that lots of scripts ran through my actual PC too as well... and then... I just switched off my machine overnight instead and keep rebooting etc. So...
10:10 how it passed testing? Well, there was no testing lmao
i think the certic case is one of a rouge employe, blindet by the monny, that culd explain also the 5 days days, say an employe finds the bug, sits 5 days on it abusing it, and only after that the "post nut clearity kinks in, realizing that someone fuckt up, after all mistakes are humen, and Never attribute to malice that which is adequately explained by stupidity.
They doubled down tho, and then afterwards decided to send the funds back.
For the p2p network there will be a trust anchor problem. Each node participating can't use public certs tied to DNS, so need a private cert authority or self signed certs. If each node carrying a self signed then trivial to mitm if you operate the network traffic is passing over (bgp vodoo being an option). If private PKI then isp can submit their own csr and be valid on the network... If isp has access to a ca in public PKI well they can Mint any kinda tls cert they like. There are probably convergence/poison attacks as well ie for distributed hash if you own 51% of network (or can modify its traffic) that blocks hash is whatever you say it is
that is so awesome. (wrt isp story)
guy who was just downloading linux mint:
In today's episode:
Company commits MAJOR crimes!
Company almost certainly commits large crimes and engages in terrible business practice!
Company engages in terrible business practice!
6:35 is that possible a reference to the popular game Among Us
>open source
>"you need to pay monthly"
Where's the contradiction? You pay for a service, not for the source code. Red Hat is one of the largest open-source contributors relative to their size, but, of course, all of their products are subscription-based.
yeah, somehow you're allowed to compile from source...
but just dont do that
@@NatiiixLP Red Hat does the most discrimination too, they painted FOSS in the worst way
But Proton is running servers in a datacenter to store encrypted data from their clients. That's a thing that costs them money, hence they charge you.
And yes, you could download their software, compile it and run in on your server, but *you'd still be paying for your own servers, running that open software.*
@@theloststarbounder I don't see in what sense could that be possible. They proved that development of open-source projects, which includes upstream contributions to 3rd-party repos, is a profitable business model. The Venn diagram of Red Hat product users and people who care about FOSS likely has virtually no overlap, so I don't understand what your point is. They don't represent FOSS in any way. They're just a corporation that also contributes to FOSS projects.
So how werethey able to get through the encryption and hash verification that's practically used everywhere, by everyone?
Certik is hilarious they literally stole 3M using their bug to try to guarantee the get the high end of the bug bounty.
Sounds like someone wanted to make a statement. Kraken is certainly not a Saint.
Kitboga has deep ties with them idk
@@Blitzbogen I know, but anyway it's a statement, who also has deep ties. A warning of the type: don't play stupid with us.
Hi, South Korean person. We're just as angry at what the elite are doing to this country as you. It's extremely hard to change; if it were easy it would have been done already given our work ethic. Please remember there are innocent people who are implicated in every sweeping generalization and insult.
Being angry does not mean shit unless you are going to do anything about it...
Then actually stand up against it...?
I swear, if there is one country in this entire world which the elites can freely do whatever they want- be it the large companies or the government- and still get away with it due to no actual retaliation from the people, it is South Korea.
Sounds much like the North, but the thing that the South counterpart has in common is that the people are simply so, sooooo submissive to tyranny, when in other developed and so-called democratic countries would have had protests all over the place. And the comparison I made just now, if you were to say this as a Korean yourself on the Korean internet sphere, you will be called an extortionist, traitor, 간첩, 조선족 and etc.- just all kinds of name calling without any effort nor intelligence to even see the point. Which just makes things even better as for people being so suitable to be ruled over.
Abuse and torture in military when you have no choice but 98%+ to be consribed just because you are a male, with there being no guaranteed reparations shall you suffer through abuse. One of the least sums of government financial aids given during the COVID pandemic despite the quarantine lasting for the longest in OECD-qualified countries, the ISP literally working as some kind of gangster organization that can do illegal things and scam off the customers while legally being able to sell off your personal data despite actually going through the contract yourself and checking everything. Banning majority of foreign imports you can order as an individual. The list goes on and on...
You should notice the one thing that differs South Koreans from the rest of the world that runs on a template of democracy, is that the core notion that people should rule and participate just seems to be totally annihilated and absent in place of submission and allowance of soft-power and governance tyranny.
So basically the politicians and any people of power can do whatever they want, or whatever they wish, when there is effectively 0 retaliation from the people or just the response coming from the people either being totally wrongly informed and driven anyways.
If you are a citizen of a democratic country that refuses to rule and protest, then expect to be ruled over. Do not complain when the elites rule over you guys furthermore and these just ridiculous new bills and societal phenomenon increases in your country as time goes on.
@@pyrysaarinen4954^
@@pyrysaarinen4954I just said it's easier said than done. What's your idea for solving the issue if it's so clearly doable?
Then actually stand up against it...?
I swear, if there is one country in this entire world which the elites can freely do whatever they want- be it the large companies or the government- and still get away with it due to no actual retaliation from the people, it is South Korea.
Sounds much like the north, but the thing that the South counterpart has in common is that the people are simply so, sooooo submissive to tyranny, when in other developed and so-called democratic countries would have had protests all over the place. And the comparison I made just now, if you were to say this as a Korean yourself on the Korean internet sphere, you will be called an extortionist, traitor, and etc.- just all kinds of name calling without any effort nor intelligence to even see the point. Which just makes things even better as for people being suitable of being ruled over.
Abuse and torture in military when you have no choice but 98%+ to be consribed just because you are a male, with there being no guaranteed reparations shall you suffer through abuse. One of the least sums of government financial aids given during the pandemic despite the social distancing judristrictions lasting for the longest in OECD-qualified countries, the ISP literally working as some kind of gangster organization that can do illegal things and scam off the customers while legally being able to sell off your personal data despite actually going through the contract yourself and checking everything. Banning majority of foreign imports you can order as an individual.
The list goes on and on...
You should notice the one thing that differs South Koreans from the rest of the world that runs on a template of democracy, is that the core notion that people should rule and participate just seems to be totally alienated and absent in place of submission and allowance of soft-power and simple governance tyranny. So basically the politicians and any people of power can do whatever they want, or whatever they wish, when there is effectively 0 retaliation from the people or just the response coming from the people either being totally wrongly informed and driven anyways.
If you are a citizen of a democratic country that refuses to rule and protest, then expect to be ruled over. Do not complain when the elites rule over you guys furthermore as the time goes on.
what are your thoughts on the Helsinki market place situation? 🤔
This shit wouldn’t happen if bug bounty programs actually paid researchers instead of just taking their work, making an excuse, and disclosing it to the company as free research. Bug bounty is a fat joke.
OFAC sanctions only affect overseas transactions. That's its jurisdiction.
Tornado Cash does seem like an international... uh... entity, or whatever it is legally.
I don't remember any videos you are talking about certik
Uh oh, if they are crashing from a simple apostrophe I'm willing to bet there are other vulnerabilities. Possibly code injection of some sort?
crashing from a single apostrophe sounds like an overstrict parser in whatever code it's in. /war flashbacks to trying to get something to work in a JSON file
But seriously how did they miss that, there are names with apostrophes in them like O'Briain
03:35 is webhard a bittorrent client? if no then where torrenting?
torrent? never heard of ‘er
@@C0bblers No, but I'd gladly download one.
bro forgot to turn of the viberator 💀
why is there static noise in the background?
An XLR cable gone bad... Only realised after everything was edited 🤦♂ Though I have a new one now : )
5:44 it was 1 hr and 47 minutes not 47 minutes
certic is in the right
Seytonic’s here to show the way,
In hacking realms, where secrets stay.
With tips and tricks, he’ll save your day,
Learn with him, and tech will obey.
hacking someone torrenting is fucking insane
As someone said on a other video, theres no point in taking 3 mill. You could have just taken a couple hundred.
If you decided to take 3 mill to "really get the point accross" then you should just have taken a ridiculous amount like a couple hundred mills. 3 mill just makes it look like you were half way between trying to be legit and seeing if you could get away with the money.
10:30 LOL
Can my ISP see that ive been gooning
11:15 Nah. They don't say "thank you" because there is no gratitude. Fixing such issues just costs money, which increases business expenses. Higher mgmt wants none of that. Welcome to metastatic end-stage capitalism.
Correct, this is a disruption of doing regular business as they see it
@@autohmae It's why we need much stricter laws for coorporate accountability IMO.
About the kraken thing , yeah, its extortion. Please don't do this people, it makes things harder for the rest of us. On the other hand, I do understand where they're coming from, since this bug is worth a hefty price and it's likely judging by krakens accusations that they may try to rip the researcher off. Which is well within their rights, but I won't sit here and pretend that I have no clue why these guys would do such a thing.
they tryed to make it look like it. the thing about cracen is they do refuse to pay for critical and downgraded it to lower priority, So in this case you have to demonstrate it is indeed a critical bug. Problem with critical bugs is not a $ that have to be payeed it is someone has to be fired. They tried to cover it but as it get publicity its been resolved as it supposed to be.
I heard the "is a crypto mixer service that was sanctioned by the US" and had to do a double take... then remembered sanctioned has 2 meaning that are exactly the opposite. English you know, I sanction it.
They pulled a Sony.
Based SK. That should happen at the ISP level worldwide
Korean Isps are wild !
I torrent files from the Internet Archive all the time! This is evil!
Hello world!
There are too many ads in your videos
Just Korea being Korea
I'm Korean, what's meant by this? Does the average Korean who's also angry at the elite really deserve to be lumped in with your insult?
The country is similar to china for tracking and censoring everything@@stereomachine
@@lussor1that's not really the substance of OP's comment, which is more just a negative generalization of an entire country. I'm also angry at the censorship.
same dna
@@sma2981 demonstrating a poor understanding of genetics isn't the burn you think it is
As an Indian citizen i'm deeply concerned about the non-existent nature of net neutrality, personal freedom, and individual privacy in South Korea.
Use a VPN or proxy to bypass filtering. The Korean case was different, the providers had full access to the router users must use as their gateway.
@@BillAnt pretty certain it was something like VeraPort that helped create this situation, by installing a CA which allowed them to inject their program.
They kinda deserve at this point, they let it happen
South Koreans haven't had privacy on the internet in a very long time. When signing up for _any_ services, they have to supply their legal name (which will be used as their public display name, no aliases allowed) and national ID number (which has the secondary effect of ensuring those internet services are only accessible to Koreans, foreigners are both implicitly and explicitly banned from using those sites)...
@@WackoMcGooseRemember, Julian Assange is known as a "criminal" and "harmony destructor" in South Korea! 😉 You shape your own laws in a democracy!
KeePassXC!
you dont understand how things need to be done in business, you cant just ask for money then give it to someone, it has to go thought several people with at lest 3 different higher up signing off on it, or there WHOLE board signing off, and fuck ton of paper work in order for them to keep them self legally safe and everyone covered if something goes wrong.
there not just a ONE person, giving an other person money, no where neer as simple as that, not matter the transaction.
Tay is not just "someone" 🤦🏽♂️
Full for do