Views : 2,187,867
Genre: Travel & Events
Date of upload: Feb 14, 2024 ^^
Rating : 4.903 (1,647/66,225 LTDR)
RYD date created : 2024-05-18T01:10:13.171284Z
See in json
Top Comments of this video!! :3
Back in the 1990s I met a guy who got busted by our university for hacking into the campus computer network. He was given an ultimatum, get expelled or work at the university in the IT department. He took the job but grumbled a lot about the workload. I suspect the USA has hired some hackers in the same way.
17 |
Thank you for the video, Johnny. I really appreciate what you do. Each of your videos gives me a new kind of perspective on the world, its connections, functionality, dependencies, and geopolitics. Many people aren't even aware of things like cyber warfare or the hidden files waiting for their time to disrupt the infrastructure, thus making them more vulnerable to these kinds of attacks. You and your team are doing great work!
17 |
Nitpick:
1. Not all vendors have bug bounties anywbere near what google/apple pays out
2. Sometimes google/apple try not to pay out
3. Black hat pays much better (which was covered in the video), like 100x more in some cases
4. Sometimes white/grey hats get flamed or threatened with lawsuits on disclosure, or get the ring around in the pre disclosure period as the company does nothing
Sorry to only throw mud but security posture and whistleblower peotection are things i'm passionate about improving
763 |
one of your most informative prescient videos, and i love the anology with the nuclear warfare - that it's gearing up to be another 'mutually assured destruction' threat as the superpowers are now showing each other that they too have the capailibites. thank you Johnny, that was a very interesting perspective, and i hope many more people get to watch this videoso they are both informed and reassured (to some extent) about the very near future we're entering
76 |
A side note everyone misses: WannaCry and NotPetya used a vulnerability in Windows that had a fix 1/3 months before the initial deployment respectively. The simple variant of this exploit was founded back in 2009 with Microsoft's employee stating in personal blog that they put a duck tape over a hole in Hoover Dam, the "fix" 8 years later just disabled the vulnerable part completely.
513 |
What's not stated clearly enough in the castle metaphor is that essentially everyone uses the same blueprints to build their castle. >90% of people use Windows, and >90% of servers use Linux. In this sense cyberwarfare has this odd symmetry to it: Developing new attack methods often exposes vulnerabilities in your own systems, but in order to patch your own vulnerabilities you must often report them to the developer, for example Microsoft, who will then roll out a fix to *everybody*, including your opponent.
Then remember that world powers often sit on exploits like these, rather than reporting them. Evidently, multiple people in power sat down and decided that holding on to an exploit to attack some theoretical future enemy was worth more than protecting their own people, hospitals, and power grids from real, known threats.
5 |
Very few great infosec folks work for the US government directly. The private sector pays WAAAY more and there's much less regulation. It also gives the public sector plausible deniability.
Btw "APT" (advanced persistent threat) is the term for what you're referring to at the end. They're a pretty big signature of a nation-state.
452 |
@johnnyharris
3 months ago
Use code JOHNNYHARRIS at the link below to get an exclusive 60% off an annual Incogni plan: incogni.com/johnnyharris
228 |