this vulnerability shouldn’t even exist

preview_player
Показать описание
Software HAS to get better.

🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒

🔥 SOCIALS 🔥
  1. Low Level
  2. apple
  3. apple m1
  4. m1 bug
  5. cpu bug
  6. hackers
Рекомендации по теме
this vulnerability shouldn’t 0:14:33

this vulnerability shouldn’t even exist

Women need to 0:00:57

Women need to know this about men. #fyp #vulnerability

These Linux vulnerabilities 0:05:06

These Linux vulnerabilities have existed for YEARS

Zero-Day Vulnerability Explained 0:00:42

Zero-Day Vulnerability Explained in 30 Seconds

I Hosted a 2:15:39

I Hosted a Bizarre Pokemon Tournament

Just How Bad 0:08:34

Just How Bad Can One Click Really Be?

Coding Is Changing. 0:12:51

Coding Is Changing. Don’t Stay Behind

The Curse of 0:19:58

The Curse of Cross-Origin Stylesheets - Web Security Research

Dying CEO gave 1:29:25

Dying CEO gave cleaner black card.Unexpectedly,she cured CEO.Turns out she is his only antidote!

About the recent 0:17:37

About the recent Vite CVEs 👀

Capabilities: That one 0:27:16

Capabilities: That one vulnerability vector you don't realize exists - 3t3rn4l P4r4d0x

The Anatomy of 0:49:23

The Anatomy of Java Vulnerabilities by Steve Poole

They're Affraid To 0:00:24

They're Affraid To Show Their Vulnerability #shorts #jordanpeterson

The Narcissist’s Repeated 0:00:42

The Narcissist’s Repeated I Love Yous - Understanding the Vulnerability & Insecurity Behind It

The Question that 0:07:34

The Question that Stops Christians in Their Tracks

Vulnerability is built 0:00:48

Vulnerability is built into the structure of existence. - Jordan Peterson #shorts

7 Signs You're 0:08:23

7 Signs You're Not Actually 'I'm Fine'

📕Reborn, I gave 0:40:57

📕Reborn, I gave up on my wife—but when I talked to another girl, her words left me speechless

Zero-Day Vulnerability: What 0:00:35

Zero-Day Vulnerability: What It Is and How to Stay Protected!

Zero-Day Vulnerability #IT 0:00:22

Zero-Day Vulnerability #IT #ITBasics #LearnEnglish #LearnIT #ITVocabulary #ITCareer #AI

Nmap Tutorial to 0:17:09

Nmap Tutorial to find Network Vulnerabilities

Masculine Vulnerability #motivation 0:00:27

Masculine Vulnerability #motivation #masculinemindset #like #podcast #onlinecoaching #relationship

If you don’t 0:00:35

If you don’t acknowledge your vulnerability, you will work your shit out on other people..

Can YOU Arrest 0:00:21

Can YOU Arrest A Cop?

Комментарии
Автор

0 sanitization on inputs that has a connection to system calls is insane.

josephlabs
Автор

This 100% counts as gross negligence, if my crappy online Python course can do user input validation, a _security_ company should be able to

coreymartin
Автор

And THIS is why you run your Smarthome devices in their own VLAN with NO access to your other VLANs

xXYourShadowDaniXx
Автор

0:36 missed opportunity to say "Another day and another Zero-Day"

henrijohansson
Автор

Man, "spray and pray" is never how you want a successful security breach to be described.

Ilix
Автор

I didn't realize Mirai was still going on. For my cybersecurity class a few years ago I did a report on zombie botnets and this was a major thing. Its crazy that camera vendors (who Mirai was targeting before) didn't shore up that hole.

LeetTuber
Автор

Companies, I would argue ARE 100% Liable, under Express Warranty. If you buy a product, they are expressing a warranty that there is nothing critically wrong or harmful with that item. A massive issue like this? I would 100% argue that breaks warranty and they are 100% Liable for any damage caused by the virus that was installed on your device because of their negligence of securing the device.

But then again, I'm not a lawyer, and the courts don't care about consumers would side with the company who is paying them behind the scenes.

Jirodyne
Автор

I disagree about vendors not making firmware available. Is FOSS also insecure because the source is available? Or is it MORE secure, because it can be audited by anyone? The issue is vendors writing shitty code and, more importantly, either not patching it when vulns are found, or, often, not even having the capability to patch it.

CarlinaPhnix
Автор

I've not embraced IoT stuff because I have no faith in businesses to create products that are "safe" if they have no external obligation to do so. For example, pharmaceuticals are heavily regulated for good reason because they have the potential to cause great harm. I don't want stuff like that in my home, thanks.

Great work, Ed.

DadofScience
Автор

Wait a second, why is it unpatchable if it allows executing external code? You could install the update _fixing_ that vulnerability _using_ that vulnerability!

PeterZaitcev
Автор

I think Ed's old Router is a Netgear Nighthawk, probably an R7000. I recognise the hideous casing and 3 way antenna setup. I flashed mine with FreshTomato, way better then NG's stock fw

luxploit
Автор

You are providing a great service, both by explaining interesting topical exploits but also by providing real courses to get people better educated. I am now retired after 40+ years in IT, starting with 25 years of assembly programming on realtime kernels in the mainframe world, then transitioning to security. Lack of knowledge about how the machines actually work is very common amongst modern programmers. Improvements in knowledge should lead to more secure architectures and code. Please keep up the good work.

Lupinicus
Автор

Full access to firmware is not a bad thing. In fact, it should be a requirement for any device. How else are you going to re-flash the device or maintain it without dependency on the manufacturer that may or may not exist anymore?

Trenjeska
Автор

11:44 LMAOOOO WHAT IS THAT SCREAM IM CRYING BRO

chipthegoober
Автор

The worst part is that the bug would not have occured if they just simply wrote directly to the file as the kernel would have refused

HinaraT
Автор

It's funny that the vulnerability is in the line with the "safe_printf"

lorenzopazzification
Автор

The attitude of “it’s just software” needs to go away. There needs to be an engineering rigor applied to get correct(ish) and safe software. We don’t allow civil engineers to self certify so why are we doing that with software?

naimah
Автор

"the internet of things sucks" YES

madson-web
Автор

Why is anyone surprised that bugs like this exist? The number of connected devices out there is enormous. The companies developing these are probably more interested in launching the product than spending yet another dollar on testing or implementing a safer language. I have no idea how to fight this. Regulation? Informed users? Videos like this :-) -> definitely! Thanks for a good walk-through.

benarcher
Автор

"thanks Triple L, you're the best! I am a ***generic mobile user agent*** and I am very ***positive adjective*** that you were thinking of us!"

***actually viewing on a 1000:45 mega ultrawide with 10k smell-o-vision***
"...pft they dont even know im only pretending to be a mobile user"

von...