Sam: "by one signle concept," Me: "the concept of online learning" Sam: "and perhaps more importantly made profitable by" Me: "Skillshare, the online learn...."
And it works too, the amount of times I'm like taking about something and I find myself like oh you shoild try insert company that advertises on LTT, Wendover, MKBHD etc even though I've never used their platform I know the name and exactly what they do
Repent to Jesus Christ “Consider it pure joy, my brothers and sisters, whenever you face trials of many kinds, because you know that the testing of your faith produces perseverance.” James 1:2-3 NIV I
This is one reason I hate "smooth" ad segues. They trick users into thinking they're content, and thus train us to be averse to certain sentence structures.
If the target is Air Traffic Control, you could stop airlines from getting filing flight plans and no flight plan, no clearance.
You could shut down instrument landing systems on a day with bad weather, the airport's operational minima will be increased and if the day is foggy enough, you've shut down the airport
Imagine a virus taking some radars offline. it could be catastrophic. Remember the pipeline shutdown? now imagine it was a power grid, or some banks. Even some hospitals had this issue.
I'd be more worried about shipping ports. Disable shipping ports and you disable a nation. We've seen how fragile they are as is the last couple years.
Your comment was highlighted to me. I felt that I was suppose to ask if I could boldly pray for you for something through our Lord Jesus Christ? 🙏 Also felt the Lord Jesus Christ knocking personally on your heart today to let Him enter in as Lord and Savior. He favors you.
A modern airplane is just a self-driving router... the wrong software on the wrong machine means you could get a worm that travels the airplane network used to transfer plane-to-plane, and then have them all nose-dive at the same time. I would love to think that this could not happen... but modern airliners already seem to do this on their own just by poor physical design. Who knows what they are running on the networking and processing side of the equation.
General rule of thumb, everything is subject to attack, and almost everything is relatively vulnerable. We’re a few lines of code away from absolute disaster, and that’s not an understatement at all.
Repent to Jesus Christ “Consider it pure joy, my brothers and sisters, whenever you face trials of many kinds, because you know that the testing of your faith produces perseverance.” James 1:2-3 NIV K
considering most airlines' systems run on big iron mainframes with poorly maintained software written decades ago, I'd say it would have a massive impact
@m s But there are techniques, such as those involving data analytics, that can be used to filter out suspicious traffic, even within the same IP range.
@LeJosh Mont Air Force pilots are trained to navigate without GPS, so I’m not entirely sure that would happen, especially when commercial pilots are principally, if not mostly, military veterans.
i'd reckon not much. even commercial airplanes, for the most part, are analog. the biggest point of failure at that point is user error, say compromised flight instruments.
@Jessi the Queen. Hoooo told you that? Long past are the days where a single bug can do something of that magnitude. Software manufacturers and bug manufacturers have been in an arms race since the days you could whistle into a telephone and potentially cause havoc. A single bug with one exploit definitely could not bring down an industry with multifaceted network security and capabilities but a bug that would cost over $10 million dollars and contain multiple zero days could make it all the way to hardware fail safes. It would be devastating only to the unprepared and annoying to the majority of airlines.
@Zebina Mastero why you asking people if you can pray for them. Just do it. Jesus isn't going to come down and ask you if you had their permission. If you've ever eaten at Chick-fil-A you agreed to a TOS where you can pray for people without their permission.
Repent to Jesus Christ “Consider it pure joy, my brothers and sisters, whenever you face trials of many kinds, because you know that the testing of your faith produces perseverance.” James 1:2-3 NIV L
Stuxnet was a beautifully designed and engineered virus. The story behind it is fascinating and I encourage everyone to read up about it. Not to discount Sam's video. He does a great job.
Even more interesting is the history behind the notorious Mirai botnet. Such a powerful tool just so a couple guys could run a protection racket off Minecraft server hosting.
@Irun S Tell this Vladolf. He will not stop his wars and killings by people chanting "peace". This is a harsh reality which I also had to learn to accept.
@Cadde Except he does explain the story behind it... not how to use it. That was the entire point of the video. If he were to explain exactly how to use it, it would be a series of videos, clearly.
So I agree with you... but the original comment states the "story behind" the virus, not the inner workings of it... hence my comment. Have a nice day :)
We'll never know who put it there. Could've been less-than-friendly nations. Also classic Putin style to make people think 'The West' did something to his own allies. Such precise intel of how the facility works, could've well been from Western Epsionage, or acquired with entirely open, friendly-seeming tours by Putin's Hybrid Regime. Strange time to be alive.
Wonderful levels of technology compared to even 75 years ago. A massive increase in living standards worldwide overall. Much less war and violent crime on average. Many of us talking society matters using the magic of the Internet on a regular basis, like the Landed Gentry of previous times.
Yet occasionally truly terrifying with the entire world pinned between Nuclear West and Nuclear Putin + Nuclear Jinping. At least it's not boring I suppose!
3:29 For anyone interested: this is only partially true. A zero day IS a bug, but not every bug is a 0-day. A 0-day is a bug that the vendor of the product in question has known about since 0 days (so: they don’t know about it while it is already being exploited/found by someone else)
And of course it also has the fall into several categories of utility; a bug that causes the wrong shade of yellow to appear is (probably) not a zero day
And the name comes from the warez scene (since there was significant overlap in the early to mid 80s), when "0-day warez" meant a game which was cracked on the day it was released. You'd get "-1 day" sometimes due to time zone issues, but 0-day was the gold standard.
Thank you. Hearing the video's definition was a bit of a forehead slapper. A zero-day is an exploit that was discovered being actively exploited in the wild, without the hardware/software manufacturer being aware of it, so there is no fix available at that time. The alternative would be if the manufacturer was made aware before the exploit was found being used in the wild, and likely already has a patch available.
@en0n - A zero day doesn't have to be in use to qualify as a zero day. It only has to be a vulnerability, known about by some party, that the vendor has not yet been made aware of. The real danger in a zero day vulnerability, is that an IT department cannot protect your company just by keeping everything up to date. Anything connected to the internet, or to an internal company network, could be critically vulnerable. Even thumb drives could infect an airgapped computer network, disconnected from the internet.
@Daniel Kaschel No, that is a 0d exploit. There are tons of 0d's that exist all over the world, where the bug in question provides no path to exploitation.
A lot of the confusion comes from the warez/hack/crack scene applying the warez scene terminology "zero day warez" to the hacker community (my previous comment). That was fine when there was probably 50% to 30% overlap in the two communities (but falling), but as it fell further, it mostly just served to be confusing, counter-intuitive terminology.
Yeah. If the attacker is exploiting a known flaw or known bug, or is utilizing known software, basically if any part of the attack is done using a known factor, it's probably not a Zero-Day Event.
@ShinerCCC Not really, as then apple would know about the back door in their products, so it can’t be a 0-day. But you already said the term of what you just described: a back door
Matt Favaloro2022-05-23 19:03:57 (edited 2022-05-23 19:08:40 )
I believe you are wrong when you are saying that the vendor of the product in question has known about this since 0 days that not only doesn't sound right it would make more sense that they've known about this since day one. You couldn't know about something since 0 day. what is actually means is the vendor does not know that there's some lines of code that can be exploited in their software and when they find out about it eventually they have had 0 days to work on it to solve the problem. Lex fridman did a podcast with woman investigative journalist who has focussed her career on hackers and these types of issues. I don't expect you to take my word for it but if you search for Lex fridman zero-day exploit I'm sure this podcast will come up and there's Lex clips where it will be an explanation of what zero-day exploits actually are where the term comes from and everything else you would want to know about it. I don't mean to be rude by pointing out you are incorrect in your explanation of 0 days exploit just want everybody to know what it actually is. I personally would not have known had I not watch that podcast by Lex fridman Nicole Perlroth is the name of the woman lex fridman interviews about cyber security and everything involved in hacking and th see who what why when where and how
Repent to Jesus Christ “Consider it pure joy, my brothers and sisters, whenever you face trials of many kinds, because you know that the testing of your faith produces perseverance.” James 1:2-3 NIV h
Correction: zero day is a case when discovered vulnerability haven't been fixed yet. Not all software bugs are zero day. Only the ones that's discovered and used before software manufacturer produced a patch to fix it.
Thank you for pointing this out. Its confusing because people describe exploits/vulnerability as zero days in the media but its only describing the effect and not what it actually is. Its like calling a car a zoom. The zoom being the zero day and the car being the exploit.
Another correction, most zero day exploits are not known by the devs. Known zero day exploits are usually quickly fixed by devs when brought to their attention.
@ツNekko It's a exploit in existing software that is activity being exploited that was not previously known. Sometimes exploits are know or reversed engined from patches and these are not zero days. If a bug is found and disclosed its also not a zero day.
@John Mackenzie zero days are always not know by the devs by definition. Devs don't always act fast and it's always been a topic in the security world when to publicly disclose exploits to force devs to act so zero days don't happen.
On the opposite end of the spectrum you have N day exploits. With N denoting how many days there have been a patch for it that few have installed. This is the reason you want to stay on top of updates to your software and even firmware. If an exploit exists and nobody fixes it, it's still an exploit that can be used as an attack vector. And they can be just as damaging and people only get on top of fixing it when they have been affected by it.
@PleaseDontWatchThese I'm not sure why Youtube deleted my last comment, but I basically mentioned how you contradicted the original poster after agreeing with him, and how I had the same idea as you until I did a quick google search and found out that zero day apparently also includes vulnerabilities known to devs but that haven't been patched yet (or at least according to Wikipedia). By devs here I was talking about big players like Microsoft and Apple, they quickly fix major vulnerabilities in a matter of hours or days when brought to their attention, like when Apple patched the iOS vulnerability that Pegasus used as soon as it was brought to their attention.
@Freedom Of Speech If that were even remotely feasible, then vulnerabilities wouldn't be common, especially in things like Windows, which are written by companies that can and do hire some of literally the best programmers in the world. programming software has become such a complicated Jenga-tower mess that no one can possibly cover every base.
It sounds like it was incorrectly defined at first, but if you listen to his whole description of a zero day it is good. It's not really a correction. It could've maybe been presented a little bit more clearly though.
@John Mackenzie not necessarily saying you're wrong, but do you have a source? The severity of a vulnerability is greatly reduced once it is known, even before there is an official patch. I would have thought zero day vulnerabilities were those for which there could not be deployed mitigations (even if that just means air-gapping a server until a patch is available)
@Daniel Kaschel Here's Microsoft's definition at least : "A zero-day vulnerability is a flaw in software for which no official patch or security update has been released. A software vendor may or may not be aware of the vulnerability". The severity of a vulnerability itself doesn't change with the knowledge of it, but the market cost for the vulnerability does. I'm talking mere knowledge here, of course the severity being known also means that it will likely soon be patched, so it's worth less. Zero days can be easy to fix or not, their only requisite is that they can cause damage if exploited. It's what differentiates them from regular harmless bugs.
@John Mackenzie isn’t that the definition of any vulnerability: one for which a patch hasn’t been released? Once a patch is released it’s no longer a vulnerability. What’s the differentiation of a zero day?
@Freedom Of Speech Have you ever programmed anything? There's a million ways that things can go sideways that are damn near impossible to consider because they're just so out there. As a less dangerous example, people trying to hack the 3ds gaming handheld realized that by using the game Cubic Ninja's poorly designed level editor they could overwrite portions of the 3ds's code and gain access to portions of the system that were previously completely inaccessible. Needless to say, a company like Nintendo obviously cares a hell of a lot about locking down their systems to prevent things like piracy or malicious exploits, to the point engineering their hardware to fight them, since it can cut into profits in all kinds of ways. Do you really think that if making a truly 100% secure system was possible that Nintendo wouldn't be on top of that like white on rice?
Now keep in mind I'm not saying that Microsoft is a good company that deeply cares about its users, instead I'm saying that whether they care or not it's in the best interests of their profit margins that they fix as many dangerous bugs and exploits as possible since nobody's gonna wanna use an OS that leaks their credit card info every 5 seconds no matter how smart you are about avoiding viruses. The only way to ensure that you never have exploitable software is to never install anything, never transfer data in any direction through any method, and hide yourself and your computer in an underground bunker with 0 communication methods for all eternity (you gotta hide yourself too because social engineering is a thing).
It's worth defining the difference between "vulnerability" and "exploit" here and how they fit into the context of a zero day - A "vulnerability" is the problem, and it's a vulnerability even if nobody has found it yet. Someone can discover that vulnerability and report it to you or sell it to some shady organization like a government, and it's still not a zero day.
An "exploit" is software or a technique designed to take advantage of a vulnerability. This is the zero day - the exploit itself, not the vulnerability.
To give a physical analogy, imagine your door lock could be picked if you just could reach a shrouded pin inside the lock, but nobody knows that yet. That's a vulnerability. Now let's say LockpickingLawyer figures out that vulnerability and tells the lock manufacturer and they don't bother to fix it. Maybe he even posts a video talking about it. It's still just a vulnerability.
Next imagine someone who isn't all that worried about the concept of private property also figures it out and bends a wire in the right shape to reach that pin, then begins breaking into houses with it. Now it's an "exploit", and since there is no fix for it, it's a zero day exploit.
To add another wrinkle, let's say someone else 3d prints an object that reaches the same pin in the lock and starts using it. That is the same vulnerability but a SECOND zero day exploit. Depending on how the lock manufacturer addresses the first zero day exploit, the second zero day exploit might still work.
@Merennulli You have it the other way around. Here's the definition on wikipedia :
"A zero-day is a computer-software vulnerability either unknown to those who should be interested in its mitigation (including the vendor of the target software) or known and without a patch to correct it. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network.[1] An exploit directed at a zero-day is called a zero-day exploit, or zero-day attack."
Here's the definition according to Microsoft:
"A zero-day vulnerability is a flaw in software for which no official patch or security update has been released. A software vendor may or may not be aware of the vulnerability, and no public information about this risk is available. Zero-day vulnerabilities often have high severity levels and are actively exploited."
Yes people sell the knowledge of the vulnerability, meaning the zero day. The exploit itself is the attack based on the vulnerability, which is rarely sold.
@Freedom Of Speech have you noticed how the AAA first games on any generation of games console are much less ambitious than the last ones?
You can try to say that's lazy game development, but the reality is it takes time and experience to optimise a game for a system, and then the system changes and the cycle starts again.
My point being it is basically impossible to write something so perfect that it's impossible to exploit, and even if it were possible OSs and hardware are continually changing creating new exploit opportunities that in term have to be fixed as they are found. This does not mean companies like Microsoft shouldn't try to create secure software, it just means it's unrealistic to expect it to be perfect.
@John Mackenzie Yeah, Microsoft adapted a different definition of zero day for some reason. People who work with security just know it's more of them thing. We all complained when they did that but arguing semantics didn't really matter for a nitch word
@PleaseDontWatchThese The more you learn apparently, I've also always believed that zero-days were vulnerabilities that haven't been discovered by the devs yet, but a quick google search shows several sources saying otherwise. Kinda renders the "zero day" concept pointless if ALL vulnerabilities are zero-days.
@PleaseDontWatchThese Haha such a Microsoft thing to do - didn't like the clock starting when they're told about a bug because "MS fails to patch 30-day vulnerability" sounds bad, so they just made up their own definition and muddied the whole industry's terminology.
Oh Microsoft. Don't you ever change (jk please do).
@Freedom Of Speech Do you think Temple OS has no vulnerabilities? There, no typos. Now answer the question instead of going "haha you made a typo, I win".
@Freedom Of Speech It's fine to be a perfectionist. But anyone with any software engineering experience can tell you that making perfect software is essentially impossible. Making a perfect operating system that people will actually use - i.e., with support for Internet connections, 3rd-party applications, decent graphics, etc. - is completely impossible.
@Bane No. It wasn't with engineering. It just takes extreme effort for a lifetime. We've done it before and we'll do it again. Unless people like you take over the zeitgeist.
@Freedom Of Speech I know half a dozen very skilled programmers who, combined, have over 150 years of experience coding. Two have been coding since the early 80s. All of them work in teams of at least a dozen smart people. All of them have made bugs, and no one on their teams caught the bugs. I feel comfortable saying that you do not have any experience making software. It is, quite simply, impossible to make bug-free non-trivial programs. And there are so many other components that could be wrong in a system. There could be bugs in the hardware. Or in the router. Or in anything. Nothing is bug-free. "People like [me]" will not TAKE OVER the zeitgeist. The zeitgeist is "make good software, fix bugs ASAP when they show up". It has been that since the dawn of computing. YOU'RE the own trying to take over the zeitgeist - you're shouting on the sidelines saying "be perfect or you're a failure".
It's crazy that you think that engineering is perfect. Hey, can you tell me about the Arecibo Telescope collapse? What about the Fern Hollow Bridge collapse? Surfside condominium building collapse? The Obed Mountain coal mine spill?
@Freedom Of Speech No thanks, but thanks for showing how bad your argument is. Who knows, maybe engineers will be able to make error-free objects sometime within your lifetime. Spoiler alert: They won't. :^)
When I was in high school I rigged the USB autorun at the beginning of the video to inject my own payload instead of the intended one. From that moment on whenever a new USB key was inserted it would: - Transfer all .txt .doc .xls and such document files to a hidden folder in C:\Windows\ - If the Label was a specific label (sort of like a password) it would instead copy all files in this hidden folder onto the USB drive. - Self-replicate to the inserted USB key and make itself part of it's autorun.
I used this USB key to then turn in my class assignment to my teacher. I think in like a week I could go around to any computer in the school, plug in my USB key with the right label, wait a few minutes, and a bunch of new documents would be in there, including: - Future Assignments. - Future tests. - Other student's assignments/projects. - Personal documents (that was dicey). - Some people even had text files with their passwords.
Sorry I feel like a rambling boomer. The reason why I can disclose this is that it just prescribed so even if they found me out nothing could happen.
"ESPECIALLY" is a keyword here though. Not ONLY if you work on something critical. Even if you work on (for example) a video game and that game ends up becoming internationally popular and happens to have vulnerabilities in it, your harmless entertainment software could become the conduit for an attack, and by extension your players. Imagine the havoc that could be wrought if a serious security exploit was found in Minecraft for example. And that exploit lets the malicious code spread to IoT devices on the network. This is everybody's problem.
A few years ago when they started making fridges, stoves and other "smart" appliances I half joked that hooking your toaster doesn't do much more than making is possible for someone to burn you house down remotely. Not sure if it's a good thing that I was right. Internet connection for 90% of devices is useless and pretty much just an extra thing to go wrong and a vulnerability.
@Nunya Business IoT devices are usually fairly insecure and almost never updated, making them easy targets for hackers.
Really not a concern for the average consumer, very few hackers are interested in burning down your kitchen with your smart toaster, but they can be recruited into botnets or used to more widely propagate malicious code.
Agreed, these gimmicks make for easily exploitable home networks and homes for botnets. Tech enthusiasts can't get enough smart devices, the tech knowledgable try to lock down and protect themselves, and the tech experts have a backup plan because they know they can't be truly safe from modern devices.
What would a smart toaster do? Smart fridge is like a tablet taped to the fridge. Can mitigate some issues by having the microcontroller for the actual fridge components pay attention to what the tablet tells it to do. Might suck for V1 users but V2 users will be fine :D
@Nunya Business "Toaster need no Internet. Internet in toaster mean hacker can hack toaster. Hacker now sets house on fire. Don't give Internet to toaster."
There was an incident of a casino getting hacked because the fish tank thermometer wasn't up dated and allowed the hackers to get access to the network.
I agree. The so-called "internet of things" is a stupid idea. Just like I would never cede the steering wheel of my car to a robot, I'd rather not have random household appliances attacking me. Imagine an angry roomba! 🤣
I had gotten into ICS cybersecurity just a few years before this happened and I remember how game-changing it was at the time. Not in terms of its capability, as we knew hacks on this level had existed for several years at the nation-state organization/funding level, but game-changing in terms of getting everyone's attention. Hell, it's only due to ambiguous attribution and plausible deniability that real-world wars haven't been triggered yet. But that day will come when a hack causes such serious damage and the attribution so obvious that it will escalate into war. - I can assure you that everyone is in everyone else's systems and have been for a decade doing recon and quietly sitting in wait to be triggered. Better methods of detection and monitoring along with quantum encryption/networking can't come soon enough. - The best defence is accepting you WILL be taken down and only having a good mitigation/continuity plan will save our critical infrastructure from being taken down.
Yes, in fact much of this, including the mitigation required, was already well known in the 1980s, and the US DoD has an excellent series of books from that time systematically describing the enabling factors, the possible defences, and why any defence includes having a plan B, and how to make that plan B not fail in the same way.
Sure, the actual technology used as examples might be outdated in those, but it is still asking the right questions, and providing a good way to think about creating solutions.
Actually, Russia has a policy that more or less allows it to regard any cyberwarfare against the country as an act of war. This among other things makes Russia have a very small exposure towards cybercrime and cyberwarfare.
Attribution is also a very dangerous topic, it's easy, especially for actors of this magnitude, to make it look like the author is some specific person or state.
@Bart Van Leeuwen Well without going into the technical stuff to deep, the MO of most ATP:s are well known within the community of LE and CF. To attribute certain markers in order to recognize the origin of i.e. an attack is relatively easy.
Now, the western world have been really shitty and afraid of actually retaliating and thus we have multibillion theft and other types of espionage and attacks regularly from nations like CH, NK and RU. Not to mention all the APT:s and subgroups out there.
There are many aspects here that is mostly unknown to the public and it irks me when someone like wendower tries to explain something they clearly have little knowledge about.
@Dedmen Miller To call it easy is to simplify it grossly. It is not "easy" to hide your origin to an extent that it is impossible for a well funded and well organized cyberforce to find recognizable markers. If anyone tells you anything else it's just pure fiction from a movie.
"with quantum encryption/networking can't come soon enough." as the experts say: it's basically never the math, it's the implementation (how it's used) and any other code around it. So the encryption itself won't save anyone.
@Christian I've been around in 'the industry' for some 4 decades now...
Anyway, the mere fact the MO of most ATPs is well known makes false flag operations resulting in mis-attribution more than just a theoretical possibility.
And such a thing happening wouldn't exactly be a first either.
So I disagree that reliable attribution is not difficult, at least when dealing with a serious and knowledgable attacker wanting to hide their tracks.
@Dedmen Miller - You could achieve this by including traces of language in the compiled program that are only in official use by a single nation-state. That includes Hebrew (Israel) and Farsi (Iran). It raises the cost of developing a virus, but a nation state could easily afford it.
@User 2C47 I said mitigation and continuity are plans. When I was referring to defense, I meant it in the context of not a defense strategy but a defense against critical infrasture failing completely in terms of services being provided after an attack.
I'm scared, there's this guy who was friends with my friend and told me he was with some hacking group from Belarus, like he started phishing people from 50 accounts, said he knew some kind of 'people' called Sandworm, possibly them
Just something to consider: This was discovered like 10 years ago. Just imagine how much more powerful cyberweapons must exist nowadays. No one listened, so now we wallow inside the pit of insecurity.
Not just in the vulnerabilities but in the implementation and discretion of the objectives it is the nature of cyber warfare to evolving faster than the nasty little bug eaters. Zero day exploits suck.
Tbh we have always been vulnerable, defenses and attacks develop day by day but one thing for sure is that the results will be the same, the only difference is perspective. A virus infecting 100mil devices decades ago would not be any different from a virus infecting 1bil devices today, its the same results, someone's property will get damaged.
Not going to deny huge vulnerabilities still exist, but saying no one listened is ridiculous. Do you think companies and governments are going to put out announcements about the steps they've taken to secure their systems?
Society absolutely needs to become more aware of how potent this can be, I won't argue with that. But the people to whom this should matter (development houses, governments, legislators etc) did catch up, albeit horribly late and still insufficiently.
Unless we become able to make software so simple and so rigourously reviewed that bugs and security vulnerabilities become a thing of the past however, software will never be completely secure from the get-go. Airlines are among the only industries that came close to achieving it, and they pour tremendous amounts of money into it, while moving their software stack extremely slowly for that purpose. Compared to that, when was the last time you've paid for an app? These industrial organizations and consumers are very, very different. And development is already extremely time- and money-consuming as-is. Most people don't seem to realize that.
The best we've been able to do so far is to make these software development houses realize that these vulnerabilities are a thing, and somewhat forced them into fixing those vulnerabilities (90-day responsible disclosure). And for them to realize that bounties are relevant when very powerful governments and black markets too got very interested. It is not perfect, but it's the best compromise between cost, effort, time and quality we have been able to come up with so far.
You could consider ransomware als Wannacry a cyber weapon. And that made quite some rounds in the recent years, and that wasn't even really targeted use, it was just thrown out like as shotgun shot.
@Mike Its not only sth. companies have to implement but the state through its laws as well. Also Open Source can play a major role in finding and fixing bugs.
@Some One hence it's still insufficient. Regarding open source, it's not a silver bullet. I have to admit that I'm an open source fanboy, but it does have issues. One of those issues would be that even an open source project that allows for the "many eyes principle" can still have vulnerabilities out there for many years, if there's nobody (aside from the devs themselves) to look at the project. In other words, popularity is key. And even then you have the issue of code quality. Examples would include sudo and openssl, which are very widely used. In both there were critical vulnerabilities for many years, and in both I'd argue that the code base was/is overengineered, overly complex, and overall just a lot of digital spaghetti. It is possible to replace them (sudo vs pkexec / doas, and openssl vs libressl / gnutls) but the problem still remains. Open source is of no value if the code is still essentially unreadable.
Oh yeah, I mean during the mid 2010's my own country of Denmark had our national public services and companies constantly bombarded by Russian cyberattacks until we started deploying a national hacking taskforce within the national defenses.
More numerous I'd buy, but even without being a professional on any level I can tell that more powerful is questionable. All of this is dependent on the target software failing. Hacking isn't some video game where you invest skill points and suddenly you can use Google's search bar to find bank passwords, new holes in security I can believe, but autorun isn't gonna turn into autosprint just because you have two people typing on the same keyboard.
@Mike Martin There's also the problem of widespread misplaced trust. Billions of people are happy to put their trust in operating systems and software they (and in fact most people) know nothing about the inner workings of, and they gladly send all their personal information through devices running said software.
also I am impressed by how well you explained stuxnet. For a guy who is likely not a computer scientist or a security engineer, it was a near perfect presentation. My hat is off to you!
What surprises me at times is how long it really took for those things to happen. I agree that something like stuxnet happening was huge, but first of all because it became public, and people started to think about it, and take some things people in the security industry have been saying for a long time now, a lot more serious.
But.. imo, this being possible wasn't news, and shouldn't have been news for decades now.
What nobody talks about is how, probably Israel, killed some of the engineers from the nuclear plant who were trying to clean it up where killed on the streets in the city. And how the security expert from Microsoft had an unfortunate accident before his big talk about Stuxnet at a security conference. Probably that last one was purely an accident and coincidence. But the dead Iranians clearly aren't. It does indicate that working in IT Operations and Security has become a more dangerous job than it used to be. And as XKCD 538 indicates the weakest link at some point might end up being us.
The best way I've found to fully understand Stuxnet was listening to the Darknet Diaries podcast. It goes into a lot more detail and shows how amazing the whole Stuxnet operation was
@Daniel Hess there's definitely hacks going on right now that are way crazier than Stuxnet, but they're that good we don't know about them yet, because the victim doesn't even know about them 👀
I really like the analysis of Stuxnet called "To kill a centrifuge" by Ralph Langner as it explains lots of technical details about Stuxnet and centrifuges in question. Also the virus portrayed in this video is actually a second less sneaky version of Stuxnet, the first one was much more sneaky and destructive, but much less exciting as it had no 0-days nor any way to spread via local network.
@Danger Ranger Dan he's literally uploaded the podcast episode onto YouTube in the last couple of days! Search for Jack Rhysider and it'll be his most recent upload, it's a great story 👍🏻
When it comes to cyberwarfare, every nation with sense operates on a policy of 'Those in the know aren't talking, and only those who are not in the know are talking.' I once chatted with one of their ex-security guys and apparently Fort Meade is so insanely paranoid when it comes to security, they immediately began renovations on their headquarters when some college discovered a way to get wireless data through the massive Faraday cage already cladding those buildings. These are the same guys that encase every wire coming into Fort Meade inside sensor-lined concrete.
As someone who works with PLCs its nice to see them actually mentioned. I wasn't aware that Stuxnet hit the PLC's themselves I thought it crippled the SCADA system. I guess that shows how PLC's tend slide into the background in the media. The only comment is you used a modern Logo PLC (more akin to home automation or tiny single function machine) instead of the S7-300 more akin to massive machines and entire factories.
PLC security is a joke and mostly relies on being on an isolated network. That obviously isn’t enough if someone really wants access to your stuff as stuxnet proved. Makes you think twice every time you swap a usb flash drive between a business and process computer.
Yeah, controllogix 5000 don't have any credential requirements (or even an option to set any as far as I've seen), just need the ip and you can mess some thing up badly
I learnt about day-zero exploits in my cyber security course. They are dangerous. And it is interesting to see them being used in this Ukrainian-russian war. Both Ukraine and Russia have been victim of these exploits because of the war.
Very well presented. I think you should have made more clear how enormous 1MB is in this scenario. People take pictures or videos of hundreds of MBs or even GBs all the time. But this is just code and 1MB of just code for one single purpose is crazy.
This representation is somewhat inaccurate: Exploits, big and small are found all the time and are patched all the time. They're not nukes, you can't just sit on one for years because it may either get discovered and patched or rendered pointless by some other update or just a new software/OS/etc. They're also typically already out and about (ex: Meltdown) and, if big enough, get a ton of attention and very fast reaction to it. The log4j fix is an example of this. That doesn't mean they can't do a ton of damage, it's just that more often they're just happening all the time, and the vulnerabilities are just getting patched all the time. Organizations that are bad at security and keeping up with this, government or otherwise, are obviously the easiest targets.
As a counterexample, the Shellshock bug had existed since 1989 and wasn't identified until 2014. It is certainly conceivable that, even in the absence of conspiracy theories about government/corporate partnerships, a devastating bug could go unnoticed for decades.
@Sovrim Terraquian true, though that bug was exploited primarily cause the patch sucked and people weren't updating their unix servers. I guess the point I'm making is banking for a long time on no one discovering the discovery that you bought and hired a team of people to implement maliciously sounds like a stupid idea. It's like finding a $100 bill on a crowded street. You better hope no one else saw it. But as I said, I concede that sometimes exploits exist for literal decades, so a fair example for sure.
6 likes
Michael Atwell2022-04-19 21:31:31 (edited 2022-04-19 21:33:23 )
The book referenced, "This is How They Tell Me The World Ends", is an amazing deep dive into this subject, and the beginning and ending sections dealing with the author's time in Ukraine were disturbingly prescient.
I'm a programmer and a hobby hacker. I expected some flaws since no one can make accurate cyber security videos. However, you did a really good job. Thoroughly enjoyed this one, thanks!
Not really, a lot of the info in this video is half-true, and he doesn't seem to know what a lot of the terms (such as zero-day and remote execution) mean
I remember watching more information about this unfold while in IT class. It's amazing how simple payload concept was. Security Now podcast was a stream of weekly updates for a while there. This video is an excellent piece of coverage pulling it all together.
"This new era was made possible and perhaps more importantly profitable"
I have absolutely no idea why, but I was genuinely expecting (for just a second) that he was going to say "By this channels sponsor, Wix" I know the sponsor is not wix, and I have no idea why that popped into my head, but it did.
107 likes
Replies (3)
User 2C472022-04-19 23:53:44 (edited 2022-05-10 19:47:36 )
For me it was both Squarespace and Cloudflare, simultaneously.
The common theory I've heard is that to at least some degree, Stuxnet wanted to be found eventually, after causing significant damage - the US wanted to show off their capabilities, and this is just about the only way you can. You can't exactly have a military parade with a bunch of soldiers holding up USB drives.
@LordDarias At least nukes have MAD. If you get cyberattacked, assume it's the US or Russia or whatever, and launch a counterattack, then you just look like an asshole because the origins of these attacks are fairly difficult to prove.
That would be very on brand for the US as well. Meanwhile, China likely has access to every phone, laptop, and game console in the US and is just sitting on that... For now
@Gave2Haze Pfft, Israel was the one who wanted to just airstrike the nuclear facilities directly. They have no restraint when it comes to assuaging their own paranoia.
I remember first hearing about Stuxnet in a podcast years ago and it was kind of the first time I questioned the ethics of a nation's government to inflict damage on another with that sheer lack of accountability. Of course since then read about tons of other incidents that reinforced that idea, so its stuck (no, no pun here) with me as a poignant example of this issue.
With proper security monitoring zero days are not that scary. RCE would be detected and countered as it happened and the spread would be minimized. The problem is many corporations spend money on cyber security insurance because it's cheaper than proper security. Just like having the CEO pop their golden parachute and take the blame for something bad the company did cyber insurance lets the corporation save money until things go bad and then they get a big payout. The only ones harmed are the customers.
Yet another instance where putting profit over everything is costing average people. We need more stakeholders in business, and less shareholders.
As a Senior Information Security Engineer, I was very intrigued to see what would be covered in this video.
I'm pleased to report that it's largely very accurate, and I look forward to seeing more!
If you want to know more about this topic / Stuxnet (and I mean almost mind-numbing levels of details), read or listen to Countdown to Zero Day. Other great cybersecurity books I've recently listened to are (1) Sandworm which is about Russia's terrifying cyberwarfare capabilities and attacks and (2) The Cuckoo's Egg which is the story of the first proper Incident Response and the methodology borne out of that.
Practically the entire industry thought that the next major war would have a HEAVY cybersecurity element, but it's been (morbidly) interesting to see that seemingly no such thing has come of the Ukraine war yet. It seems that, in most cases, "cyberweapons" will be relegated to intelligence gathering and "under the radar" attacks.
From my (admittedly incredibly distant) perspective it looks like disinformation is the most visible weapon currently in use lately.
On one hand that's a minor relief on the network side, but on the other it's really annoying seeing less discriminating contacts willfully spread easily-disproven nonsense. That's a whole can other can of worms though, and neither this video nor this comment are part of that problem.
I'd highly recommend reading the book "Countdown to Zero Day" by Kim Zetter if you're interested in the StuxNet story - it details the full timeline in great detail. If you're at all interested in CyberSecurity you'll definitely enjoy it.
18:45 I'm no expert, but I'm almost certain that a lot of people around the world already have experience with wars that they can't simply ignore by turning off the TV.
What stopped white hat hackers from selling the exploit, and then immediately delivering them to the software developer to be fixed?
Why hasn't this business model changed to some sort of subscription, where security companies would buy an exploit, and then pay some daily/weekly/monthly fee until the bug was patched by the developer (this way, encouraging the bug to be kept low profile)?
White hats are not nearly as common as you might notice, because of a combination of things, but here's something pertinent: When a bug gets reported, it usually comes after the reporter has abused it for a while and got bored or feels bad about it. So most of the time, reporting bugs can get you extreme suspicion and or bans/punishment. This alone demotivates a majority of regular (ie. non corporate employed) white hats.
But other than this, generally, cybersecurity firms are hired in the process of creating new infrastructure. The problem is software devs LOVE to reuse old shit, so basically unless you're making a whole new internet, bugs from a billion other places will be incorporated. The internet is a lot like building a house and your house building tech only gets better the further in you've gotten. By the time you're installing solar panels, people are starting to realize the foundation is made of packed dirt.
As someone who works in cybersecurity, I can say this was a brilliant video for bringing awareness to the massive concerns that nations, companies and, individuals face in this regard.
To be fair, it was already "here" in 2011 - yes eleven years ago. But due to it being ignored and labeled as a "non-issue" (with victims i.e. companies/govs always denying they got hacked/whatever) it hardly received any publicity. It needed an actual war with a large nation for "Cyberwarfare" to finally receive some actual recognition.
A zero-day isn’t just a bug, it’s specifically an exploit that has yet been undiscovered (eg “it’s been zero days since our staff was made aware of etc”). This is usually a monumental discovery, because it means this exploit may have been around for a long time undetected, and none of the programmers have any idea how much damage has been done in that time. Not every bug is a zero day, because not every bug is an exploitable issue unknown to developers.
I worry about the electrical grid. It’s an incredibly expensive, incredibly important piece of infrastructure that everyone takes for granted. A stuxnet-like exploit applied to the grid can cause damage on the order of billions of dollars, and hamstring entire nations for years.
It's a shame you only mentioned ransomware a little at the end. Without the huge market for zero day exploits created by aggressive state cyberwarware ransomware wouldn't be so big now. Some of the organizations doing it have become scarily big, powerful and wealthy. Governments need to band together against them and IT security needs to improve massively. Governments must stop fighting against encryption and safe communication protocols.
The amazing part was not so much about the worm spreading over a usb stick. That kind of stuff was done in the 80s with floppies. And its ability to use zero days was also not too special as all exploits found in the wiled are zero days. It was its stealth and really specific targeting to attacked a complicated air gaped machine was what got everyone's attention.
Wow, it is hard to believe the Shadow Brokers' leak was already five years ago! That was a big one. The ransomware campaigns that followed it were unprecedented in scale and simplicity.
i do have to nitpick a bit: not every vulnerability is a zero day. the zero refers to the number of days a defender has to patch it, so until an issue is actually found and used by an attacker it's just a generic vulnerability.
Why is it called zero days? The term "zero-day" refers to the fact that the vendor or developer has only just learned of the flaw – which means they have “zero days” to fix it. A zero-day attack takes place when hackers exploit the flaw before developers have a chance to address it. Zero-day is sometimes written as 0-day.
Impressive video for a discovery of a channel. I was so impressed by not only the content but the editing, and the referral price offer for CS+Nebula was so good that I couldn't resist!
One interesting bit that wasn't covered: it's mentioned in the video that stuxnet got onto the research facility's hardware due to a spy or mole. That may not even have been the case: it's theorized that instead, whoever was trying to deploy the virus did so to either the Siemens controllers or something that would be connected to them, at the source. That is, these machines were infected with stuxnet en masse in their countries of manufacture in the hope that at least some of them would make their way to Iran. And it worked. It's possible that this is also what led to its discovery by the western public: enough of the infected machines made it to western countries that a user who happened to be operating one such machine stumbled on it.
What if a single contaminated USB drive found its way into the factory where those machines were being built, and commanded the system that installed their firmware to include a bit of malicious code within it? The factory would not have had the same level of security as the enrichment facility, so it could've been easier to slip in an imposter or bribe a rogue employee...
As someone who has had an attack that infected my network at home I can say its quite the nightmare. So bad I went to school to retrain into IT because I saw what this could do.
This is by far one of my favorite stories. Anyone who wants a more in depth dive, read "Countdown to Zero Day:," it's an incredible retelling and well researched record of the story of Stuxnet / Olympic Games
Stux was fun. Came from Utah, was propagated by a 'lost' usb thumb drive, exploited not only the zero days but also DMA capabilities of usb, so it could make the air gap jump. That's how it got onto the gapped control machines that ran Iran's centerfuges. And the payload was brilliant--make the uranium enrichment *unreliable*, not completely broken.
So interesting! I only had a very rudimentary knowledge of how this whole thing works, and it's so cool to learn how it started and the sort of 'logistics' behind it.
i want to know, at the moment, i'm scared, a friend of a friend i know has been hanging out with this man part of a Cyberunit known for phishing, hacking, vulnerable information, possibly Sandworm
It's amazing how far technology has come. As with many things, if you don't keep up with it you get left behind.
I remember thinking awhile ago how much I knew. But in the blink of an eye I'm old news and outdated.
Trust the fact that the alphabet boys are keeping up with this advancement. I'm always curious how much thought goes into these trends. Such sophistication and plotting goes into these attacks. Specifically to lay in wait.
The newest version I saw was talking about storing itself in the bios of a machine. That gives me worries at night for sure if I was a network manager.
It kinda terrifies me that my university labs have PC's still running windows XP. They're obviously not connected to the network at all, but imagine what one guy with a long cat5 cable and a few minutes could do to the whole university network.
I don't know the mechanism, but my university suffered a devastating cyber attack. All the systems shut down, and more than a month later, some of them are still down.
The problem is not that they are not willing to upgrade but rather that Software Companies are either to lazy or that the Software that they build are from the 80is or 90is. Everyone who has a little unterstanding how OS works knows what works on a Win10 does not mean it is going to work on older Versions. A good solution would be to switch those Softwares on Linux but I guess the American Lobby would have a small problem with that and on the other hand to convert the whole Software on a different Kernel and Operation System would take ages.
Ok but like this is something I hadn't realized until Sam said it outright: a weapon that cannot be revealed before it becomes useless, is a weapon we cannot shield against. The idea, the prospect of our there being a weapon so destructive, so devastating, so catastrophically armageddon that's just laying dormant, truly is something chilling. We're exposed, there could be a sniper looking at us right now, aligning their crosshair to our frown 24/7 and we have literally, literally no way of knowing if that sniper even exists, let alone which is his rifle, what's their ammunition, or his position.
This is a war of warnings, a war that will only end the very second a country calls a bluff to another country that was not bluffing.
what i would like to add is that Siemens PLCs have a pretty huge market share, especially in and around europe. Most other companies have special usecases, but what i have seen Siemens stuff is used often because a lot of people know how to use it, get a good price and know how to program it.
I wonder if there have been cases of developers purposely leaving in exploits then selling them and patching them as soon as they get the money. I guess any company big enough for exploits to be valuable is too rich to care about the bounty
"Wars will no longer be fought in far-off lands that can be ignored simply by turing off the TV."
Rather America-centric view, considering what is happening in Ukraine in this very moment.
As long as cyberweapons cannnot control strategic resources or locations (water, oil, power plants, food, warehouses, defensive positions etc.), a conventional warfare will still be a thing. Cyberweapons will nautrally be part of arsenal of any modern army, but the quote above sounds like an overstatement.
3:12 that is a very weird way to explain what zero-day exploits are. not sure why you would go so far to avoid actually tying the name to the core concept directly. have a feeling a lot of people walked away with some weird idea of what they are.
Perfect timing! I just finished This Is How They Tell Me The World Ends by Nicole Perlroth last night. It's a great book on cyberwarfare if anyone's interested.
If you find any of this interesting I completely recommend the podcast Darknet Diaries, it has a whole sub series about stuxnet, as well as attacks such as notPetya and others. It's a very well produced show made by someone who is very very good at research and knows the industry in and out. Jack Rhysider is a beast
Incredibly well written script, both yours, Wendover and the one used in stuxnet, ok sure technically it was a compiled payload, but you get what i mean.
Humans for 10,000 years: Step 1: develop something to bring man kind forward in its development and to improve the lives and welfare of the whole world. Step 2: develop a way to defend against it as someone has turned it into a weapon. Repeat....
Why be an innovator when you can be a parasite who destroys well-meaning things, right?
I like this video, but the Shadow Brokers only released a very small part of the tools they had access to, but was only able to release a handful out of 100's.
I learned about stuxnet 5 hours ago from a podcast recorded over a month ago. I clicked the thumbnail to this video curious how some cyberwarfare happens so that I could maybe understand more about stuxnet. But I was not prepared. Thanks for double breaking my brain, good work.
Walked into this video thinking "My country (Iran) has been in a cyberwar for years now, I wonder if this video will mention anything about it" and found out that at least one of my two computers is infected because of it.
I believe we can no longer ignore that we live(d) in a very special frontier of the internet, but that going forward the human species will probably not be able to use this technology like we do for to much longer; between cyber attacks, increasingly likely solar flares destroying infrastructure, the climate and migrant crisis’ etc.
0 likes
Grant Trotter2022-04-21 19:34:43 (edited 2022-04-21 19:34:50 )
2:18 "This new era [of cyberwarfare] was made possible, and perhaps more importantly, made profitable by-" I really thought that was gonna be the most unlikely ad transition I've ever heard.
3:30 maybe this is a bit philosophical and pedantic (a la "a tree falls down in the woods"), but I think your definition of zero day is a bit unusual. I don't think zero day means "all vulnerabilities that exist in a technology" it means "any vulnerability which has been discovered by a researcher." Since most people only learn of a zero day exploit once it has been used in an attack and researchers have noticed and named it, "zero day" has come to mean "new attack pattern that just made its debut." This better suits the etymological origin anyway. "It has been 0 days since [disastrous thing happened]."
More accurately it's "any vulnerability which is unknown to the developers" - the idea being that once the vulnerability is known, its value starts to diminish over time ('n'-day vulnerabilities).
A 1-day vulnerability might still be missing an official patch, widely unknown, and as such invaluable in the right hands.
A 7-day vulnerability's probably patched, worthless vs. security-conscious targets, but valuable for other uses. Depending on the software in question there could be a vast quantity of old installations runninng.
A 500-day vulnerability is pretty much worthless. (Well... I say that, but if I recall correctly the ransomware attacks that devastated some public health systems a few years back were using ancient exploits... the hackers had made it on the cheap, and were just kinda shotgunning it around hoping to hit something. Turned out a bunch of hospitals still had their entire networks running Windows XP hahaha)
FYI, the reason those centrifuges are so fickle ( said around 9:47) is because of the precise balancing and precision you need on the bearings to separate Uranium 235 from 238. They need an air layer in the bearings (because mechanical bearings with an oil layer can't go to high enough RPM and aren't precise enough) I.E. gas or magnetic bearings to work correctly which need final tuning to make the system run correctly. It would be incredibly easy to just change 1 or 2 parameters that would make a mag bearing system rotate out of orbit and they can literally tear themselves apart if you wanted it to. Stuxnet running at bad RPM ranges likely caused the motors and bearing stators to run at bad efficiency (creating a lot more heat) which can "cook" your mag bearings, motor, and stator by basically annealing the laminar sheets of steel and changes their characteristics (which also removes their magnetism and makes them run horribly). This would likely do this to the motor stator and rotors as well.
8:53 the claim that 58% of computers in Iran were infected is inaccurate. 58% of infected computers were found in Iran, which is a very different thing.
@Navyseal168 the same as this video: the Wikipedia article on Stuxnet. The article has a table listing affected countries, and "Share of infected computers" for each country. The creator of this video misinterpreted this as "amount of computers infected from the total amount of computers in that country", when in actuality, the table lists "amount of computers in that country from the total amount of known infected computers".
A lot of this is focused on Western and Russian cyber but you completely ignored the frets and depth of Chinese government sponsored cyber attacks for corporate espionage. The Iran incident did not open Pandora's box it was already happening.
While I could be a smart ass and say that this is expected due to running Windows. I will say that while nothing is infallible, you do increase the cost vs risk factor drastically by making the government actors have to fight Linux or even harder, BSD. Of course at that point their next step is to say "sod it" and they start fudging with hardware in transit (The Cisco switch firmware switchout a while back) to get around it.
But I still think the faster you throw the Windows machines in the bin, the harder you are going to make it for them.
BTW PLCs have capability to be configured in such a way that USB cannot to be inserted in the host (similar PCs) Some PLCs have/had keys that disable write capabilities unto the system (the older the model the higher the chance this is true)
The so called "Trusted Computing" chip is one big backdoor integrated into most mainboards... Microsoft is not really hiding the fact that their goal is to be able to remotely control/shut off every machine in the world, and most companies are switching to their "cloud platform" to make it even easier to accomplish.
What's also worrying is that the world is connected by dozens of mutual defence and arms treaties all based on conventional warfare. However, how cyberwarfare fits in. If a Russian cyberattack begins shutting down Polish electrical grids or knocking Romanian airports down, is that enough to declare Article 5? Could a World War start because of the legal unknowns of this new era? This whole new dimension of warfare could have some powerful consequences and runaway effects. Remember, WWI started because of the assassination of a regional power by a minor nation-state. It only takes one small mistake to bring the whole world in.
Zero Day doesn’t refer to the software flaw itself, it refers to the small window of time between when it is discovered and when it it publicly announced. This is when it’s most valuable, because it can basically be exploited at will, because no one even know s to look out for it yet. So any flaw, no matter how major or minor, can be called a Zero Day during this limited timeframe. It doesn’t depend on complexity, just how widely known is it.
I love how the idiots who wanted to destroy that nuclear program decided the best idea was to cause a radiological spill, because you know, that can't possibly do anywhere near the most harm.
I don’t think you’re giving developers enough credit. It’s not so easy to develop such widespread devastating viruses as you’re saying at the end there. Not with modern security practices. Finding 4 zero days that can work together in the modern day is basically impossible.
This is probably the best structured, narrated and researched video i have ever seen on anything. Just free for everyone. Thank you very much Wendover. You are amazing.
I was caught In the middle of a railroad track (thunder)
I looked 'round And I knew there was no turning back (thunder)
My mind raced And I thought, what could I do? (Thunder)
And I knew There was no help, no help from you (thunder)
Sound of the drums Beating in my heart
The thunder of guns Tore me apart
You've been... Thunderstruck! :D
Thanks, love your content, thanks also for the referral of RealLifeLore I finally signed up for Curiosity Stream annual bundle. I might buy some shares tomorrow, Be an owner, not just a consumer, right? Thanks.
3:13"While the math behind encryption may be infallible..." camera pans to someone wearing the ugliest footwear ever known to mankind "...people are NOT" Video editor is awesome, give the dude a raise!
The scariest thing about cyberwarfare is that, unlike conventional warfare, there is no consistent way to attribute a cyberattack to a specific nation-state. This gives countries a bit of plausible deniability that locks up the traditional mechanisms of international law and the law of war.
It used to be that zero-day vulnerabilites were immediately disclosed as the bad guys had them, and the more people who knew about them, the better they could change the security posture. However, the banks and Apple didn't like not having "advanced notice", so they changed to the current model, where severe bug may be unpublished for a period of time while the vendor makes corrections, rather than launching into a 90-day sprint to solve a Heartbleed bug.
Disrupting a country's development of nukes wasn't all that bad though, considering the alternative was an invasion to stop their nuclear program, or let another unhinged power gaining access to nuclear weapons.
You have a major error at 1:35. The correct statement is, "60% of all computers with Stuxnet were located in Iran", NOT "60% of all of Iran's computers were infected".
Strange. You can tell by the end product of the centrifugation process if something changed. Also, a worker who's been there for a few years can even hear, if a centrifuge is not running properly.
I remember simply putting an empty read only autorun.inf file on USB drives was enough to prevent the spread of these widespread viruses on Windows XP. Thankfully this stupid auto run 'feature' was removed from later versions of Windows for USB drives.
This makes me feel like internet security is a pointless endeavor for the average citizen. Not meaning basic security practices like changing password often but all these other security tools being sold to us these days.
It's looking more and more like worthless hype with every passing day. Cybersecurity is easily winning. Face it, human conflict is about aggression, which is bad. Isn't there something better than being fascinated with it?
that stuxnet virus is insane, that's like straight out of mr.robot
8 likes
Fred Riddles2022-04-20 00:08:56 (edited 2022-04-20 12:19:54 )
Its important to remember that every age in human history has had its own unique challenges. A couple hundred years from now we'll be laughing about how trivial cyber security is as we focus on the next big problem to deal with, and the one after that, and the one after that.
@DDM Acc My point is that conflict is a natural part of human existence. People like to hype up cyber threats like they are this big and scary thing, and they can be, but this is the price we pay for living in the 21st century and enjoying all its luxuries. You can either make peace with this fact or waste your time wishing you were back in the dark ages where cyber security wasn't an issue, but the internet didn't exist and we didn't have programs to deal with complex computational issues.
New problems will always be springing up while old problems continually die. Cyber security is the newest of problems, we just have to keep a cool head and work towards a solution while enjoying what we have now.
@Fred Riddles Depends on whether the world is still under the rule of a handful of rich industrialists or whether workers have sorted their shit out and taken control by then.
i gotta say this somewhere now. ALL THE TIME i hear about curiosity stream and Nebula and id LOVE to go there but I just cant. Not everyone has a credit card. Its so taunting to hear it and want it but needing a stupid credit card in the middle. Same goes for gift cards. You cant get them without credit card. Which century is this?
Stuxnet was a beautifully designed and engineered virus. The story behind it is fascinating and I encourage everyone to read up about it. Not to discount Sam's video. He does a great job.
This is something we deal with daily in US manufacturing. I work as an electrical maintenance lead at a steel mill. Our Automation department has to work hand in hand with our IT department and our corporate IT department to ensure our cyber security is sharp. We currently are getting ready for potential vulnerabilities in a large upcoming Windows update that has been warned by our PLC manufacturer and Microsoft. That said we are auditing our Network security and firewalling. It’s concerning to all of us how these zero days can be utilized without manufacturer notice to wipe out our processes, and with that we ensure residences are built in and offline spares are prepared so processes can be restored and isolated if needed.
I mean... People don't update their systems, especially industrial companies. You realistically don't need a zDay to infect those networks. Most network compromises come from people getting phished by obvious schemas 🤷
How do you stop a zero day attack? From what I've heard the end user doesn't even need to do anything, the attacker simply needs to know their phone number and that's it! Could be a text message sent or anything, and the victim doesn't even need to open it. Wouldn't be surprised if there's a government backdoor for everything nowadays either.
"Zero days are worthless...Quickly patched by devs"... But doesn't mean the updates are installed. Takes years for many companies to do that lol. Any one who does IT sees old vulnerable stuff all the time and has to convince companies to upgrade.
Stuxnet silently and nearly undetectably prevented the advancement of nuclear technology in Iran. This sounds like a similar M.O. to the Sophons from Trisolaris in Three Body Problem.
Zero Days (which like this video take the stuxnet worm as its starting point) is a great documentary and a must-see for anyone wanting to dive deeper from this video.
We need to be clear about the Colonial Pipeline attack.
The attack didn't go anywhere near fuel and pipeline operations.
It was a DP attack; it would have shjut down *the computers they used to bill customers*. *They shut down the pipeline*, lest they be unable to collect money for the prodcut moved.
My understanding is that there was a photograph in an industrial publication of one of the terminals in the facility that reflected that the Iranians had not been updating their control software package because the licenses were under sanctions.
I just graduated IT in 2020, and CS specializing in Internet Networks, and Databases in 2016.
I have heard all these things while I was in the middle of my college, man my field changed alot in cyber security in that time frame.
I also have a laptop with alot of old virus codes from the centuries, including the infamous I-LOVE-YOU virus. The wifi card for that laptop is removed and Ethernet port disabled permanently hardware wise, and its running Win 10 20H1 natively, with vms for DOS.
I usually use those codes as learning materials, and sometimes algorithms within it I use for code I make.
Is it really a weapon though? A sledgehammer is a weapon if I swing it at you, but if I tear down a house with it then it is only a tool. This tool didn't attack people but infrastructure instead. Therefore, it is a tool and not a weapon.
A bomb can be a tool used in demolition and tunnelling. That doesn’t mean it can’t be a weapon as well. Is a knife always a weapon? Always a tool? Or sometimes one and sometimes the other?
18:45 I'm no expert, but I'm almost certain that a lot of people around the world already have experience with wars that they can't simply ignore by turning off the TV.
The "error code" in this video's thumbnail is actually "WENDOVER" in hex. The second and seventh characters are the same (both E's), the first character is one greater than the sixth (W is immediately after V in the alphabet), and the fourth character is one less than the E's, since it's the D.
It shouldn’t be treated or viewed any differently than dropping a bomb on a city or launching a nuke if it’s a large or destructive enough cyber attack, because in many ways they can actually be more destructive than traditional weapons. The US government, for example, has to make clear to Russia currently that any major cyber attack on US soil or of US interests on foreign soil will be treated the same as if Russia flew fighter jets over New York City and started dropping bombs and that it will be considered a very real official declaration of traditional war that would trigger NATO’s Article 5 the same way a traditional attack on NATO territory would and it doesn’t matter whether or not they have plausible deniability through the use of contracted outside hackers and troll farms and don’t officially take credit for it, if it comes from Russia or groups and organizations known to be friendly with Russia it’ll be treated as a Russian attack. Time to finally put them in their place, especially when it comes to cyber warfare, after all the destruction they’ve caused over the past several years through such means. We’ve got to make any potential use of cyber attacks seem like a suicide mission to them, AND China for that matter.
There exists a backdoor in mobile telephony network that allow anyone with the right tools to get into your phone and there is no way to prevent it. Ross Coulthart has a piece on it.
Well, yea, but actually no. In the US at least, our nuclear launches need actual physical activation keys. You cannot launch an ICBM from the US without having a living person present.
0 likes
Eric Liu2022-04-22 22:21:21 (edited 2022-04-22 22:21:46 )
2:19 “This new era, was made possible..” My brain: “by our sponsor, Nord VPN”
17:18 "Traditional weapons have consequences for the agressors, ..." not really, the US deployed 2 nuclear weapons on civilians ... and there where no consequences. (At least no negative consequences)
Just because a security bug is fixed does not mean it is patched in the real world. Many corporations run outdated operating systems with unpatched security vulnerables. And keep ignoring the fixes that have been made. Make sure YOUR computer installs the latest fixes as soon as they are released.
I feel like this will be a short period of history, where they're so common as to be unsurprising when you hear "X was hacked". Eventually we'll patch all the easy ones and only amateur code will be so vulnerable.
Attribution is bullshit most of the time. Anyone who tells you different is a fool or selling you snake oil. Sometimes it's not but usually a clever hacker can make it look like anyone else did it
Die Hard 4 was already in cinema's almost 15 years ago, tackling similar theme. (Description in second paragraph for spoilers) I remember talking to people about the movie back then saying: this is likely already within the realm of capabilities. Some agreed with me, but most just waved it off as a fantasy saying governments and companies are likely well prepared for these threats. Well if there's anything we've learned since then is how woefully inept big organisations are when it comes to upholding cyber security.
SPOILER WARNING: The movie is about a criminal organisation paralyzing all the infrastructure in a mayor US city by hacking all the control facilities. (Traffic, Electricity, Water, Gas, etc.) They cleverly outsource part of the hack's preparation to individuals so they can take the heat while they execute the second phase of the plan. Luckily in the movie this organisation is only out for money using the chaos to rob banks.
In that way it's similar to the Texas gas pipeline ransomware attack, which was executed by relatively unskilled criminals and didn't even compromise critical systems in the end. Just imagine what government funded experts are capable of, not motivated by money, but by political goals.
You should make a podcast or at least have these videos as audio only. I like to listen to these when I’m working I just put my phone in my pocket and listen
Chris Leone2022-05-02 12:26:20 (edited 2022-05-02 12:32:11 )
IME a 0day is an exploit that the dev doesn't know about or is aware of but without a fix implemented. Once it is fixed it is not called a 0day anymore
Amazing condensation of a complicated topic that portrays the real world realities of this warfare. A warfare that can collapse infrastructure on a large scale, a weapon that can only be fired once, a weapon that can be concealed in a crowed and fired without knowing who did it. There are people/groups out there that know how to make a bit of code that knows how to jump, replicate, hide, and target any computer they want it to. Finding the holes in people to quickly infect computers.
7:38 I'll have you know that this was the moment I realized it was .Lnk and not, infact, .ink (with a capital I for some reason) as I had always thought. Makes a lot more sense, in several ways.
Interesting video. Two things: Stuxnet was not the first. Russia was already comitting cyber attacks against Estonia in 2007, so it's not totally fair to blame Israel and the US for kicking it off, although it did kick things into higher gear and lost them any moral highground. Secondly, we've heard a lot of these 'next war will be cyberwar' predictions, but they don't seem to pan out. What is the distinction between 'cyber warfare' and just sabotage?
Just wait until you look up the latest version of Pegasus. 😅 Not to mention NSA was also the creators of Eternal Blue. Just imagine what other mega weapons we have brewing.
Yes. There's a complete industry working to keep everyone safe. Remember Log4J? That would've been much, MUCH worse if information security professionals around the world hadn't worked so hard to mitigate it.
Whenever a new military invention is made and there still isn't an agreed convention on how to use it, it's considered legitimate to use to even almost in peace time, which can easily lead to escalations with older, more established weapons with agreed upon rules and precedents. You can see this in drone strikes, and cyber warfare, and I'm willing to bet that if warfare in space becomes viable or it will happen there too.
What a horror story 🙈 What if the damage is self-inflicted? The World Economic Forum won't shut up about such things, and the way they talk is very sinister. The way corporate companies such as internet providers and other services brush away down time as 'serviceable' makes you wonder, and who knows when these things are happening?!!?
Do NATO states even need hackers? All the companies that make software or the physical machines themselves are in NATO countries, subject to their laws, and could easily hire certain boardmembers and just openly give access/backdoors to everything.
A 0-day is an issue that the developer or vendor does not know.
It could be a glitch or simply a mal functioning button or something.
But a 0-day vulnerability is what these hackers are looking for. Knowing the vulnerability exist is 1 thing, but knowing how to exploit it and especually knowing what other vulnerability that can be used with it is what makes the Iran case brutal and scary.
Globalization teaches us to connect and cooperate. But cybersecurity teaches us to rely on ourselves and trust no one.
Will you follow up this video with one about Pegasus Spyware? Seems like it's the gamechanger globally in the Cyber-Security world. (Insomuch as we know about it).
4:46 er.... I wouldn't exactly call it "ethical" to pay hackers to NOT report critical security flaws to developers. "Profitable", certainly. Ethical, no.
0 likes
Benjamin McLean2022-05-04 17:55:13 (edited 2022-05-04 17:55:43 )
We need to reduce our dependence on the Internet. Period. And I do not mean psychological dependence, although that is also true. I mean the actual physical dependence on the Internet for the electronic devices we use every day to work. Things should work offline by default.
I was one of the victims of this cyberwarfare when allegedly some Chinese hackers cut off the electricity supply of Mumbai last year. Had it lasted longer, it would have be a nightmare for hospitals especially during covid.
Don't forget by the time we hear about anything the us government does, they have already done better. They likely have a stuxnet 2 or 3, and maybe are waiting for the right time to use it.
That future cyber attack could come from Russia that's why everyone should keep their gas tanks full and have cash on hand. Having canned good and other dry foods could be a good idea too. Whatever consumables you think of as vital you need to keep extra on hand hopefully enough for a month or so.
Idk but would skillshare help to protect myself, I'm fearing for my life as i think a friend of a friend I talk to might be some state sponsored hacker, said he worked with a unit in Belarus
Wouldn't it be hilarious if China/USA have zero-days lying in each other's system but are unwilling to tell MS to patch since it would destroy their attacking capabilities?
Can I suggest a topic? In 2008 there was an economic collapse that started in the US stock market, triggered by just a few things that cascaded through the entire economic system. We can say it was CDS's or we can say over leveraged housing market, and there were political components as well, but it was a complex (and later identifiable) cascading of big dominos. When the Soviet Union fell in 1989, do we know what those initial, specific triggers were before the cascading collapse? (I don't mean the macro events like Chernobyl and the Berlin Wall, I mean the minutiae, the pebbles that first started the landslide) And and could we apply that model to present-day Russia in order to look for any possible early indications of Putin's reign collapsing?
I don't quite understand why OS's, drivers, etc cannot do more to protect themselves via checksums and nonwriteable files. Also, why wouldn't a USB drive be authenticated for local use only?
Good question! Common operating systems will allow autorun from external drives or offer to open them in a viewer that might contain an exploit. Since the days of Stuxnet, we've found even more powerful ways to attack systems over USB as the computer believes whatever the usb device claims to be. And yes, there is a lot that operating systems can do to prevent this; research in capability theory can tell us how to effectively defend against these sort of attacks, and there are some such features that are making it into real systems such as vfio and the iommu. consumer operating systems have a long way to go to catch up, though.
Sam: Makes a video on Epidemic Management COVID-19 enters the chat Sam: Makes a video about controlling riots Capitol rioters enter the chat Sam: Makes a video on Cyber Warfare Anonymous enters the chat
Sam, DO NOT MAKE A VIDEO ABOUT NUCLEAR HOLOCAUST. I DON'T LIKE THE PATTERN I'M SEEING.
The problem with this cyperwarfare is, that it will destroy itself by just existing: The more cyber-weapons are created the more vulnerabilities are found. And to protect yourself you have to close your own discovered vulnerability. Your enemy is doing the same. So in the end you have a lot of closed vulnerabilities and a lot of now useless weapons. What a waste of money.
I hear Stuxnet has been turned into a black market generalized utility that any hacker can buy for relatively little and has been used against oil companies and other big players. I expected you to cover that some, but you didn't. I'd like to see a follow-up to this one that covers that and some of the work at the Idaho National Lab where they have blown up transformers and other critical infrastructure using nothing but cyber attacks.
i dunno why anyone security minded would trust a closed source kernel. you need as many eyeballs on it as possible to minimize this. it's not perfection, but damage is much harder when everyone pools their resources to produce a system.
I have to say that while I appreciate the technical information you put out, I find it interesting that you imply that "Western players like the US" don't have "concerning human rights records."
8200 is barely the first line of Israeli tech abilities. Beyond the Israeli private cyber security companies, which there are many, Israel has a good number of other units.
I have no idea how any of these work but one of the smartest kid at my school plugged a USB into a computer and somehow got the staff wifi which now I have as well
Cyberwarfare depends on so many conditions that it's not that lethal in the big picture. Russia who is supposed to have a major cyberwarfare capabilities, has failed to demonstrate in Ukraine while they are waging all out war. That tells me that those capabilities are fairly limited.
Or they could be saving those capabilities for the most crucial moment. Maybe even intentionally holding back for now so that the enemy will underestimate?
@the gamer well if by "an all out war" you mean using nukes, then yes its not "an all out war", but by every other definition its pretty much "an all out war". Russia is using a major part of their military. They have no aces up their sleeves besides nukes.
People should watch on the documentaries when the internet started booming . This whole virtual thing is not such a great idea actually, and it is getting out of control slowly by slowly .
I hate to say it, but malware running on view definitely pre-dates Stuxnet. I had malware on my machine as a teenager that did exactly that, probably 2004-2005.
SN CY2022-04-19 16:48:38 (edited 2022-04-19 16:51:45 )
It's a shame that Stuxnet was ever discovered... that was one piece of beautiful software that actually did humanity a favor! But it is also no surprise that cyberweapons are so effective, looking at how slow many companies are to adopt the most current OS and security patches.
Wait, I still don't get how the malware reached the centrifuge machines. If the facilities admirative computers were not on the internet, someone would have to physically go to the plant and convince one of the employees to plug in a contained USB or insert a contaminated CD. Shouldn't standard procedures include not bringing in outside devices that can do just that? I know many times employees don't follow policy to save time, but in this case I can't see even the laziest of employees finding a reason to disagree with his employer. Also at 11:00, it was mentioned Stuxnet got control over the administrative computers, but not the centrifuges themselves at this point. It's said another zero day exploit was used to get stolen security certificates, but I don't get how those certificates were used to issue bogus orders. I understand the .lnk exploit, but the step from "administrative computers" to "centrifuge control" wasn't well explained.
Re the initial breach, the prevailing theory is that someone was bribed or a spy got into the facility. That does leave the question of how it got out though, which kinda indicates that information security practices there were a little bit lax.
In a just world, any countries that were involved in the creation of Stuxnet would lose all nuclear capabilities, and those capabilities would be somehow handed to Iran.
It's called a "zero day" because when the issue is found, it's already live on production code, meaning that the engineers have "zero days" to fix the issue, because the problem is already out there for the world to exploit.
If you explain something explain it right: It is called that not because the developers have "zero days" to fix the issue, it's called a "zero day" indicating that this exploit was previously unknown or undetected so it is basically "day zero" after discovery of the vulnerability. There are "zero days" that practically are shoved aside because other measures are in place to make it hard to access, a zero day can sometimes take a year to get fixed, so it doesn't span a time limit for developers on when to fix the issue - it all depends on the severity of the vulnerability.
@Finkel - Funk I never stated it's a timespan to fix the issue, I think you misunderstood my wording. It's representative of the development time left allocated.
For some reason there's a lot of people that complain about the origin of this term every time I hear it brought up, and I've heard all kinds of varying explanations over the years working in tech. I'm going with the one I know. I won't add any more commentary on this subject.
@LoLAimAtMe That is also simply not true as a "zero day" in a Microsoft telephone dialer program is not nearly as pressing as a critical security flaw in Word. It is simply supposed to indicate that this is the first day this bug is known, kind of like how "patient zero" is the first known instance of a disease occuring.
I wonder why Russia didn't use "the big one" then when they invaded Ukraine. Nation states are not the only ones capable of this anymore. Just look at what happened to Kashogi
@Madam Pontaria probably should stop and check who you're replying to, it's a spam bot that takes highly rated comments and reposts them, don't think you'll get the answer from the bot.
1:30 Now we know. In Iran it happend due to an attack on their nuclear facilities. More specific something to do with thier heavy hydrogen centrifuges for nuclear weapon production. No remember if USA or Israel
Considering the current war, I'd be surprised if the power didn't go out for good some random day due to a cyber attack. Pen and paper would have left us a lot left vulnerable.
Stuxnet really felt like we moved into the scifi era. Such a specialist virus that did no real harm to the average computer but was deadly to its intended target would have been considered too far fetched for Star Trek just 20 years before.
I watched this video the day it was posted I think it said it had been up for 30 minutes and made it halfway through and it disappeared. I searched my history and it wasn't there. then suddenly it was back in my watch history a while later. I was wondering who had cyber attacked you or YouTube to make it disappear
I wanted to point out that zero day means an exploit found already in use. And is worth a lot less on the black market because it will get patched soon. Zero days are like going to a crime scene. A bug bounty is different as the crime has not happen yet, but the plans of how to do a crime are sold, A unpatched exploit. Its really confusing because people use the word Zero Day to describe the exploit's ending effect, but is not what the thing its self is. It would be like saying I have a boom to describe a bomb. A zero day is a boom and a bomb is an exploit.
Oh boy, US thinking they still live in a unipolar world and meddling in foreign policy of geopolitics through back door routes..... Now where have we seen recently? Hmmmmmm. Fantastic vid Sam, glad to see you back in your stride :)
1) Don't use Windows. 2) Don't use Windows. 3) Don't use Windows. 4) Don't use any software you don't have the source code for. 5) Don't use any software until a thorough code review has been done on it. 6) Physical security matters. 7) Don't allow users any access to the innards of the computer, either hardware or software. 8) Fill all the USB ports with epoxy.
I’m not sure I agree with the statement “destruction without consequences.” I mean you say that over footage of a hydroelectric dam implying power infrastructure as a potential target. No power means a lot of bad news for civilians. Possibly, lots of preventable deaths had power still been on.
I think he meant it as "destruction without consequences to the destroyer". The destroyee will of course have consequences, that's what destruction is.
I'm thinking it would have been better to go with option 1 and drop dozens of JDAMs on that facility and hold Stuxnet back for the upcoming bigger threat but I'm just a Youtube surfer killing time at my dead end job....
What is the significant of mentioning the PLCs are Siemens? All PLCs are pretty similar and can be used by anyone for anything surely. We're just programming one for a ships vacuum toilet system!! 😅
"especially sales to countries with concerning human rights records" america just sweating over the corner praying no one notices anything about it lmao
The market will be very favourable now due to the rapid growth of Bitcoin which is $43k, The rich won't disclose it so don't be fooled, it's right time to invest.
@Sterling Maguire Wow I'm shocked you mentioned and recommended Mr Clinton Jackson trading services, I thought poeple don't know him. He's really awesome
I worry that because Iran's air gap didn't prevent infection, others will degrade air gaps as good practice. Kind of like Covid vaccines and masks not preventing 100% the spread of Coronavirus, so antivax groups label them useless or worse. Industrial systems need to be isolated. Iran's problem was that they didn't isolate ENOUGH.
The Russian Army and French Gendarmerie (national police) each have their own highly customized versions of Linux, and I remember reading about other government entities looking to move away from Windows.
"wars will no longer be fought in far off countries that can be ignored by turning off the TV" is such an incredibly American perspective :D Hey, maybe it'll be a learning experience for you guys.
I live in Queensland Australia and last year China hacked into a few of our power stations. We caught the attack before anything could happen but it’s a little scary.
Cyber warfare between nation states can be best summarized by the Advanced Persistent Threat (APT) model. Zero days are just one small tool in the arsenal of a nation state conducting a cyber warfare campaign.
6:15 "...sales to countries with concerning human rights records..." shows stock footage of some asians riding vehicles that aren't cars Not sure whether to call that bit racist or classist or what exactly, but it sure seems off.
Stuxnet didn't only spread by USB stick, the earlier versions did but a more aggressive version was released that spread over networks through a variety of different methods
We need a Geneva cyber convention. Like, you shouldn't shut down a nation's water supply or critical infrastructure. Today that doesn't exist. And I'm sure it's only a matter of time until somebody does that and causes LARGE amount of suffering and death
So, did you do all this research and write this script in one day? you have confused the terms "zero day" and "vulnerabilities". How do you even do that? These are very common terms
The world had entered the era of highly-advanced, highly-targeted, and highly capable cyberwarfare.
This new era was made possible by skillshare. Start learning new skills with a free trial by being one of the first 1000 to join a the link in the description.
This is why I laugh at people who think super computers or AI or some other super advanced tech will kill all humans. We will do that job or at least send each other pack to the stone age way before any tech can.
That's why the "air gap" needs to also be implemented by a "digital" air gap. say your organization is primarly made out of Windows PC... Well the only way to bring inn any software or document inn to that gap is through Mac, and Linux, each and every file needs to have a signed signature with a physical signature.
The only way you'd get a zero day into the gap is by 1. compromising the method of transport, 2. compromising Linux with yet another zero day, 3. compromising OSX with yet another zero day... 4. keep file integrity undetectable under all three operative systems. can it be done? yes.
While we can never truly prevent zero-day attacks, using multiple disparate operating systems concentrically can make such an action far more difficult. And since Linux is open-source (and therefore has way more people examining its code than Windows or MacOS ever could), vulnerabilities are generally found and repaired more quickly.
@InventorZahran exactly my thoughts, throwing Apple into the mix, is adding yet another "complexity" I mean maybe a dumb android device would be better.
basically you're implementing a checkpoint for the files, before they are allowed to pass the "airgap" I would say you really only need a Linux machine, but that's like saying The Maginot Line is enough :)
I think that this is the only way to really defeat the "exploit" of the air gap, it's really to just check that the files are still intact and that the hardware is not what an attacker would expect.
It's a pain in the ass if you have to check every single device every time, but it beats getting your Uranium Enrichment plant shutdown or having over 50% of your country infected.
Imm'a stop you at the second minute and say that if you can read the source code you can very well know what the code is supposed to do. There is no such thing as a mystery code.
0 likes
Mike Schmitty2022-04-19 16:46:56 (edited 2022-04-19 16:47:12 )
stuxnet is a must watch ... once you see, you will understand how little you actually see!
Bị nghiện bài này từ thời Bảo Thy, ko ngờ lại có ngày được nghe idol mới trong lòng mình Đức Phúc cover lại. Cảm ơn em ĐP vì đã cover lại lắng đọng cảm xúc như vậy
i'm confused don't all nations have a history of troubling human rights records? All 3 superpowers for sure do so trying to say one is somehow worse than the other is disingenuous. otherwise nice format
While your zero day exploit are some what right this attack wasnt a zero day exploit was a physical attack. Set a usb device to the have the computer to see it as a keyboard or mouse by passes most firewalls cause the initial computer or server effected automatically trust the device compared to a normal usb. This was an attack by the usa and this was designed to overwhelm their uranium centrifuges to spin too fast to wear them out. But since this was a physical attack it's not a zero day exploit cause you cant stop a physical attack once a person has access. A zero day exploit is more like a software backdoor rather than hardware back door. As such a similar attack if still viable. The us bank retaliation was a standard ddos attack any 10 year old with a computer can do with 17 lines of code. Or if they dont care about getting hacked back can use the open source low orbit ion cannon. Should watch some pen testing videos I recommend DeviantOllam
Controversal take, and maybe it's because I know this subject well, but this is a weaker video from Wendover. Lemme explain why.
This title is misleading because this isn't exactly how cyberwar works. 80% of this video is Stuxnet. Unfortunately, I was hoping for better analysis because even the notion of cyberwar is debated. Experts do NOT have a consensus for cyberwarfare. The commentary at the end of the video is one-sided and the existential consequences of cyber effects are overblown. Nuclear weapons are a flawed analogy. I would greatly appreciate a revised, future video that balances the real security risks present with the militarization of the space with the realities of how analysts and social scientists are describing the domain. I encourage Wendover to not just read Zetter's excellent Countdown to Zero Day and Sanger's Perfect Weapon, but also consider Thomas Rid's prescient The Cyber War Will Not Take Place, and many of the excellent analysis being done by experts in academia and industry.
A sequel video, capturing the realities of the domain, players in the industry, and/or the gap between how we perceive cyberwar and how it is more accurately conceptualized (in addition to a discussion of things like internet governance possibly) would go a long way in educating people about cyberspace and state craft. As good as it is for my job security, I just gotta chime in that Wendover could do amazing work by pushing against a, frankly dated and superficial, reading of cyber conflict.
Also, zero-days are NOT worthless after they are burned if the system admins aren't keeping up with their patching. We see the same 0-days being used after patches are released.
And any story about Gigi and her doll is not a virus or by a robot. It is about real people that were tortured and are still being tortured for saying the TRUTH. Gigi was never pregnant and does not have a baby. A 10yr old was kidnapped and held as a political prisoner as well as tortured by being told your mom can't take care of you.
You should just call this video a book review of This Is How They Tell Me the World Ends: The Cyberweapons Arms Race because you basically copied everything from that book...
It is naive to think digital warfare will render material warfare useless.
Any attack upon any nation's homefront via a digital operation will only incentivize the attacked nation to have revanchist intent upon its attacker, even more so than an attack of a conventional, unpredicted, and material nature like, say, the 9/11 terrorist attacks or The Surprise Japanese Attack against Port Arthur in 1905.
If anything, future digital warfare offensives in a similar vain to that of the USA and Israel’s unannounced Digital Offensive on Iran will only result in more warfare, material and digital both.
I believe the greatest form of love is shone to us by sacrifice. What we are willing to give up for the love of someone else.
Too often and too frequently is life filled with bitterness, anger, hatred, and jealousy. Just imagine what kind of world it would be
if we all loved one another, if we all cared, and had concern for each other. That we all did our best to make sure life was good for everyone.
That no one was homeless, that no one faced despair, rejection, or pains of loneliness and self-doubt.
That there were no more wars, wars built on greed, and man's fear of each other, fear of the unknown.
I think of the ultimate sacrifice when a carpenter named Jesus Christ from Bethlehem faced beatings, whippings, insults, injury, and crucifixion
for our sins. who died so we could become righteous, to never again face the fear of death or the nightmares of the pains of hell ever again.
a righteousness we could never earn unto ourselves, not based on our performance, but given to us as a gift of mercy. Call unto the Lord Jesus Christ, forsake
your sins, believing with all your heart that he is the God who created heaven and earth, and he will gladly forgive you and welcome you unto the family of God forever.
''For God so loved the world that He gave His one and only Son, that everyone who believes in Him shall not perish but have eternal life''
John 3:16
"This know also, that in the last days perilous times shall come.
For men shall be lovers of their own selves, covetous, boasters, proud, blasphemers, disobedient to parents, unthankful, unholy,
Without natural affection, trucebreakers, false accusers, incontinent, fierce, despisers of those that are good,
Traitors, heady, highminded, lovers of pleasures more than lovers of God;
Having a form of godliness, but denying the power thereof: from such turn away.
For of this sort are they which creep into houses, and lead captive silly women laden with sins, led away with divers lusts,
Ever learning, and never able to come to the knowledge of the truth"
2 Timothy 3:1-7
''The Lord is not slack concerning His promise, as some count slackness, but is longsuffering toward us,
not willing that any should perish but that all should come to repentance'' 2 Peter 3:9
My Gills2022-04-20 03:12:30 (edited 2022-04-20 03:18:28 )
“…I have a friend in Minsk, Who has a friend in Pinsk, Who’s friend in Omsk has friend in Tomsk; His friend in Alexandrovsk has friend in Petropavlovsk… Whose friend somehow, is solving now, the problem in Dnepropetrovsk!” Tom Lehrer, Lobachevsky
Russia's attacks on the 2016 American election have proved to be so effective that we actually experienced a coup attempt on January 6th, 2021 by the losing party. The divisions sowed by the GRU/IRA may prove too deep to recover from. I truly fear for my country.
cyber weapons are only different becoz they are treated different, just declare them as the same level as physical weapons and just pop the MAD doctrine
It's not pronounced "eye-ran", like I ran, you ran, he ran. You wouldn't say "eye-taly" (Italy), would you? You'd say: Italy. Same with Iran. It's Iran
This is overly complicated... Reality is Bob sitting in front of a telephone switch board watching YouTube videos and occasionally getting upset enough to flip switches.
Please edit the thumbnail and remove an error code, that is just a too long MAC-address. Just use 0x followed by random numbers from 0 to f. Thank you.
Half the video and you still didn't get to the point. That being said, Netflix has an excellent (and way more interesting) documentary on this called 'Zero Days'
Might bea mistake in the video? You start by saying this is happening in Belarus and then you continue saying this is in Iraq. Right at the beginning on the video
This video does not in the least reflect how cyber warfare (cyber attack and defense) works. It should explain things like the MITRE-ATTACK and DEFENSE FRAMEWORK and the critical aspect of the cyber kill chain and how it plays a role in planning and executing attacks on your victim. He also doesn't talk about Cyber Reconnaissance or mention that you can use CVE databases to search for older, unreported vulnerabilities on GITHUB . There is so much more to this topic, especially if you make a 20 minute video and try to explain it to an audience like Youtube, especially when it comes to software vulnerabilities, especially in the context of the OWASP TOP 10. The topic of vulnerability management is also not really well explained. Most companies rarely patch their systems in time because it's usually not that easy to fix operational technology (OT) security issues.
And 8:00 is why ot has to ofe been a government.. the legwork, the money required.. the analysis and verification of said 0's.. ive had some fun with the open source version and a fanuc PLC.. as a virus.. BAD. As a Remote MDI input link.. GOOD!😅
The USB drive virus is due to Microsoft lousy Operating System design. Windows OS are design to run any file name autorun.inf in the USB drive. By plugging in the USB drive, you trigger the virus to run. To protect your PC against this virus, you need to disable the autorun in Windows Policy Setting.
Half the video and you still didn't get to the point. That being said, Netflix has an excellent (and way more interesting) documentary on this called 'Zero Days'
A zero-day exploit is an exploit that hasn't been discovered and patched yet. A 5-day exploit is an exploit that's been known to the developer for 5 days and therefore has a chance to be patched. A 2-year exploit is an old exploit that probably won't work if the target does the right thing and keeps their software up to date
Um.... the whole point made in this video was that the Iranian facility was isolated and airgapped. Modern infrastructure and production are complex and in most cases dependant on digital computers. But your kitchen faucet, toaster, bathroom mirror or laundry machine definitely don't need access to to the web (or your home network!) to do their job.
Good video but doesn’t do stuxnet justice. If interested I highly recommend the book “countdown to zero day”. It was impossible to put down, I read it in like a day.
BTW, this isn't me making fun of Sam's pronunciation, but does anyone know how VirusBlokAda is supposed to be pronounced? Maybe he's right? Or maybe it's like Block-EY-da? Or maybe like BLOCK-uh-duh? Block Ey Dee Ey? I don't really get it.
Zero-Days are not called 'holes'. It's the term coined for 'zero-days' before the occurrence of the actual injection. Did you actually research this topic or just pull it out of the seat of your pants?
This video is why your boring retail job is forcing you to choose longer, more complex computer passwords more regularly, airgap the computers controlling the aircon, fridges, cctv, sound systems and alarms seperately, have technicians coming in to stores to open tills and physically unplug unused USB ports and why you can no longer install new printers, set default printers or even open the settings apps on any work device, can't access anything on the C drive but have access only to the share drive on the network and can't access the Internet except for specific, limited times, limited computers, predefined websites with a separate password and only after logging a call to IT before hand. It means you can't receive any email attachments more than 2mb and only specifically shaped USB sticks will fit into the few pcs with covered active ports, and only once they've been couriered to It to be scanned and couriered back. It makes work complicated, but it means that there's only like 5 people somewhere in head office tasked with screening wild data before allowed on the intranet. It's a wild world, but just like every store has a generator, 5000l water tank, sprinklers and dual controlled keys for all the doors and a team of employees on standby to deal with strikes and vans to transport staff during public transport strikes, to ensure trade continues despite infrastructure breakdown, you have to start thinking about IT in the same way - as critical infrastructure with backups available at all times. And the private sector, even retail companies are thinking about it very seriously - its time for governments to do so as well. Its expensive to refit doors and put rubber moulding around the bottom and wooden shelves around door handles to prevent handles being shimmied open and rivit plates over the hinge screws, but companies do that for security so why not pay the same attention to IT threats.
say "By this channels sponsor, Wix" I know the sponsor is not wix, and I have no idea why that popped into my head, but it did.
0 likes
Jonas D Atlas2022-04-19 16:13:50 (edited 2022-04-19 16:15:16 )
Half an hour in and barely 25k views, <100 comments? Is YouTube having a notification hiccup again? Or are people actually holding back from commenting before the video is done?
Kind of annoying that you never defined "0 day". It sort of sounds like you don't actually know what that term means? You say "0 days become worthless essentially the instant they're discovered", but you should have said "0 days stop being 0 days once they're discovered".
IDK it sounds like you just think "0 day" is a term for a really important bug?
Mid February, out of the blue, I was suddenly flooded with security vulnerabilities in Software I work on. Some unknown actors seemingly decided to suddenly throw in all they had. Or all they wanted to give up by attacking on full blast. It was frightening, and if that wasn't all they had, but only all they didn't care about hiding anymore, the future will be even more frightening.
Bad description of what a zero day bug is. And saying bugs are worthless upon discovery is wrong. You probably have some cooperation between allies and it's not all or nothing. As well as a lot of software (not just the big names mentioned here) doesn't have easy ways of mitigation (e.g. patches). You think 58% of computers in Iran were patched the following day as the bug was discovered?
Hey I've got a question for you, why can't Maths be used to win the lottery? Now I'm nowhere near smart enough to even begin to come up with an answer and explanation why for either answer but considering maths has an answer for everything else, then why not the lottery?
Math can be used to win the lottery. Alot of people have used math to win the lottery. But the lottery works off of odds. So, you can still get unlucky.
@Gt Bkts Good to know but I believe your referring to figuring out statistical odds in scratch tickets working against the game when I talking about using maths to figure out the lotteries like the Powerball or Mega millions. Predicting the most likely number that would be drawn next. Now I know that if given all the variables from the exact size shape of the balls to the exact weight plus the way each ball reacts to the air could maths then tell the next 6 numbers that would be drawn? I think it could within a certain percentage maybe somewhere around 80% or more likelihood but I suck at maths so I could be completely wrong
I seriously doubt this will be seen but the background music is very very distracting. I watched about two minutes on nebula before I stopped watching. It sounded like a cool topic but I can’t get past the music.
my video preview skipped 10 seconds into the video and i thought this was gta 5 online footage
0 likes
C Doe2022-04-22 15:57:59 (edited 2022-04-22 16:07:12 )
it wasn't the military, but intelligence agencies. Lots of filler words....like you're struggling to write a 2,000 word essay out of 1,200 words of information.
This is why we will never be able to get rid of using paper files...ever. At least, until the people of the world start to get along as a whole. Respecting each other's cultures and religions and every person's rights which considering how many civil wars are going on around the world and how many religions "hate" other religions and cultures "hate" other cultures and yes...races "hating" other races. We will be forever stuck in this cycle. Respecting each other's choices and rights is the only way this ends peacefully. So...never because humans be humaning.
I find how you say 2010 threw 2099 VERY OFFENSIVE and swear word notices at 12:58 and 15:37 and 15:51 and 16:11 and 16:13 and 16:31 and 16:38 and 16:55 and you swear way too much
Galatians 5:22-23
New International Version
22 But the fruit of the Spirit is love, joy, peace, forbearance, kindness, goodness, faithfulness, 23 gentleness and self-control. Against such things there is no law.
there is easy fix . . this mal ware . . it not only do centrifuge but it wears out battery in cell phone; it wears out CPU in computer; RAM; erode flash drive; wear out cars; airplanes; faster than intended; and so on; all from personal experiences; i been observing in past 30 yrs; since hackers hacked my computer; this is not news to me; i've known about its potential for 30 yrs; so if i was affected nation i'd worry about how its cell phone battery cpu usb thumb drive can be made to erode; and affecting nation's economy than unlikely scenario this war is coming; i am wiling to bet no one counted damages its doing; to not scanned data to cell phone desk top cpu to be over clocked and cooked; to stop computer from functioning is how i'd done it; but thats just me;
Hey yall 🙂 how yall doing? 💪💯🔥🔥 if anyone wants to do a collab I'm down to I'm not that good but I'm trying 😂 I appreciate yall reading this and hope you have a better day then before reading this much love y'all 💙💪💯🙏🔥💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙
I’m a little sad that I already knew that the US had used a virus on the Iranian nuclear project, because I can imagine the first half of this video with the suspense of not knowing about the virus, along with the huge payoff in finding out it was used on a NUCLEAR FACILITY must have been huge 👌 One of the few times it sucks to be a fan of YouTube edu videos lol
from internet: "The term "zero-day" refers to the fact that the vendor or developer has only just learned of the flaw – which means they have “zero days” to fix it. A zero-day attack takes place when hackers exploit the flaw before developers have a chance to address it."
(John 3:16,17) "For God so loved the world, that He gave His only begotten Son, that whosoever believes in Him should not perish, but should have eternal life. For God did not send His Son into the world to condemn the world, but that the world might be saved through Him." (Romans 10:9,10) "That if you confess with your mouth the Lord Jesus and believe in your that God has raised Him from the dead, thou shalt be saved. For with the heart, man believeth unto righteousness and with the mouth confession is made unto salvation."
Matthew 25:31-46
New International Version
The Sheep and the Goats
31 “When the Son of Man comes in his glory, and all the angels with him, he will sit on his glorious throne. 32 All the nations will be gathered before him, and he will separate the people one from another as a shepherd separates the sheep from the goats. 33 He will put the sheep on his right and the goats on his left.
34 “Then the King will say to those on his right, ‘Come, you who are blessed by my Father; take your inheritance, the kingdom prepared for you since the creation of the world. 35 For I was hungry and you gave me something to eat, I was thirsty and you gave me something to drink, I was a stranger and you invited me in, 36 I needed clothes and you clothed me, I was sick and you looked after me, I was in prison and you came to visit me.’
37 “Then the righteous will answer him, ‘Lord, when did we see you hungry and feed you, or thirsty and give you something to drink? 38 When did we see you a stranger and invite you in, or needing clothes and clothe you? 39 When did we see you sick or in prison and go to visit you?’
40 “The King will reply, ‘Truly I tell you, whatever you did for one of the least of these brothers and sisters of mine, you did for me.’
41 “Then he will say to those on his left, ‘Depart from me, you who are cursed, into the eternal fire prepared for the devil and his angels. 42 For I was hungry and you gave me nothing to eat, I was thirsty and you gave me nothing to drink, 43 I was a stranger and you did not invite me in, I needed clothes and you did not clothe me, I was sick and in prison and you did not look after me.’
44 “They also will answer, ‘Lord, when did we see you hungry or thirsty or a stranger or needing clothes or sick or in prison, and did not help you?’
45 “He will reply, ‘Truly I tell you, whatever you did not do for one of the least of these, you did not do for me.’
46 “Then they will go away to eternal punishment, but the righteous to eternal life.”
Every voice you hear is Satan, he came to this Earth first and, mastered nature and, found out how to put his neurons into animals to trick the masses into doing evil. "Now the serpent was more subtil than any beast of the field which the LORD God had made. And he said unto the woman, Yea, hath God said, Ye shall not eat of every tree of the garden?" This means everything is really just God testing you because, it states in his first book of Genisis "Now the serpent was more subtil than any beast of the field which the LORD God had made. And he said unto the woman, Yea, hath God said, Ye shall not eat of every tree of the garden? Satan was "beast of the field which the LORD God had made." So if the Lord God made the Serpent, which is Satan. Then that means your Lord God is "Superior Satan" in Heaven because, God did one crime against nature. He had sex with, Mother Darkness, our mother without asking her first and, did not marry Mother Darkness. The first husband and, wife that God had ordained by bodily, rib sacrifice is Adam and, Eve. So God doing whatever he wants to our Mother sky, Galexy and, Mother darkness was a space crime unto our "Intergalactic Dark Galaxy". Satan is Senpai our higher athoriated classmate because, he is the Angelic brother who came to this Earth first and, adopted the responsibility of Opresser to the masses. Our satanic Senpai Satan is just teaching you in this big nature Earth to not become like him because, Satan is the complete "Opposite of God"! He never raped anyone with the spirit amen.
Acts 2:17-21
New International Version
17 “‘In the last days, God says,
I will pour out my Spirit on all people.
Your sons and daughters will prophesy,
your young men will see visions,
your old men will dream dreams.
18 Even on my servants, both men and women,
I will pour out my Spirit in those days,
and they will prophesy.
19 I will show wonders in the heavens above
and signs on the earth below,
blood and fire and billows of smoke.
20 The sun will be turned to darkness
and the moon to blood
before the coming of the great and glorious day of the Lord.
21 And everyone who calls
on the name of the Lord will be saved.’[a]
0 likes
Tim Schulz2022-04-20 10:11:46 (edited 2022-04-20 10:12:04 )
MedMen now offering Trademark Franchising with Tilray backing! Marijuana and Marijuana stocks will increase in value because people will buy more Marijuana because of wartime stress. Buy.stock.MMNFF
Repent to Jesus Christ “Consider it pure joy, my brothers and sisters, whenever you face trials of many kinds, because you know that the testing of your faith produces perseverance.” James 1:2-3 NIV It’s
how can you say Iran too many times wrong................................................................................................ did you never heart of somebody saying that wort !?.......................................................................
He that is unjust, let him be unjust still: and he which is filthy, let him be filthy still: and he that is righteous, let him be righteous still: and he that is holy, let him be holy still. And, behold, I come quickly; and my reward is with me, to give every man according as his work shall be. (Revelation 22:11-12) - It's the last time. The Lord is coming soon. Believe in Jesus, repent and be saved.
Hey! Did you know God is three in one!? The Father, The Son, and The Holy Spirit! Bless them! Jesus died for our sins, rose from the dead, and gives salvation to everyone who believes in him and follows his commandants!
God heals depression, anxiety, suicidal thoughts, EVERYTHING, God literally heals my physical pain when I ask Him! Trust in God to heal ALL! He is your creator! Lean not on man, you'll never be healed.
Know that there is power in the name Jesus Christ! His name casts out demons and heals! People are bothered by his name, for the world hates the truth and wants to continue living sinfully!!
Iran attacked Israeli water facilities, trying to poison Israelis, luckily they failed, but I’m pretty dure you would have put it in this video if you were aware, super interesting!
Guys, stop what you're doing right now and subscribe to the CS+Nebula bundle already. Not only it is mega worth it, you're helping sponsor the best kind of content in 2 different platforms.
There are so many factual errors in this video I don't even know where to begin. It's a shame regarding how much this discipline affects our everyday life in general. I guess this is what you get when someone tries to explain something about something he/she doesn't know shit about.
30 seconds in and you say PLC's run on windows -_-. Vast majority of PLC's run using VxWorks or Microwave OS9. If your PLCs are using Windows there is your problem.
You can tell that the government cares more about cybersecurity now by looking at universities. My school is generally all about the nursing pipeline and has nothing special about the computer department. But over the last couple years they're now offering a bunch of full ride scholarships if you do cybersecurity. The NSF has been holding it up as a special funding focus group. Its definitely ramping up for the future.
I don't normally comment before watching the video, but the title here is super clickbaity: there's no reason to put "Actually" in the title other than to sound douchy. I Know that Wendover is neither clickbait nor douchy, but this really gives the wrong impression IMHO.
I'm pretty sure he put in "Actually" because most people think cyberwarfare is a person in front of a computer with green lines of code streaming down their screen (the kind of things you see in movies)
@Tigershark232 That's exactly why it's obnoxious: it's assuming the audience has poor misconceptions. Every documentary should be telling the viewer something new, there's no need to imply that what the listener knew before was wrong.
❤️🌟 In recent years, disasters have occurred frequently and anomalies have appeared one after another, You must confess your sins and repent,I hope that those who have not yet trusted in Jesus and God can trust in Jesus and God as soon as possible,Confess your sins and repent as soon as possible.2000 years ago, light came to the world,Jesus Christ came to the world.The Word became flesh and appeared before people's eyes.He was crucified for the sins of people.He was resurrected on the third day, and then He ascended to heaven and sat at the right hand of God. If you sincerely trust Jesus Christ and accept Him as the Savior of your life, you will receive the Holy Spirit.Then, you must obey the Holy Spirit, rely on the guidance of the Holy Spirit to act and behave, and be a person who pleases God.
But the fruit of the Spirit is love, joy, peace, forbearance, kindness, goodness, faithfulness, gentleness and self-control. Against such things there is no law. —Galatians 5 : 22 - 23
Don’t delay, you should immediately trust Jesus Christ and God!
This is basically just a giant ad for Linux. 99% of these zero-day vulnerabilities are for Windows machines, businesses and governments just don't feel bothered to switch over to an obviously more secure OS. They only have themselves to blame for not switching over
Good video. But seriously stop pushing ANOTHER STREAMING SERVICE of dooooom.... I can not take another "STREAMING SERVICE" naw man naw... can't... do... it....
Wendover seemingly has a pro-Iran position based on how this is all presented and the key elements he leaves out/chooses to include as part of the video. Noted for the future, thanks for clarifying your apparent bias.
Iran not having the technology to build nuclear bombs is a good thing, and despite their claims, evidence across the board implies their "nuclear program" is not restricted to nuclear power alone.
My Guess about the whole Iranian and North Korean Hacker attacks is that they are not really Iranian, or North Korean, but in fact hackers from everywhere in the world, taking control of computers in Iran and North Korea, and staging their attacks from there. If the infrastructure in Iran is weak so that viruses spread fast, it means a hacker can take control of many computers in there, and stage an attack to any facility everywhere else. This way IT experts will think it initiated from Iran, and not look for hackers elsewhere.
22:44 Nonton YouTube 22:45 Wendover Cyber Warfare tapi gak jadi ditonton 22:46 History Scope Rise And Fall Of The Ottoman Empire 23:08 Kekamar Mandi 23:40 Kekamar Mandi 23:43 Music Scope Ceddin Dedden 23:46 Lanjut Wendover Cyber Warfare
I'm so fucking tired. I didn't sign up for this shit. I hate fucking computers. And the Internet. God, I'm so angry. This was created for communication. For peace. Not to run everything. Not to ruin everything. I hate this.
You did not touch at all on why Stuxnet was so devastating and easy to propagate. It was due to the CA certificate store that is in almost all computer devices , operating systems and such. These CA authorities are "trusted" by the hardware to vet vendors and software code though a trust process. Windows called with the WQL Driver Signing program. If an entity had signing authority they could digitally sign the malicious code and thereby skip the warnings normally given to the user.
This have moved deep into the silicon (SoC) layer now with hardware root of trust, however the same system exists. There are hundreds of certificate authorities trusted by your devices by default and it's almost impossible to remove them manually.
Wendover for the LOVE...OF GOD....PLEASE CHANGE....THE CADENCE...OF....YOUR SPEECH. Every single one of your videos sounds like this and it's so unnecessary.
... lets just completely gloss over what 0day means .. its not like theres 0day warez..... this is a rather limited video... good for 10 year olds and very uninformed
0:04 no it fucking didn't it started some years ago i have no idea where. but i'm sorry, blaming everything on russia because it's in vogue right now, is... stupid. My point: zero-days existed since ever. But they have become known as zero-days since the internet, since the code of programs has actually become known since the (zero-day) of their release. Oh, and the code "doesn't want access" t anything. The code just gets access to anything that still has the vulnerability at the moment the code is ran on the computer having the vulnerability.
02:18
9708 likesSam : “This new era was made possible”
Me : “by skillshare, an online learnin…”
Sam : “by one single concept.”
Me : Oh
Replies (97)
Yes i thaught that to 😂😂
351 likesI actualy automaticly skipped that part. If it was not for you I would never have known XD
244 likesThis wins
18 likesI was about to comment the exact same thing
45 likesCame to see if anyone beat me to it. Of course they have. Lol
46 likesExactly what I was thinking lol
23 likessame
10 likesAlmost skipped as well 😂
25 likeslol
2 likesthis is why i came here
11 likesWe’re just so used to these smooth ad segways lmao
27 likesThis was purposeful, nice try tho
5 likesMy head shot up to look at the screen when he said that first line. I was like "nooo... he doesn't even go this far on Half as Interesting"
9 likesWell I guess everyone can read my mind lol
4 likesBy Nebula?
8 likesyo same, lol
0 likesI think it was a brillant ad xD
0 likesHad the same joke planed… 🤣🤣 i laught at the possible outcome before he sad the real line
2 likesLol XD
0 likeslmaooooo
0 likesI thought that aswell
1 likei was just going to type that
1 likeSame
2 likesI was waiting for a shout out to Brilliant
0 likesYeah same
0 likes😊 Yapp! I was thinking Squarespace, but that one was good too!
1 like😂🤣😂🤣
0 likesBruhhh instantly my finger went into position to tap twice and skip 20s when I heard that part lmaoo
3 likesLol my mind went straight to skillshare. Spooky.
2 likessame, even to the point of specifically expectig skillshare for some reason (rather than another sponsor)
2 likesi'm completely broken. wendover pls
0 likesI felt for it too
0 likeslol I thought he was going to say SurfShark. That would be very fitting!
1 likeI skipped ahead and was like: "Wait did I miss something?"
0 likesDamn these YT ads have us in their grips lmao
Was 100% waiting for the same line...
0 likesthought the same thing
0 likesI was like just tell use who sponsored this video
0 likesAgree lol
0 likesLMAOOOOOO
0 likes@Richard Sleeve same hahah
0 likesSam: "by one signle concept,"
0 likesMe: "the concept of online learning"
Sam: "and perhaps more importantly made profitable by"
Me: "Skillshare, the online learn...."
I was also waiting for it XD
Oh lmao i thought that i was the only one
0 likesMy exact thought, but maybe skillshare's goateed evil twin
0 likesClearly, skillshare is getting value for money.
0 likesYeah me too, and that is EXACTLY why these companies advertise on YouTube
0 likesAnd it works too, the amount of times I'm like taking about something and I find myself like oh you shoild try insert company that advertises on LTT, Wendover, MKBHD etc even though I've never used their platform I know the name and exactly what they do
0 likesMe 😂😂😂
0 likesLol stopped the video to see if this comment was here.
1 likeI WAS ABOUT TO
0 likes@Nic Nic same
0 likesI anticipated NordVPN from the subject of this video, but nonetheless 😂
0 likes@NNx Sponsorblock for Firefox, get it :)
0 likes@Røde Get Sponsorblock, its an addon for firefox
0 likesYuuuuuup you beat me to it lol was gonna put the time stamp as well 🤣🤣 it’s that engraved in our heads now…damn you skillshare
0 likesThis was the exact comment I was coming down here to leave 😂
0 likesHa it got me too, but i was thinking of Curiosity Stream
0 likes@NNx lmfao same
0 likesGreat minds think alike 😂
0 likesi was about to write the exact same comment lmao
0 likesRepent to Jesus Christ
0 likes“Consider it pure joy, my brothers and sisters, whenever you face trials of many kinds, because you know that the testing of your faith produces perseverance.”
James 1:2-3 NIV
I
omfg. what timestamp the video actually begins ?
0 likesGLAD I WASN'T ALONE LOL
0 likesTake your like
0 likesLOL
0 likesSame here
0 likes...One single concept that they learned on Skillshare?
1 likeCame to comment this but not as good
0 likesFrfr
0 likesI thought the same thing
0 likesYeah, that fooled me too
0 likesmeow meow meow meow
0 likesThis is one reason I hate "smooth" ad segues. They trick users into thinking they're content, and thus train us to be averse to certain sentence structures.
0 likesIt cought me too
0 likesDefinitely intentional
0 likesThats why use sponsorblock for YouTube.
1 like@A Kay same
0 likesSee ads are working
0 likesBruh i literally thought of the same thing 😂😂😂
0 likesI read this as he said it
0 likesThe concept of sharing skills :P
0 likesSame
0 likesSo it wasn't just me hahah
1 likeSame
0 likesThat single concept might still be skillshare tho
1 like😀
0 likesDEADASSS
0 likesMade possible has become a trigger phrase preparing me to skip
0 likesWe all expected the same!
0 likes2 weeks late on viewing this, I instantly knew this was gonna be top comment
0 likesHahaha went here to comment the exact same thing
0 likesfr bruh I was thinking the same thing
0 likesI knew it I couldn't be the only one 😂
0 likesI paused the video to find this comment. I actually thought he was gonna say Curiosity Stream
+1
0 likesSame
0 likesSame
0 likesOmg I thought that too and went down to say it and saw it was the top comment
0 likesI read your comment before I watched the video. I still fell for it when it came round.
0 likesBut the real question is: How would this affect airline logistics?
8177 likesReplies (101)
cd 66 A single cyber bug can completely shutdown an entire country's airline industry in a matter of seconds.
218 likesI'm sure airline and airplane software vulnerabilities are highly sought after actually. Imagine having an airplane botnet.
160 likeslmao
12 likesIf the target is Air Traffic Control, you could stop airlines from getting filing flight plans and no flight plan, no clearance.
72 likesYou could shut down instrument landing systems on a day with bad weather, the airport's operational minima will be increased and if the day is foggy enough, you've shut down the airport
He’s being sarcastic 😂
45 likesDeeply
1 like😳😳😳😳😳
1 likeJust wait until 9/11 2.0
12 likesYes, this is the question.
3 likesthere's a nice DefCon (a hacker conference) video on TCAS spoofing (air traffic control), it can already be done, by amateurs.
17 likesIt can turn airports into parking lots for planes.
4 likesImagine a virus taking some radars offline. it could be catastrophic. Remember the pipeline shutdown? now imagine it was a power grid, or some banks. Even some hospitals had this issue.
3 likesI'd be more worried about shipping ports. Disable shipping ports and you disable a nation. We've seen how fragile they are as is the last couple years.
7 likesAirlines are crucial for the modern world to run so yes this is the real question
1 likeYour comment was highlighted to me. I felt that I was suppose to ask if I could boldly pray for you for something through our Lord Jesus Christ? 🙏 Also felt the Lord Jesus Christ knocking personally on your heart today to let Him enter in as Lord and Savior. He favors you.
4 likesHe gets it…
1 likeLol
1 likeRather dead, terrible and obviously...
1 likeBahahaha
0 likesThis comment is only for wendover productions fans! 🤣
6 likesA modern airplane is just a self-driving router... the wrong software on the wrong machine means you could get a worm that travels the airplane network used to transfer plane-to-plane, and then have them all nose-dive at the same time. I would love to think that this could not happen... but modern airliners already seem to do this on their own just by poor physical design. Who knows what they are running on the networking and processing side of the equation.
4 likesLegendary viewer right there.
1 like@Jessi the Queen. 77u7
0 likes@Jessi the Queen. 7u7u777777uu7u77uuu7uuuuuu7u7u7uuuuu77u77u7u7u77u77uu77uuu
0 likes@Jessi the Queen. uu7uuuu7u
0 likes@Jessi the Queen.5 766tt5tt
0 likes@Jessi the Queen. 5ttt55
0 likes@Badar M 5
0 likes@Sebastian Contreras 55t55
0 likes@Badar M t
0 likes@Sebastian Contreras trttttt
0 likes@Badar M t
0 likes@Badar M tttt
0 likes@Sebastian Contreras t
0 likes@Sebastian Contreras trtt5tt
0 likes@Sebastian Contreras5 ttt
0 likes@Sebastian Contreras tt5
0 likes@Sebastian Contreras trtttttttrt55
0 likes@Sebastian Contreras trt
0 likes@Sebastian Contreras tr55
0 likes@Jessi the Queen. t
0 likes@Jessi the Queen. t
0 likes@Jessi the Queen. t
0 likes@Jessi the Queen. t
0 likes@Jessi the Queen. ttt
0 likes@Jessi the Queen. ttt
0 likes@L u c a s tt
0 likesU just made my night happier bro
0 likes👏
0 likesGeneral rule of thumb, everything is subject to attack, and almost everything is relatively vulnerable. We’re a few lines of code away from absolute disaster, and that’s not an understatement at all.
1 likeDon’t get him started!
0 likesChinese, airline logistics…
0 likesa certain Saudi has a answer
1 like737 max moment
0 likes@Jessi the Queen. bruh that pfp
0 likesRepent to Jesus Christ
1 like“Consider it pure joy, my brothers and sisters, whenever you face trials of many kinds, because you know that the testing of your faith produces perseverance.”
James 1:2-3 NIV
K
You know someone is writing a script on that rn
0 likesLike y2k
0 likesProbably we don’t wanna know
0 likesconsidering most airlines' systems run on big iron mainframes with poorly maintained software written decades ago, I'd say it would have a massive impact
0 likes@Zebina Mastero can I boldly ask you to pray for me too
0 likes😅
0 likesVsauce. Michael here.
1 likeBoeing says Hi
0 likes@m s But there are techniques, such as those involving data analytics, that can be used to filter out suspicious traffic, even within the same IP range.
0 likesmeow meow meow meow
0 likesProbably all commercial flights grounded.
0 likes@LeJosh Mont Air Force pilots are trained to navigate without GPS, so I’m not entirely sure that would happen, especially when commercial pilots are principally, if not mostly, military veterans.
1 like@Jessi the Queen. idk about that one and I feel you you lack credentials considering you just said the words cyber bug
0 likeslol
0 likesPrice of tea in China?
1 likeHe was paid to make these videos
0 likesaren't plane is autopilot? imagine what it could lead to
0 likesSo many serious answers 😂
0 likeseasy, by increasing the price of oil.
0 likes@Paul S Rohrbaugh The dreaded 9/12 0_0
1 likeThe real question
0 likesHack a plane and make them use Google maps to navigate.
0 likes@Derkinator You don't need credentials to understand that an industry entirely built on electronics can be hacked and completely impacted.
0 likesA cyber 9/11. The good days for cyber security professionals are finally coming.
0 likes@AG Yes, of course I can. Is there anything specifically that you were looking to be prayed for?
1 like@Zebina Mastero for good health my family and I and future success
1 likei'd reckon not much. even commercial airplanes, for the most part, are analog. the biggest point of failure at that point is user error, say compromised flight instruments.
0 likesROFL! Can't wait for this video!
0 likes@AG you got it!! Prayers of beloved protection like linen white cloth wrapped around your family and you where ever you go. You will not be harmed. 🙏
1 like@Jessi the Queen. is that even a 🐛.
0 likesThe only thing that matters. Obviously!
0 likesWhy is that the real question?
0 likes@JJ I you're new around here, aren't you?
0 likesNo the real question is how this would affect F1 logistics
0 likesThey will be immune because of airplane mode.
0 likes😂😂😂
0 likesGod comment
0 likes@18:45 Sam addressed how it effect the airline logistics, A big one is coming!
0 likesAnd Bricks.
1 like@Jessi the Queen. Hoooo told you that? Long past are the days where a single bug can do something of that magnitude. Software manufacturers and bug manufacturers have been in an arms race since the days you could whistle into a telephone and potentially cause havoc.
0 likesA single bug with one exploit definitely could not bring down an industry with multifaceted network security and capabilities but a bug that would cost over $10 million dollars and contain multiple zero days could make it all the way to hardware fail safes. It would be devastating only to the unprepared and annoying to the majority of airlines.
@Zebina Mastero why you asking people if you can pray for them. Just do it. Jesus isn't going to come down and ask you if you had their permission. If you've ever eaten at Chick-fil-A you agreed to a TOS where you can pray for people without their permission.
0 likes@Vysair it would lead to the pilot turning the autopilot off LOL
0 likes@Sven Kortjohn Thank you and love your attitude. I was asking "how" or "what specifically" can I pray for you for, not if I can. : )
0 likessimple. better not mess with person whom coded it or the plane won’t land.
0 likesLol!
0 likes"This new era was made possible" my brain finished the sentence "with skillshare" you've ruined me
4610 likesReplies (37)
😂😂 saame
36 likesSame here
13 likesLol
3 likesToo
2 likesWe’ve all been conditioned
45 likesSwear to God lol
5 likesHaha yes!
2 likesOh my god I thought the exact same thing
5 likesLiterally had that same thought 😂
6 likesSame lmao 🤣
3 likesME TOo
0 likesDAMNNNN
1 likeI said wendover for some reason
2 likesDude I finished with "brilliant"
7 likesNah, what ruined us is that Half as Interesting guy
0 likesIt happened and then i instantly seen this comment. You manipulated me
1 likeHaha same here. Was just about to comment about it.
1 likeSame here 😂 Great minds think alike ;P
2 likesSame 😂😂
1 likeSkillshare getting what they paid for
2 likesWe're all sharing the same brain cell
1 likei mean... it's not exactly wrong :)
0 likesSame
0 likesYes - same - my brain autocompleted it with "made possible by Skillshare" :D
0 likesRepent to Jesus Christ
0 likes“Consider it pure joy, my brothers and sisters, whenever you face trials of many kinds, because you know that the testing of your faith produces perseverance.”
James 1:2-3 NIV
L
Same
0 likesLiterally same
0 likesS A M E
0 likesYup
0 likesYep same
0 likesS A M E
0 likesmeow meow meow meow
1 likelol same, brainwashed by adverts
1 likeYep. Fuck ad segues.
0 likesNever gonna do skillshare. I dont blame creators for taking their money at all. I blame them for ruining it like that.
0 likesI hate that advertising works this well on some people.
1 likeyup
0 likesStuxnet was a beautifully designed and engineered virus. The story behind it is fascinating and I encourage everyone to read up about it. Not to discount Sam's video. He does a great job.
1887 likesReplies (31)
GAGAGAGAGAGA!!! I want to cut my toenails... NEVER! I am the feet YouTuber. Thanks for being a fan, dear chr9s
6 likesYeah, the payload, distribution of it and effects should be Infosec and Malware 101 -- it's sublime.
74 likesLucky for you - he explains it in the video.
10 likesEven more interesting is the history behind the notorious Mirai botnet. Such a powerful tool just so a couple guys could run a protection racket off Minecraft server hosting.
30 likesThe real story is that there is probably another Stuxnet put there that hasnt been detected yet...
45 likesThere’s a full length feature documentary on YouTube about it.
7 likesAs beautifully designed as COVID-19
9 likesi also suggest to read about how COVID has been engineered, spreaded, who created it and why :D nice readings
3 likes@AxxL pics for proof
2 likesAnd it updated itself when it met a new variant.
2 likesJust 1 MB!
USA USA USA USA USA USA USA
2 likes@AxxL wtf you're here again?
0 likesJust like how stealth bombers are beautifully designed and engineered I guess. It's weird to be so positive about a tool of destruction.
4 likes@Irun S Tell this Vladolf.
1 likeHe will not stop his wars and killings by people chanting "peace".
This is a harsh reality which I also had to learn to accept.
@Sagittarius A* Vladolf? Wut?
1 likeThere's a great documentary called Zero Days which talks about Stuxnet.
1 like@Manny yeah Zero Days is great, I highly recommend it as well!
0 likes..... Link?
0 likesProbably very rare that you can refer to a weapon used in international warfare as beautiful.
0 likes@Mr. B. Why yes, after reading those subjects I have lost so many neurons I would very much like to sue you
1 like@Aurorae C i don't want all the credit for that 🙃
0 likes@Cadde Except he does explain the story behind it... not how to use it. That was the entire point of the video. If he were to explain exactly how to use it, it would be a series of videos, clearly.
0 likesSo I agree with you... but the original comment states the "story behind" the virus, not the inner workings of it... hence my comment. Have a nice day :)
I’d love a deep dive read or video on Stuxnet
0 likes@Mr. B. I sincerely hope you are ironic in your ideas
0 likesmeow meow meow meow
0 likesWe'll never know who put it there. Could've been less-than-friendly nations. Also classic Putin style to make people think 'The West' did something to his own allies. Such precise intel of how the facility works, could've well been from Western Epsionage, or acquired with entirely open, friendly-seeming tours by Putin's Hybrid Regime. Strange time to be alive.
1 likeWonderful levels of technology compared to even 75 years ago. A massive increase in living standards worldwide overall. Much less war and violent crime on average. Many of us talking society matters using the magic of the Internet on a regular basis, like the Landed Gentry of previous times.
Yet occasionally truly terrifying with the entire world pinned between Nuclear West and Nuclear Putin + Nuclear Jinping. At least it's not boring I suppose!
And they would have got away with it too if it wasnt for those pesky kids
2 likesThere are several good documentaries on it. The architects of Stuxnet thought of everything. Incredibly tight, efficient code.
0 likesok
0 likes@Michael Flores Countdown to Zero Day is about Stuxnet, it's a great read and the audiobook is a good listen too.
0 likes@jpablo700 LOL!
0 likes3:29 For anyone interested: this is only partially true. A zero day IS a bug, but not every bug is a 0-day. A 0-day is a bug that the vendor of the product in question has known about since 0 days (so: they don’t know about it while it is already being exploited/found by someone else)
1336 likesReplies (15)
And of course it also has the fall into several categories of utility; a bug that causes the wrong shade of yellow to appear is (probably) not a zero day
66 likesThis is a much better explanation than the top comment rn. Better grammar too.
23 likesAnd the name comes from the warez scene (since there was significant overlap in the early to mid 80s), when "0-day warez" meant a game which was cracked on the day it was released. You'd get "-1 day" sometimes due to time zone issues, but 0-day was the gold standard.
40 likesThank you. Hearing the video's definition was a bit of a forehead slapper. A zero-day is an exploit that was discovered being actively exploited in the wild, without the hardware/software manufacturer being aware of it, so there is no fix available at that time. The alternative would be if the manufacturer was made aware before the exploit was found being used in the wild, and likely already has a patch available.
36 likes@Daniel Kaschel - Zero days imply code execution.
1 like@en0n - A zero day doesn't have to be in use to qualify as a zero day. It only has to be a vulnerability, known about by some party, that the vendor has not yet been made aware of. The real danger in a zero day vulnerability, is that an IT department cannot protect your company just by keeping everything up to date. Anything connected to the internet, or to an internal company network, could be critically vulnerable. Even thumb drives could infect an airgapped computer network, disconnected from the internet.
17 likes@Daniel Kaschel No, that is a 0d exploit. There are tons of 0d's that exist all over the world, where the bug in question provides no path to exploitation.
2 likesA lot of the confusion comes from the warez/hack/crack scene applying the warez scene terminology "zero day warez" to the hacker community (my previous comment). That was fine when there was probably 50% to 30% overlap in the two communities (but falling), but as it fell further, it mostly just served to be confusing, counter-intuitive terminology.
3 likesThank you, you explained that very well
2 likesYeah we watched the video
1 likeYeah. If the attacker is exploiting a known flaw or known bug, or is utilizing known software, basically if any part of the attack is done using a known factor, it's probably not a Zero-Day Event.
4 likesI thought a zeroday was a backdoor, like Apple has on iPhones so the US government can break in
0 likes@ShinerCCC Not really, as then apple would know about the back door in their products, so it can’t be a 0-day. But you already said the term of what you just described: a back door
3 likesTBH this video is full of BS
0 likesI believe you are wrong when you are saying that the vendor of the product in question has known about this since 0 days that not only doesn't sound right it would make more sense that they've known about this since day one. You couldn't know about something since 0 day. what is actually means is the vendor does not know that there's some lines of code that can be exploited in their software and when they find out about it eventually they have had 0 days to work on it to solve the problem. Lex fridman did a podcast with woman investigative journalist who has focussed her career on hackers and these types of issues. I don't expect you to take my word for it but if you search for Lex fridman zero-day exploit I'm sure this podcast will come up and there's Lex clips where it will be an explanation of what zero-day exploits actually are where the term comes from and everything else you would want to know about it. I don't mean to be rude by pointing out you are incorrect in your explanation of 0 days exploit just want everybody to know what it actually is. I personally would not have known had I not watch that podcast by Lex fridman
0 likesNicole Perlroth is the name of the woman lex fridman interviews about cyber security and everything involved in hacking and th see who what why when where and how
Nothing like an existential crisis on a Tuesday's lunch break!
2958 likesReplies (19)
On the back half of my lunch watching this, and I cannot agree more
10 likesSolve it by getting chickens and putting potatoes in the ground.
13 likesWe're actually starting a club now
2 likesThis video makes it worth taking a break.
1 likeliterally me rn
0 likesfor real!🤯
0 likesOr if you work in IT an early end to lunch break
4 likes😮rr😮
0 likesNah things are still pretty chill
0 likesRepent to Jesus Christ
1 like“Consider it pure joy, my brothers and sisters, whenever you face trials of many kinds, because you know that the testing of your faith produces perseverance.”
James 1:2-3 NIV
h
Bon appetit!
0 likesoh same lmao
0 likesIt's my Wednesday lunch break
0 likesWednesday pre lunch lol
0 likesWednesday my dudes…
1 likeOr wed in the middle of the night
0 likesAs a penetration tester - I live in fear
0 likesIt’s been a couple years of constant existential crisis. Fight or flight is the new baseline for a normal average relaxing day.
0 likesTwo weeks later, and I'm watching this on a Tuesday lunch break. XD
0 likesCorrection: zero day is a case when discovered vulnerability haven't been fixed yet. Not all software bugs are zero day. Only the ones that's discovered and used before software manufacturer produced a patch to fix it.
1275 likesReplies (45)
Thank you for pointing this out. Its confusing because people describe exploits/vulnerability as zero days in the media but its only describing the effect and not what it actually is. Its like calling a car a zoom. The zoom being the zero day and the car being the exploit.
53 likesAnother correction, most zero day exploits are not known by the devs. Known zero day exploits are usually quickly fixed by devs when brought to their attention.
44 likesNot trying to correct you or anything, but arent zero days vulnerabilities that have been discovered before the software is released?
9 likes@ツNekko It's a exploit in existing software that is activity being exploited that was not previously known. Sometimes exploits are know or reversed engined from patches and these are not zero days. If a bug is found and disclosed its also not a zero day.
32 likes@John Mackenzie zero days are always not know by the devs by definition. Devs don't always act fast and it's always been a topic in the security world when to publicly disclose exploits to force devs to act so zero days don't happen.
18 likesOn the opposite end of the spectrum you have N day exploits. With N denoting how many days there have been a patch for it that few have installed.
13 likesThis is the reason you want to stay on top of updates to your software and even firmware.
If an exploit exists and nobody fixes it, it's still an exploit that can be used as an attack vector. And they can be just as damaging and people only get on top of fixing it when they have been affected by it.
@PleaseDontWatchThese I'm not sure why Youtube deleted my last comment, but I basically mentioned how you contradicted the original poster after agreeing with him, and how I had the same idea as you until I did a quick google search and found out that zero day apparently also includes vulnerabilities known to devs but that haven't been patched yet (or at least according to Wikipedia). By devs here I was talking about big players like Microsoft and Apple, they quickly fix major vulnerabilities in a matter of hours or days when brought to their attention, like when Apple patched the iOS vulnerability that Pegasus used as soon as it was brought to their attention.
5 likesYeah I was gonna say this too lol
0 likesNothing should have to be "patched". Create one good fabric without holes.
0 likes@Freedom Of Speech If that were even remotely feasible, then vulnerabilities wouldn't be common, especially in things like Windows, which are written by companies that can and do hire some of literally the best programmers in the world. programming software has become such a complicated Jenga-tower mess that no one can possibly cover every base.
13 likes@ツNekko zero days is how many days people have been working on fixing the bug before someone exploits it
0 likes@Trae Hesket It is. Windows just doesn't care.
0 likesIt sounds like it was incorrectly defined at first, but if you listen to his whole description of a zero day it is good. It's not really a correction. It could've maybe been presented a little bit more clearly though.
0 likes@John Mackenzie not necessarily saying you're wrong, but do you have a source? The severity of a vulnerability is greatly reduced once it is known, even before there is an official patch. I would have thought zero day vulnerabilities were those for which there could not be deployed mitigations (even if that just means air-gapping a server until a patch is available)
1 like@Daniel Kaschel Here's Microsoft's definition at least : "A zero-day vulnerability is a flaw in software for which no official patch or security update has been released. A software vendor may or may not be aware of the vulnerability". The severity of a vulnerability itself doesn't change with the knowledge of it, but the market cost for the vulnerability does. I'm talking mere knowledge here, of course the severity being known also means that it will likely soon be patched, so it's worth less. Zero days can be easy to fix or not, their only requisite is that they can cause damage if exploited. It's what differentiates them from regular harmless bugs.
2 likes@John Mackenzie isn’t that the definition of any vulnerability: one for which a patch hasn’t been released? Once a patch is released it’s no longer a vulnerability. What’s the differentiation of a zero day?
0 likes@Freedom Of Speech Have you ever programmed anything? There's a million ways that things can go sideways that are damn near impossible to consider because they're just so out there. As a less dangerous example, people trying to hack the 3ds gaming handheld realized that by using the game Cubic Ninja's poorly designed level editor they could overwrite portions of the 3ds's code and gain access to portions of the system that were previously completely inaccessible. Needless to say, a company like Nintendo obviously cares a hell of a lot about locking down their systems to prevent things like piracy or malicious exploits, to the point engineering their hardware to fight them, since it can cut into profits in all kinds of ways. Do you really think that if making a truly 100% secure system was possible that Nintendo wouldn't be on top of that like white on rice?
7 likesNow keep in mind I'm not saying that Microsoft is a good company that deeply cares about its users, instead I'm saying that whether they care or not it's in the best interests of their profit margins that they fix as many dangerous bugs and exploits as possible since nobody's gonna wanna use an OS that leaks their credit card info every 5 seconds no matter how smart you are about avoiding viruses. The only way to ensure that you never have exploitable software is to never install anything, never transfer data in any direction through any method, and hide yourself and your computer in an underground bunker with 0 communication methods for all eternity (you gotta hide yourself too because social engineering is a thing).
It's worth defining the difference between "vulnerability" and "exploit" here and how they fit into the context of a zero day - A "vulnerability" is the problem, and it's a vulnerability even if nobody has found it yet. Someone can discover that vulnerability and report it to you or sell it to some shady organization like a government, and it's still not a zero day.
2 likesAn "exploit" is software or a technique designed to take advantage of a vulnerability. This is the zero day - the exploit itself, not the vulnerability.
To give a physical analogy, imagine your door lock could be picked if you just could reach a shrouded pin inside the lock, but nobody knows that yet. That's a vulnerability. Now let's say LockpickingLawyer figures out that vulnerability and tells the lock manufacturer and they don't bother to fix it. Maybe he even posts a video talking about it. It's still just a vulnerability.
Next imagine someone who isn't all that worried about the concept of private property also figures it out and bends a wire in the right shape to reach that pin, then begins breaking into houses with it. Now it's an "exploit", and since there is no fix for it, it's a zero day exploit.
To add another wrinkle, let's say someone else 3d prints an object that reaches the same pin in the lock and starts using it. That is the same vulnerability but a SECOND zero day exploit. Depending on how the lock manufacturer addresses the first zero day exploit, the second zero day exploit might still work.
@Merennulli You have it the other way around. Here's the definition on wikipedia :
1 like"A zero-day is a computer-software vulnerability either unknown to those who should be interested in its mitigation (including the vendor of the target software) or known and without a patch to correct it. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network.[1] An exploit directed at a zero-day is called a zero-day exploit, or zero-day attack."
Here's the definition according to Microsoft:
"A zero-day vulnerability is a flaw in software for which no official patch or security update has been released. A software vendor may or may not be aware of the vulnerability, and no public information about this risk is available. Zero-day vulnerabilities often have high severity levels and are actively exploited."
Yes people sell the knowledge of the vulnerability, meaning the zero day. The exploit itself is the attack based on the vulnerability, which is rarely sold.
@Freedom Of Speech Please do!
5 likesMake an entire operating system from scratch without a single flaw, including hardware flaws mind you!
Programming is NOT like weaving a fabric.
Or it only becomes somewhat analogous when you start weaving a fabric in the 5th dimension!
There are so many vectors for "failure".
The user
The hardware
The connection
The data
The programmer
Every single one can be compromised or flawed.
@Cadde Have you ever heard of Temple OS?
1 like@Freedom Of Speech No i have not?
1 likeWhat about it?
@Cadde Exactly.
0 likes@Freedom Of Speech So somehow that makes you right?
5 likesErr?
@Freedom Of Speech so you're seriously thinking temple is have no vulnerabilities?
4 likes@Cadde TempleOS is like a house without doors. It lacks networking so therefore no intruding possible 🙃
2 likes@helloFlorentin It lacks all input too then i presume?
2 likesAlso, only christians would enjoy an OS without connectivity. ;)
@bergonius "is have no" Idi utji angliskij.
0 likes@Freedom Of Speech is = OS after auto switch, genius
0 likes@Freedom Of Speech This is literally like saying "it is possible for a monkey to write an entire Shakespeare using a typewriter given enough time".
3 likes@Archus No.
0 likesmeow meow meow meow
2 likes@Freedom Of Speech have you noticed how the AAA first games on any generation of games console are much less ambitious than the last ones?
0 likesYou can try to say that's lazy game development, but the reality is it takes time and experience to optimise a game for a system, and then the system changes and the cycle starts again.
My point being it is basically impossible to write something so perfect that it's impossible to exploit, and even if it were possible OSs and hardware are continually changing creating new exploit opportunities that in term have to be fixed as they are found. This does not mean companies like Microsoft shouldn't try to create secure software, it just means it's unrealistic to expect it to be perfect.
@No Thanks Cope gaymer
0 likes@John Mackenzie Yeah, Microsoft adapted a different definition of zero day for some reason. People who work with security just know it's more of them thing. We all complained when they did that but arguing semantics didn't really matter for a nitch word
1 like@PleaseDontWatchThese The more you learn apparently, I've also always believed that zero-days were vulnerabilities that haven't been discovered by the devs yet, but a quick google search shows several sources saying otherwise. Kinda renders the "zero day" concept pointless if ALL vulnerabilities are zero-days.
1 like@PleaseDontWatchThese Haha such a Microsoft thing to do - didn't like the clock starting when they're told about a bug because "MS fails to patch 30-day vulnerability" sounds bad, so they just made up their own definition and muddied the whole industry's terminology.
0 likesOh Microsoft. Don't you ever change (jk please do).
@Freedom Of Speech Do you think Temple OS has no vulnerabilities?
0 likesThere, no typos. Now answer the question instead of going "haha you made a typo, I win".
@Bane Ooga booga perfectionism is the only way to achieve glory over eternal suffering hooga chunga
0 likes@Freedom Of Speech It's fine to be a perfectionist. But anyone with any software engineering experience can tell you that making perfect software is essentially impossible. Making a perfect operating system that people will actually use - i.e., with support for Internet connections, 3rd-party applications, decent graphics, etc. - is completely impossible.
0 likes@Bane No. It wasn't with engineering. It just takes extreme effort for a lifetime. We've done it before and we'll do it again. Unless people like you take over the zeitgeist.
0 likes@Freedom Of Speech I know half a dozen very skilled programmers who, combined, have over 150 years of experience coding. Two have been coding since the early 80s. All of them work in teams of at least a dozen smart people. All of them have made bugs, and no one on their teams caught the bugs. I feel comfortable saying that you do not have any experience making software.
0 likesIt is, quite simply, impossible to make bug-free non-trivial programs. And there are so many other components that could be wrong in a system. There could be bugs in the hardware. Or in the router. Or in anything. Nothing is bug-free.
"People like [me]" will not TAKE OVER the zeitgeist. The zeitgeist is "make good software, fix bugs ASAP when they show up". It has been that since the dawn of computing. YOU'RE the own trying to take over the zeitgeist - you're shouting on the sidelines saying "be perfect or you're a failure".
It's crazy that you think that engineering is perfect. Hey, can you tell me about the Arecibo Telescope collapse? What about the Fern Hollow Bridge collapse? Surfside condominium building collapse? The Obed Mountain coal mine spill?
@Bane Cope, seethe and of course; dilate.
0 likes@Freedom Of Speech No thanks, but thanks for showing how bad your argument is. Who knows, maybe engineers will be able to make error-free objects sometime within your lifetime.
0 likesSpoiler alert: They won't. :^)
Since most software manufacturers are US companies, why don't they US government ask the developers how to ruin it
0 likesThe lesson is listen to your programmers when they tell you they need more time. ESPECIALLY if you work on something critical.
428 likesReplies (10)
And always have the most up to date software version
17 likes@Simon Burgess yeah, tell that to end users and product owners... "I ain't paying you for fixing working things, gimme features NOW!!!11111"...
11 likesWhen I was in high school I rigged the USB autorun at the beginning of the video to inject my own payload instead of the intended one.
33 likesFrom that moment on whenever a new USB key was inserted it would:
- Transfer all .txt .doc .xls and such document files to a hidden folder in C:\Windows\
- If the Label was a specific label (sort of like a password) it would instead copy all files in this hidden folder onto the USB drive.
- Self-replicate to the inserted USB key and make itself part of it's autorun.
I used this USB key to then turn in my class assignment to my teacher.
I think in like a week I could go around to any computer in the school, plug in my USB key with the right label, wait a few minutes, and a bunch of new documents would be in there, including:
- Future Assignments.
- Future tests.
- Other student's assignments/projects.
- Personal documents (that was dicey).
- Some people even had text files with their passwords.
Sorry I feel like a rambling boomer. The reason why I can disclose this is that it just prescribed so even if they found me out nothing could happen.
@Unixtreme Genius, copying them into a directory where almost no one opens in Explorer, ever, haha
11 likesok
0 likes"ESPECIALLY" is a keyword here though. Not ONLY if you work on something critical. Even if you work on (for example) a video game and that game ends up becoming internationally popular and happens to have vulnerabilities in it, your harmless entertainment software could become the conduit for an attack, and by extension your players. Imagine the havoc that could be wrought if a serious security exploit was found in Minecraft for example. And that exploit lets the malicious code spread to IoT devices on the network. This is everybody's problem.
2 likes@flubnub nocom exploit did exactly this
1 like@Simon Burgess
1 likeI always wait a few weeks before updating so they can find and fix the bugs of the new software.
@Serveck nah it wasnt nocom lmao all that did was find location of players ingame
0 likes@flubnub lol log4j moment
0 likesA few years ago when they started making fridges, stoves and other "smart" appliances I half joked that hooking your toaster doesn't do much more than making is possible for someone to burn you house down remotely.
180 likesNot sure if it's a good thing that I was right. Internet connection for 90% of devices is useless and pretty much just an extra thing to go wrong and a vulnerability.
Replies (16)
Can you rephrase that in a way that makes sense?
2 likesScary right?
13 likesThat may be the original porpose
0 likes@Nunya Business IoT devices are usually fairly insecure and almost never updated, making them easy targets for hackers.
45 likesReally not a concern for the average consumer, very few hackers are interested in burning down your kitchen with your smart toaster, but they can be recruited into botnets or used to more widely propagate malicious code.
@Karl How many HIK Vision cameras or home AP's are still on their default settings/password?
6 likesHow many were/are used for ddos over the years?
Agreed, these gimmicks make for easily exploitable home networks and homes for botnets. Tech enthusiasts can't get enough smart devices, the tech knowledgable try to lock down and protect themselves, and the tech experts have a backup plan because they know they can't be truly safe from modern devices.
10 likesWhat would a smart toaster do? Smart fridge is like a tablet taped to the fridge. Can mitigate some issues by having the microcontroller for the actual fridge components pay attention to what the tablet tells it to do. Might suck for V1 users but V2 users will be fine :D
3 likesthis is what the whole watch dogs series is about
1 likeAs the common adage goes: "The S in IoT stands for Security".
11 likesJust a fun tidbit, IoT devices being hacked and causing mayhem is exactly the case in Detective Conan: Zero the Enforcer movie.
0 likes@Nunya Business "Toaster need no Internet. Internet in toaster mean hacker can hack toaster. Hacker now sets house on fire. Don't give Internet to toaster."
3 likesSo since when could a fucking toaster burn down a house
0 likesThere was an incident of a casino getting hacked because the fish tank thermometer wasn't up dated and allowed the hackers to get access to the network.
4 likesLike the smart fridge in Silicon Valley. 😂
0 likesI agree. The so-called "internet of things" is a stupid idea. Just like I would never cede the steering wheel of my car to a robot, I'd rather not have random household appliances attacking me. Imagine an angry roomba! 🤣
1 like@Wojtek Security is as strong as the weakest link, after all
0 likesI had gotten into ICS cybersecurity just a few years before this happened and I remember how game-changing it was at the time. Not in terms of its capability, as we knew hacks on this level had existed for several years at the nation-state organization/funding level, but game-changing in terms of getting everyone's attention. Hell, it's only due to ambiguous attribution and plausible deniability that real-world wars haven't been triggered yet. But that day will come when a hack causes such serious damage and the attribution so obvious that it will escalate into war. - I can assure you that everyone is in everyone else's systems and have been for a decade doing recon and quietly sitting in wait to be triggered. Better methods of detection and monitoring along with quantum encryption/networking can't come soon enough. - The best defence is accepting you WILL be taken down and only having a good mitigation/continuity plan will save our critical infrastructure from being taken down.
387 likesReplies (14)
Yes, in fact much of this, including the mitigation required, was already well known in the 1980s, and the US DoD has an excellent series of books from that time systematically describing the enabling factors, the possible defences, and why any defence includes having a plan B, and how to make that plan B not fail in the same way.
17 likesSure, the actual technology used as examples might be outdated in those, but it is still asking the right questions, and providing a good way to think about creating solutions.
Actually, Russia has a policy that more or less allows it to regard any cyberwarfare against the country as an act of war. This among other things makes Russia have a very small exposure towards cybercrime and cyberwarfare.
1 like@Christian they still have to be able to attribute the attack to a specific attacker.
11 likesAnd hrm, I'd say them being less dependent on high-tech connected infrastructure is the primary reason for less exposure.
The Swiss cheese defence: the only practical way of defence
3 likesAttribution is also a very dangerous topic, it's easy, especially for actors of this magnitude, to make it look like the author is some specific person or state.
3 likes@Bart Van Leeuwen Well without going into the technical stuff to deep, the MO of most ATP:s are well known within the community of LE and CF. To attribute certain markers in order to recognize the origin of i.e. an attack is relatively easy.
1 likeNow, the western world have been really shitty and afraid of actually retaliating and thus we have multibillion theft and other types of espionage and attacks regularly from nations like CH, NK and RU. Not to mention all the APT:s and subgroups out there.
There are many aspects here that is mostly unknown to the public and it irks me when someone like wendower tries to explain something they clearly have little knowledge about.
@Dedmen Miller To call it easy is to simplify it grossly. It is not "easy" to hide your origin to an extent that it is impossible for a well funded and well organized cyberforce to find recognizable markers. If anyone tells you anything else it's just pure fiction from a movie.
2 likes"with quantum encryption/networking can't come soon enough."
3 likesas the experts say: it's basically never the math, it's the implementation (how it's used) and any other code around it. So the encryption itself won't save anyone.
@Christian I've been around in 'the industry' for some 4 decades now...
3 likesAnyway, the mere fact the MO of most ATPs is well known makes false flag operations resulting in mis-attribution more than just a theoretical possibility.
And such a thing happening wouldn't exactly be a first either.
So I disagree that reliable attribution is not difficult, at least when dealing with a serious and knowledgable attacker wanting to hide their tracks.
"accepting you WILL be taken down" is a plan, not a defence. Airgapping is an example of defence.
8 likesThere’s a sleeper worm that’s been napping since the March 5th, 2005 in a nuclear silo stateside.
2 likes@Dedmen Miller - You could achieve this by including traces of language in the compiled program that are only in official use by a single nation-state. That includes Hebrew (Israel) and Farsi (Iran). It raises the cost of developing a virus, but a nation state could easily afford it.
3 likes@Bart Van Leeuwen Very well.
0 likes@User 2C47 I said mitigation and continuity are plans. When I was referring to defense, I meant it in the context of not a defense strategy but a defense against critical infrasture failing completely in terms of services being provided after an attack.
3 likesAs an information security professional I’m ecstatic that cyber has entered the public consciousness, thank you for this video
185 likesReplies (6)
I'm scared, there's this guy who was friends with my friend and told me he was with some hacking group from Belarus, like he started phishing people from 50 accounts, said he knew some kind of 'people' called Sandworm, possibly them
1 likeif you think cyber just entered the public consciousness, you must have missed the 80s.
2 likesas a bullshit detector professional i call bullshit
1 like@Plentus Have you ever heard of the term cyberpunk? Yes, that is from 1980.
1 like@PotatoChips23415 I got a picture of them one time in a video call he looked really familiar
0 likes@Comrade20 like i said it's like sending a photo of a kid who robbed a gas station station talking about a treasury being siphoned
0 likesWendover: "No one has officially accepted responsibility for creating Stuxnet."
271 likesUS & Israel: (holding back giggles)
Replies (4)
I thought the UK and Israel did it.
1 like@Carlos Leon CIA with collaboration with others in Israel.
3 likes@Carlos Leon No one actually knows, but I'd bet money that the DoD had a few hands in it
2 likesIkr, as if the typical basement dwelling hacker would know how an underground uranium centrifuge in Iran works.
4 likesJust something to consider: This was discovered like 10 years ago. Just imagine how much more powerful cyberweapons must exist nowadays. No one listened, so now we wallow inside the pit of insecurity.
620 likesReplies (16)
Plenty of people listened. There's just not a lot we can do to patch 0-days that, by definition, we don't know about yet
135 likesModern cyber warfare also targets public opinion and psyche.
56 likesNot just in the vulnerabilities but in the implementation and discretion of the objectives it is the nature of cyber warfare to evolving faster than the nasty little bug eaters. Zero day exploits suck.
5 likesTbh we have always been vulnerable, defenses and attacks develop day by day but one thing for sure is that the results will be the same, the only difference is perspective. A virus infecting 100mil devices decades ago would not be any different from a virus infecting 1bil devices today, its the same results, someone's property will get damaged.
4 likesPegasus to name one
3 likesNot going to deny huge vulnerabilities still exist, but saying no one listened is ridiculous. Do you think companies and governments are going to put out announcements about the steps they've taken to secure their systems?
26 likesSociety absolutely needs to become more aware of how potent this can be, I won't argue with that. But the people to whom this should matter (development houses, governments, legislators etc) did catch up, albeit horribly late and still insufficiently.
5 likesUnless we become able to make software so simple and so rigourously reviewed that bugs and security vulnerabilities become a thing of the past however, software will never be completely secure from the get-go. Airlines are among the only industries that came close to achieving it, and they pour tremendous amounts of money into it, while moving their software stack extremely slowly for that purpose. Compared to that, when was the last time you've paid for an app? These industrial organizations and consumers are very, very different. And development is already extremely time- and money-consuming as-is. Most people don't seem to realize that.
The best we've been able to do so far is to make these software development houses realize that these vulnerabilities are a thing, and somewhat forced them into fixing those vulnerabilities (90-day responsible disclosure). And for them to realize that bounties are relevant when very powerful governments and black markets too got very interested. It is not perfect, but it's the best compromise between cost, effort, time and quality we have been able to come up with so far.
They're only as powerful as your reliance on the internet.
1 likeYou could consider ransomware als Wannacry a cyber weapon. And that made quite some rounds in the recent years, and that wasn't even really targeted use, it was just thrown out like as shotgun shot.
1 like@Mike Its not only sth. companies have to implement but the state through its laws as well. Also Open Source can play a major role in finding and fixing bugs.
1 like@Some One hence it's still insufficient. Regarding open source, it's not a silver bullet. I have to admit that I'm an open source fanboy, but it does have issues. One of those issues would be that even an open source project that allows for the "many eyes principle" can still have vulnerabilities out there for many years, if there's nobody (aside from the devs themselves) to look at the project. In other words, popularity is key. And even then you have the issue of code quality. Examples would include sudo and openssl, which are very widely used. In both there were critical vulnerabilities for many years, and in both I'd argue that the code base was/is overengineered, overly complex, and overall just a lot of digital spaghetti. It is possible to replace them (sudo vs pkexec / doas, and openssl vs libressl / gnutls) but the problem still remains. Open source is of no value if the code is still essentially unreadable.
1 likeIdk who is nobody. I literally am studying cyber security in school rn and I do it in my day job as well.
1 likeOh yeah, I mean during the mid 2010's my own country of Denmark had our national public services and companies constantly bombarded by Russian cyberattacks until we started deploying a national hacking taskforce within the national defenses.
2 likesMore numerous I'd buy, but even without being a professional on any level I can tell that more powerful is questionable. All of this is dependent on the target software failing. Hacking isn't some video game where you invest skill points and suddenly you can use Google's search bar to find bank passwords, new holes in security I can believe, but autorun isn't gonna turn into autosprint just because you have two people typing on the same keyboard.
2 likesMaybe not the general public, but the software development industry certainly has reacted to this.
0 likes@Mike Martin There's also the problem of widespread misplaced trust. Billions of people are happy to put their trust in operating systems and software they (and in fact most people) know nothing about the inner workings of, and they gladly send all their personal information through devices running said software.
0 likesi’ve been a part of the cyber security industry for over a decade, it’s crazy to see how much it’s changed!
148 likesReplies (3)
also I am impressed by how well you explained stuxnet. For a guy who is likely not a computer scientist or a security engineer, it was a near perfect presentation. My hat is off to you!
14 likesWhat surprises me at times is how long it really took for those things to happen. I agree that something like stuxnet happening was huge, but first of all because it became public, and people started to think about it, and take some things people in the security industry have been saying for a long time now, a lot more serious.
4 likesBut.. imo, this being possible wasn't news, and shouldn't have been news for decades now.
What nobody talks about is how, probably Israel, killed some of the engineers from the nuclear plant who were trying to clean it up where killed on the streets in the city.
6 likesAnd how the security expert from Microsoft had an unfortunate accident before his big talk about Stuxnet at a security conference. Probably that last one was purely an accident and coincidence. But the dead Iranians clearly aren't. It does indicate that working in IT Operations and Security has become a more dangerous job than it used to be. And as XKCD 538 indicates the weakest link at some point might end up being us.
The best way I've found to fully understand Stuxnet was listening to the Darknet Diaries podcast. It goes into a lot more detail and shows how amazing the whole Stuxnet operation was
176 likesReplies (7)
Dude that podcast rules
3 likesWhere does one find that podcast?
2 likesStuxnet’s dev artifacts date it to at least 2005. Imagine how potent current-gen cyber weapons are, 17 years later…
5 likes@Daniel Hess there's definitely hacks going on right now that are way crazier than Stuxnet, but they're that good we don't know about them yet, because the victim doesn't even know about them 👀
6 likesI really like the analysis of Stuxnet called "To kill a centrifuge" by Ralph Langner as it explains lots of technical details about Stuxnet and centrifuges in question. Also the virus portrayed in this video is actually a second less sneaky version of Stuxnet, the first one was much more sneaky and destructive, but much less exciting as it had no 0-days nor any way to spread via local network.
1 likethanks for the recommendation I'll look it up!
1 like@Danger Ranger Dan he's literally uploaded the podcast episode onto YouTube in the last couple of days! Search for Jack Rhysider and it'll be his most recent upload, it's a great story 👍🏻
1 likeWhen it comes to cyberwarfare, every nation with sense operates on a policy of 'Those in the know aren't talking, and only those who are not in the know are talking.' I once chatted with one of their ex-security guys and apparently Fort Meade is so insanely paranoid when it comes to security, they immediately began renovations on their headquarters when some college discovered a way to get wireless data through the massive Faraday cage already cladding those buildings. These are the same guys that encase every wire coming into Fort Meade inside sensor-lined concrete.
52 likesReplies (1)
say "By this channels sponsor, Wix" I know the sponsor is not wix, and I have no idea why that popped into my head, but it did.
0 likesAs someone who works with PLCs its nice to see them actually mentioned. I wasn't aware that Stuxnet hit the PLC's themselves I thought it crippled the SCADA system. I guess that shows how PLC's tend slide into the background in the media. The only comment is you used a modern Logo PLC (more akin to home automation or tiny single function machine) instead of the S7-300 more akin to massive machines and entire factories.
61 likesReplies (4)
PLC security is a joke and mostly relies on being on an isolated network. That obviously isn’t enough if someone really wants access to your stuff as stuxnet proved. Makes you think twice every time you swap a usb flash drive between a business and process computer.
6 likesYeah, controllogix 5000 don't have any credential requirements (or even an option to set any as far as I've seen), just need the ip and you can mess some thing up badly
2 likes@Preston Siegfried Yeah I'm haven't seen any passwords on AB plcs either. I know siemens have added them now.
2 likes@Steam & Tech controllogix can have passwords but they’re use is frowned upon unless it’s a safety program or pharma.
1 likeI learnt about day-zero exploits in my cyber security course. They are dangerous. And it is interesting to see them being used in this Ukrainian-russian war. Both Ukraine and Russia have been victim of these exploits because of the war.
79 likesReplies (1)
Israel is so badass ngl
0 likesVery well presented. I think you should have made more clear how enormous 1MB is in this scenario. People take pictures or videos of hundreds of MBs or even GBs all the time.
11 likesBut this is just code and 1MB of just code for one single purpose is crazy.
This representation is somewhat inaccurate: Exploits, big and small are found all the time and are patched all the time. They're not nukes, you can't just sit on one for years because it may either get discovered and patched or rendered pointless by some other update or just a new software/OS/etc. They're also typically already out and about (ex: Meltdown) and, if big enough, get a ton of attention and very fast reaction to it. The log4j fix is an example of this. That doesn't mean they can't do a ton of damage, it's just that more often they're just happening all the time, and the vulnerabilities are just getting patched all the time. Organizations that are bad at security and keeping up with this, government or otherwise, are obviously the easiest targets.
83 likesReplies (2)
As a counterexample, the Shellshock bug had existed since 1989 and wasn't identified until 2014. It is certainly conceivable that, even in the absence of conspiracy theories about government/corporate partnerships, a devastating bug could go unnoticed for decades.
20 likes@Sovrim Terraquian true, though that bug was exploited primarily cause the patch sucked and people weren't updating their unix servers. I guess the point I'm making is banking for a long time on no one discovering the discovery that you bought and hired a team of people to implement maliciously sounds like a stupid idea. It's like finding a $100 bill on a crowded street. You better hope no one else saw it. But as I said, I concede that sometimes exploits exist for literal decades, so a fair example for sure.
6 likesThe book referenced, "This is How They Tell Me The World Ends", is an amazing deep dive into this subject, and the beginning and ending sections dealing with the author's time in Ukraine were disturbingly prescient.
27 likesI'm a programmer and a hobby hacker. I expected some flaws since no one can make accurate cyber security videos. However, you did a really good job. Thoroughly enjoyed this one, thanks!
105 likesReplies (4)
Hobby hacker?
2 likes@Jake Stavinsky they do it as a hobby
2 likes@Jake Stavinsky Their hobby is hacking and learning about hacking
3 likesNot really, a lot of the info in this video is half-true, and he doesn't seem to know what a lot of the terms (such as zero-day and remote execution) mean
4 likesI remember watching more information about this unfold while in IT class.
1 likeIt's amazing how simple payload concept was. Security Now podcast was a stream of weekly updates for a while there.
This video is an excellent piece of coverage pulling it all together.
"This new era was made possible and perhaps more importantly profitable"
107 likesI have absolutely no idea why, but I was genuinely expecting (for just a second) that he was going to say "By this channels sponsor, Wix"
I know the sponsor is not wix, and I have no idea why that popped into my head, but it did.
Replies (3)
For me it was both Squarespace and Cloudflare, simultaneously.
1 likeLolol, same
0 likesFor me it was "Raid shadow legends"
0 likesThe common theory I've heard is that to at least some degree, Stuxnet wanted to be found eventually, after causing significant damage - the US wanted to show off their capabilities, and this is just about the only way you can. You can't exactly have a military parade with a bunch of soldiers holding up USB drives.
82 likesReplies (9)
Makes sense, kinda like the motivation behind the use of the atomic bombs.
9 likes@Calvin_Coolage a fitting metaphor, seeing as the US opened the floodgates to a new scary dimension of warfare, much like Hiroshima
22 likes@LordDarias At least nukes have MAD. If you get cyberattacked, assume it's the US or Russia or whatever, and launch a counterattack, then you just look like an asshole because the origins of these attacks are fairly difficult to prove.
15 likesTrust me, Iran will hold a millitary parade with soldiers holding laptops (made in the US) or some USB drives.
7 likesThat would be very on brand for the US as well. Meanwhile, China likely has access to every phone, laptop, and game console in the US and is just sitting on that... For now
0 likesNo, just no. When you have a capability like that you keep your lips zipped and you keep using it.
6 likesI got the feeling that this is like a new cold war.
1 likeYou'd think israel would hold them back, being the one country that doesn't show off
2 likes@Gave2Haze Pfft, Israel was the one who wanted to just airstrike the nuclear facilities directly. They have no restraint when it comes to assuaging their own paranoia.
2 likesI remember first hearing about Stuxnet in a podcast years ago and it was kind of the first time I questioned the ethics of a nation's government to inflict damage on another with that sheer lack of accountability. Of course since then read about tons of other incidents that reinforced that idea, so its stuck (no, no pun here) with me as a poignant example of this issue.
13 likesWith proper security monitoring zero days are not that scary. RCE would be detected and countered as it happened and the spread would be minimized.
19 likesThe problem is many corporations spend money on cyber security insurance because it's cheaper than proper security.
Just like having the CEO pop their golden parachute and take the blame for something bad the company did cyber insurance lets the corporation save money until things go bad and then they get a big payout. The only ones harmed are the customers.
Yet another instance where putting profit over everything is costing average people.
We need more stakeholders in business, and less shareholders.
Replies (1)
I doubt most security monitoring would detect or prevent a RCE 0day.
2 likesYour consistency and quality of content never disappoints ♥️
84 likesReplies (3)
I subbed to doggo👍
0 likes@alwinsluke why are you subscribing to an obvious bot 😂
5 likes@bababababababa I dont care doggo is a bot
0 likesAs a Senior Information Security Engineer, I was very intrigued to see what would be covered in this video.
14 likesI'm pleased to report that it's largely very accurate, and I look forward to seeing more!
If you want to know more about this topic / Stuxnet (and I mean almost mind-numbing levels of details), read or listen to Countdown to Zero Day. Other great cybersecurity books I've recently listened to are (1) Sandworm which is about Russia's terrifying cyberwarfare capabilities and attacks and (2) The Cuckoo's Egg which is the story of the first proper Incident Response and the methodology borne out of that.
Practically the entire industry thought that the next major war would have a HEAVY cybersecurity element, but it's been (morbidly) interesting to see that seemingly no such thing has come of the Ukraine war yet. It seems that, in most cases, "cyberweapons" will be relegated to intelligence gathering and "under the radar" attacks.
Replies (1)
From my (admittedly incredibly distant) perspective it looks like disinformation is the most visible weapon currently in use lately.
3 likesOn one hand that's a minor relief on the network side, but on the other it's really annoying seeing less discriminating contacts willfully spread easily-disproven nonsense. That's a whole can other can of worms though, and neither this video nor this comment are part of that problem.
As a PLC programmer I can honestly say you should do many more videos on PLCs and other ICS devices ❤
5 likesI'd highly recommend reading the book "Countdown to Zero Day" by Kim Zetter if you're interested in the StuxNet story - it details the full timeline in great detail. If you're at all interested in CyberSecurity you'll definitely enjoy it.
8 likesIf you enjoyed this - Countdown to Zeroday: Stuxnet is an amazing book that dissects how the virus works and potential ways it was delivered.
26 likes18:45 I'm no expert, but I'm almost certain that a lot of people around the world already have experience with wars that they can't simply ignore by turning off the TV.
61 likesReplies (1)
But the point is that a lot of people CAN ignore entire major wars by turning off the TV. Or if they live in Russia, by the TV turning them off.
14 likes2:16 I actually thought you were going to say "this new era was made possible by Curiosity Stream / Nebula / Brilliant / etc" lol
89 likesReplies (1)
...Squarespace, Cloudflare, Nord or Express VPN...
6 likesHands down my favorite cyber security story ever. Love that the virus only targets a very specific centrifuge setup.
4 likesWhat stopped white hat hackers from selling the exploit, and then immediately delivering them to the software developer to be fixed?
20 likesWhy hasn't this business model changed to some sort of subscription, where security companies would buy an exploit, and then pay some daily/weekly/monthly fee until the bug was patched by the developer (this way, encouraging the bug to be kept low profile)?
Replies (2)
White hats are not nearly as common as you might notice, because of a combination of things, but here's something pertinent:
14 likesWhen a bug gets reported, it usually comes after the reporter has abused it for a while and got bored or feels bad about it. So most of the time, reporting bugs can get you extreme suspicion and or bans/punishment. This alone demotivates a majority of regular (ie. non corporate employed) white hats.
But other than this, generally, cybersecurity firms are hired in the process of creating new infrastructure. The problem is software devs LOVE to reuse old shit, so basically unless you're making a whole new internet, bugs from a billion other places will be incorporated. The internet is a lot like building a house and your house building tech only gets better the further in you've gotten. By the time you're installing solar panels, people are starting to realize the foundation is made of packed dirt.
@BigManRufus unfortunately it makes a lot of sense. :/
1 likeAs someone who works in cybersecurity, I can say this was a brilliant video for bringing awareness to the massive concerns that nations, companies and, individuals face in this regard.
10 likesthanks for all the work you and your team put into the products you guys create, they are always made with care and even on HAI made with wittiness.
5 likesWendover is still one of the best informative youtube channels. Amazing work, brother!
3 likesTo be fair, it was already "here" in 2011 - yes eleven years ago. But due to it being ignored and labeled as a "non-issue" (with victims i.e. companies/govs always denying they got hacked/whatever) it hardly received any publicity. It needed an actual war with a large nation for "Cyberwarfare" to finally receive some actual recognition.
2 likesA zero-day isn’t just a bug, it’s specifically an exploit that has yet been undiscovered (eg “it’s been zero days since our staff was made aware of etc”). This is usually a monumental discovery, because it means this exploit may have been around for a long time undetected, and none of the programmers have any idea how much damage has been done in that time. Not every bug is a zero day, because not every bug is an exploitable issue unknown to developers.
8 likesI worry about the electrical grid. It’s an incredibly expensive, incredibly important piece of infrastructure that everyone takes for granted. A stuxnet-like exploit applied to the grid can cause damage on the order of billions of dollars, and hamstring entire nations for years.
3 likesOne of the best and most sensible YouTube channels! Amazing content. And the narrator is awesome too!
3 likesIt's a shame you only mentioned ransomware a little at the end. Without the huge market for zero day exploits created by aggressive state cyberwarware ransomware wouldn't be so big now. Some of the organizations doing it have become scarily big, powerful and wealthy. Governments need to band together against them and IT security needs to improve massively. Governments must stop fighting against encryption and safe communication protocols.
2 likesAs someone big into technology, this was truely a gift given to us from Wendover Productions
15 likesThe amazing part was not so much about the worm spreading over a usb stick. That kind of stuff was done in the 80s with floppies. And its ability to use zero days was also not too special as all exploits found in the wiled are zero days. It was its stealth and really specific targeting to attacked a complicated air gaped machine was what got everyone's attention.
3 likesWow, it is hard to believe the Shadow Brokers' leak was already five years ago! That was a big one. The ransomware campaigns that followed it were unprecedented in scale and simplicity.
4 likesWhen he said "This new era was made possible..." I thought he was gonna say "by Nord VPN"
74 likesReplies (1)
Omg same 😭😭😭😭😭
0 likesStuxnet is an engineering masterpiece.
23 likesi do have to nitpick a bit: not every vulnerability is a zero day. the zero refers to the number of days a defender has to patch it, so until an issue is actually found and used by an attacker it's just a generic vulnerability.
2 likesWhy is it called zero days?
2 likesThe term "zero-day" refers to the fact that the vendor or developer has only just learned of the flaw – which means they have “zero days” to fix it. A zero-day attack takes place when hackers exploit the flaw before developers have a chance to address it. Zero-day is sometimes written as 0-day.
Stuxnet was signed with private keys that could only have been stolen by some very sophisticated hackers.
4 likesImpressive video for a discovery of a channel. I was so impressed by not only the content but the editing, and the referral price offer for CS+Nebula was so good that I couldn't resist!
1 likeI have never understood how hackers in movies are able to break into secure systems with a few keystrokes.
9 likesReplies (3)
If it's in a tactical situation, they likely use a script prepared beforehand that tells their worm to execute its payload.
2 likes@User 2C47 but they have to access the system in order to even get the worm inside.
2 likes...because it's a movie
3 likesOne interesting bit that wasn't covered: it's mentioned in the video that stuxnet got onto the research facility's hardware due to a spy or mole. That may not even have been the case: it's theorized that instead, whoever was trying to deploy the virus did so to either the Siemens controllers or something that would be connected to them, at the source. That is, these machines were infected with stuxnet en masse in their countries of manufacture in the hope that at least some of them would make their way to Iran. And it worked. It's possible that this is also what led to its discovery by the western public: enough of the infected machines made it to western countries that a user who happened to be operating one such machine stumbled on it.
11 likesReplies (3)
That's interesting; it essentially means the attack targeted civilians. I'm sure there'll be some international law laid out to limit that.
0 likesWhat if a single contaminated USB drive found its way into the factory where those machines were being built, and commanded the system that installed their firmware to include a bit of malicious code within it? The factory would not have had the same level of security as the enrichment facility, so it could've been easier to slip in an imposter or bribe a rogue employee...
3 likes@InventorZahran also possible
0 likesAs someone who has had an attack that infected my network at home I can say its quite the nightmare. So bad I went to school to retrain into IT because I saw what this could do.
1 likeOn minute 11, I swear I got goose bumps. Great story, magnificently told. Great job guys!
0 likesThis is by far one of my favorite stories. Anyone who wants a more in depth dive, read "Countdown to Zero Day:," it's an incredible retelling and well researched record of the story of Stuxnet / Olympic Games
1 likeStux was fun. Came from Utah, was propagated by a 'lost' usb thumb drive, exploited not only the zero days but also DMA capabilities of usb, so it could make the air gap jump. That's how it got onto the gapped control machines that ran Iran's centerfuges. And the payload was brilliant--make the uranium enrichment *unreliable*, not completely broken.
1 likeAbsolutely brilliant spycraft.
So interesting! I only had a very rudimentary knowledge of how this whole thing works, and it's so cool to learn how it started and the sort of 'logistics' behind it.
4 likesReplies (1)
i want to know, at the moment, i'm scared, a friend of a friend i know has been hanging out with this man part of a Cyberunit known for phishing, hacking, vulnerable information, possibly Sandworm
0 likesI’m really digging these Lemmino style documentaries Wendover is pushing out. Really good job guys!
1 likeWhen everything is interconnected digitally and with electricity, a simple hack can destroy the entire world. It's seriously worrying.
2 likesIt's amazing how far technology has come. As with many things, if you don't keep up with it you get left behind.
1 likeI remember thinking awhile ago how much I knew. But in the blink of an eye I'm old news and outdated.
Trust the fact that the alphabet boys are keeping up with this advancement. I'm always curious how much thought goes into these trends. Such sophistication and plotting goes into these attacks. Specifically to lay in wait.
The newest version I saw was talking about storing itself in the bios of a machine. That gives me worries at night for sure if I was a network manager.
More of this kind of thing, please.
2 likesIt kinda terrifies me that my university labs have PC's still running windows XP. They're obviously not connected to the network at all, but imagine what one guy with a long cat5 cable and a few minutes could do to the whole university network.
7 likesReplies (2)
I don't know the mechanism, but my university suffered a devastating cyber attack. All the systems shut down, and more than a month later, some of them are still down.
1 likeThe problem is not that they are not willing to upgrade but rather that Software Companies are either to lazy or that the Software that they build are from the 80is or 90is. Everyone who has a little unterstanding how OS works knows what works on a Win10 does not mean it is going to work on older Versions. A good solution would be to switch those Softwares on Linux but I guess the American Lobby would have a small problem with that and on the other hand to convert the whole Software on a different Kernel and Operation System would take ages.
0 likesWhether you think this is good or bad, it is still amazing.
4 likesImagine everyone just getting along and doing things to help everyone improve..quick! Someone write a song about that!
1 likeOk but like this is something I hadn't realized until Sam said it outright: a weapon that cannot be revealed before it becomes useless, is a weapon we cannot shield against. The idea, the prospect of our there being a weapon so destructive, so devastating, so catastrophically armageddon that's just laying dormant, truly is something chilling. We're exposed, there could be a sniper looking at us right now, aligning their crosshair to our frown 24/7 and we have literally, literally no way of knowing if that sniper even exists, let alone which is his rifle, what's their ammunition, or his position.
0 likesThis is a war of warnings, a war that will only end the very second a country calls a bluff to another country that was not bluffing.
The research for this video must’ve been huge, amazing work
0 likeswhat i would like to add is that Siemens PLCs have a pretty huge market share, especially in and around europe. Most other companies have special usecases, but what i have seen Siemens stuff is used often because a lot of people know how to use it, get a good price and know how to program it.
1 likeI wonder if there have been cases of developers purposely leaving in exploits then selling them and patching them as soon as they get the money. I guess any company big enough for exploits to be valuable is too rich to care about the bounty
0 likesI can really recommend the book Zero day. It's about stuxnet and really interesting. But I do think that cyberwarfare is a lot more diverse than this.
1 like"Wars will no longer be fought in far-off lands that can be ignored simply by turing off the TV."
2 likesRather America-centric view, considering what is happening in Ukraine in this very moment.
As long as cyberweapons cannnot control strategic resources or locations (water, oil, power plants, food, warehouses, defensive positions etc.), a conventional warfare will still be a thing. Cyberweapons will nautrally be part of arsenal of any modern army, but the quote above sounds like an overstatement.
3:12 that is a very weird way to explain what zero-day exploits are. not sure why you would go so far to avoid actually tying the name to the core concept directly. have a feeling a lot of people walked away with some weird idea of what they are.
43 likesReplies (3)
A zero-day is literally just an undiscovered exploit in software corrrect?
2 likes@Calvin_Coolage yup. one defenders have had no time to set up defenses for when it's used.
11 likesYeah, 0-day-exploit = the manufacturer has had 0 days to look at the exploit, therefore hasn't been able to fix it.
11 likesPerfect timing! I just finished This Is How They Tell Me The World Ends by Nicole Perlroth last night. It's a great book on cyberwarfare if anyone's interested.
0 likesIf you find any of this interesting I completely recommend the podcast Darknet Diaries, it has a whole sub series about stuxnet, as well as attacks such as notPetya and others. It's a very well produced show made by someone who is very very good at research and knows the industry in and out. Jack Rhysider is a beast
0 likesIncredibly well written script, both yours, Wendover and the one used in stuxnet, ok sure technically it was a compiled payload, but you get what i mean.
0 likesI wonder if cyberwarfare like this will ever have any kind of 'rules' and treaties for it like nukes do
4 likesReplies (1)
Unlikely. People, countries can just say they didn't do it.
0 likesGlad this video is back up after the fake copyright claim
5 likesIncredible video as always Sam and team! 👏
0 likesFantastic job on explaining Stuxnet!!
0 likesLove it!
Wow! That was depressing....and informative at the same time!
5 likesEven thought I was familiar with the story, the presentation was riveting and entertaining
1 likedude! been a fan of your work since you began ... and this is one of your best (and im in IT/cyber) nice work!
0 likesOne of the most intriguing, alarming, and entertaining infotainment videos I have ever seen!
0 likesAll your video’s are great, but this one was excellent 👌
2 likesCyberwarfare/espionage could be a really cool premise for a strategy based videogame.
0 likesHumans for 10,000 years:
15 likesStep 1: develop something to bring man kind forward in its development and to improve the lives and welfare of the whole world.
Step 2: develop a way to defend against it as someone has turned it into a weapon.
Repeat....
Why be an innovator when you can be a parasite who destroys well-meaning things, right?
Replies (3)
Do you think a Uranium enrichment plant is well-meaning?
0 likes@monkeyboy600 yes, most nuclear power plants run on enriched uranium.
0 likesStrategy-counterstrategy human dynamics.
1 likeFantastic work. Terrifying, but not unexpected.
1 likeI like this video, but the Shadow Brokers only released a very small part of the tools they had access to, but was only able to release a handful out of 100's.
0 likesI learned about stuxnet 5 hours ago from a podcast recorded over a month ago. I clicked the thumbnail to this video curious how some cyberwarfare happens so that I could maybe understand more about stuxnet. But I was not prepared. Thanks for double breaking my brain, good work.
0 likesWalked into this video thinking "My country (Iran) has been in a cyberwar for years now, I wonder if this video will mention anything about it" and found out that at least one of my two computers is infected because of it.
5 likesReplies (1)
Hmm, I /wonder/ who could be behind this
0 likesI love all the stock footage. It's absolutely hilarious to look at.
0 likesI believe we can no longer ignore that we live(d) in a very special frontier of the internet, but that going forward the human species will probably not be able to use this technology like we do for to much longer; between cyber attacks, increasingly likely solar flares destroying infrastructure, the climate and migrant crisis’ etc.
0 likes2:18 "This new era [of cyberwarfare] was made possible, and perhaps more importantly, made profitable by-" I really thought that was gonna be the most unlikely ad transition I've ever heard.
1 like3:30 maybe this is a bit philosophical and pedantic (a la "a tree falls down in the woods"), but I think your definition of zero day is a bit unusual. I don't think zero day means "all vulnerabilities that exist in a technology" it means "any vulnerability which has been discovered by a researcher." Since most people only learn of a zero day exploit once it has been used in an attack and researchers have noticed and named it, "zero day" has come to mean "new attack pattern that just made its debut." This better suits the etymological origin anyway. "It has been 0 days since [disastrous thing happened]."
17 likesReplies (1)
More accurately it's "any vulnerability which is unknown to the developers" - the idea being that once the vulnerability is known, its value starts to diminish over time ('n'-day vulnerabilities).
0 likesA 1-day vulnerability might still be missing an official patch, widely unknown, and as such invaluable in the right hands.
A 7-day vulnerability's probably patched, worthless vs. security-conscious targets, but valuable for other uses. Depending on the software in question there could be a vast quantity of old installations runninng.
A 500-day vulnerability is pretty much worthless. (Well... I say that, but if I recall correctly the ransomware attacks that devastated some public health systems a few years back were using ancient exploits... the hackers had made it on the cheap, and were just kinda shotgunning it around hoping to hit something. Turned out a bunch of hospitals still had their entire networks running Windows XP hahaha)
I just finished This is How They Tell Me the World Ends a couple weeks ago. Absolutely worth the read.
0 likesWendover is dropping so really good videos!
0 likesFYI, the reason those centrifuges are so fickle ( said around 9:47) is because of the precise balancing and precision you need on the bearings to separate Uranium 235 from 238. They need an air layer in the bearings (because mechanical bearings with an oil layer can't go to high enough RPM and aren't precise enough) I.E. gas or magnetic bearings to work correctly which need final tuning to make the system run correctly. It would be incredibly easy to just change 1 or 2 parameters that would make a mag bearing system rotate out of orbit and they can literally tear themselves apart if you wanted it to. Stuxnet running at bad RPM ranges likely caused the motors and bearing stators to run at bad efficiency (creating a lot more heat) which can "cook" your mag bearings, motor, and stator by basically annealing the laminar sheets of steel and changes their characteristics (which also removes their magnetism and makes them run horribly). This would likely do this to the motor stator and rotors as well.
1 like8:53 the claim that 58% of computers in Iran were infected is inaccurate. 58% of infected computers were found in Iran, which is a very different thing.
11 likesReplies (3)
Source?
0 likes@Navyseal168 the same as this video: the Wikipedia article on Stuxnet. The article has a table listing affected countries, and "Share of infected computers" for each country. The creator of this video misinterpreted this as "amount of computers infected from the total amount of computers in that country", when in actuality, the table lists "amount of computers in that country from the total amount of known infected computers".
0 likes@巫女みこメガネ ok, you have excellent English my guy
0 likesBut the real question is: How would this affect airline logistics?
0 likesI enjoyed the difference in content, this should somehow be extended into multiple related videos
0 likesIt was very very interesting ,I enjoyed a lot . I shall repeat watching this video over and over again. Thank you.
0 likesBasically "I have no mouth, but I must scream" is closer to reality now.
26 likesA lot of this is focused on Western and Russian cyber but you completely ignored the frets and depth of Chinese government sponsored cyber attacks for corporate espionage. The Iran incident did not open Pandora's box it was already happening.
21 likesMy biggest takeaway from this video: Don't use Windows for mission critical systems. 😆
1 likeAs a D.C. native, I smiled when I saw the stock footage of my hometown in the video. Great work!!
0 likesGreat video and coverage of a complex and engrossing topic. The 2016 documentary zero days is also a very interesting watch on the stuxnet.
0 likesWhile I could be a smart ass and say that this is expected due to running Windows.
1 likeI will say that while nothing is infallible, you do increase the cost vs risk factor drastically by making the government actors have to fight Linux or even harder, BSD.
Of course at that point their next step is to say "sod it" and they start fudging with hardware in transit (The Cisco switch firmware switchout a while back) to get around it.
But I still think the faster you throw the Windows machines in the bin, the harder you are going to make it for them.
BTW PLCs have capability to be configured in such a way that USB cannot to be inserted in the host (similar PCs)
1 likeSome PLCs have/had keys that disable write capabilities unto the system (the older the model the higher the chance this is true)
Thank you for making me weeping in my own room out of fear on a Tuesday afternoon. Thank you.
0 likesThe so called "Trusted Computing" chip is one big backdoor integrated into most mainboards... Microsoft is not really hiding the fact that their goal is to be able to remotely control/shut off every machine in the world, and most companies are switching to their "cloud platform" to make it even easier to accomplish.
0 likesWhat's also worrying is that the world is connected by dozens of mutual defence and arms treaties all based on conventional warfare. However, how cyberwarfare fits in. If a Russian cyberattack begins shutting down Polish electrical grids or knocking Romanian airports down, is that enough to declare Article 5? Could a World War start because of the legal unknowns of this new era? This whole new dimension of warfare could have some powerful consequences and runaway effects.
1 likeRemember, WWI started because of the assassination of a regional power by a minor nation-state. It only takes one small mistake to bring the whole world in.
Zero Day doesn’t refer to the software flaw itself, it refers to the small window of time between when it is discovered and when it it publicly announced. This is when it’s most valuable, because it can basically be exploited at will, because no one even know s to look out for it yet. So any flaw, no matter how major or minor, can be called a Zero Day during this limited timeframe. It doesn’t depend on complexity, just how widely known is it.
1 likeI think you misunderstood the concept of zero-day.
0 likesZero-day usually refers to the day a software is patched and by looking at modifications people can narrow the search space for vulnerabilities.
I love how the idiots who wanted to destroy that nuclear program decided the best idea was to cause a radiological spill, because you know, that can't possibly do anywhere near the most harm.
0 likesI knew what this is about from the first 30 seconds of the video and still enjoyed it. Great job.
0 likesHoly shit! One thing I could see happening is if infrastructure gets shut down, we're gonna see just how closely you can work with your neighbors.
0 likesThe timing on this release is perfect, given we have CCDCOE operation Locked Shields 2022 going on right now!
8 likesI don’t think you’re giving developers enough credit. It’s not so easy to develop such widespread devastating viruses as you’re saying at the end there. Not with modern security practices. Finding 4 zero days that can work together in the modern day is basically impossible.
1 likeStuxnet! I’ve always found this intriguing, I wish you had gone into a bit more detail about Stuxnet but it was still a great video!
0 likesThis is probably the best structured, narrated and researched video i have ever seen on anything. Just free for everyone. Thank you very much Wendover. You are amazing.
1 likeI was caught In the middle of a railroad track (thunder)
1 likeI looked 'round And I knew there was no turning back (thunder)
My mind raced And I thought, what could I do? (Thunder)
And I knew There was no help, no help from you (thunder)
Sound of the drums Beating in my heart
The thunder of guns Tore me apart
You've been... Thunderstruck!
:D
Haven’t been so early on a Wendover video! Getting some popcorn, and staring it! Cheers from Japan!
241 likesReplies (5)
isn't it about one o'clock in the morning in Japan? What are you still doing here?
3 likes@Florian Schneider We are rebels!
2 likes@Florian Schneider Imagine asking why are they still awake like is that against the law?
2 likes@Florian Schneider still to early t9 sleep! Lol
0 likesmaybe just maybe he is not japanese
0 likesThanks, love your content, thanks also for the referral of RealLifeLore I finally signed up for Curiosity Stream annual bundle. I might buy some shares tomorrow, Be an owner, not just a consumer, right? Thanks.
0 likesHacker: Hey, we found some bugs you might want to know about.
3 likesBig tech: We sue.
Later:
Hacker: I'ma post bugs on the forums cuz I don't want to be sued.
Security company: Yoink!
Also Security company: Hey, we found some bugs you might want to know about.
Big tech: We buy.
3:13 "While the math behind encryption may be infallible..." camera pans to someone wearing the ugliest footwear ever known to mankind "...people are NOT" Video editor is awesome, give the dude a raise!
0 likesI strongly recommend ‘This is How They Tell Me the World Ends: The Cyber-Weapons Arms Race’ by Nicole Perlroth
1 likeThe scariest thing about cyberwarfare is that, unlike conventional warfare, there is no consistent way to attribute a cyberattack to a specific nation-state. This gives countries a bit of plausible deniability that locks up the traditional mechanisms of international law and the law of war.
8 likesReplies (1)
This happened in Estonia already.
0 likesHell yeah. I love watching a video about why my laptop just self destructed.
0 likesI’m still determined to have a good day even when having just taken in some extremely troubling information
1 likeIt’s interesting how US cyber warfare seems to be less active, but at the same time more advanced
10 likesThis has got to be up there with the best videos you've evert made! Fucking insane and glued till the end
0 likesIt used to be that zero-day vulnerabilites were immediately disclosed as the bad guys had them, and the more people who knew about them, the better they could change the security posture. However, the banks and Apple didn't like not having "advanced notice", so they changed to the current model, where severe bug may be unpublished for a period of time while the vendor makes corrections, rather than launching into a 90-day sprint to solve a Heartbleed bug.
1 likeDuring a hot war, the more direct tools (missiles, special forces, good ol' amroured columns) are still producing results faster.
0 likesDisrupting a country's development of nukes wasn't all that bad though, considering the alternative was an invasion to stop their nuclear program, or let another unhinged power gaining access to nuclear weapons.
1 likeSam, this might be your best work yet.
0 likesAll I have to say is you're so good. Keep making greats videos.
0 likesThis was incredibly fascinating!
0 likesYou have a major error at 1:35. The correct statement is, "60% of all computers with Stuxnet were located in Iran", NOT "60% of all of Iran's computers were infected".
4 likesReplies (1)
This. 👍
0 likesStrange. You can tell by the end product of the centrifugation process if something changed. Also, a worker who's been there for a few years can even hear, if a centrifuge is not running properly.
0 likesIt could be scary to launch your own nukes. What if a hacker swapped out the "launch" command with the "detonate" command.
0 likes2:17 don't tell me you weren't expecting the sentence to go "This new era was made possible by Skillshare"
1 likeIt works exactly as media manipulation.
0 likesI remember simply putting an empty read only autorun.inf file on USB drives was enough to prevent the spread of these widespread viruses on Windows XP. Thankfully this stupid auto run 'feature' was removed from later versions of Windows for USB drives.
0 likesThis makes me feel like internet security is a pointless endeavor for the average citizen. Not meaning basic security practices like changing password often but all these other security tools being sold to us these days.
0 likesYou guys finally made a Stuxnet video!!! 😍😍 every software geek is overjoyed rn
0 likesI love Wendover. That's all I have can say.
1 like"This new era was made possible" my brain finished the sentence "with skillshare" you've ruined me
0 likesThe book called Countdown to Zero Day by Kim Zetter goes very in depth about this. One of my favorite books
0 likesIs definitive, Sam has a jornalist training, the way he narrates any topic is very engaging.
1 likeIt's looking more and more like worthless hype with every passing day. Cybersecurity is easily winning. Face it, human conflict is about aggression, which is bad. Isn't there something better than being fascinated with it?
0 likesFun fact: the hex numbers in the thumbnail spell out "WENDOVER" when converted to ASCII
1 likeThanks for this great deep dive, there is nothing about Stuxnet that doesn't intrigue me.
0 likesthat stuxnet virus is insane, that's like straight out of mr.robot
8 likesIts important to remember that every age in human history has had its own unique challenges. A couple hundred years from now we'll be laughing about how trivial cyber security is as we focus on the next big problem to deal with, and the one after that, and the one after that.
16 likesReplies (3)
I dont think it will ever be trivial. People dont want to be spied on
3 likes@DDM Acc My point is that conflict is a natural part of human existence. People like to hype up cyber threats like they are this big and scary thing, and they can be, but this is the price we pay for living in the 21st century and enjoying all its luxuries. You can either make peace with this fact or waste your time wishing you were back in the dark ages where cyber security wasn't an issue, but the internet didn't exist and we didn't have programs to deal with complex computational issues.
0 likesNew problems will always be springing up while old problems continually die. Cyber security is the newest of problems, we just have to keep a cool head and work towards a solution while enjoying what we have now.
@Fred Riddles Depends on whether the world is still under the rule of a handful of rich industrialists or whether workers have sorted their shit out and taken control by then.
0 likesIncredible work NSA!!! 🙌
0 likesi gotta say this somewhere now.
0 likesALL THE TIME i hear about curiosity stream and Nebula and id LOVE to go there but I just cant.
Not everyone has a credit card. Its so taunting to hear it and want it but needing a stupid credit card in the middle.
Same goes for gift cards. You cant get them without credit card. Which century is this?
Reading This Is How They Tell Me The World Ends right now! Great recap! If you’re interested in more, that’s the place to go. Almost exactly that.
1 likeIt works by one dude saying “I’m gonna get into the system” and another dude saying “no you won’t”
3 likesStuxnet was a beautifully designed and engineered virus. The story behind it is fascinating and I encourage everyone to read up about it. Not to discount Sam's video. He does a great job.
121 likesReplies (4)
There’s a great podcast about it on Darknet Diaries. Episode title is Stuxnet. All episodes are great though
3 likes@Generic YouTube Account Don't think the real target of your tip got to hear it, if you catch my drift
1 likeStuxnet was a worm, not a virus
2 likes@Marcos Socram Who was it?
1 likeThis is something we deal with daily in US manufacturing. I work as an electrical maintenance lead at a steel mill. Our Automation department has to work hand in hand with our IT department and our corporate IT department to ensure our cyber security is sharp. We currently are getting ready for potential vulnerabilities in a large upcoming Windows update that has been warned by our PLC manufacturer and Microsoft. That said we are auditing our Network security and firewalling. It’s concerning to all of us how these zero days can be utilized without manufacturer notice to wipe out our processes, and with that we ensure residences are built in and offline spares are prepared so processes can be restored and isolated if needed.
0 likesI mean... People don't update their systems, especially industrial companies. You realistically don't need a zDay to infect those networks. Most network compromises come from people getting phished by obvious schemas 🤷
1 likeHow do you stop a zero day attack? From what I've heard the end user doesn't even need to do anything, the attacker simply needs to know their phone number and that's it! Could be a text message sent or anything, and the victim doesn't even need to open it. Wouldn't be surprised if there's a government backdoor for everything nowadays either.
0 likes"Zero days are worthless...Quickly patched by devs"... But doesn't mean the updates are installed. Takes years for many companies to do that lol. Any one who does IT sees old vulnerable stuff all the time and has to convince companies to upgrade.
2 likesStuxnet silently and nearly undetectably prevented the advancement of nuclear technology in Iran. This sounds like a similar M.O. to the Sophons from Trisolaris in Three Body Problem.
3 likesZero Days (which like this video take the stuxnet worm as its starting point) is a great documentary and a must-see for anyone wanting to dive deeper from this video.
0 likesNice vid seen this topic story allready but you explained it excellent as well
0 likesWe need to be clear about the Colonial Pipeline attack.
2 likesThe attack didn't go anywhere near fuel and pipeline operations.
It was a DP attack; it would have shjut down *the computers they used to bill customers*. *They shut down the pipeline*, lest they be unable to collect money for the prodcut moved.
My understanding is that there was a photograph in an industrial publication of one of the terminals in the facility that reflected that the Iranians had not been updating their control software package because the licenses were under sanctions.
0 likesAs someone who is a chief information security officer and a network data security specialist and a firewall security inspector….
0 likesthis is cool
That is an elegant solution very well executed.
0 likesI just graduated IT in 2020, and CS specializing in Internet Networks, and Databases in 2016.
0 likesI have heard all these things while I was in the middle of my college, man my field changed alot in cyber security in that time frame.
I also have a laptop with alot of old virus codes from the centuries, including the infamous I-LOVE-YOU virus. The wifi card for that laptop is removed and Ethernet port disabled permanently hardware wise, and its running Win 10 20H1 natively, with vms for DOS.
I usually use those codes as learning materials, and sometimes algorithms within it I use for code I make.
"This all was made possible by"
2 likesMy mind: Skillshare!!
Is it really a weapon though? A sledgehammer is a weapon if I swing it at you, but if I tear down a house with it then it is only a tool. This tool didn't attack people but infrastructure instead. Therefore, it is a tool and not a weapon.
1 likeReplies (1)
A bomb can be a tool used in demolition and tunnelling. That doesn’t mean it can’t be a weapon as well. Is a knife always a weapon? Always a tool? Or sometimes one and sometimes the other?
0 likesGreat video Wendover Production. Love this channel so much
0 likesImagine paying millions for a zero day vulnerabilities only for an ethical hacker to find it a week later.
1 like18:45 I'm no expert, but I'm almost certain that a lot of people around the world already have experience with wars that they can't simply ignore by turning off the TV.
0 likesDo a video on hardware vulnerabilities and counterfeit chips!
0 likesThe "error code" in this video's thumbnail is actually "WENDOVER" in hex. The second and seventh characters are the same (both E's), the first character is one greater than the sixth (W is immediately after V in the alphabet), and the fourth character is one less than the E's, since it's the D.
0 likesThis era was made possible & profitable by... *Our sponsor SquareSpace!*
1 likeIt shouldn’t be treated or viewed any differently than dropping a bomb on a city or launching a nuke if it’s a large or destructive enough cyber attack, because in many ways they can actually be more destructive than traditional weapons. The US government, for example, has to make clear to Russia currently that any major cyber attack on US soil or of US interests on foreign soil will be treated the same as if Russia flew fighter jets over New York City and started dropping bombs and that it will be considered a very real official declaration of traditional war that would trigger NATO’s Article 5 the same way a traditional attack on NATO territory would and it doesn’t matter whether or not they have plausible deniability through the use of contracted outside hackers and troll farms and don’t officially take credit for it, if it comes from Russia or groups and organizations known to be friendly with Russia it’ll be treated as a Russian attack. Time to finally put them in their place, especially when it comes to cyber warfare, after all the destruction they’ve caused over the past several years through such means. We’ve got to make any potential use of cyber attacks seem like a suicide mission to them, AND China for that matter.
0 likesUnfortunately Cyber Warfare has been secretly happening for a very long time now. Stuxnet was pretty recent if you think about it.
0 likesI can always tell it's gunna be a great video when he says "...You see..."
0 likesThanks for the vid great job, always a great place for inspiration for me and my videos. Peace
0 likesAh yes adding more anxiety to my mountain of a pile, what a great way to start a Tuesday
0 likesAre we living in a time that will one day be referred to as... The Cold Boot War?
1 likeI am pretty sure that a lot of capable people are pretty motivated to activate one or two of these on Russia at the moment.
1 likeThere exists a backdoor in mobile telephony network that allow anyone with the right tools to get into your phone and there is no way to prevent it. Ross Coulthart has a piece on it.
0 likesWhat a phenomenal video. Thank you
0 likesyou dont realize how scary this is until you realize nuclear launch sites could have a venerability and with a press off a button the world could end
1 likeReplies (1)
Well, yea, but actually no. In the US at least, our nuclear launches need actual physical activation keys. You cannot launch an ICBM from the US without having a living person present.
0 likes2:19 “This new era, was made possible..”
1 likeMy brain: “by our sponsor, Nord VPN”
17:18 "Traditional weapons have consequences for the agressors, ..." not really, the US deployed 2 nuclear weapons on civilians ... and there where no consequences. (At least no negative consequences)
0 likesthis mans war profiteering in the right way! Keep informing the masses!
0 likesI too, was fooled by "this new era was made possible..."
1 likeJust because a security bug is fixed does not mean it is patched in the real world. Many corporations run outdated operating systems with unpatched security vulnerables. And keep ignoring the fixes that have been made.
1 likeMake sure YOUR computer installs the latest fixes as soon as they are released.
Replies (1)
Updates updates updates!
0 likesI feel like this will be a short period of history, where they're so common as to be unsurprising when you hear "X was hacked". Eventually we'll patch all the easy ones and only amateur code will be so vulnerable.
0 likesReplies (1)
Unfortunately that’s not possible, each time a new bit of software is created, new exploits are also created.
0 likesHumans just don’t have the time, energy, or ability to make any piece of software perfectly unhackable on the very first release.
"THIS new era was made possible..."
1 like[brain autocompletes sentence] by SquareSpace.
"... by the zero day exploit"
Attribution is bullshit most of the time. Anyone who tells you different is a fool or selling you snake oil. Sometimes it's not but usually a clever hacker can make it look like anyone else did it
1 likeDie Hard 4 was already in cinema's almost 15 years ago, tackling similar theme. (Description in second paragraph for spoilers)
0 likesI remember talking to people about the movie back then saying: this is likely already within the realm of capabilities.
Some agreed with me, but most just waved it off as a fantasy saying governments and companies are likely well prepared for these threats.
Well if there's anything we've learned since then is how woefully inept big organisations are when it comes to upholding cyber security.
SPOILER WARNING:
The movie is about a criminal organisation paralyzing all the infrastructure in a mayor US city by hacking all the control facilities. (Traffic, Electricity, Water, Gas, etc.)
They cleverly outsource part of the hack's preparation to individuals so they can take the heat while they execute the second phase of the plan.
Luckily in the movie this organisation is only out for money using the chaos to rob banks.
In that way it's similar to the Texas gas pipeline ransomware attack, which was executed by relatively unskilled criminals and didn't even compromise critical systems in the end.
Just imagine what government funded experts are capable of, not motivated by money, but by political goals.
Replies (1)
Bro most of yours can't be downloaded
0 likesYou should make a podcast or at least have these videos as audio only. I like to listen to these when I’m working I just put my phone in my pocket and listen
0 likesI went crazy for 3 days trying to find this video to show a friend. It was actually gone. I'm sane again
1 likebrilliant informative video - thanks.
0 likesIME a 0day is an exploit that the dev doesn't know about or is aware of but without a fix implemented. Once it is fixed it is not called a 0day anymore
0 likesI am futile with my desire to help. I wish I had experience and could join the fight like him.
0 likesThe massive, extended Verizon Wireless outage on April 20, 2022 smells to me that cyber warfare is now affecting our comm infrastructure.
1 likeReplies (1)
There was a Verizon outage?!? It must not've affected my region, as I never noticed any disruption in service...
1 likeAmazing condensation of a complicated topic that portrays the real world realities of this warfare. A warfare that can collapse infrastructure on a large scale, a weapon that can only be fired once, a weapon that can be concealed in a crowed and fired without knowing who did it. There are people/groups out there that know how to make a bit of code that knows how to jump, replicate, hide, and target any computer they want it to. Finding the holes in people to quickly infect computers.
0 likesAhaha. I though “this new era was made possible” was going to be a sponsor plug 🤣
0 likes"This new era was made possible... by today's sponsor!" 😂
0 likesThis was very interesting. Thank you.
0 likesUnless the cost of renewable energy is affordable for the general population it is unlikely that people will switch to EV vehicles soon. But who knows
0 likesWhen he said "this era was made possible by", I was confident he will say Skillshare
0 likes7:38 I'll have you know that this was the moment I realized it was .Lnk and not, infact, .ink (with a capital I for some reason) as I had always thought. Makes a lot more sense, in several ways.
0 likes16:39 Correction: ransomware locked up billing for the US’s colonial pipeline. The pipeline itself was shutdown by the company.
0 likesReplies (1)
Wait so they shutdown the pipeline and inconvenienced millions of people because the company couldn't wait an extra few days to get paid?
0 likesWhen he said "This new era was made possible..." I thought he was gonna say "by Nord VPN"
1 likeInteresting video. Two things: Stuxnet was not the first. Russia was already comitting cyber attacks against Estonia in 2007, so it's not totally fair to blame Israel and the US for kicking it off, although it did kick things into higher gear and lost them any moral highground.
0 likesSecondly, we've heard a lot of these 'next war will be cyberwar' predictions, but they don't seem to pan out. What is the distinction between 'cyber warfare' and just sabotage?
Way better than "Half As Interesting." That guy is a freaking hack! 😀
5 likesReplies (1)
"Half-Assed Interesting", am I right? Totally a counterfeit imposter, not even pretending to be original.
0 likesJust wait until you look up the latest version of Pegasus. 😅 Not to mention NSA was also the creators of Eternal Blue. Just imagine what other mega weapons we have brewing.
0 likesWendover Productions thanks for providing good quality informational content for free guys!
4 likesHas anyone looked into the vulnerabilities of our hardware? E.g. a lot of routers have backdoors built into them
1 likeReplies (1)
Yes. There's a complete industry working to keep everyone safe. Remember Log4J? That would've been much, MUCH worse if information security professionals around the world hadn't worked so hard to mitigate it.
2 likesAs a huge fan of these videos, I should've guessed this one is not for someone who already does hacking for a living. :(
0 likesTheir main goal: make handwritten documents great again.
0 likes2:26, I was SHOOK, that it wasn’t skill share that made it possible..
0 likesYou did it : I subscribed to Nebula, I love it :)
2 likesWhenever a new military invention is made and there still isn't an agreed convention on how to use it, it's considered legitimate to use to even almost in peace time, which can easily lead to escalations with older, more established weapons with agreed upon rules and precedents. You can see this in drone strikes, and cyber warfare, and I'm willing to bet that if warfare in space becomes viable or it will happen there too.
0 likesBefore Stuxnet, there were plenty of cyber attacks with cyber WMD.
0 likesThis guy is good. Wendover is really good content.
0 likesAt the beginning there, I really thought he was going to say this new era [of cyber warfare] was made possible by Skillshare lolol
0 likesCyberwarfare is cool, but nothing beats a bunker busting bomb for destructive potential.
1 likeThat description of war as something that happens far away and you turn the TV off was even more American than your pronunciation of "Iran".
0 likesHere's a scary thought: a lot of businesses, institutions, governments etc. still use Windows XP and IE 6/7/8.
0 likesWhat a horror story 🙈 What if the damage is self-inflicted? The World Economic Forum won't shut up about such things, and the way they talk is very sinister. The way corporate companies such as internet providers and other services brush away down time as 'serviceable' makes you wonder, and who knows when these things are happening?!!?
0 likesDo NATO states even need hackers? All the companies that make software or the physical machines themselves are in NATO countries, subject to their laws, and could easily hire certain boardmembers and just openly give access/backdoors to everything.
1 likeGuess it's a good thing I use a VPN at all times along with a few other cyber security programs on my computer and phone and stuff
0 likesyes i forgot how this theory is called, but the more the technology progress the more its likely to cause (some) destruction of the world
0 likesOh damn!
0 likesI thought he'd do a segway to sponsor when he was going over to Zero day 😂
A 0-day is an issue that the developer or vendor does not know.
0 likesIt could be a glitch or simply a mal functioning button or something.
But a 0-day vulnerability is what these hackers are looking for.
Knowing the vulnerability exist is 1 thing, but knowing how to exploit it and especually knowing what other vulnerability that can be used with it is what makes the Iran case brutal and scary.
Globalization teaches us to connect and cooperate. But cybersecurity teaches us to rely on ourselves and trust no one.
2:18 - "This new era was made possible..."
0 likesI literally thought you were about to say, "...by Squarespace."
So glad I paid for extra internet on my flight!
0 likesThe most nefarious computer virus would be one that cripples the fuel economy of the Toyota Corolla
0 likesAt 2:20 I was unironically expecting to hear “Skillshare” LOL
1 likeStuxnet may have been behind the extreme damage besides the tsunami which is was designed to handle.
0 likesWill you follow up this video with one about Pegasus Spyware? Seems like it's the gamechanger globally in the Cyber-Security world. (Insomuch as we know about it).
0 likesThat or maybe do one about the US PRISM program.
nice video, but as Russia-Ukraine taught us, tanks and rockets still work fine
0 likes4:46 er.... I wouldn't exactly call it "ethical" to pay hackers to NOT report critical security flaws to developers. "Profitable", certainly. Ethical, no.
0 likesWe need to reduce our dependence on the Internet. Period.
0 likesAnd I do not mean psychological dependence, although that is also true. I mean the actual physical dependence on the Internet for the electronic devices we use every day to work. Things should work offline by default.
"This new era was made possible, and perhaps more importantly, made profitable by today's sponsor, SkillShare"
0 likesDefinintely need to link your lights and doors or even cars through a cloud.
7 likesReplies (3)
I never bothered with the whole 'control you home from your phone' thing, now I have a reason to never use it
1 likeRemember that time when amateur hackers figured out how to remotely control a Jeep's brakes?
0 likes@InventorZahran Fun times when hackers will be able to control cars like in a video game over their phone.
0 likesI was one of the victims of this cyberwarfare when allegedly some Chinese hackers cut off the electricity supply of Mumbai last year. Had it lasted longer, it would have be a nightmare for hospitals especially during covid.
1 likeNew era!? Just a year ago we fought with sticks.. Now we fight with rocks!
2 likesThis era.. was made possible… by skillshare, todays sponsor
0 likesliterally got a youtube poll ad on this video asking “which of these major tech companies do you think help keep people safe on the internet” smh 🤦♂️
0 likesVery interesting and informative
0 likesDon't forget by the time we hear about anything the us government does, they have already done better. They likely have a stuxnet 2 or 3, and maybe are waiting for the right time to use it.
1 likeSince then no employee in any bigger company can even change the wallpaper of his workstation 😑
0 likesThat windows XP throwback though 😅
0 likesThat future cyber attack could come from Russia that's why everyone should keep their gas tanks full and have cash on hand. Having canned good and other dry foods could be a good idea too. Whatever consumables you think of as vital you need to keep extra on hand hopefully enough for a month or so.
0 likesReplies (1)
If you're told it came from Russia, then you can guarantee it came from the US gov.
0 likesWhy did I completely expect him to say "This new era was made possible, by skillshare."
13 likesReplies (1)
Idk but would skillshare help to protect myself, I'm fearing for my life as i think a friend of a friend I talk to might be some state sponsored hacker, said he worked with a unit in Belarus
0 likesAh, a world without Wendover is unimaginable.
0 likesWhat's scary to think is that the actual hacker for the malware might have commented on this video.
0 likesGreat job as always
0 likes"Wars will no longer be fought in far off lands that can be ignored simply by turning off the TV." They will turn off the TV by themselves.
0 likesMr Wendover, how this 1MB of code effects the airline industry ? 😎
3 likesIf anyone know anything about supply chain, then they will tell you how much of our life already been affects by cyber attacks on a daily base.
0 likesNothing like an existential crisis on a Tuesday's lunch break!
0 likesWouldn't it be hilarious if China/USA have zero-days lying in each other's system but are unwilling to tell MS to patch since it would destroy their attacking capabilities?
1 likeThat fact that this is artificially trending is verification that the reason why your phone and Wi-Fi has been out is cause it’s already happening
0 likesCan I suggest a topic? In 2008 there was an economic collapse that started in the US stock market, triggered by just a few things that cascaded through the entire economic system. We can say it was CDS's or we can say over leveraged housing market, and there were political components as well, but it was a complex (and later identifiable) cascading of big dominos. When the Soviet Union fell in 1989, do we know what those initial, specific triggers were before the cascading collapse? (I don't mean the macro events like Chernobyl and the Berlin Wall, I mean the minutiae, the pebbles that first started the landslide) And and could we apply that model to present-day Russia in order to look for any possible early indications of Putin's reign collapsing?
0 likesit is amazing
120 likesReplies (1)
Bien
1 like2:19 Thought Sam was going to say “by Skillshare”
1 likefr the 'Modern Conflicts' series is excellent, worth getting Nebula for as are so many other great series/channels there!
0 likesGot a feeling the shit will hit the fan when a.i. becomes cyberwarfare capable.
0 likes4:17 "This new era was made possible... by Skillshare."
0 likesThat's why I'm watching this video on a typewriter.
1 likeThe 'creating and waiting' he described at the end of the video sounds similar to the M.A.D. nuclear doctrine
0 likesI don't quite understand why OS's, drivers, etc cannot do more to protect themselves via checksums and nonwriteable files. Also, why wouldn't a USB drive be authenticated for local use only?
2 likesReplies (1)
Good question! Common operating systems will allow autorun from external drives or offer to open them in a viewer that might contain an exploit. Since the days of Stuxnet, we've found even more powerful ways to attack systems over USB as the computer believes whatever the usb device claims to be.
0 likesAnd yes, there is a lot that operating systems can do to prevent this; research in capability theory can tell us how to effectively defend against these sort of attacks, and there are some such features that are making it into real systems such as vfio and the iommu. consumer operating systems have a long way to go to catch up, though.
My TV literally had an HDMI error I've never seen before pop up while watching this video, and my first thought was "ah, shit. It's starting."
0 likesSomething I just noticed, the error code in the thumbnail is ASCII for "WENDOVER".
0 likesI appreciate the small details
If anything, sabotaging nuclear weapons shouldn't be considered "cyberwarfare", but rather "preventing warfare".
0 likesSam: Makes a video on Epidemic Management
0 likesCOVID-19 enters the chat
Sam: Makes a video about controlling riots
Capitol rioters enter the chat
Sam: Makes a video on Cyber Warfare Anonymous enters the chat
Sam, DO NOT MAKE A VIDEO ABOUT NUCLEAR HOLOCAUST. I DON'T LIKE THE PATTERN I'M SEEING.
The problem with this cyperwarfare is, that it will destroy itself by just existing: The more cyber-weapons are created the more vulnerabilities are found. And to protect yourself you have to close your own discovered vulnerability. Your enemy is doing the same. So in the end you have a lot of closed vulnerabilities and a lot of now useless weapons. What a waste of money.
0 likesAmazing video as always.
0 likesI hear Stuxnet has been turned into a black market generalized utility that any hacker can buy for relatively little and has been used against oil companies and other big players. I expected you to cover that some, but you didn't. I'd like to see a follow-up to this one that covers that and some of the work at the Idaho National Lab where they have blown up transformers and other critical infrastructure using nothing but cyber attacks.
0 likesSuch an indepth video, until you talk about the detail of how it damaged the centrifuges 🤣 stuxnet is scary.
0 likesAnd people continue to connect frivolous devices like a lightbulb to their wifi lol
0 likesi dunno why anyone security minded would trust a closed source kernel. you need as many eyeballs on it as possible to minimize this. it's not perfection, but damage is much harder when everyone pools their resources to produce a system.
0 likes17:30 "I do not need to know, who did it, I just need to find who mark as guilty and punish him immediately." :) - Unknown NKVD Investigator
0 likesWe need a Disrupt video on this exploit.
0 likesSucks this video was erroneously taken down for so long, hope this helps you guys keep doing good work!
2 likesReplies (5)
Its how YT shaves profit from the creators.
0 likesAny idea why it was taken down?
0 likes@Taavi Tammaru copyright strike
0 likes@Taavi Tammaru nicole perloth doesnt like it when you credit and use her as a source
0 likes@systems Its possible I dont get how the system works because Ive been banned for 4 years, but the most views usually occur shortly after release.
0 likesSo is an cyber attack considered an act of war?
0 likesI have to say that while I appreciate the technical information you put out, I find it interesting that you imply that "Western players like the US" don't have "concerning human rights records."
4 likesReplies (1)
All the major world powers [including the U.S.] (and many smaller ones too) have concerning human rights records. It's all a matter of perspective.
2 likesWell good old unique and some what analog controllers on nukes is a great thing
1 likeGreat video! Although I think that guy over at Half As Interesting could explain it better..
0 likesDRM solutions could be leveraged as cyberweapons should government approach given corporation during a war. Think Tencent.
0 likesThanks Wendover! Watching your videos on Nebula now!
0 likes8200 is barely the first line of Israeli tech abilities. Beyond the Israeli private cyber security companies, which there are many, Israel has a good number of other units.
0 likes2:19 had PTSD there, thought he was going to say skillshare 😂😂😂
0 likesto think this was in 2008. i can only imagine what's happening now.
0 likesThat shadowbrokers thing was crazy. Someone paid them huge money.
0 likesWell, time to go back to a pen and paper and start to use public libraries again.
0 likesI wonder where's my 1990 encyclopedias?
kinda expected him to say, "by skillshare" at 2:18
1 likeReal Life Lore take note!
0 likesThis is how you pronounce “Belarus” correctly! Lol
What a interesting time to be uploading this.
7 likesAn Iranian nuclear facility huh?
2 likesBOY I WONDER WHO MADE THAT HACK.
Excellent video Samantha!
0 likesAh yes, American cyber terrorism: when you're not cool with how other countries choose to self govern
1 like@2:22 anyone else's brain automatically fill in "this new era was made possible by Skillshare"? 🤣
0 likes8:06 and this, kids, is why you use Linux in professional settings.
0 likesAt 2:11 please tell me im not the only one who thought he was going to say "this new era was made possible..... by skillshare"? 😂
0 likesdarknet diaries might be the best podcast going around if you're into things like this :)
0 likesI have no idea how any of these work but one of the smartest kid at my school plugged a USB into a computer and somehow got the staff wifi which now I have as well
0 likesAll the vulnerabilities are windows/Microsoft products.
0 likesThat's why I'm a Linux user
Cyberwarfare depends on so many conditions that it's not that lethal in the big picture. Russia who is supposed to have a major cyberwarfare capabilities, has failed to demonstrate in Ukraine while they are waging all out war. That tells me that those capabilities are fairly limited.
1 likeReplies (4)
Or they could be saving those capabilities for the most crucial moment. Maybe even intentionally holding back for now so that the enemy will underestimate?
0 likesIt's not an all out war. It's a decidedly limited war
0 likes@InventorZahran That won't be a good idea when they are losing so badly. I believe they have tried everything they can so far.
0 likes@the gamer well if by "an all out war" you mean using nukes, then yes its not "an all out war", but by every other definition its pretty much "an all out war". Russia is using a major part of their military. They have no aces up their sleeves besides nukes.
0 likesI'm still waiting on a big bang that the log4J could've enabled a while ago
0 likesI'm glad my tax dollars go towards horrendous acts of war that cause pain and suffering to millions of innocent people throughout the world.
0 likesPeople should watch on the documentaries when the internet started booming . This whole virtual thing is not such a great idea actually, and it is getting out of control slowly by slowly .
0 likesAmerica Sowing: Haha yes this fucking rules
2 likesAmerica Reaping: What the fuck how could this have happened
I was so expecting 'Was made possible by SKILLSHARE'
0 likesThis new era was made possible by Skillshare.
0 likes10:00 my question is which is more likely, the USB was used by a spy or a fool?
0 likesI hate to say it, but malware running on view definitely pre-dates Stuxnet. I had malware on my machine as a teenager that did exactly that, probably 2004-2005.
0 likesThanks for the Terminator level existential crisis all over again
0 likescyber warfare is when someone mocks me for my reddit comment history :(
0 likesShould do a video on the logistics of beehives
0 likes“This new era was made possible by hello fresh”
3 likesThis is why everything important needs to run on a custom Linux kernel.
0 likesStuxnet had like 20 zero day exploits in it
0 likesExtremely interesting video!
1 like"Made possible by..." SKILLSHARE. oh wait
0 likesIt's a shame that Stuxnet was ever discovered... that was one piece of beautiful software that actually did humanity a favor!
4 likesBut it is also no surprise that cyberweapons are so effective, looking at how slow many companies are to adopt the most current OS and security patches.
Replies (3)
Honestly
0 likesWhat favour did it do? Iran has a right to defend itself just like any nation. If it crippled a western power then it would be a favour.
1 likeNothing that aids israel's foreign policy can be described remotely as "doing humanity a favour"
1 likeWait, I still don't get how the malware reached the centrifuge machines. If the facilities admirative computers were not on the internet, someone would have to physically go to the plant and convince one of the employees to plug in a contained USB or insert a contaminated CD. Shouldn't standard procedures include not bringing in outside devices that can do just that? I know many times employees don't follow policy to save time, but in this case I can't see even the laziest of employees finding a reason to disagree with his employer. Also at 11:00, it was mentioned Stuxnet got control over the administrative computers, but not the centrifuges themselves at this point. It's said another zero day exploit was used to get stolen security certificates, but I don't get how those certificates were used to issue bogus orders. I understand the .lnk exploit, but the step from "administrative computers" to "centrifuge control" wasn't well explained.
0 likesReplies (1)
Re the initial breach, the prevailing theory is that someone was bribed or a spy got into the facility. That does leave the question of how it got out though, which kinda indicates that information security practices there were a little bit lax.
0 likesWow, Iran did everything right security-wise.
0 likesThey simply got outplayed.
"This era was made possible by " - I expected the next word to be "NordVPN".
0 likesThanks to Wendover's recommendation, I started making money
0 likesBefore: Swords, cannons,...
16 likesNow: Keyboards.
Replies (2)
Just another tool in the arsenals of nations.
4 likesI guess soon in the future, the word keyboard warrior won't be as offensive.
5 likesNo way iD’s model was ethical.
0 likes5:55 Did he mean to say 'mortality' or did he mean 'morality?'
0 likesCalling BS on this one... if such a thing existed, it will have been used over the last 6 weeks
0 likesHello this is a reminder to sleep that you said I'll watch one more video but now you are binging wendover
4 likes"The aWeSoMe logistics of cyber warfare"
0 likesIn a just world, any countries that were involved in the creation of Stuxnet would lose all nuclear capabilities, and those capabilities would be somehow handed to Iran.
1 like"This concept has been made possible... by NordVPN! Sign up for..."
0 likesIt's called a "zero day" because when the issue is found, it's already live on production code, meaning that the engineers have "zero days" to fix the issue, because the problem is already out there for the world to exploit.
25 likesReplies (4)
If you explain something explain it right:
6 likesIt is called that not because the developers have "zero days" to fix the issue, it's called a "zero day" indicating that this exploit was previously unknown or undetected so it is basically "day zero" after discovery of the vulnerability. There are "zero days" that practically are shoved aside because other measures are in place to make it hard to access, a zero day can sometimes take a year to get fixed, so it doesn't span a time limit for developers on when to fix the issue - it all depends on the severity of the vulnerability.
@Finkel - Funk I never stated it's a timespan to fix the issue, I think you misunderstood my wording. It's representative of the development time left allocated.
3 likesFor some reason there's a lot of people that complain about the origin of this term every time I hear it brought up, and I've heard all kinds of varying explanations over the years working in tech. I'm going with the one I know. I won't add any more commentary on this subject.
@LoLAimAtMe That is also simply not true as a "zero day" in a Microsoft telephone dialer program is not nearly as pressing as a critical security flaw in Word. It is simply supposed to indicate that this is the first day this bug is known, kind of like how "patient zero" is the first known instance of a disease occuring.
2 likes@Finkel - Funk If you say so.
2 likesBeautiful video clips selections, instead of "futuristic hacking bs clips"
0 likesSomeone : Hey i found i weak spot in your system
1 likeCompany : HOW DATE YOU LOOKT AT MY CODE
Good video about Cyberwarfare.
0 likesI wonder why Russia didn't use "the big one" then when they invaded Ukraine.
0 likesNation states are not the only ones capable of this anymore. Just look at what happened to Kashogi
i’ve been a part of the cyber security industry for over a decade, it’s crazy to see how much it’s changed!
42 likesReplies (2)
How does one break into the industry?
0 likes@Madam Pontaria probably should stop and check who you're replying to, it's a spam bot that takes highly rated comments and reposts them, don't think you'll get the answer from the bot.
6 likes1:30 Now we know.
0 likesIn Iran it happend due to an attack on their nuclear facilities. More specific something to do with thier heavy hydrogen centrifuges for nuclear weapon production. No remember if USA or Israel
Considering the current war, I'd be surprised if the power didn't go out for good some random day due to a cyber attack. Pen and paper would have left us a lot left vulnerable.
0 likesReplies (1)
You can't hack a mechanical typewriter!
1 likeMy favorite tech espionage story is Operation Ivy Bells.
0 likesThat really is of grim concern.
0 likesI can't let FBI see my homework folder hentai.
"Wars will no longer be faught in a far off land where you can ignore by simply turning off the TV" -- Sam says as
3 likes* Russia invades Ukraine,
* North Korea is asking for the Korean War 2.0,
* China is taking notes on Ukraine conflict and how to improve for when they invade Taiwan,
* Syria has been at a state of war for a decade
* The US and Iran are begging each other to punch first so they can brawl
* Oh, and the US just got out of twenty years of bombing and controlling both Iraq and Afghanistan.
That was a great video, but that comment couldn't be more misguided and off base. Land wars with physical conflict are going nowhere.
This video bought to you on YouTube,
0 likes1 month before this video was due to be released by some unknown hackers for unknown reasons..
So many people dont even believe such warfare is actually happening.
0 likesKeyboard warrior got a whole new meaning now
0 likesStuxnet really felt like we moved into the scifi era. Such a specialist virus that did no real harm to the average computer but was deadly to its intended target would have been considered too far fetched for Star Trek just 20 years before.
10 likesYou could call it "The Logistics of Cyber warfare" ;P
0 likesMaybe its a good time to get into cyber security. Your wage will probably double after the coming cyber war
0 likesWow! This was fascinating.
0 likes9:45 - 9:49 "mettling" should be "meddling"
0 likesEvery movie hacking scene does not look like this xD. Those with the black screen and green binary numbers and the tech sound
7 likesI'd argue wars will be fought in person still but the first few salvos will be digital
0 likesI watched this video the day it was posted I think it said it had been up for 30 minutes and made it halfway through and it disappeared. I searched my history and it wasn't there. then suddenly it was back in my watch history a while later. I was wondering who had cyber attacked you or YouTube to make it disappear
0 likes2:18 I thought you were going to say "... by Skillshare"
1 likeI wanted to point out that zero day means an exploit found already in use. And is worth a lot less on the black market because it will get patched soon. Zero days are like going to a crime scene. A bug bounty is different as the crime has not happen yet, but the plans of how to do a crime are sold, A unpatched exploit. Its really confusing because people use the word Zero Day to describe the exploit's ending effect, but is not what the thing its self is. It would be like saying I have a boom to describe a bomb. A zero day is a boom and a bomb is an exploit.
7 likesReplies (1)
Perfect explanation thank you
1 likeLove the stock footage of my walk to college at 6:24
0 likesDoes it all also imply that our laptops are more secure than corporate and critical infrastructure, due to update cycles and schedule?
0 likesmy question: is this somehow related to the macaffee "situation" ?
0 likesReplies (1)
No
0 likesOh boy, US thinking they still live in a unipolar world and meddling in foreign policy of geopolitics through back door routes..... Now where have we seen recently? Hmmmmmm. Fantastic vid Sam, glad to see you back in your stride :)
0 likesLessons learned:
6 likes1) Don't use Windows.
2) Don't use Windows.
3) Don't use Windows.
4) Don't use any software you don't have the source code for.
5) Don't use any software until a thorough code review has been done on it.
6) Physical security matters.
7) Don't allow users any access to the innards of the computer, either hardware or software.
8) Fill all the USB ports with epoxy.
And on and on.
Replies (1)
I mean log4j wasn't Windows-exclusive and the open-source code had been in the wild for years before the exploit was known...
0 likesEverything will change once war makes watching YouTube no longer possible.
0 likesI’m not sure I agree with the statement “destruction without consequences.” I mean you say that over footage of a hydroelectric dam implying power infrastructure as a potential target. No power means a lot of bad news for civilians. Possibly, lots of preventable deaths had power still been on.
0 likesReplies (1)
I think he meant it as "destruction without consequences to the destroyer". The destroyee will of course have consequences, that's what destruction is.
1 like2:19
0 likes“This new era was made possible by… SquareSpace”
State sanctioned cyber bullying is now, old man.
0 likesdamn i thought this video was gone
5 likesReplies (2)
It disappeared
0 likesthe video got copyrighted from some book publisher
2 likesIt’s nice humans can’t get hacked…oh wait, humans can be influenced. Essentially being hacked.
0 likeszero day isn't just any issue in the security it is an issue that is unknown to everyone but the hacker
0 likesThis new era was made possible by SkillShare
0 likesI'm thinking it would have been better to go with option 1 and drop dozens of JDAMs on that facility and hold Stuxnet back for the upcoming bigger threat but I'm just a Youtube surfer killing time at my dead end job....
0 likesIts back!
4 likesMan...haven't seen that many CRT screens and AT keyboards in a long time.
0 likesWhat is the significant of mentioning the PLCs are Siemens? All PLCs are pretty similar and can be used by anyone for anything surely. We're just programming one for a ships vacuum toilet system!! 😅
0 likes"especially sales to countries with concerning human rights records" america just sweating over the corner praying no one notices anything about it lmao
0 likes"Nation-State" is not a synonym for "country". Most countries are not nation-states.
0 likesThe market will be very favourable now due to the rapid growth of Bitcoin which is $43k, The rich won't disclose it so don't be fooled, it's right time to invest.
25 likesReplies (21)
A transformations from my investment of $4000 to a $12,400 in just 2 weeks , So excited here 😊
0 likesSame here, Makin a total of 4,250usd from my investent, all thanks to Mr. Clinton Jackson
0 likes@Sterling Maguire Wow I'm shocked you mentioned and recommended Mr Clinton Jackson trading services, I thought poeple don't know him. He's really awesome
0 likesI Know Mr. Clinton I invest with him too, i make about a 7,000USD every month.
0 likes@Ana Gloria Expert Clinton Jackson never seems to surprise me i also trade with him, his strategies are top notch I swear
0 likesMr Clinton services are indeed top notch, if it were up to me i will keep him to myself and not recommend him to just anybody.
0 likes@Sterling Maguire Please how can i contact Mr. Clinton Jackson? I want to invest with him too.
0 likesMr Clinton is Always Active on wat'sap 👇
0 likes꧁☬෴ 十𝟭𝟲𝟴𝟵𝟮𝟱𝟭𝟬𝟲𝟭𝟲෴☬꧂ 偉哀安.........🇺🇲🇺🇲
0 likes@Sterling Maguire Thanks a lot, I'll send him a message right away...
0 likesi started with 2 grands and after 2week i received a returns of 6 grands then i continue with him ever since he has been delivering☺️☺️
0 likesinteresting!
0 likesI just sent him a message now. I'll definitely give it a try.
my spouse recommended him to Me after investing $1000 and he has really helped us financially, speaking from Australia 🇦🇺
0 likesNo doubt Mr Clinton Jackson is the best recommending him to all beginners who wants to recover from their loss
0 likesI'm from the Uk 🇬🇧 I and my colleagues gave him a try and it has been good returns of our investment, Thanks Mr Clinton Jackson
0 likesReally y'all know him? I even thought I'm the only one he has helped walk through the fears and falls of trading
0 likes@David Seen a lot of story about him, he must be honest and for people to talk this good about him I wanna invest too how do I get to Clinton Jackson?
0 likesMr Clinton is Always Active on wat'sap 👇
0 likes꧁☬෴ 十𝟭𝟲𝟴𝟵𝟮𝟱𝟭𝟬𝟲𝟭𝟲෴☬꧂ 偉哀安........🇺🇲🇺🇲
0 likes@David Thanks for his contact. This is the kind of information we don't get from YouTubers I'll get in touch with him right now.
0 likes@Stephanie diesel LOL you people will come up with every kinda way of getting money besides work
0 likesI know im not alone here: PLEASE HIRE A NARRATOR i mean this in the nicest way possible i love your videos but your voice isn't cut out for narration
0 likesi signed up for curiosity stream using your link earlier today. how do i access nebula? Thanks
0 likes2:18 "This new era was made possible..."
0 likesby SkillShare
Hey why did this vid disappear for a while he nust have released too early and took it down
5 likesReplies (4)
It got copyrighted
2 likes@late mhh what happened?
0 likesIdk, on pc it just said something about copyright by some bloom media something company
0 likesGo to their Twitter, the publisher of a book cited as a source hit them with a copyright strike (even though you can't copyright facts)
1 likei could kill the power to my house for weeks and i would be fine, if it weren't for everyone else having their power out at the same time.
0 likesJust read a awesome book about this called @War: The Rise of the Military-Internet Complex by Shane Harris.
0 likesRight as he was saying "who is not so friendly with Iran..." YouTube ran an ad for Qatar 🤣🤣🤣🤣
0 likesHuh, way less wrestling for Energon cubes than I figured.
0 likes... But are there planes?
4 likesReplies (1)
😂😂😂
0 likesShouldve mentioned the solarwinds attack
1 likeI worry that because Iran's air gap didn't prevent infection, others will degrade air gaps as good practice. Kind of like Covid vaccines and masks not preventing 100% the spread of Coronavirus, so antivax groups label them useless or worse. Industrial systems need to be isolated. Iran's problem was that they didn't isolate ENOUGH.
0 likesAre there any governments that have their own OS to try and prevent stuff like this?
0 likesReplies (1)
The Russian Army and French Gendarmerie (national police) each have their own highly customized versions of Linux, and I remember reading about other government entities looking to move away from Windows.
0 likesThis is the best explanation of stuxnet I have seen
0 likes"wars will no longer be fought in far off countries that can be ignored by turning off the TV" is such an incredibly American perspective :D
4 likesHey, maybe it'll be a learning experience for you guys.
China: I have an army of hackers
0 likesAmerica: We have a Super Soaker
@13:00 if it was preciseand only targeted the centrafuges how did the Belarusians find it causing restarts on a windows computer?
0 likesIs it odd that I was absolutely sure 2:18 was going to be a sponsor segment for brilliant?
0 likesI live in Queensland Australia and last year China hacked into a few of our power stations. We caught the attack before anything could happen but it’s a little scary.
0 likesThis is why I watch youtube on a typewriter.
0 likesI got a great idea: LETS HOOK OUR BODIES UP TO THIS NETWORK.
0 likesCyber warfare between nation states can be best summarized by the Advanced Persistent Threat (APT) model. Zero days are just one small tool in the arsenal of a nation state conducting a cyber warfare campaign.
0 likes2:20 I thought he was about to do a sponsor read
0 likes6:15
0 likes"...sales to countries with concerning human rights records..." shows stock footage of some asians riding vehicles that aren't cars
Not sure whether to call that bit racist or classist or what exactly, but it sure seems off.
A day's worth of content for me.
0 likesStuxnet didn't only spread by USB stick, the earlier versions did but a more aggressive version was released that spread over networks through a variety of different methods
0 likesWe need a Geneva cyber convention. Like, you shouldn't shut down a nation's water supply or critical infrastructure. Today that doesn't exist. And I'm sure it's only a matter of time until somebody does that and causes LARGE amount of suffering and death
0 likesDidn’t stutnex after throwing the centrifuges of kilter have a second ace up it’s sleeve…even after discovery?
0 likesIran:- "What's in that USB drive?"
0 likesUS:- "P-P0πΠ..."
is this whole thing going to end with an ad for a VPN? Please no.
0 likesThis video could have really used a pensive pause right at 9:01, after the why-question and before the answer.
0 likes2:17 "this new era was made possible by skillshare"
0 likesIn other words, Ghost in the Shell was correct in predicting the future.
0 likesI like how you imply the rules of engagement and the Geneva convention are respected. Funny, you
1 likeHacking, always orders of magnitude more boring and yet more interesting than movies portray it
0 likesahh yes my fav kind of entertainment in the afternoon
0 likesSo, did you do all this research and write this script in one day?
0 likesyou have confused the terms "zero day" and "vulnerabilities". How do you even do that? These are very common terms
No doubt his talking about the stuxnet virus.
1 likeEDIT I knew it!
And This is why we can't have nice things.
1 likethe consequences are how the adversary reacts
0 likesThat vacation vs. sports car comparison is weird af lol
0 likesKind of a video which give you chills
0 likesThe captions used "mettle" instead of "meddle" at 9:45
0 likesThe world had entered the era of highly-advanced, highly-targeted, and highly capable cyberwarfare.
0 likesThis new era was made possible by skillshare. Start learning new skills with a free trial by being one of the first 1000 to join a the link in the description.
There's been a lot of factory fires lately.
0 likes2:20 “this new era was made possible by [Skillshare]”
0 likesIf you enjoy the topic of this video, check out the podcast Darknet Diaries, Zach (the host) has even done an episode on Stuxnet
0 likesIt's crazy that countries can't physically attack civilian infrastructure, but can still shut down water or electricity without consequence.
0 likesI seen this story interesting to watchdocumentaries about /zero-days event was pretty crazy. 😀
0 likesGlad to see this is up again :)
0 likesI know one monstrosity that definitely has Chinese malware in it- the Indian power grid
0 likesEaster egg: The hexadecimal in the thumbnail spells out 'WENDOVER'
0 likesThis is why I laugh at people who think super computers or AI or some other super advanced tech will kill all humans. We will do that job or at least send each other pack to the stone age way before any tech can.
0 likesit’s about to get crazy, so make sure your antivirus is not secretly a crypto miner eating your ram
0 likesUSA needs a United States Cyber Force or USCF
1 likeAlright, alright, Kurtsgesart levels of existential terror, I guess, here we come!
0 likesShit, what a Movie of a Video. I am new to this channel so I am very impressed
0 likes"Existential proportions" what does that mean 🤷🏻♂️
0 likesAll you need to have to end the world is hot pockets and Xena reruns.. # thecore
0 likesIs it time for a plane episode yet?
0 likesThat's why the "air gap" needs to also be implemented by a "digital" air gap.
0 likessay your organization is primarly made out of Windows PC...
Well the only way to bring inn any software or document inn to that gap is through Mac, and Linux, each and every file needs to have a signed signature with a physical signature.
The only way you'd get a zero day into the gap is by 1. compromising the method of transport, 2. compromising Linux with yet another zero day, 3. compromising OSX with yet another zero day... 4. keep file integrity undetectable under all three operative systems. can it be done? yes.
Replies (2)
While we can never truly prevent zero-day attacks, using multiple disparate operating systems concentrically can make such an action far more difficult. And since Linux is open-source (and therefore has way more people examining its code than Windows or MacOS ever could), vulnerabilities are generally found and repaired more quickly.
0 likes@InventorZahran exactly my thoughts, throwing Apple into the mix, is adding yet another "complexity" I mean maybe a dumb android device would be better.
1 likebasically you're implementing a checkpoint for the files, before they are allowed to pass the "airgap" I would say you really only need a Linux machine, but that's like saying The Maginot Line is enough :)
I think that this is the only way to really defeat the "exploit" of the air gap, it's really to just check that the files are still intact and that the hardware is not what an attacker would expect.
It's a pain in the ass if you have to check every single device every time, but it beats getting your Uranium Enrichment plant shutdown or having over 50% of your country infected.
Imm'a stop you at the second minute and say that if you can read the source code you can very well know what the code is supposed to do. There is no such thing as a mystery code.
0 likesstuxnet is a must watch ... once you see, you will understand how little you actually see!
0 likesBị nghiện bài này từ thời Bảo Thy, ko ngờ lại có ngày được nghe idol mới trong lòng mình Đức Phúc cover lại. Cảm ơn em ĐP vì đã cover lại lắng đọng cảm xúc như vậy
0 likesI thought the Iranian did retaliate against Saudi Aramco. That would be a great episode.
0 likesi'm confused don't all nations have a history of troubling human rights records? All 3 superpowers for sure do so trying to say one is somehow worse than the other is disingenuous. otherwise nice format
0 likesHey, you guys should auto sync your Youtube on Odysee just in case. I wouldn't be surprised if you had issues with Youtube.
0 likes18:45 That TV is probably part of the botnet involved in the attack ^_^
0 likesNuclear facilities like that shouldn't have usb ports on the core network...
0 likesWoooooooo what a time to be alive this is my line of work BABY!!!!!!!!
0 likesA 2017 leak by a hacker group known as the shadow brokers?
0 likesI would bet my left nut the named themselves after a hacker syndicate of the same name from the mass effect games
Israel has insane cyber sophistication, it’s truly surreal how smart their cyber unit is.
0 likesgreat video :)
0 likesWhile your zero day exploit are some what right this attack wasnt a zero day exploit was a physical attack. Set a usb device to the have the computer to see it as a keyboard or mouse by passes most firewalls cause the initial computer or server effected automatically trust the device compared to a normal usb. This was an attack by the usa and this was designed to overwhelm their uranium centrifuges to spin too fast to wear them out. But since this was a physical attack it's not a zero day exploit cause you cant stop a physical attack once a person has access. A zero day exploit is more like a software backdoor rather than hardware back door. As such a similar attack if still viable. The us bank retaliation was a standard ddos attack any 10 year old with a computer can do with 17 lines of code. Or if they dont care about getting hacked back can use the open source low orbit ion cannon. Should watch some pen testing videos I recommend DeviantOllam
0 likesreminds me of the royal food tester who gained immunity to poison
0 likes2:18 "this era was made possible" by nord VPN!
1 likeApple Air to hack military targets if in range?
0 likesEdit: with all those iPhone an fancy design. Maybe ridiculous. Like bouncing code of surfaces from satellite. Now that's ridiculous.
Tinfoil crinkles
Edit: fixed word
Controversal take, and maybe it's because I know this subject well, but this is a weaker video from Wendover. Lemme explain why.
0 likesThis title is misleading because this isn't exactly how cyberwar works. 80% of this video is Stuxnet. Unfortunately, I was hoping for better analysis because even the notion of cyberwar is debated. Experts do NOT have a consensus for cyberwarfare. The commentary at the end of the video is one-sided and the existential consequences of cyber effects are overblown. Nuclear weapons are a flawed analogy. I would greatly appreciate a revised, future video that balances the real security risks present with the militarization of the space with the realities of how analysts and social scientists are describing the domain. I encourage Wendover to not just read Zetter's excellent Countdown to Zero Day and Sanger's Perfect Weapon, but also consider Thomas Rid's prescient The Cyber War Will Not Take Place, and many of the excellent analysis being done by experts in academia and industry.
A sequel video, capturing the realities of the domain, players in the industry, and/or the gap between how we perceive cyberwar and how it is more accurately conceptualized (in addition to a discussion of things like internet governance possibly) would go a long way in educating people about cyberspace and state craft. As good as it is for my job security, I just gotta chime in that Wendover could do amazing work by pushing against a, frankly dated and superficial, reading of cyber conflict.
Also, zero-days are NOT worthless after they are burned if the system admins aren't keeping up with their patching. We see the same 0-days being used after patches are released.
this is why I don't use antivirus software.
0 likesi cant believe people listen to anything you say, its hilarious
0 likesAnd any story about Gigi and her doll is not a virus or by a robot.
0 likesIt is about real people that were tortured and are still being tortured for saying the TRUTH. Gigi was never pregnant and does not have a baby. A 10yr old was kidnapped and held as a political prisoner as well as tortured by being told your mom can't take care of you.
i can't believe i am accessing this content for free
0 likesGreat video!
0 likesNow if I could just get my camera working.....
0 likesYou should just call this video a book review of This Is How They Tell Me the World Ends: The Cyberweapons Arms Race because you basically copied everything from that book...
0 likesThis New Era was made possible by Skillshare.
0 likesI have a bad feeling russia may drag us into this new age
0 likesIt is naive to think digital warfare will render material warfare useless.
0 likesAny attack upon any nation's homefront via a digital operation will only incentivize the attacked nation to have revanchist intent upon its attacker, even more so than an attack of a conventional, unpredicted, and material nature like, say, the 9/11 terrorist attacks or The Surprise Japanese Attack against Port Arthur in 1905.
If anything, future digital warfare offensives in a similar vain to that of the USA and Israel’s unannounced Digital Offensive on Iran will only result in more warfare, material and digital both.
I believe the greatest form of love is shone to us by sacrifice. What we are willing to give up for the love of someone else.
0 likesToo often and too frequently is life filled with bitterness, anger, hatred, and jealousy. Just imagine what kind of world it would be
if we all loved one another, if we all cared, and had concern for each other. That we all did our best to make sure life was good for everyone.
That no one was homeless, that no one faced despair, rejection, or pains of loneliness and self-doubt.
That there were no more wars, wars built on greed, and man's fear of each other, fear of the unknown.
I think of the ultimate sacrifice when a carpenter named Jesus Christ from Bethlehem faced beatings, whippings, insults, injury, and crucifixion
for our sins. who died so we could become righteous, to never again face the fear of death or the nightmares of the pains of hell ever again.
a righteousness we could never earn unto ourselves, not based on our performance, but given to us as a gift of mercy. Call unto the Lord Jesus Christ, forsake
your sins, believing with all your heart that he is the God who created heaven and earth, and he will gladly forgive you and welcome you unto the family of God forever.
''For God so loved the world that He gave His one and only Son, that everyone who believes in Him shall not perish but have eternal life''
John 3:16
"This know also, that in the last days perilous times shall come.
For men shall be lovers of their own selves, covetous, boasters, proud, blasphemers, disobedient to parents, unthankful, unholy,
Without natural affection, trucebreakers, false accusers, incontinent, fierce, despisers of those that are good,
Traitors, heady, highminded, lovers of pleasures more than lovers of God;
Having a form of godliness, but denying the power thereof: from such turn away.
For of this sort are they which creep into houses, and lead captive silly women laden with sins, led away with divers lusts,
Ever learning, and never able to come to the knowledge of the truth"
2 Timothy 3:1-7
''The Lord is not slack concerning His promise, as some count slackness, but is longsuffering toward us,
not willing that any should perish but that all should come to repentance'' 2 Peter 3:9
maybe it's time to unplug the hoover dam's ethernet cable
0 likesDue a video on house hacking and the impact it has on the current ridiculous housing market.
0 likesNerds can be badass sometimes
0 likesCyber warfare was around in the Cold War tho…
0 likes“…I have a friend in Minsk, Who has a friend in Pinsk, Who’s friend in Omsk has friend in Tomsk; His friend in Alexandrovsk has friend in Petropavlovsk… Whose friend somehow, is solving now, the problem in Dnepropetrovsk!”
0 likesTom Lehrer, Lobachevsky
Aw, no captions available that never happens :(
0 likesStupid question- does it matter how powerful a hackers computer is ?
0 likesAnyone else getting vibes of the start of BSG with the fall of the twelve colonies watching this video?
0 likesI was expecting a NordVPN-sponsorship to be honest.
0 likesIf only Half As Interresting was as Interresting as Wendover Production
0 likesExcellent video.
1 likeMost people dont even bother changing password until they hear about hacking and holes.
0 likesI am one of those.
Nowadays I have 2-layer and only write It down on paper
If you want to learn more about this hack, watch “Zero Day” by Alex Gibney
0 likesI love this video!
0 likes1:38 Coding in not monospace? What in the world?
1 likeSeeing that Wendover is still alive and posting videos, Stuxnet couldn't have been made by the CIA.
0 likesGreat video.
0 likesgosh i love wendover
0 likes2:18 I expected nord VPN but okay
0 likes2:21 I was expecting NordVPN, Nebula or Squarespace
0 likesRussia's attacks on the 2016 American election have proved to be so effective that we actually experienced a coup attempt on January 6th, 2021 by the losing party. The divisions sowed by the GRU/IRA may prove too deep to recover from. I truly fear for my country.
0 likes“I ran.” and “Tay Ron.” ☺️
2 likesThe Empire can do whatever it wants
1 likeI thought skillshare was the problem, not zero-days.
0 likesSo this is how Skynet started.
0 likesBut the real question is why didn't they also use stuxnet on China and Russia?
1 likeNew media sounds just like old media these days. Scare mongering.
0 likesPlot twist: it's just respondus lockdown browser
0 likesso early, yet I know this is some of the best content on the interwebz
0 likesPast video, i saw it just 3 minutes after it came out.
0 likesThis one, it took me half a day, because my internet provider broke. And the topic doesn't help either (?)
This virus was made possible by skillshare.
0 likescyber weapons are only different becoz they are treated different, just declare them as the same level as physical weapons and just pop the MAD doctrine
0 likesThere were no airplanes in this video are you sure you posted it to the right channel?
1 likeIt's not pronounced "eye-ran", like I ran, you ran, he ran. You wouldn't say "eye-taly" (Italy), would you? You'd say: Italy. Same with Iran. It's Iran
0 likesCongrats on #11 on trending
0 likesi could be wrong but i believe its pronounced virus-blakOda.
0 likesalso this didnt mention the threat to strategic nuclear arms
“58% of irans devices infected” sounds like a mossad op ngl
0 likes18:50 the war will be fought by turning off the TV, then turn it on, then turn it off, then turn it on…
0 likesSimple way to avoid cyberwarfare; Use the holy TempleOS
0 likesIs it so hard to pronounce "Iran" right? You just pronounce as it's written, Iran not Eyereen!
0 likesSAM! - #10 on Trending, wow! Congratz man, bet that chump over at HAI never been on the top ten list!
0 likeswhy doesn't Russia experience more cyber warfare?
0 likesEVERY - SINGLE - VIDEO - GOLD
1 likewhen your enemy sends you bits
0 likes-burger40
I immediately knew you were talking about stuxnet lmao
0 likesI readed the Title as `How CloudFlare Actually Works` and Clicked the Video
0 likes02:18
1 likeSam : “This new era was made possible”
Me : “by skillshare, an online learnin…”
Sam : “by one single concept.”
Me : Oh
Bruh he's gotta get back to airlines
1 likeThis is overly complicated... Reality is Bob sitting in front of a telephone switch board watching YouTube videos and occasionally getting upset enough to flip switches.
0 likes2:18 this new era was made possible by Squarespace
0 likesPlease edit the thumbnail and remove an error code, that is just a too long MAC-address. Just use 0x followed by random numbers from 0 to f. Thank you.
0 likes"ahh geeez, the NSA did stuxnet!" "noooooooooooooo waaaaaaaaaaaaaaaaay"
1 likeDynamic Link Libraries. . . what could possibly go wrong?
0 likesIt didn't spread to 58% of all computers in Iran. 58% of total stuxnet infections were in Iran.
0 likesHonest question this cost us what 10 million at most
0 likesI signed up for Curiosity Stream, but they said nothing about Nebula...
0 likesNot 'create' U235.
0 likesConcentrate 235 by slinging away the heavier 238 isotope.
You missed an opportunity by not placing some easter egg in hex on thumbnail (like brics) lol
0 likesGreat Video 👍
0 likesI find it a strange coincidence, that 2 seconds into the video about cyber warfare, my video stopped playing lol
0 likes6:57
0 likes“implying that someone somewhere uses Microsoft outlook”
Crazy how the US government won't hire hackers who smoke weed.
0 likesHalf the video and you still didn't get to the point.
1 likeThat being said, Netflix has an excellent (and way more interesting) documentary on this called 'Zero Days'
Reject modernity, return to monke
1 likeI almost thought that he gonna pull sponsor ad when he say "cyberwarfare is brought by......"
0 likesTruly a doomed species.
0 likesWhy is there an add for being an aircraft tech 😂😂😂
0 likesMight bea mistake in the video? You start by saying this is happening in Belarus and then you continue saying this is in Iraq.
0 likesRight at the beginning on the video
Great video
0 likesCyberwarfare is fun 😀
0 likes2:17 i wouldve bet money you were going to say Nord VPN. lmfao whoops ive been conditioned....
0 likesSo how does the Talpiot program figure into this?
0 likesThis video does not in the least reflect how cyber warfare (cyber attack and defense) works. It should explain things like the MITRE-ATTACK and DEFENSE FRAMEWORK and the critical aspect of the cyber kill chain and how it plays a role in planning and executing attacks on your victim. He also doesn't talk about Cyber Reconnaissance or mention that you can use CVE databases to search for older, unreported vulnerabilities on GITHUB . There is so much more to this topic, especially if you make a 20 minute video and try to explain it to an audience like Youtube, especially when it comes to software vulnerabilities, especially in the context of the OWASP TOP 10. The topic of vulnerability management is also not really well explained. Most companies rarely patch their systems in time because it's usually not that easy to fix operational technology (OT) security issues.
0 likesOr at least rename the video "How Stuxsnet works"
Implying Microsoft doesn’t create these zero days for governments
0 likesAnd 8:00 is why ot has to ofe been a government.. the legwork, the money required.. the analysis and verification of said 0's.. ive had some fun with the open source version and a fanuc PLC.. as a virus.. BAD. As a Remote MDI input link.. GOOD!😅
0 likesThe USB drive virus is due to Microsoft lousy Operating System design. Windows OS are design to run any file name autorun.inf in the USB drive. By plugging in the USB drive, you trigger the virus to run. To protect your PC against this virus, you need to disable the autorun in Windows Policy Setting.
0 likesWow, I sure hope Russia doesn't wipe my debt.... 🫣
0 likesdamn, tell me Digimon the Movie didn’t try to warn us
0 likeshow will this affect the global rare fish market?
0 likesI swear I keep seeing buster bluth in the stock footage
0 likesIt has already started.
0 likesEveryone can point fingers now.
This video was so important a decade ago.
0 likesthis is why we should rewrite everything in rust
1 likeReplies (1)
Half the video and you still didn't get to the point. That being said, Netflix has an excellent (and way more interesting) documentary on this called 'Zero Days'
0 likescable and a few minutes could do to the whole university network.
0 likesI don't see anything wrong with the term Exploit, why the switch the Zero Day? Maybe it's less obvious and more covert-sounding.
1 likeReplies (2)
A zero-day exploit is an exploit that hasn't been discovered and patched yet. A 5-day exploit is an exploit that's been known to the developer for 5 days and therefore has a chance to be patched. A 2-year exploit is an old exploit that probably won't work if the target does the right thing and keeps their software up to date
6 likes@Mike Martin oh well that makes complete sense. Thank you!
1 likeIt’s pronounced i-rahn not eye-ran
0 likesHow about just not relying on digital computers connected to the internet for critical infrastructure?
0 likesReplies (3)
Um.... the whole point made in this video was that the Iranian facility was isolated and airgapped.
0 likesModern infrastructure and production are complex and in most cases dependant on digital computers.
But your kitchen faucet, toaster, bathroom mirror or laundry machine definitely don't need access to to the web (or your home network!) to do their job.
@Jim Urrata They used windows. Do you at least understand my point?
0 likesBanks need a network to get money from far places to another, without Internet, they wouldn't be able to work on a global level
0 likesGood job Israel. Keep fighting the enemy.
0 likesGood video but doesn’t do stuxnet justice. If interested I highly recommend the book “countdown to zero day”. It was impossible to put down, I read it in like a day.
0 likesBetter type fast on 4 keyboards on seven screens!
1 like"Error 57:45:4e:44:4f:56:45:52" translates to "Error Wendover"
0 likesYay! The video is back up!!!!
2 likesSwear to got you were going to say “this new ear was made possible by: RAID SHADOW LEGENDS.
0 likesBTW, this isn't me making fun of Sam's pronunciation, but does anyone know how VirusBlokAda is supposed to be pronounced? Maybe he's right? Or maybe it's like Block-EY-da? Or maybe like BLOCK-uh-duh? Block Ey Dee Ey? I don't really get it.
0 likesBut it didn't actually get in. The facility was actually destroyed diferently.
0 likesThis is so alarmist and inaccurate. They do not understand how works, and how the windows related cybersecurity industry works.
0 likesIt was made possible by skillshare
0 likesThis new era was made possible and perhaps more importantly, made profitable by Skillshare? Oh my science; too much YouTheTube today me thinks.
0 likesHow does this affect the trout population
0 likesThere is a really good documentary about Stuxnet called "Zero Days" that will terrify you.
0 likesDid the hackers learn this on Skillshare?
0 likesI sure hope cyberwarfare won't affect the production of Toyota Corolla.
1 likeReplies (1)
That would be most unfortunate indeed.
0 likes18:47 Russia: "Let me prove you wrong"
0 likesAlways said that anti-virus compagnies makes the virus....
0 likesI can't be bothered to decode the hexadecimal error code on the video thumbnail. Can someone else do it for me?
1 likeKiến thức thú vị và bổ ích của soi sáng
0 likesExistential just means of or related to existence. Who wrote existential proportions? Lol
0 likesIf anyone hasn't seen the series Mr. Robot, watch it.
0 likesAnother good book is Sandworm.
0 likesWelp, thanks for helping me sleep at night...
0 likesIt's back! Been waiting!
0 likesYour the best, sam
0 likesNice video.
1 likegovernment or otherwise, are obviously the easiest targets.
0 likesIran did it to itself, as per Russia's version of everything...
0 likesBut...the real question is...when, will, you change...your cadence...
0 likestwo girls, one usb drive
0 likesthe race to bate is on bois
Might be a cyber warfare but at least Windows is not the only thing around.
0 likesHe said "Siemens" and "Released its payload". Sorry, just had to point that out.
0 likesMy like made it go from 9.9k to 10k I feel important.
0 likesI’ve been a long time subscriber, and I had no idea you are Sam from the Money show by Tom Scott until just now!
0 likesgovernment or otherwise, are obviously the easiest targets.
0 likesNice video but the info is old af and well known
2 likes17:29
0 likesSomeone was bored and ran "ls -R /"
get Jay Anthony Franke to read this and boom, you've got Deus Ex
0 likesGood to see the video is back
0 likes"This new era was made possible by... Squarespace"
1 likeMy anticipative mental algorithms have become deeply honed
Does this setback fallout 5 development?
0 likesThis new Era was made possible by ... squarespace
0 likesthis vid is meant for people way smarter than me
0 likes1 megabyte "piece of code"
0 likesPraetoria. That "pi" from a Sandra Bullock's movie
0 likesWhen can we buy your Wendover brand computers?
0 likesIncredible vid
0 likesThank god this video is back up
0 likesCan I commit cyber war crimes?
0 likesYou should’ve cited your sources… instead of just shamelessly summarizing Countdown to Zero Day.
0 likesI like the thumbnail "Error: WENDOVER" :D
0 likesZero-Days are not called 'holes'. It's the term coined for 'zero-days' before the occurrence of the actual injection. Did you actually research this topic or just pull it out of the seat of your pants?
0 likesOld news, some of your viewers weren't even alive when this happened
0 likesYou can turn off the monitor when you listen to this video.
0 likesI have PTSD from those NORD ads
0 likesFor the record, Tron brought me here 😂
0 likesHow does this effect logistics????????????
0 likesThis video is why your boring retail job is forcing you to choose longer, more complex computer passwords more regularly, airgap the computers controlling the aircon, fridges, cctv, sound systems and alarms seperately, have technicians coming in to stores to open tills and physically unplug unused USB ports and why you can no longer install new printers, set default printers or even open the settings apps on any work device, can't access anything on the C drive but have access only to the share drive on the network and can't access the Internet except for specific, limited times, limited computers, predefined websites with a separate password and only after logging a call to IT before hand. It means you can't receive any email attachments more than 2mb and only specifically shaped USB sticks will fit into the few pcs with covered active ports, and only once they've been couriered to It to be scanned and couriered back. It makes work complicated, but it means that there's only like 5 people somewhere in head office tasked with screening wild data before allowed on the intranet. It's a wild world, but just like every store has a generator, 5000l water tank, sprinklers and dual controlled keys for all the doors and a team of employees on standby to deal with strikes and vans to transport staff during public transport strikes, to ensure trade continues despite infrastructure breakdown, you have to start thinking about IT in the same way - as critical infrastructure with backups available at all times. And the private sector, even retail companies are thinking about it very seriously - its time for governments to do so as well. Its expensive to refit doors and put rubber moulding around the bottom and wooden shelves around door handles to prevent handles being shimmied open and rivit plates over the hinge screws, but companies do that for security so why not pay the same attention to IT threats.
0 likesyesss a new video, i’ve never been this early for an upload lol. i love you
0 likesHey you can't reuse B-roll of the backside of a Cisco 9300 series switch, Wendover. That's illegal.
0 likesThis will affect the trout population....wait no they don't have computers
0 likesThe newest warefar is the warefar such as Havana syndrome. Body manipulation, thought manipulation.
0 likes@2:24 i thought he was going to transition into the sponsor :skillshare
0 likesMy my my, you are talking about my line of work...sort of lol
0 likessay "By this channels sponsor, Wix" I know the sponsor is not wix, and I have no idea why that popped into my head, but it did.
0 likesHalf an hour in and barely 25k views, <100 comments? Is YouTube having a notification hiccup again? Or are people actually holding back from commenting before the video is done?
0 likeswhy the computers of nuclear centrifuge have a usb port 🤦🏻♂️
0 likes5:55 Kali Linux spoted.
0 likesyo viendo esto, y hace unos dias los rusos hackearon mi pais XD
0 likesReplies (1)
We were warned in die hard 4, but no one watched the movie...
0 likesKind of annoying that you never defined "0 day". It sort of sounds like you don't actually know what that term means? You say "0 days become worthless essentially the instant they're discovered", but you should have said "0 days stop being 0 days once they're discovered".
0 likesIDK it sounds like you just think "0 day" is a term for a really important bug?
no virus can affect my paper laptop 😎😎
0 likesRussia have been victim of these exploits because of the war.
0 likesMore cybersec plz
0 likesStuxnet is such an amazing story. It definitely serves as proof of the rise of cyber warfare.
1 like02:18 This new era was made possible by Square space
0 likesReplies (1)
I just noticed I wasn't the first to comment this. Oh well.
0 likesAmericans watching this video "Are we the baddies??"
1 likeI get emails , supposedly from Microsoft, that says that Moscow, Russia has hacked my PC.
0 likesReplies (1)
Same
0 likesBelarus…more like BelaSus.
0 likesis as we focus on the next big problem to deal with, and the one after that, and the one after that.
0 likesIt's a crazy world.
0 likesgood book idea
0 likesWow no “Logistics of…”
0 likesScary stuff man
0 likesWhat a time to suffer paranoid schizophrenia...
0 likesWendover was on the Daily Show anyone see?
0 likesLol, was this inspired by DW or was that just a coincidence?
0 likesDoes Nebula/CuriosityStream accept paypal?
0 likesWhy listen to someone that doesn't know what a zero day is about anything cyber security related?
0 likeswill this affect Fortnite servers??
0 likesMid February, out of the blue, I was suddenly flooded with security vulnerabilities in Software I work on. Some unknown actors seemingly decided to suddenly throw in all they had. Or all they wanted to give up by attacking on full blast.
1 likeIt was frightening, and if that wasn't all they had, but only all they didn't care about hiding anymore, the future will be even more frightening.
Bad description of what a zero day bug is. And saying bugs are worthless upon discovery is wrong. You probably have some cooperation between allies and it's not all or nothing. As well as a lot of software (not just the big names mentioned here) doesn't have easy ways of mitigation (e.g. patches). You think 58% of computers in Iran were patched the following day as the bug was discovered?
0 likesHey I've got a question for you, why can't Maths be used to win the lottery? Now I'm nowhere near smart enough to even begin to come up with an answer and explanation why for either answer but considering maths has an answer for everything else, then why not the lottery?
1 likeReplies (3)
Math can be used to win the lottery. Alot of people have used math to win the lottery. But the lottery works off of odds. So, you can still get unlucky.
0 likes@Gt Bkts Good to know but I believe your referring to figuring out statistical odds in scratch tickets working against the game when I talking about using maths to figure out the lotteries like the Powerball or Mega millions. Predicting the most likely number that would be drawn next. Now I know that if given all the variables from the exact size shape of the balls to the exact weight plus the way each ball reacts to the air could maths then tell the next 6 numbers that would be drawn? I think it could within a certain percentage maybe somewhere around 80% or more likelihood but I suck at maths so I could be completely wrong
1 like@Mat Atacks Ahh. Ok. Ya, I am talking about statistical odds. To be honest, Im just a normal guy, so I could be wrong too.
0 likesPretty sure you and real life lore are the same person
0 likesBegging Americans to say "e-rahn" instead of "eye-ran"
0 likesMMMM I wonder who caused it??? 🤔🤔🤔🤔🤔🤔🤔
0 likes2:18 .... "by skill-share"
0 likesHence; lowtech Battlestar Galactica
0 likesWhat was with the random footage of Tokyo's metro?
0 likesdrifts off into anti-US hysteria ..
0 likesThat's not what a zero-day is.
0 likesJust make it open source?
0 likesHere is a way to get rid of the problem. Linux and open source.
0 likesI seriously doubt this will be seen but the background music is very very distracting. I watched about two minutes on nebula before I stopped watching. It sounded like a cool topic but I can’t get past the music.
0 likesWe were warned in die hard 4, but no one watched the movie...
0 likesThe real og know that this video was taken down before
0 likesah yes hackermans stuff
0 likesSam No one has accepted credit for creating Stuxnet
0 likesRando basement dude. Oh shoot I forgot about that
Stuxnet was awesome! Iran should never get Nuclear anything!
0 likesIt's so intersting
0 likesError code in the thumbnail is a MAC address lol
0 likesmy video preview skipped 10 seconds into the video and i thought this was gta 5 online footage
0 likesit wasn't the military, but intelligence agencies.
0 likesLots of filler words....like you're struggling to write a 2,000 word essay out of 1,200 words of information.
This is why we will never be able to get rid of using paper files...ever. At least, until the people of the world start to get along as a whole. Respecting each other's cultures and religions and every person's rights which considering how many civil wars are going on around the world and how many religions "hate" other religions and cultures "hate" other cultures and yes...races "hating" other races. We will be forever stuck in this cycle. Respecting each other's choices and rights is the only way this ends peacefully. So...never because humans be humaning.
0 likesBuster Bluth spotting 20:52
0 likesThanks!
0 likes2:18 "by skillshare"
1 likeCyber warfare isn't absolutely terrifying or anything, no not at all...
0 likesI think I heard it was 5 0-days.
0 likesStill ain’t got shit on MW2 Lobbies.
0 likesno, no.. it's a problem with windows code!
0 likesWindows??? People still use Windows?
0 likesI find how you say 2010 threw 2099 VERY OFFENSIVE and swear word notices at 12:58 and 15:37 and 15:51 and 16:11 and 16:13 and 16:31 and 16:38 and 16:55 and you swear way too much
1 likeanyone think of war games when they see this video
0 likesGalatians 5:22-23
0 likesNew International Version
22 But the fruit of the Spirit is love, joy, peace, forbearance, kindness, goodness, faithfulness, 23 gentleness and self-control. Against such things there is no law.
My Nation uses only paper. Enjoy your digital crap.
0 likesWould that be crazy?
0 likes3:19
0 likesWhat in the actual __ is wrong with this dude's hand?
This is why some DoD computers still only use floppy disks
0 likesIt's not "Eye-ran"
0 likesTwitter is the largest cyber warfare human opinion steering effort ever.
0 likesOnly took 7 and a half minutes to name Stuxnet, lol.
0 likesImagine if only imperialist America just leaved the Middle East alone.
0 likesI think Sam accidentally posted this on the wrong channel
0 likesThere's Win 95 stock footage??
0 likeswhat's the correct pronunciation of Iran: Ee-ran or Eye-ran? Debate
0 likesI am sad and converted the thumbnails Hexadecimal to ASCII text, spoiler alert: "WENDOVER"
0 likesMakes me proud to be Jewish
0 likesthere is easy fix . .
0 likesthis mal ware . . it not only do centrifuge but it wears out battery in cell phone; it wears out CPU in computer; RAM; erode flash drive; wear out cars; airplanes; faster than intended; and so on; all from personal experiences; i been observing in past 30 yrs; since hackers hacked my computer;
this is not news to me; i've known about its potential for 30 yrs;
so if i was affected nation i'd worry about how its cell phone battery cpu usb thumb drive can be made to erode; and affecting nation's economy than unlikely scenario this war is coming;
i am wiling to bet no one counted damages its doing; to not scanned data to cell phone desk top cpu to be over clocked and cooked; to stop computer from functioning is how i'd done it; but thats just me;
I hope the Iranians running the nuclear program don't see this
0 likescode breaker project.
0 likes3:29 r u sure? lemme write a hello world to make sure...
0 likesthe usa pip line was Stopped for the payment system stop working
0 likesHacking is scary Ngl
0 likesThis is a dank video
0 likesConclusion:
0 likesWindows sucks !!!
13:39 what's with that cup?
0 likesI’m so early cyberwarfare isn’t here yet
0 likesBetter speak about planes
0 likesHey yall 🙂 how yall doing? 💪💯🔥🔥 if anyone wants to do a collab I'm down to I'm not that good but I'm trying 😂 I appreciate yall reading this and hope you have a better day then before reading this much love y'all 💙💪💯🙏🔥💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙💙
0 likesWe all knew it was the USA
0 likesthe dews are behind it
1 likeI’m a little sad that I already knew that the US had used a virus on the Iranian nuclear project, because I can imagine the first half of this video with the suspense of not knowing about the virus, along with the huge payoff in finding out it was used on a NUCLEAR FACILITY must have been huge 👌 One of the few times it sucks to be a fan of YouTube edu videos lol
0 likes💥👏
0 likesNSA and Mossad were directly responsible.
0 likesThe united states doesn't have a concerning human record right guys 😲😳😳
0 likesHack the planet!
0 likesRelease its siemens payload..
0 likeshaha our memes are in ur base -The Russians
0 likesWhen I got the virus, Iran
1 likeGreetings, Sam.
2 likesexistential, you keep using that word, i do not think it means what you think it means
0 likes@1:37 100% chance it's Israel.
0 likesAnd the video is back!
2 likesSam... Why is it called a zero day?
0 likesReplies (1)
from internet: "The term "zero-day" refers to the fact that the vendor or developer has only just learned of the flaw – which means they have “zero days” to fix it. A zero-day attack takes place when hackers exploit the flaw before developers have a chance to address it."
0 likesM O S S A D
0 likesme trying create script be encrypted reverse encrypted math.
0 likes(John 3:16,17) "For God so loved the world, that He gave His only begotten Son, that whosoever believes in Him should not perish, but should have eternal life. For God did not send His Son into the world to condemn the world, but that the world might be saved through Him." (Romans 10:9,10) "That if you confess with your mouth the Lord Jesus and believe in your that God has raised Him from the dead, thou shalt be saved. For with the heart, man believeth unto righteousness and with the mouth confession is made unto salvation."
2 likesNo geneva convention, but we can see which animal attacked healthcare
0 likesWell Interesting
0 likesMatthew 25:31-46
0 likesNew International Version
The Sheep and the Goats
31 “When the Son of Man comes in his glory, and all the angels with him, he will sit on his glorious throne. 32 All the nations will be gathered before him, and he will separate the people one from another as a shepherd separates the sheep from the goats. 33 He will put the sheep on his right and the goats on his left.
34 “Then the King will say to those on his right, ‘Come, you who are blessed by my Father; take your inheritance, the kingdom prepared for you since the creation of the world. 35 For I was hungry and you gave me something to eat, I was thirsty and you gave me something to drink, I was a stranger and you invited me in, 36 I needed clothes and you clothed me, I was sick and you looked after me, I was in prison and you came to visit me.’
37 “Then the righteous will answer him, ‘Lord, when did we see you hungry and feed you, or thirsty and give you something to drink? 38 When did we see you a stranger and invite you in, or needing clothes and clothe you? 39 When did we see you sick or in prison and go to visit you?’
40 “The King will reply, ‘Truly I tell you, whatever you did for one of the least of these brothers and sisters of mine, you did for me.’
41 “Then he will say to those on his left, ‘Depart from me, you who are cursed, into the eternal fire prepared for the devil and his angels. 42 For I was hungry and you gave me nothing to eat, I was thirsty and you gave me nothing to drink, 43 I was a stranger and you did not invite me in, I needed clothes and you did not clothe me, I was sick and in prison and you did not look after me.’
44 “They also will answer, ‘Lord, when did we see you hungry or thirsty or a stranger or needing clothes or sick or in prison, and did not help you?’
45 “He will reply, ‘Truly I tell you, whatever you did not do for one of the least of these, you did not do for me.’
46 “Then they will go away to eternal punishment, but the righteous to eternal life.”
how do i get that file 🤨🤨
0 likesEvery. Single. Time.
0 likesHow many Toyota Corolla's worth of crashes could one of these virii cause?
0 likesReplies (1)
The united states doesn't have a concerning human record right guys 😲😳😳
0 likesWhere are the planes Sam?!?!
0 likesBut does Iran need nuclear power? No.
1 likeBro most of yours can't be downloaded
0 likes"Eye-ran"
0 likesThe Netherlands unleashed stuxnet.
0 likesWait you did watch Lex´s video?
0 likesEvery voice you hear is Satan, he came to this Earth first and, mastered nature and, found out how to put his neurons into animals to trick the masses into doing evil. "Now the serpent was more subtil than any beast of the field which the LORD God had made. And he said unto the woman, Yea, hath God said, Ye shall not eat of every tree of the garden?" This means everything is really just God testing you because, it states in his first book of Genisis "Now the serpent was more subtil than any beast of the field which the LORD God had made. And he said unto the woman, Yea, hath God said, Ye shall not eat of every tree of the garden? Satan was "beast of the field which the LORD God had made." So if the Lord God made the Serpent, which is Satan. Then that means your Lord God is "Superior Satan" in Heaven because, God did one crime against nature. He had sex with, Mother Darkness, our mother without asking her first and, did not marry Mother Darkness. The first husband and, wife that God had ordained by bodily, rib sacrifice is Adam and, Eve. So God doing whatever he wants to our Mother sky, Galexy and, Mother darkness was a space crime unto our "Intergalactic Dark Galaxy". Satan is Senpai our higher athoriated classmate because, he is the Angelic brother who came to this Earth first and, adopted the responsibility of Opresser to the masses. Our satanic Senpai Satan is just teaching you in this big nature Earth to not become like him because, Satan is the complete "Opposite of God"! He never raped anyone with the spirit amen.
0 likesIt was the C.I.A. with Mossad
0 likesWars will be waged by gamers
0 likesScary!
0 likesI'm big fan
1 likelol, made stuxnet to retaliate against an ex-gf who happened to be Iranian. Was only supposed to target her laptop. oops.
0 likesSaving this
1 likeFor the algorithm
0 likesAlready at 01:00 and you just know its israel
0 likesHow do people even find viruses? Not like u can just do a file search for 'viruses'?
0 likesRussian hackers :)
0 likesActs 2:17-21
0 likesNew International Version
17 “‘In the last days, God says,
I will pour out my Spirit on all people.
Your sons and daughters will prophesy,
your young men will see visions,
your old men will dream dreams.
18 Even on my servants, both men and women,
I will pour out my Spirit in those days,
and they will prophesy.
19 I will show wonders in the heavens above
and signs on the earth below,
blood and fire and billows of smoke.
20 The sun will be turned to darkness
and the moon to blood
before the coming of the great and glorious day of the Lord.
21 And everyone who calls
on the name of the Lord will be saved.’[a]
2:21 by Brilliant
0 likesMedMen now offering Trademark Franchising with Tilray backing! Marijuana and Marijuana stocks will increase in value because people will buy more Marijuana because of wartime stress. Buy.stock.MMNFF
0 likesyo cyber warfare!
1 likeThis is the one area of warfare in which I have ever-decreasing confidence that the US will be able to stand up to China in long run.
0 likesLook up Pegasus 2.
0 likeschills
0 likesAnyone else's immersion get broken whenever the narrator says "EYE-RAN". It's so American, and throws off the otherwise very professional video
0 likesUse Linux
0 likeswhy the hell does youtube keep unsubscribing me?!
0 likes16:11 Remember: Sony it self is a rootkit distributor
0 likesRepent to Jesus Christ
0 likes“Consider it pure joy, my brothers and sisters, whenever you face trials of many kinds, because you know that the testing of your faith produces perseverance.”
James 1:2-3 NIV
It’s
Why is Israel always involved when something horrible is going on?
0 likesदिया एक लपाड़ा तो सब भूल जायेगा अभी stuxnet-stuxnet 😡
0 likesIs this a reupload?
0 likeshow can you say Iran too many times wrong................................................................................................
1 likedid you never heart of somebody saying that wort !?.......................................................................
To think, people actually believe America is behind in cyberwarfare.
0 likes18:44 Henri Coandă - Otopeni Airport near Bucharest, Romania
0 likes0:09 oh hey I live there
0 likesGambia to the world
0 likesI assumed this.
0 likesisn't this the half as interesting guy?
0 likesReplies (1)
@systems yes Half as Interesting and Wendover Productions are both narrated by Sam Denby
0 likesAmerica 💪
0 likesRow hammer.
0 likesHey I know that guy behind Obama
0 likeshi Iran is pronounced like er-on
0 likesIs it a re-upload?
0 likes2:18: By viewers like me? :D
0 likesChilling
0 likesEntirely misleading title
0 likesSo the wat is using memes
0 likesHe that is unjust, let him be unjust still: and he which is filthy, let him be filthy still: and he that is righteous, let him be righteous still: and he that is holy, let him be holy still. And, behold, I come quickly; and my reward is with me, to give every man according as his work shall be. (Revelation 22:11-12)
0 likes- It's the last time. The Lord is coming soon. Believe in Jesus, repent and be saved.
Carcass mountains? Lol
0 likesHey! Did you know God is three in one!? The Father, The Son, and The Holy Spirit! Bless them!
1 likeJesus died for our sins, rose from the dead, and gives salvation to everyone who believes in him and follows his commandants!
Have a blessed day, everyone! ❤
Replies (1)
God heals depression, anxiety, suicidal thoughts, EVERYTHING, God literally heals my physical pain when I ask Him! Trust in God to heal ALL! He is your creator!
1 likeLean not on man, you'll never be healed.
Know that there is power in the name Jesus Christ! His name casts out demons and heals! People are bothered by his name, for the world hates the truth and wants to continue living sinfully!!
Let's goooo
0 likesThis channel is actually very underrated
2 likesNEW PLAGUE INC GAMEMODE????????
0 likesThanks
0 likesI bet the Canadians did this
0 likesजय श्री राम
0 likesWow
0 likesCool
0 likesgreat
0 likesdevs: shit
0 likesIran attacked Israeli water facilities, trying to poison Israelis, luckily they failed, but I’m pretty dure you would have put it in this video if you were aware, super interesting!
1 likeSisyphus.
0 likesMaybe, Just maybe, Jenna wasn't searching for landscapers on Google.. ...
0 likeswhere is nordVPN ad ?
1 like100%russian
0 likesGreat video about Cyber Warfare.
0 likes18:46 as a literal war rages in Ukraine rn 🙄
0 likesWhere da planes at?
0 likes🤯
0 likesWhen it comes to cyber warfare.
0 likesRussians and Chinese: We are the gods now.
Log4shell
0 likes44 minutes
0 likesIt was the Israelis DUH
0 likesobviously CIA
0 likesGuys, stop what you're doing right now and subscribe to the CS+Nebula bundle already. Not only it is mega worth it, you're helping sponsor the best kind of content in 2 different platforms.
0 likesNESHTA IS COMING
0 likesGood morning America!
0 likesnice
0 likesYou’re next
0 likesso many adjectives...
0 likesPlease go back to speaking like you did in your videos from 2-3 years ago
0 likesI RAN.
1 likeReplies (1)
I RACK.
0 likesThere are so many factual errors in this video I don't even know where to begin. It's a shame regarding how much this discipline affects our everyday life in general. I guess this is what you get when someone tries to explain something about something he/she doesn't know shit about.
0 likes👹
0 likesI ran away everytime I hear Iran
0 likesI like the video but hate the piano player so I couldn't like this as a whole. Sorry.
0 likesSTUX.
0 likesAnd you lost.
0 likesOOF!!!
0 likesNB Iran is pronounced ee-RAHN, not EYE-ran. Not sure why Americans pisspronounce this simple name.
0 likesDamn the US is good
0 likesSemen software
0 likesHeh Siemens
0 likes30 seconds in and you say PLC's run on windows -_-. Vast majority of PLC's run using VxWorks or Microwave OS9. If your PLCs are using Windows there is your problem.
0 likesBUY ONLY BITCOIN AND ETHERUM AND HODL!STAKES!TEAM WORK GUYS,TEAM WORK!!!!!!!!!!!!!!!!!!!!
0 likesYou can tell that the government cares more about cybersecurity now by looking at universities. My school is generally all about the nursing pipeline and has nothing special about the computer department. But over the last couple years they're now offering a bunch of full ride scholarships if you do cybersecurity. The NSF has been holding it up as a special funding focus group. Its definitely ramping up for the future.
0 likesGoood
1 likeGetting a little fast and loose with all the hyperbole
0 likesShalom!
0 likesI don't normally comment before watching the video, but the title here is super clickbaity: there's no reason to put "Actually" in the title other than to sound douchy. I Know that Wendover is neither clickbait nor douchy, but this really gives the wrong impression IMHO.
2 likesReplies (2)
I'm pretty sure he put in "Actually" because most people think cyberwarfare is a person in front of a computer with green lines of code streaming down their screen (the kind of things you see in movies)
0 likes@Tigershark232 That's exactly why it's obnoxious: it's assuming the audience has poor misconceptions. Every documentary should be telling the viewer something new, there's no need to imply that what the listener knew before was wrong.
1 likeOh no
0 likesWhat's with this guys cadence. it's absolutely insufferable. is this really the same narrator from the earlier videos???
0 likes2b2t hackers creating a hack that threatened global and they just use it on minecraft
0 likesBrought to you by BogusVPN
0 likesYou? Human beings didn't know for What??
0 likesJust get one think !
Answer is Big Zero #
✝
0 likesOccam's Razor: Stuxnet was Mossad
0 likesYou are giving outdated info Zero day is old shit in the modern times Zero Click attacks are real threat
1 likeAnybody know where "Zero Cool', "Crash Override" and "Acid Burn" are? I'm trying to contact them regarding their vehicle's extended warranty plan.
1 likeReplies (1)
idk, but have you tried searching for them near the rooftop swimming pool?
0 likeswhere r the jokes?
0 likesNo bricks im not hsppy
0 likes❤️🌟 In recent years, disasters have occurred frequently and anomalies have appeared one after another, You must confess your sins and repent,I hope that those who have not yet trusted in Jesus and God can trust in Jesus and God as soon as possible,Confess your sins and repent as soon as possible.2000 years ago, light came to the world,Jesus Christ came to the world.The Word became flesh and appeared before people's eyes.He was crucified for the sins of people.He was resurrected on the third day, and then He ascended to heaven and sat at the right hand of God. If you sincerely trust Jesus Christ and accept Him as the Savior of your life, you will receive the Holy Spirit.Then, you must obey the Holy Spirit, rely on the guidance of the Holy Spirit to act and behave, and be a person who pleases God.
0 likesBut the fruit of the Spirit is love, joy, peace, forbearance, kindness, goodness, faithfulness, gentleness and self-control. Against such things there is no law. —Galatians 5 : 22 - 23
Don’t delay, you should immediately trust Jesus Christ and God!
oh ok
0 likesEEE-rān not EYE-RAN ffs
0 likesSecond comment, first like
1 likebro did you just read foreign affairs article and then make video
0 likesThis is basically just a giant ad for Linux. 99% of these zero-day vulnerabilities are for Windows machines, businesses and governments just don't feel bothered to switch over to an obviously more secure OS. They only have themselves to blame for not switching over
0 likeslol
0 likesGood video. But seriously stop pushing ANOTHER STREAMING SERVICE of dooooom.... I can not take another "STREAMING SERVICE" naw man naw... can't... do... it....
0 likesF I R S T
1 likeDo you talk like this in real life too? Its like valley-girl talk, but in reverse...not sure which is worse lol
0 likesohey im relevant
1 likeReplies (1)
brilliant informative video - thanks.
0 likesIn case you are wondering: No comment here can mention the virus by name because YT removes these comments. :)
0 likesHello
0 likesMOSSAD
0 likesmeow
0 likes3rd comment
1 likeNah
0 likesForget about cyber warfare, censorship is cyber genocide.
1 likeHmm
0 likesWanna ask why Iranian nuclear facility have Siemens made equipment inside???
0 likes41st (about) comment
0 likes80th!!!!
0 likesk.
0 likesWendover seemingly has a pro-Iran position based on how this is all presented and the key elements he leaves out/chooses to include as part of the video. Noted for the future, thanks for clarifying your apparent bias.
0 likesIran not having the technology to build nuclear bombs is a good thing, and despite their claims, evidence across the board implies their "nuclear program" is not restricted to nuclear power alone.
Replies (2)
yeah man this is totally sponsored by Iron you found it out
0 likesNo one should have nuclear bombs, but no one who has nuclear bombs, like the US or Israel, has the right to tell anyone else that they can't
0 likesFirst
0 likesMy Guess about the whole Iranian and North Korean Hacker attacks is that they are not really Iranian, or North Korean, but in fact hackers from everywhere in the world, taking control of computers in Iran and North Korea, and staging their attacks from there. If the infrastructure in Iran is weak so that viruses spread fast, it means a hacker can take control of many computers in there, and stage an attack to any facility everywhere else. This way IT experts will think it initiated from Iran, and not look for hackers elsewhere.
0 likesfirst
0 likesFirst
1 likeFirst
0 likesif closed source software dident exist, then exploits would not exist either
0 likesThat was Israel! Damn Jews lol
0 likesSuggestion for your next video: "How CIA propaganda actually works."
1 likeW
0 likes1234
0 likesFirst to comment
0 likesReplies (1)
.....then watch later
0 likesUS and Israel, lel
0 likesImplying implications
great content - but its not eye - ran.... more like ear - ron
0 likesReplies (2)
Today you learned about dialects. Congrats!
1 like@Fox Mulder nah bro - step up
0 likesthis was boring
0 likes22:44 Nonton YouTube 22:45 Wendover Cyber Warfare tapi gak jadi ditonton 22:46 History Scope Rise And Fall Of The Ottoman Empire 23:08 Kekamar Mandi 23:40 Kekamar Mandi 23:43 Music Scope Ceddin Dedden 23:46 Lanjut Wendover Cyber Warfare
0 likesI'm so fucking tired.
0 likesI didn't sign up for this shit. I hate fucking computers. And the Internet.
God, I'm so angry.
This was created for communication. For peace. Not to run everything. Not to ruin everything.
I hate this.
.
0 likesReplies (1)
congratulations mate. You are first. Here is your medal! 🏅
0 likesToe the US line, or you too could become "history of human rights abuses."
2 likesyay!
0 likesYou did not touch at all on why Stuxnet was so devastating and easy to propagate. It was due to the CA certificate store that is in almost all computer devices , operating systems and such. These CA authorities are "trusted" by the hardware to vet vendors and software code though a trust process. Windows called with the WQL Driver Signing program. If an entity had signing authority they could digitally sign the malicious code and thereby skip the warnings normally given to the user.
0 likesThis have moved deep into the silicon (SoC) layer now with hardware root of trust, however the same system exists. There are hundreds of certificate authorities trusted by your devices by default and it's almost impossible to remove them manually.
Cyberwarfare and offense mostly stronger with China and Russia
0 likesWendover for the LOVE...OF GOD....PLEASE CHANGE....THE CADENCE...OF....YOUR SPEECH. Every single one of your videos sounds like this and it's so unnecessary.
0 likesMy man really pronounced "Siemens" "Semen". Well played, Sam.
0 likes... lets just completely gloss over what 0day means .. its not like theres 0day warez..... this is a rather limited video... good for 10 year olds and very uninformed
0 likes0:04 no it fucking didn't
0 likesit started some years ago i have no idea where. but i'm sorry, blaming everything on russia because it's in vogue right now, is... stupid.
My point: zero-days existed since ever. But they have become known as zero-days since the internet, since the code of programs has actually become known since the (zero-day) of their release.
Oh, and the code "doesn't want access" t anything. The code just gets access to anything that still has the vulnerability at the moment the code is ran on the computer having the vulnerability.
Replies (1)
Lmao. You think Belarus is in Russia.
2 likesfirst
2 likesThis is a weirdly anti-democracy video. Iran is not a country you should be framing as an innocent victim.
1 like