Just How Bad Can One Click Really Be?
ฝัง
- เผยแพร่เมื่อ 2 มิ.ย. 2024
- People have expressed doubt, even called me a liar, over my mentions of single-click malicious attacks in past videos, so allow me to talk about two factual real world examples that I experienced firsthand.
0:00 Intro
0:16 Why I'm making this
0:37 Facts, Inference, Speculation
0:44 Example 1
4:05 Example 2
6:20 But that's not Malware!
7:04 But those are patched now!
7:40 But this is rare!
7:59 Summary - แนวปฏิบัติและการใช้ชีวิต
*Afterthoughts & Addenda*
Just in case there's any doubt about the distinction between my labels:
*Fact:* = evidence that was directly observed or other detail that is known to be true
*Inference* = probable explanation, hopefully the _most_ probable, based on observed facts and outcomes
*Speculation* = 'maybe' - no guarantees here
*Still in doubt* about the idea that security vulnerabilities exist? Take a look here and see if you can discern any kind of a pattern: www.cvedetails.com/vulnerabilities-by-types.php
If you're worried about clicking my link (I mean, I did warn you about links) just perform your own web search for 'list of known security vulnerabilities'
I've been told by a disembodied radioactive shrimp that I shouldn't click random links on the internet. Better safe than sorry!
Yep, afraid it's likely not in my interest to click the link. Can we be sure it was you who posted it 😉
I really do respect the reply videos you make to comments that call you out like that. You make a clear, detailed response with evidence and examples to prove your points, you even elaborate when the other party's points are correct and specify further (such as these attacks being uncommon, but commonality not being the core point, rather it being the severity such attacks have).
Would have been simpler to ignore them, but it wouldn't have solved anything, in these responses you prove your points and they can actually learn where they went wrong- which could be a very big saviour in the future.
Edit: you suuuuure we can click on that link? :)
No way i'm clicking this link. It's too big for being just a coincidence x)
I feel it's wrong that you felt the need to create this video. If everyone simply took a moment while watching your content to actually LISTEN to what you were very politely explaining, Then this wouldn't have been a necessity. I hope you don't let the negative Nancy's in the world discourage you.
I love your content, from the funny shorts to weird stuff in a can. I look forward to seeing more.
Plot twist: You get to the end of the vid and Mike says, “And finally, since you clicked on this video, here’s the virus attached to it”
Tbh, I'd not be surprised if it would happen at some point.
*And here are the nuclear launch codes just in case you have some malicious intent*
Who's Mike? I only know Mr. Barrister John Warosa
@@fajdek7032 there’s nothing like this soul called Barrister John Warosa
@@fajdek7032 dont you mean mr Barrosa?
‘Can one click really be that bad?’
Rickroll link: yes, yes it can
b o t
@@prestonakhe's not a bot lol
@@a_unusual_enthusiast_of_bass maybe a bot replied but was then reported
@@josh_final oh, youre right.
Rickroll isn’t funny
I think, personally, the reason they called you a liar was because these attacks are relatively rare, there isn't enough exposure to have left some kind of impression on these users of any significance. As such, people tend to ignore, forget or even suppress the thoughts that something they use daily could be inherently dangerous.
It also doesn't help that there is a taboo on talking about these things in general; People who got hacked are ashamed and people make "fun" of them or "mock" them for being so gullible as to click such a link. But without talking about it, exposing these scams/hacks, it's impossible to teach people about it.
So I applaude you for breaking the taboos and exposing these scams and hacks for what they are.
I think another thing to take into account is that, generally speaking, the average person wouldn't be the target of the more advanced scams that take advantage of exploits.
If a scammer has knowledge of an unpatched exploit allowing them to say, steal your bank account information or other personal details in a single click, they aren't likely to be using that information for TH-cam spam comments. After all, why would they bother when it would there's a chance of zero payout before that's inevitably patched by software vendors. They're much more likely to be targeting individuals or businesses they know have the cash to make it worthwhile.
It's the same reason why those hacker scambots are content to haggle and settle for something like a hundred bucks, they weren't exactly expecting a huge payout from the offset.
Kinda tired of hearing “stop spreading misinformation” from people on the internet who don’t know what they’re talking about. As always, thank you for the extremely well-thought-out explanation.
That just makes me think the ones saying "stop spreading misinformation" are actually trying to spread misinformation themselves. Just like the ones calling Atomic Shrimp a liar are probably scammers who don't want their dishonest line of income compromised.
YEP, well said. It's always those who know the least who say the loudest, dumbest sh*t. This is true on both social media AND in real life, I've found.
Agreed. Seeing the screenshot of someone saying that this is "irresponsible" is especially stupid.
He's telling people to be careful, to think for themselves and not to overextend trust. That is the opposite of being irresponsible.
I love your fact-o-meter. There are a lot of channels that could do with this level of open honesty!
It's the only thing I understood on the whole video !
I think the fact-o-meter would be a welcome addition on the TV news or when our politicians speak
Fact, Inference, Speculation, Opinion, Misinformation, Disinformation, Scam.
@@YoNormski Fact, Inference, Speculation, Opinion, Misinformation, Disinformation, Scam.
@@YoNormski Nah, they have no integrity these days so they'd outright just say something is true when it's not and only if literally everyone points it out, they can blame their "editors acting independently" who then get "fired" (Shuffled within the company) and people will forgive and forget over and over and over again until nobody bats an eye about lies being told as truths.
Kinda like how some people are already. We all *know* at least one person already like this. Sorry, I love the idea too but it doesn't really seem like it'd be at all possible, even for big publications and *very* risky for small ones except for literally Snopes. (Who have already been caught lying red handed a few times, despite normally being pretty straightforward.) Because Snopes is already in the forgiven and forgotten list for so many people.
Can we make that “fact, inference, speculation” meter standard on all TH-cam videos? Or better yet, maybe the entire world?
In politics as well?
Okay, so, well then, what's beyond speculation? 😀
@@thany3 Lie.
People don’t like facts
@@roblinnbailey2359 People love facts. They just believe the wrong things are facts.
Especially in policits for every news outlet, article, even independent journalists
I spent 20 years as a software engineer and had to deal with people on an almost daily basis who thought my obsession with security was unfounded. Usually they would suggest that as a consultant I was trying to screw as much money from them as I could and was therefore over-blowing their security flaws. Several times I walked away from a contract and told them to call me when it all fell apart, which it _always_ did. At that point they were told that yes, I can fix this, but now my fees have gone up.
Good video, as always.
my dad thinks I'm crazy when I try to warn him about these things. Granted, I'm fairly inexperienced so I could be overreacting for that reason, but what is the threshold of "too much caution"?
@@Twisted_Code there is no threshold is you care about your privacy or, especially, your money.
People only care when they lose everything
I remember my CS professor spending a week on security issues, this wasn't part of the curriculum, he just couldn't help himself and we all were glad because of it
@@PoptartParasol Funny story, about 3 days before you posted that reply, I got into a polite but strongly-adversarial argument with someone about the possibility that the developers of Discord could've made a mistake.
We were arguing about the probability of a vulnerability slipping and exploit being created with regard to the group-invite-join request workflow of the app to allow jacking someone's token.
Although I was trying to argue that it wasn't worth taking the chance of clicking a link, even citing this video (which they apparently had already watched)... they seemed to think otherwise. Even going so far as to bet (or at least offer to bet) $200 against getting one's account (or at least session) hijacked in this way.
The only thing I could agree with them on is that I worded my original cautionary "don't click this" badly, describing what I assumed the link would do rather than focusing on how suspicious it was in the first place. But really, I'm not sure if it even matters as much as they were trying to say.
I lost my channel for three months last year after clicking on a single link.
The person managed to somehow clone my google session, bypassing password requirements, 2FA and region locks.
So please be careful what you click on!
Do you still have the link? Escalate the situation, this is a major problem!
@@see_yl it was a common thing that happened to many people, it steals all your cookies thus bypassing any need for a password, pretty much cloning your chrome
@@eresoup7229 I guess some day 0 thing that got patched then?
@@eresoup7229 what kind of link would it look like? i'm a very gullible person so i'd like to know
@@The_Jazziest_Coffee no clue
as a retired IT engineer with 38 years experience, i agree with you. it's a constant close race between the complexity of the system, the imagination of the hackers and the lackluster security measures of the user
i have and am still in the IT space..I started in the late 1970's with main frames moved to PC hardware then to software and software development including working as a DBA (my favorite part of the industry)
about 20 years ago i was on a contract to a Financial Institution (i.e. a bank) that is where cyber security will wear you down ..every single day ,hour , minute,second there is someone somewhere in the world trying to break into the bank..that training has made me hyper careful of links programs etc..
My favorite "black hat" method that was very creative was about 15 years ago someone got into the parking lot of a US government installation ..they scattered over 100 USB drives all over the place..invariably an employee would pick one of these drives up and think hmmm i wonder what is on this drive and plug it into a secure computer..and we are off to the races ...it took months to get ahead of this scouring every part of the property for USB drives laying on the ground..I have to give the bad guys credit for simple ingenuity though...
@@MickeyMousePark agreed. some of them are as clever as they are diabolical. i remember whan i first started, the place was at hada mini mainframe. it filled the room. it had punch cards, paper reel tape and you programmed it using toggles switches to make binary op-codes. no keyboard in site :)
Yup! No system, no defense, no *thing* is perfect, and an attacker only has to find that one flaw serious enough to get through!
If you build a better mousetrap, they will build a better mouse.
Damn you guys are old timers, Im 6 years into Cyber Security now.
I'd like to add, while "it has been patched" might be true, it does not mean that the user clicking the link has the patch/update to their system/tools/plugins/etc.
Yes, even after WannaCry was patched, that doesn't mean everyone instantly downloaded the update, in fact from what I recall the patch had been issued at least a month in advance but as we know, it was still incredibly effective and spread like wildfire because many systems hadn't been updated in over a month.
Very good point. There are so many people out there who fight change to the extent they're still using Windows XP, or if they are on a more modern version, they've fought tooth and nail to disable updates. Change is painful for sure, but the outcome of resisting change hurts more, and suddenly
@@AtomicShrimp well some just rather take the basically inexistent risk of getting infected by malware when using pc safely rather than a much larger chance of some messed up windows update messing up the computer or something. Which probably wouldn't stop something malicious anyways...
@@user-wq9mw2xz3j as long as you accept the risk, which is larger than you give credit for, sure. I've never had a windows update ruin anything major for me.
@@user-wq9mw2xz3j I disagree with your assessment of probability here. Sure, I've seen windows updates break things before, but it's a drop in the ocean compared to the threat of malware and exploits. Also, recovery from a borked Windows update is typically orders of magnitude less painful than recovery from a breach
As a cyber security student I can vouch for the fact that clicking link can give attackers access to a victim's machine. I have performed such attacks in a lab environment where if the link was accessed with an older version of Firefox, I would be given reverse shell access to the victim's machine. Yes, this vulnerability was patched out a few years ago, but as stated in the video, new vulnerabilities are found every day. And of course, there are always zero day exploits which can exist for years before being uncovered.
I love the Fact-Inference-Speculation gauge, I'd like more channels to do that. Obviously someone can lie, but it seems useful for having a better informed and (hopefully) more critical audience.
Can you imagine being the kind of person to accuse someone of being a liar, scammer, or other charlatan for the unforgivable crime of warning you to be somewhat careful on the internet?
I can imagine being a person benefitting from people being less careful online, like a scammer.
They are almost always trolls, bots, troll-bots, or the guilty.
The people calling him a liar are most likely young people who think they know everything about computers then their computer gets a virus.
@@Geek-x Yep, you’re absolutely right. With youth, usually comes arrogance and a false sense of importance - a recipe for humble pie.
it's only ignorance.
it's not outright hate or scam
Everyone claiming that one click can't do any harm clearly hasn't done much research lol. A few years ago there was a scam going around Facebook that worked a lot like the first example- someone would message you something over messenger, and if you clicked it it would log in to your account- even if you didn't interact with the page at all.
Also lmao at the comment accusing Shrimp of being "irresponsible" by telling people this- even if he wasn't right, is encouraging safety and skepticism irresponsible??
The irresponsible ones are the people saying that there is no risk of that
Just another way of shaming others for making people less careless than they are.
Advice shrimp puts out can literally save someone's life
And also accusing him of being "dumb", as if they were born hackers and could ever actually prove him wrong. Pathetic 🙄
I can confirm one click could cause this, because that virus affected my own mother, and she only learned about it 10 or so minutes after the click. At that point, she noticed it because her friends were sending her the link.
The Discord application alone has had frequent examples of this, it has gotten to the point where people claiming this can't happen are the ones spreading misinformation. Classic dunning-kruger, people that probably have very little IT/computer training that don't know enough about the internal mechanisms of these systems thinking that someone that has proven experience in managing and handling suspicious links is incorrect. Even that example, from the Computer Science student having perfectly respectable second thoughts, that person was just that- a student. Students are NOT experts, they are training to be experts.
As someone training in IT, I believed link-clicking exploits were possible since the day I heard about them from this channel.
There's hardly a feeling worse than being called a liar, frustration is understandable. Even if you were a liar, all that would happen if we believed you is we'd be more careful. You wouldn't gain in any way from lying about the dangers of links in emails. You're not selling an anti-malware software, you're giving people the advice they need to prevent themselves from getting into a situation where such expensive software is necessary!
Arguments from the stupid people: "He's doing it for the views/attention"
@@MasterQuestMaster Counter-argument: "This is youtube after all, isn't everyone on this platform, at base level?"
@@Kyusoath Done. I've found several.
What now?
Well said. The (sad) sacks calling Shrimp a liar are either ignorant about the reality/not very bright/talking out of their backsides -or- and really much worse, purposely downplaying and trying to minimize the issue because they themselves are scammers or hackers... or much more than likely simple script kiddies. But I digress lol
@@paynekiller75 One thing is for sure... they're definitely small boys
Superb, Shrimp.
Some info for users of IT at every level there.
You've a rare knack for explaining things simply without being patronising. If you could somehow explain to others how to do THAT, the world would soon be in much better shape.
I always appreciate your well-mannered and measured responses to these sorts of things. You show a genuine interest in educating people which I find very admirable. Good stuff, Mr. Mike c:
It's awesome how he gets better and better at it each time. His inclusion of the "fact/inference/speculation" meter in this one, for example
I agree! This is clearly someone deserving of my sub. I will recommend this guy’s channel to some of the less tech savvy bosses I have to explain these kinds of things to regularly.
Something something righteous Indignation something.
You should smd
@@gotengsk9010 Lmao
The people who claimed this is now a non-issue not only put themselves at risk, but put others at risk as well.
Hackers, scammers, and malicious software developers are in a constant arms race against security measures. Blind faith in your system's security is like pointing a gun at your head, assuming it's not loaded without actually checking. Safety requires caution (and you don't even have to be obsessive or paranoid about it... Just don't click stuff you don't fully know about).
For every fix, there are two new exploits. The very existence of an exploit is defined by a collection of circumstances, leverages, and systems that the developers of the system did not or could not anticipate. Making any assumption that an exploit cannot happen because you, or people you know, have not seen it yet flies in the face of what an exploit is. There is a difference between being prepared for everything, and believing that one scam Email telling you to pay bitcoin because their "keylogger" magically stole video from your webcam. Keeping an open mind is not being gullible, yet so many people seem to think it is...
"If I haven't personally seen it, it doesn't exist."
This is why I have both preventative measures and emergency recovery systems in place.
Seriously, whoever that CS graduate is needs to have their degree revoked by their institution. But more likely they are an edgy highschool student who knows how to install minecraft mods therefore they are clearly a computer person.
@@Starguardianbard I bet he's the kind of person who, when he ends up getting phished himself, won't admit it because of shame
You're ability to explain potentially dry subjects in an engaging way is incredibly impressive
I really wish people got an actual education on IT security in school. Computers are _such_ an integral part of society these days and it's really scary how little most people understand of these machines.
Anyway... I told Thunderbird not to render HTML e-mail which makes all marketing e-mails ugly as sin (not actually a bad thing :P) but also means I will always be shown whatever link something is.
Oh and a NoScript plugin is your friend :D
Infosec isnt even part of the core for most colleges and often gets swept under the rug. It wasn't until I hit my masters did it even come up. That was many many years of tech schooling. Most of the common world has very little knowledge of sec or just doesnt care.
the biggest thing anyone, including and especially IT professionals, should know about computer security, is that there are ALWAYS threats you do not know about because they are new, unpatched (plenty of people put off updates!), or exist in software that you cannot control (such as a background service on your computer or within a browser).
you do not have control over everything within your computing environment, but you CAN control your own actions, such as treating unexpected or unusual links with skepticism, and simply not clicking them. that is the key takeaway from "just don't click" advice - it doesn't matter whether there is an active, visible threat that we know about right now, just that there COULD be, and the consequences of clicking on something malicious are much higher than the cost of avoiding clicking them.
thank you for advocating good security practice on your channel - it's something many people take for granted!
Yes. There are, time and again, security updates for every OS imaginable, desperately trying to fix loopholes that have existed for years. Every time I hear of a big tech company having a data leak or breach of security, said breach has happened MONTHS ago, with users‘ data sitting unencrypted for everyone to see. And no consequences.
Agreed. Like everything, it's all about exercising this awareness until it becomes practice. The only downside to making distrust a habit is that this neuroticism becomes a way of life. Everything has its time and place, though.
Exactly, if you think you're safe then you've just let your guard down.
Even updating your apps frequently won't keep you safe. There is just as much of a chance of the new updating creating a loophole or exploit that wasn't present in older updates.
I put off my updates too, but I know updating constantly does not automatically equal being protected
correction:
on most systems you do not have control over everything within your computing envrionment
linux systems 100% can be controlled however you wish(and are also more secure due to rolling releases and less malware being made for them)
I really can't imagine anyone with any basic cybersec knowledge/training saying one click cant hurt you. I would say ignore the youtube trolls, but in this case they seemed to have inspired a great video you might have not otherwise made. It would be great to have more cybersec videos in the future! Love how diverse your content is
Usually, they're narrowing the scope too much (and thinking 'but Windows always prompts for admin privilege' - which is true, mostly, but ignoring all the other ways things can happen)
@@AtomicShrimp But, not always, the programs that need to run in admim for the OS to work are running with admin without asking, now it's possible for another program to link into one of those programs in some way
@@justinvanderwiel2271 indeed. Basically: persuade, cajole or trick a grownup into doing it for you
@@AtomicShrimp Yeah, social engineering.
People don't expect XSS/CSRF issues on the big products they use. Since the same companies nag everybody to implement protections against much more than just those, and generally push tons of complexity as if they have all bases covered.
"I shouldn't have to ask the general public to stop doing ."
Ah, if only the general public worked that way. We can dream, can't we?
0:25
The former is how people used to talk to people before the internet / early internet.
The latter is how most people online act now, with the internet making them far too comfortable being rude and obtuse.
It is impossible that anyone who disagrees with you is just simply mistaken, or that perhaps they are right and you are wrong. In their mind, anyone who disagrees is either a complete idiot, or deliberately misleading people. Which is absurd when you think about it lol.
I'm glad you called this behavior out. It really isn't okay.
i feel like people underestimate the imagination of bad actors. also i can't fathom calling you a liar (even IF i believed you were mistaken) because what do you get out of it? you dont present your channel in a flashy or clickbaity manner, the videos always hold up to the promise of the title. you arent selling services, or even endorsing any particular anti-malware services. just advocating for a bit of caution in ones day to day interaction. thanks for what you do, not only with your scam baiting but the variety content as well.
Exactly. Accusers don’t think things through: what on Earth is gained from lying? 🤷♂️ In reality, it’s the think-they-know-it-alls who like to be contrarian as it gives them the attention that their narcissistic personality disorders crave.
Call me a conspiracy theorist but maybe the people accusing him of lying are the sort who do these kinds of things =)
Some people just like to cause drama/scare people/cause chaos, there doesn't have to be personal gain involved.
Though how someone could think that of Shrimp I have no idea.
The scammers get maybe one or two of us to not believe him and get scammed.
@@DrPonner I feel like you're reaching just a little. Mainly, these people are fellows of average intelligence who are too immature to accept that anyone might know better then they do, so they accuse the wiser man of lying.
You know... I didn't realize you had domain administration experience. Now, seeing this, I realize why I enjoy your channel so much. ^_^
Thanks for all your hard work communicating these important issues!
I'm not highly skilled in any particular technical discipline. I was in charge of people I trusted to do those things for me. I have approximately enough technical knowledge to understand what they were telling me, and contribute theoretically to the plans, relying on the trained experts to do the hands on
@@AtomicShrimp well you definitely fooled me into thinking you were a professional🤝
Ta
@@AtomicShrimp I want to be like you when i grow up
@@landonlewis5918 Managers can be professional too. That’s actually a sign of a good manager - _knowing what to delegate to who._
It's important to keep in mind that there is no such thing as a "perfect" antivirus: there is a considerable overlap between functions that a program working as the user intends will use and functions that malicious software may exploit to bother or take advantage of the user. Think how pop-ups, saving data, managing files, fullscreen, uninstallation, getting data from the internet, even using memory, writing data, or just displaying colors on the screen can all disrupt normal computer usage if done maliciously. Consider that those examples are only surface-level features and a trojan may be able to bypass permissions. The only way to truly ensure that any person will never get a computer virus is to have them never start their computer to begin with.
This is a great video honestly; not just information-wise but also in the sense that you go well out of your way to fully explain the proportions of the problem and to fully clarify the intention behind each of your statements. Doing so honestly helps make the message of the video a lot clearer and helps avoid any possible confusion.
I've worked in two places (a former and current job) where I've come across this remittance scam. On one of those occasions, several people ended up affected and had to be locked out of their machines to have the issue sorted. This costed the company more than someone might think.
Great video, I'm always glad you make these and I make a point of sharing them with relatives and friends. Your videos are simple but not condescending, and you give people *actionable advice* as well as educating them 👍. Thank you.
It's also possible that with a single click, someone has invoked something that's ending in a java extension, and if you've got java installed, you might be able to execute it quite easily
@@waqasahmed939 given how my previous workplace's computers would forever badger people to install java and how IT gave admin permissions to several people who definitely shouldn't have had admin permissions, that is certainly a possibility 😂
@@jakerockznoodles I mean it's even needed for the likes of Cisco ASDM
I've been banned from using the cli on those given nobody else knows how to use it and therefore nobody else truly knows if my changes are correct, when they go for approval lol
In the business I work at, 40 users recently lost connection for 20 minutes and it cost the business £350 in revenue alone, that doesn't sound much but imagine if an entire 2,000 staff were bought down for a whole day
I love how a weeks after this video the log4j vulnerability was discovered, and it actually can compromise your computer. You don't even need to click.
You know what's really great? I had my audio configured incorrectly, and so I thought this was just a really weird channel without audio.. And I still got a really good infodump just from the information displayed on the screen. Well done.
Perhaps the ones commenting 'malicious links pose us no threat', are the ones sending the malicious links. You're bad for business, Mike!
As an additional point to the final one, the very fact that attacks of these sorts are uncommon makes them individually more dangerous.
I really like the layout of this video and as a security professional I think all your points are very accurate, well done.
(Also I really like the use of labeling what you know to be fact and what your assuming, that's really important in this type of dialog)
And I thought that you were going to completely obliterate my childhood, innocence and sanity to prove a point, instead you made a video about online security. Very kind of you
The real malware is the brains of people who push their rude, vulgar, lying comments onto this great and thoughtful channel. Don't let them infect your mind like some evil prion.
The only reason you'd ever be afraid of criticism is if you ARE a liar etc.
It also prompted him to give actual examples to explain his logic which can never be a bad thing if someone doesn't believe you. Especially since this is an important thing for people to know.
If he didn't get defensive about it you shouldn't either. Grow up.
@@TessaBain I think you confuse "criticism" with misinformation.
"It's fine, click whatever links you want, this guy doesn't know what he's talking about."
Someone following that advice would be at risk of having their computer compromised. Telling someone you disagree is fine, but you need to be able to provide evidence, and you need to research to see if what you're saying is actually correct. So no it's not a matter of being afraid of "criticism." It's a matter of being afraid of false rumors and misinformation that could have a variety of terrible real life consequences. And it's not being "defensive" to make the claim that people who do zero research, make baseless assertions, and provide nothing more than ad hominems/personal attacks, are probably not very morally correct. I can't believe I actually had to explain all this. Disagree with me if you want, but I think we can both agree that's it's not unreasonable to be upset with people who actively hurt others out of laziness
@@TessaBain Watch the video and stop being butthurt.
@@TessaBain At this point if you keep calling him a liar you're probably a scammer trying to sew disinformation.
@@odometric5946 Lol. Aren't you perhaps overreaching a bit?
We have a word in danish that I love. "Skråsikker" which could be directly translated to "oblique certainty" which is used when someone tries to present something he/she knows nothing about as fact. Perfect for the YT comment section (and everything else really)
Perfect. Thank you
What a wonderful word! Very poignant on TH-cam and many other platforms right now.
Me improv-ing my way through a presentation in school
I'm not quite sure what you mean by 'oblique' there. I mean, it sounds right, but the meaning escapes me.
A quick and lazy search suggests 'cocksure' may be another translation.
@@tams805 oblique was the closest direct translation of "skrå" I could think of. Edited the original comment for clarity.
lol 'cocksure' is also a good word I've never seen before and very close to it. TIL
I agree. One time I clicked on the wrong video on a certain site, and now I'm scarred forever. One click can change lives.
Thank you for such a clear explanation of CSRF attacks and the extremely lucid breakdown of a real security incident. I also really liked the fact/inference/speculation dial and may use this myself in future communication. 👍
“Clicking a single link can’t do anything bad.”
I just felt thousands of IASOs cry out in horror and were suddenly silenced.
I’d love to see your take on the new “bots”, at least from the perspective of how YT can cancel these channels!
I've always loved your videos, I've been watching you for a while and it feels so surreal. Cant explain it but your videos make me happy and it's a very nice corner of the internet I've found. Thanks for making these videos, and thanks for spreading helpful information!
I like the fact-o-meter, but I was really liking the green circles at the very beginning. I recommend you re-use them in the future and use other shapes+colors for the inference (maybe Δ or a right tack) and speculation (maybe a "?") categories, it'd make it easier to follow :)
I love that you always correct people in a very respectful and logical manner. Thank you for the informative video. Even if you've never seen something like this before, it's always better to be safe than sorry. Scammers are always coming up with new, unheard of ways to trick people. If they can do it, they probably will.
not an if. They can and they will. :>
This is why it's always important to keep your correspondence on the internet well glarded.
that "true/inference/speculation" meter was a great addition and honestly every channel of the argumentative type should have it, it would be a great tool to learn how to argue and present ideas
Thanks for clearing this up! I love the little meter in the corner and if it isn't too difficult, maybe adding it in the future would avoid mistakes such as these!
Well, you've scared me again... thank you for reminding me to be vigilant when using my computer. (Thoughtfully mistrustful is the way I think about it). Also, this seems very timely as people will probably be holiday shopping on line and will need to really pay attention to "updates" on their orders. Thank you for helping us all be a bit safer.
Way back in the day, I remember clicking a link on an ill fated day, which promptly spammed all of my Skype contacts with a spam advertising link for some questionable medical products. Thankfully, the embarrassment was the worse part of this particular incident.
One click can, indeed, do a lot. Always be careful were ya click.
Skype….*sigh* thems were the days
I remember this being a big thing on TH-cam for a whiiiiile, often with "smaller" creators (like 100k>). They would come in the form of emails offering ad deals and it was difficult for creators to discern the difference between legit offers and scams if they weren't familiar with the company. Mainly because even the big ones like RAID shadow legends could actually look like scam emails because of broken english, poor punctuation, etc.
Great video btw!
that fact, inference, speculation meter... Oh man! how much do I wish EVERY video had that :P Every video that talks about things should have a meter just like yours :P
LiveOverflow had a video on pretty much this "Can Hackers Get Into Every Device?" and I think your video is an excellent complement to it:
Basically:
Just because something isn't common _to you_ doesn't mean you shouldn't worry about it, but how much you worry should be in proportion to how common and how serious the problem is.
The common cold is common, and not very dangerous, so we take mild precautions. Getting injured on a plane is a very uncommon occurrence, but can be devastating, so you still wear a seat belt when flying.
Second comment at 0:04, he made it out to be way more common than it is, although I did say people should still be wary (yeah I spelled it wrong).
People who say "I work in x field/have a diploma in Y and this security threat can't happen" should be laughed at imo. Elevating your supposed "experience" vs actual real world scenarios is a disaster ready to happen.
When i see/hear this, i always ask: "Ok, how can you back this statement? It's a really bold one!".
If they say "Google it". They probably don't know enough to back it up. If they actually show something, either they know quite enough to talk about or overlooked (sorry about that! english is not my native language D:) something we could point it out, and their knowledge, possibly, increase.
Graduation alone isn't enough to brag about expertise at something!
The fact, inference, speculation dial is genius enough to earn my sub. Great video!
thank you for all the solid educational content you've put out over the years
you've taught me and many others who think of ourselves as reasonably security savvy so much valuable info and advice
keep doing what you do and ignore those rude comments!
its always the same, isnt it? Someone pointing to a possible danger and others react with anger and ignorance instead of acknowledgement.
Natural disasters are quite uncommon too, yet people insure their property against it.
Plot twist: the people telling you to stop are the same people that do these kinds of malicious attacks
I work for a mortgage servicing company and this type of thing is actually very common. We deal w phishing links and fake texts/emails from the “CEO” when its really a hacker trying to get you to send acct info and such.
This video is brilliant. I love your logic, and all your rebuttals to arguments in the end help solidify your argument that yes, you should be weary of clicking links.
For those reading, here’s some tips:
Examine the link
Understand who it’s from
Understand the context of why it was sent (if someone sends you a link that redirects you unprompted, that could be a compromised account)
And if you’re ever unsure or distrustful, DONT CLICK! And ask to have your concerns addressed.
that being said, most links are normal and harmless, don’t be annoying and prod everyone for every gif or TH-cam video they send you pls
Having run a computer repair business for the best part of 20 years, I'd say the most common attack is the phone call telling someone there's an issue with their computer, taking control and emptying their bank account. I've seen it so many times. I've also seen my fair share of these kinds of attacks and the information in this video is spot on 👌
Social hacking is still the way to go. Make your target give up the information voluntarily, and they will never suspect foul play.
@@MrLTiger Social Hacking gets you into ANY database. Be it asking someone online about their life (birthdays, school, favorite color = password hints and security questions), or pretending to be head of a big corporation and talking the finances department into transferring several million USD overseas. Social Hacking requires eloquence and skill, something the tech support scams can‘t (and don‘t need to) pull off.
I've been a viewer since the days of only a few hundred subscribers. Seeing you grow to this number makes me glad I've tagged along. Please keep this up, you've helped me maintain my skeptisicm in a lot of the scenarios where I had the need to click. Truly does help to keep all your knowledge just up here in the good ol' noggin.
On the bright side, thx to those idiots who say cliking in a stray link is not harmful, you are able to generate more usefull youtube content thx to them.
Keep up the good work
As a Sysadmin, the opening statement had me in stitches, 1 click can definitely ruin your day/enterprise/year/life etc.
great stuff. And thank you for the widely applicable attitude of "I respond to hostility with righteous indignation". It serves me well. Please keep on with your videos.
I work for a broadband provider and often get customers asking me if their 'router' is 100% secure and safe, or if their connection is 100% safe, and all I can say is that it is sufficiently safe, probably, if used properly.
I've actually had people ask for a manager because I refused to give them a guarantee of online safety, and one person scream and shout at me.
Some people don't want to accept that we live in an imperfect world. Just like no lock is unpickable, no connection is unhackable.
I really enjoyed this video because it was well informed and educational. I think a lot of people watching this channel (myself included) had not realized that you work in IT.
I really like your fact/inference/speculation meter, this is a very effective way of qualifying information
It made me realise how quickly I switch back and forth between facts and inferences - of course it's always evident to me what kind of thing I am saying, but perhaps not always obvious to the listener
Thanks for another clear and concise video. Love the meter. It’s something people consider more often.
I remember way back at least 20 years ago there was a joke email going around that had an attachment called “coffee cup holder”. When you clicked it, it would eject the CD tray of the computer. It was quite funny, and thankfully not malicious, but I still use it as a reminder that any link I clink might do something unexpected so if I am not sure about the link (or attachment), I just don’t click.
Whoever said you were a liar deserves to click a link that does some weird exploit on their browser and executes a really nasty trojan. It has happened to me, but I wasn't aware of it. The browser kinda hanged, but after a minute I got an .exe on my "Startup" folder. I think this came from those stupid ads that popped a new window and you got like 30 redirections on them.
The Fact, Inference, Speculation graphic is really useful and I'd love to see it in other videos or articles
"I really would just be grateful if people would stop calling me a liar for telling the truth"
I feel ya bud
haters gunna hate. You do an amazing Job!! If i can cancel out only one person calling you a liar i hope i can tell you, we know you are on point bro! Always!
I truly appreciate how humble and thorough you are with endeavoring to present the facts to your audience.
I once clicked on a malicious ad of a play button in the middle and the thumbnail of a rickroll, and it redirected me to a blank page with the url that looked like an IP address. I closed the tab immediately, panicked. About five minutes later, my computer froze. It turned it on and off again twice, and the third time I turned it on, it bluescreened. THIS WAS THE FIRST BLUESCREEN MY COMPUTER EVER HAD. I took it to a PC repair shop, and they said the harddrive was broken. The computer was screwed. I can never use it again.
I am commenting this mid video, but I had to acknowledge how good the infographic in the bottom left giving real time fact or speculation is to me a learning viewer. I love it.
The moment I realized what simple links are capable of, was when I learned that you can get your ps4 to run c code and boot into Linux through a Website using the built-in browser.
Clearly Sony didn't *want* you to turn your console into a Linux PC, but here we are nonetheless.
Pog Linux console
Linuxbox 360
All politicians and newscasters should have Fact-Inference-Speculation meters on their foreheads.
Thanks for posting this! I actually had no idea one-click pages could cause that much of a problem. I've, uh, definitely clicked phishing links before out of curiosity thinking that nothing could happen if I didn't download or interact with anything. Whoops. 😳 Thanks for spreading the word in an easy to understand way.
Thank you. I believe you because you know your stuff and present it honestly and effectively. Keep up the good work and cheers from Canada.
I remember an incident with such a mail interruption thing once. Horrible, it bombarded so many firms at once and didn't stop for days. People were so confused.
I want an edited version of this to send to my users. Less youtube specifics, less techno jargon (Though I enjoyed it and appropriate for this audiance), and just slightly more condensed.
Loved this!
I mean i can use a computer to an extent, but the complex things you discuss i wouldnt know where to start, However, you do, in every video,manage to make me feel like i understood what happened. Thank you so much for all the thing's you do to HELP people. and would like to donate to your page as soon as my glarded funds have cleared.
Peace Mr. Shrimp.
the fact-inference-speculation meter is absolutely brilliant! loved it!
Just today I had to do some online security training for my company, mandatory for all staff, so at least companies are taking this seriously. I work for a law firm so obviously we deal with a lot of sensitive data and while I don't work in finance personally, obviously there's quite a lot of money floating around, so I imagine we'd be a worthwhile target for criminals.
Yeah, companies lose a lot of money from this sort of stuff. We have yearly training on it where I work.
If a single click can be that bad, then just double click on malicious links. You're welcome.
Genius
@@AtomicShrimp People tell me all the time, that I'm good at logic things... Oh, wait... Eeee... No. My idea didn't work. How do I remove all those boner pill ads from my computer? Nevermind, I'll just buy some. I'm sure, they will leave me alone after that.
Cool of you to spread awareness. It is good to get a reminder every now and then even if you consider yourself cautious. I recently had a friends account hacked and then they had phishing links sent out to spread it. I didn't click the link because it said "free nitro" and i think that speaks for itself. But it also got me thinking how freely i click on links from friends. If any of them got compromized and i was not paying attention id probably fall for it. Especially if it was something less suspicious then "free". Like a youtube esq link
Software written by imperfect beings + hacking software written to exploit those imperfections = Your PC is a Colander and always will be.
Even if just 1 click doesn’t do anything it’s just good practice to not even take the risk which is good advice.The fact people would get upset and would flat out call you a liar over good advice baffles me. I wonder what brand of sand paper people are using these days to get their brains so smooth
Yeah, if nothing else, one click is one click closer to however many clicks *are* necessary. Don't take even one step toward the tiger.
My comment on your last video on this topic had the most likes/interaction I've ever had on TH-cam. *The comment was about the training we get, and how we are held accountable for clicking links that can compromise a large financial institution. Keep raising awareness... many peeps just don't get it.
Thank you for this video, I think it's a really excellent showcase of how to defend your argument showing exactly where your argument gets its' strength from and admitting where it has weaknesses (i.e where you draw on speculation to predict future events and give reasoned advice). The only thing that I felt was missing was that the examples used were all practical, real-world examples and didn't include a demonstrative theoretical example - It would've been really impressive to see you give an example of what exactly 1 click might initiate, so that we could have a deeper level understanding of how bad one click can really be. For example, if you pointed out how one click on a URL could lead you to a different URL entirely where the website then tries to run some kind of malicious code to achieve a particular outcome. I have a huge interest in IT security but only a surface level understanding of the particulars, knowing only some R and a tiny bit of HTML/CSS stuff, so I couldn't come up with a reasonable theoretical example to show. I do think it would've been cool to see what exactly some malicious website host could do if you were tunneled there through a misleading URL (or a URL with the text replaced if you didn't check it first).
Algorithm brought me here. I greatly appreciate the way you present the information with your own inferences and speculations as an addendum, not the focus.
The fact/inference/speculation meter is an understatedly cool addition to these sorts of videos.
It’s always good to remember that in the tech landscape, just as quickly as people will introduce more security measures, other people will find work arounds to them.
I'm glad I found this channel! Great info and advice
The last words of someone who got scammed by clicking a shady link just once:
"1 CLICK CANNOT GRANT FULL ACCESS TO A SCAMMER"
Even Jim Browning got tricked by a scammer to delete his channel. Me, who's been following baiters for years almost got scammed recently. It's all about timing and coincidence and it can happen to anyone.
I appreciate very much all the effort and time you put into educating your audience about online safety, especially because you take pains to explain that we are all vulnerable in the right (wrong) circumstances.
The Fact-O-Meter was a genius addition to combat the personal attacks, and also to clarify the information you’re communicating in a quick and easy way.
I love the fact and speculation meter. Never seen that before on another channel. Nice touch 👍