Video Sponsored by Ridge. Check them out here: ridge.com/shadows. Use my code “SHADOWS” for 10% off your order and for an entry to win a Hennessey Ford Bronco or $75K through September 30th! (US only)
Bro. Most people don't have $200 for a wallet. Most people are lucky to have $200 for groceries. I have a $20 wallet, and it has literally all the features of this thing, with none of the gimmick. I'm not dropping ten times that on a glorified money clip.
As an engineer working at one of the companies mentioned in this video. I can't tell you how important Red Team operations are to security awareness. Do them. Regularly.
As a person that only listens to podcasts about it, even I feel like thats super important. Gotta be one step ahead of the bad folks by pretending to be them, basically.
Sadly, some only see us as an expense, or act combatively. The ease of which you can go from SE to internal access will never fail to amuse, especially given how many companies just purchase EDR solutions and think it is a panacea while still running Server 2008 R2 lmao. 'that's out of scope' says the POC 'not to a real attacker' says the consultant 'I don't care' says the CISO paying the consultant's firm And the story goes on and on.
@@stink1382I am studying for my second grad degree, to jump from a detail member to CSO eventually, similar to CISO, and sometimes the CSO rules over CISO. I can say, I practice on TryHackMe, and HTB academy on the downtime. My plan, as long as it doesn't damage ongoing business operations, yes, it is in scope. Plant a flag, I don't want Red Team to stop at landing the reverse shell, I may even make a fake set of hidden target files with known names to extract to see if IDS is on point when IPS fails, also, I want to see if DFIR catches the flag. It will take time lad, tech illiterate boomers rule the place with their management degrees or "experience" of just showing up and creating near useless SAP (Security Administration Plans)s to impress the CFO, COO, and CEO, but some of us out there are looking to change it. Hacks should be realistic as possible, including social engineering, MGM is a great example of why social engineering red teaming also matters.
I wish someone would listen to me even saying "noobnoob" IS NOT GOOD PASSWORD where I work at.... Red team operations are indeed very important! but so many think of them as waste of money.
"Suggesting that ALLEGEDLY someone might have ALLEGEDLY known that sonething was ALLEGEDLY coming" 😂 I can see Simon definitely did study law before blowing up on youtube, ALLEGEDLY.
I believe that it was Ian Hislop, at Private Eye, who was the first to emphasise the use of ALLEGEDLY in any reference to a person who was well known (but not proven) as a 'dodgy geezer'
We managed to avoid being vulnerable by accident. Our SW administrator left the company not long after applying the update just before the hack and the person who inherited the responsibility was afraid to break things and thus just didn't install any updates for the next year.
Companies don't want to spend what it takes for good I.T. staff. Among executives and bigshots there's this feeling that "my nephew is a computer geek, we can get him for cheap. Why pay more?" And then, when the digital poo-poo hits the fan, said bigshots cash out, take their golden parachutes and leave their mess for someone else to clean up.
‘It’s hard to see how such oversights went unchecked…” Meanwhile: CEO’s line up to collect their bonus for cost cutting, their golden parachute, and to cast their inflated vote for bigger parachutes going forward.
Honestly you don’t really have too much to worry about on this unless you work for a giant company or government. The everyday person for the most part has nothing to really worry about.
Fun fact, of ALL the people I've helped make moves from any OS to a linux-based system, has gone from resentment and consternation about the automatic updating and the inconvenience of it, to a RELIGIOUS ZEALOT about manually opening the updater, checking for the latest, and RITUALLY installing them either at the beginning of a "computing session" or at the end of their daily sessions online... whichever works for them. I'm just as guilty. With Windows I spent a great deal of effort crunching through the background and stripping away or shutting down and eventually even file-shredding every automatic function I could get my grubby hooks into... AND I was TERRIBLE about "forgetting" to run the update rituals and see if there was something I should be doing to "avoid being the low-hanging fruit"... BUT with Linux, be it Fedora, Damn Small Linux, Debian 5 to 9, or Mint of whichever flavor, that little shield next to my clock shows off a bright orange dot and I KNOW I've got updating to do... I WANT to do it. It's not some malefactor that ruined any part of my life online or off... I've been relatively lucky versus the slew of phishy and scummy scams or dubious malevolence that hides in codes, from avoiding BonziBuddies to Pornadoes among the foreign princes in financial and physical straits... nothing horrifically bad has managed to creep up on me... It's the control. I don't have my computing or gaming or chats or watching YT for a couple hours (or even ALL DAY) broken down by the automatic updater to usher me offline and prompt me to save or lose my "work"... again... and I'm ALLOWED to make that conscious choice. Just like the good folks at the forums over in linux-online tutorial sites warned me. I, too, became RELIGIOUS about my online relative security... and I'm certainly NOT religious in any other sense of the word... haha Maybe that's the "trick" if there is one. Put out the warnings as per usual, hackers, malware, questionable code, dubious builds and all... AND then just ALLOW users to initiate and set schedules for the updating automatically if they want the "convenience"... OR just let them CHOOSE to do it manually on their own schedule. You (and Microsoft among others) might even be surprised just how easily folks will flock to make their rituals or decide on their own "not to risk it"... AND I can review in my updater, what exactly is getting updated, and tick the boxes I want (which is generally all of them) or dismiss the ones I suspect or deem unnecessary, too expensive (in cases of services and subscriptions) or whatever I don't want... Then the consequences are on my shoulders... for better and/or for worse. AND yes, I have to "upgrade" when a new version of my OS becomes available, eventually. Fresh builds are usually a tad buggy, so I usually give them a few months to sort out the known flaws and whatnot... BUT uninstalling and reinstalling and/or upgrading the "Distro" has gotten easier over the course of years... more than a decade now, if I'm honest, since Windows "hijacked" my laptop to force a download on WinX, and I dropped them altogether, and never looked back... not even a glance. It was easier than I expected, and the gui might not be "all that and a bag of chips" but the compromises are small, few, and far between. I got used to Distro-hopping early and it's just out of my system anymore... I still want a proper "Bash Bible" but more for a structured and comprehensive study on scripting in linux, rather than the mish-mosh of online hunting, tips and tricks articles, copy-pasting out of forums and square-eyed nights spent watching linux channels going over the stuff... trying not to fall asleep in my monster energy or a hot cup of ranger-pudding... ;o)
@@PewPewParkdude, almost every app you use collects data. Facebook and Twitter have more data on you than any government does. Those companies aren't bound to any government. They sell your data. Who needs to hack you, when you willingly tell your phone everything about you?
And there's a rumor of some kind of impending attack from Iran. I believe it could be the after effects of this massive breach. There is no way this just went away without major incidents
We use SolarWinds at work (US state agency) on the Microsoft side - didn't get hit by this exploit because we didn't apply those updates, but it was terrifying to think about. Our mainframe, UNIX, and Linux systems aren't covered but our entire MS infrastructure could have been hosed. And you did just fine explaining the exploit at a technical level. Supply chain attacks are a Big Fuckin Deal these days, there's a lot of enterprise software coming out to catch these kinds of "surprise" inclusions. Not cheap, but better than being on the evening news.
Stuff like this is one reasons I dropped my career in the cyber security sector. The hackers are always ahead. Even if they get shut down eventually, it's just a matter of time until the next one. Constantly fighting from underneath got too depressing.
If you’re a man, you should be ashamed of yourself, men do not give up, we keep going till we die or break. If you’re a woman… welll. Hopefully you found your true calling. Might be that super special thing only women can do….
9:20 you're only partially correct, digital certificates say that they are from who they say they are from Basically this data is what we meant to sent, it is encrypted by this key and it is us. The contents, if you examine them, would only raise more red flags... such as why are they sending this code? The US can be all high and mighty about this, but they did it first with Stuxnet, and the most recent example being BVP-47
"This could be bad if it got to the press" = "I'm either too incompetent or too blatantly evil to hold this position of authority, and I belong in prison."
It's kinda like when the Blueleaks happened and cops were screaming "that data contains undercover' real names!" Turns out it didn't have any of those, but it had a lot of internal memos about the departments harassing, stalking, beating, and illegally surveilling people, and how they knew everything they were doing was wrong and illegal. Anytime you're told/implied "transparency is bad", it might as well be a blood soaked, smiling Klansman saying it
Simon should definitely make his own channels for the ones he was booted off of because those channels are dead but the concepts great but only for Simon nobody else can narrate. Simon or no one
Going back to when this happened, I knew without a doubt the factor of having any NT based kernel as the host OS to the server/s powering Orion was likely one of it's biggest achilles heels...
I wonder whether war will one day be played out this way. I mean they didnt open any damns, or overload any nuclear reactors, but maybe one day that will be how countries fight each other. Which is, if possible, more of a terrifying idea than guns and tanks and missiles.
If you want to cover more hacking stories you could do a video on the recent move it hack. It affected many organizations and has many dramatic aspects like blackmail of some affected companies
The legendary feeling of watching this video when you were actually working at Solarwinds Orion during that attack time and have seen the atmosphere from inside😊 I can recognize the charts on the website we were working on.
How do you keep the perfect secret? Not together in one place. Write some parts down, include traps and loopholes, a back door, memorize some parts, people can't see thoughts and get some tatted on your skin or on that of your lover, If you've got bad skin. Never put all your eggs in one basket. Only a dying pirate King will reveal the location of his treasure. Look closer because the closer you look, the less you see.
Russia had full access to NATO, EU, US armed forces, basically the US entire government for nearly a year? That sounds like...well it sounds like the literally worst case scenario?
Simon and his team (I would love to know just how many people work with him on this content) is the undisputed multichannel TH-cam 🐐 Just cranking out A+ content in a way that scratches so many different itches. I imagine those writers for the different channels are thoroughly stoked about life, and it makes me happy to see that greatness like this can rise to the top. You guys and gals are crushing it.
16:20 " . . . president Donald Trump, always super helpful in a crisis, went quiet for six days after the hack was revealed, and then downplayed it and blamed China." Trump quiet for six days is a super record.
About operating systems Windows may be more vulnerable but it also gives you more opportunity to learn how the system works if you're not IT at Apple and there's probably very little way you're going to learn about the inner workings of that operating system
Very interesting :). Please though don't have so much orange flashing as there are people are vulnerable to strobing and there is no indication when it happens or even any notice in the video info that it is present
@whoarewe7515 To be fair, small bills aren't practical anyways. I just don't see the need to waste titanium on a wallet people are just going to throw away. That stuff comes from mainly from Russia and is rare anywhere else.
This would mean that someone in Russia has a copy of the SolarWinds source code and can make forks and access the private classes of the software thus always having access to the software. The only way to fix this would be a long and arduous task of changing all the class names to prevent outside libraries from accessing the software. if they were smart, they would go further to fix the system by protecting the permissions the software has on the core system. This still isn't fool proof as my cyber security professor would say. Trying to find a zero day is a race with time. No software is unhackable you can just make it less and less likely to be hacked. The best way to make things less and less likely to be hacked is to use a physical means to stop gap the system. Like keeping top secret and critical systems isolated from the rest of the world. The funny thing is that creating a back door after obtaining the source code is a very old technique.
😮😮😂😂 I'm always hesitant to get the updates to TH-cam and Netflix ect not because I'm worried that they are targeted, just that "if it's not broke WHY fix it" is an axiom of mine. Why tinker? Know when to stop, just because you can do something doesn't mean you should.
as this operation was found out I failed to see why, the Trump administration was silent, so silent that you almost could hear them think, did Donald shuffle some papers around, let's not ask.
Oh, you mean the same Trump administration we've been told colluded with Russia this entire time while they had zero evidence? Oh yeah, and then there was the whole "most secure election ever" happening, so you do the math.
Declaring war is an outdated concept these days. A government will do what it wants, and deal with consequences as they come. Little use to shouting "We're at war" unless you aim to drag contractually bound allies into the fight
I love your videos but listening to while I'm driving is there any way to volume equalize everything? Your voice tends to trail off and get real quiet and then all the sudden roar up lol
Didnt Everyone look at who was compromised and found absolutely nothing on Russia which is why literally every affected country pointed at them.? I vaguely remember hearing about this because there was concern of identity theft for any DOD member or ex member..
Video Sponsored by Ridge. Check them out here: ridge.com/shadows. Use my code “SHADOWS” for 10% off your order and for an entry to win a Hennessey Ford Bronco or $75K through September 30th! (US only)
Bro. Most people don't have $200 for a wallet. Most people are lucky to have $200 for groceries. I have a $20 wallet, and it has literally all the features of this thing, with none of the gimmick. I'm not dropping ten times that on a glorified money clip.
Lifetime warranty is fairly optimistic for a company just getting started.
what do you do with your cash? Cash is king screw the government
It doesn’t even hold cash…it’s a bad wallet.
They're on AliExpress for 6 bucks
As an engineer working at one of the companies mentioned in this video. I can't tell you how important Red Team operations are to security awareness. Do them. Regularly.
As a person that only listens to podcasts about it, even I feel like thats super important. Gotta be one step ahead of the bad folks by pretending to be them, basically.
Sadly, some only see us as an expense, or act combatively.
The ease of which you can go from SE to internal access will never fail to amuse, especially given how many companies just purchase EDR solutions and think it is a panacea while still running Server 2008 R2 lmao.
'that's out of scope' says the POC
'not to a real attacker' says the consultant
'I don't care' says the CISO paying the consultant's firm
And the story goes on and on.
@@stink1382I am studying for my second grad degree, to jump from a detail member to CSO eventually, similar to CISO, and sometimes the CSO rules over CISO. I can say, I practice on TryHackMe, and HTB academy on the downtime. My plan, as long as it doesn't damage ongoing business operations, yes, it is in scope. Plant a flag, I don't want Red Team to stop at landing the reverse shell, I may even make a fake set of hidden target files with known names to extract to see if IDS is on point when IPS fails, also, I want to see if DFIR catches the flag. It will take time lad, tech illiterate boomers rule the place with their management degrees or "experience" of just showing up and creating near useless SAP (Security Administration Plans)s to impress the CFO, COO, and CEO, but some of us out there are looking to change it.
Hacks should be realistic as possible, including social engineering, MGM is a great example of why social engineering red teaming also matters.
I wish someone would listen to me even saying "noobnoob" IS NOT GOOD PASSWORD where I work at.... Red team operations are indeed very important! but so many think of them as waste of money.
@@goosenotmaverick1156ahh, a fellow Darknet Diaries listener.
"Suggesting that ALLEGEDLY someone might have ALLEGEDLY known that sonething was ALLEGEDLY coming"
😂 I can see Simon definitely did study law before blowing up on youtube, ALLEGEDLY.
I believe that it was Ian Hislop, at Private Eye, who was the first to emphasise the use of ALLEGEDLY in any reference to a person who was well known (but not proven) as a 'dodgy geezer'
He's allegedly a big brain
Basically, this whole thing is just NATO propaganda 😂
Every time Simon says “I have exciting news,” I brace for a new channel
@@whoarewe7515 oh no........ anyway
Every time his beard gains a centimeter, he makes a new channel.
Nope
His beard grows when he makes a new channel
Soon all we will see is just a giant beard with a British accent filling the whole screen
Every time he gets more government funding, I know it’s time for more paid propaganda 🥴🙄😂
@@grmpEqweer I have yet to see his nose grow...
We managed to avoid being vulnerable by accident. Our SW administrator left the company not long after applying the update just before the hack and the person who inherited the responsibility was afraid to break things and thus just didn't install any updates for the next year.
*insert GIF of Jean Claude Van Damme saying "Great job!"
Task failed successfully.
can't really blame the second guy. It's natural to think that if something went wrong once it can happen again by doing the same thing
Man failed the task to accidentally save the company from a hack
Companies don't want to spend what it takes for good I.T. staff. Among executives and bigshots there's this feeling that "my nephew is a computer geek, we can get him for cheap. Why pay more?" And then, when the digital poo-poo hits the fan, said bigshots cash out, take their golden parachutes and leave their mess for someone else to clean up.
‘It’s hard to see how such oversights went unchecked…”
Meanwhile: CEO’s line up to collect their bonus for cost cutting, their golden parachute, and to cast their inflated vote for bigger parachutes going forward.
Meaningless ideological sludge.
There needs to be prison senteces for CEOs of companies, period. Just monetary penalties isnt enough.
may i suggest eating the rich
I will no longer work as a C-suite assistant to the CEO of Unimportant Inc/Edu/Etc.; I got paid way too little to see all the unchecked fuckery.
Catch 22:
Your software may be more hackable without automatic updates, but the automatic updates may also make your software more hackable.
Honestly you don’t really have too much to worry about on this unless you work for a giant company or government. The everyday person for the most part has nothing to really worry about.
Fun fact, of ALL the people I've helped make moves from any OS to a linux-based system, has gone from resentment and consternation about the automatic updating and the inconvenience of it, to a RELIGIOUS ZEALOT about manually opening the updater, checking for the latest, and RITUALLY installing them either at the beginning of a "computing session" or at the end of their daily sessions online... whichever works for them.
I'm just as guilty. With Windows I spent a great deal of effort crunching through the background and stripping away or shutting down and eventually even file-shredding every automatic function I could get my grubby hooks into... AND I was TERRIBLE about "forgetting" to run the update rituals and see if there was something I should be doing to "avoid being the low-hanging fruit"...
BUT with Linux, be it Fedora, Damn Small Linux, Debian 5 to 9, or Mint of whichever flavor, that little shield next to my clock shows off a bright orange dot and I KNOW I've got updating to do... I WANT to do it. It's not some malefactor that ruined any part of my life online or off... I've been relatively lucky versus the slew of phishy and scummy scams or dubious malevolence that hides in codes, from avoiding BonziBuddies to Pornadoes among the foreign princes in financial and physical straits... nothing horrifically bad has managed to creep up on me... It's the control.
I don't have my computing or gaming or chats or watching YT for a couple hours (or even ALL DAY) broken down by the automatic updater to usher me offline and prompt me to save or lose my "work"... again... and I'm ALLOWED to make that conscious choice. Just like the good folks at the forums over in linux-online tutorial sites warned me. I, too, became RELIGIOUS about my online relative security... and I'm certainly NOT religious in any other sense of the word... haha
Maybe that's the "trick" if there is one. Put out the warnings as per usual, hackers, malware, questionable code, dubious builds and all... AND then just ALLOW users to initiate and set schedules for the updating automatically if they want the "convenience"... OR just let them CHOOSE to do it manually on their own schedule. You (and Microsoft among others) might even be surprised just how easily folks will flock to make their rituals or decide on their own "not to risk it"...
AND I can review in my updater, what exactly is getting updated, and tick the boxes I want (which is generally all of them) or dismiss the ones I suspect or deem unnecessary, too expensive (in cases of services and subscriptions) or whatever I don't want... Then the consequences are on my shoulders... for better and/or for worse. AND yes, I have to "upgrade" when a new version of my OS becomes available, eventually. Fresh builds are usually a tad buggy, so I usually give them a few months to sort out the known flaws and whatnot... BUT uninstalling and reinstalling and/or upgrading the "Distro" has gotten easier over the course of years... more than a decade now, if I'm honest, since Windows "hijacked" my laptop to force a download on WinX, and I dropped them altogether, and never looked back... not even a glance. It was easier than I expected, and the gui might not be "all that and a bag of chips" but the compromises are small, few, and far between. I got used to Distro-hopping early and it's just out of my system anymore... I still want a proper "Bash Bible" but more for a structured and comprehensive study on scripting in linux, rather than the mish-mosh of online hunting, tips and tricks articles, copy-pasting out of forums and square-eyed nights spent watching linux channels going over the stuff... trying not to fall asleep in my monster energy or a hot cup of ranger-pudding... ;o)
Except all the information of yours in the hands of those companies and governments.
@@PewPewParkdude, almost every app you use collects data. Facebook and Twitter have more data on you than any government does. Those companies aren't bound to any government. They sell your data. Who needs to hack you, when you willingly tell your phone everything about you?
Life hack: I still use a pen and paper.
InfoSec engineer here... this was FAR worse than you know.
And there's a rumor of some kind of impending attack from Iran. I believe it could be the after effects of this massive breach. There is no way this just went away without major incidents
Anybody who knows a bit about infosec, should know that probably not even half is admitted
Wow. Solarwind hack is already three years gone. Damn. Time flies
2:55 - Chapter 1 - Setting the table
6:20 - Chapter 2 - The hack
10:05 - Chapter 3 - The discovery
14:30 - Chapter 4 - The impact
Sooo you're basically saying SKIP the first 6:20 if you want to get to the story and then the remaining 15 min is the story. 👍🏼🙌🏼
Oh sorry buddy I just saw you do these on every video you can. Never mind, keep up the good work! (not sarcasm)
We use SolarWinds at work (US state agency) on the Microsoft side - didn't get hit by this exploit because we didn't apply those updates, but it was terrifying to think about. Our mainframe, UNIX, and Linux systems aren't covered but our entire MS infrastructure could have been hosed.
And you did just fine explaining the exploit at a technical level. Supply chain attacks are a Big Fuckin Deal these days, there's a lot of enterprise software coming out to catch these kinds of "surprise" inclusions. Not cheap, but better than being on the evening news.
if it walks like a duck and quacks like a duck, it is insider trading
Allegedly this alleged upload is allegedly top quality. ALLEGEDLY.
I read this comment at exactly 18:23
As a cyber security expert, you explained this very well :)
Simon name your next channel "Factboi Says"
He's flat out posting to half of them anymore.
@Twas-brillig I think you might want to check your spelling.
@@bunnyskye7593lmao shots fired
@Twas-brilliggirl… you didn’t just do that 💀
Simon already has like 30 channels, don't encourage him!
18:17 has the be the most "allegedly"'s I've ever heard Simon use. Allegedly.
Stuff like this is one reasons I dropped my career in the cyber security sector. The hackers are always ahead. Even if they get shut down eventually, it's just a matter of time until the next one. Constantly fighting from underneath got too depressing.
If you’re a man, you should be ashamed of yourself, men do not give up, we keep going till we die or break. If you’re a woman… welll. Hopefully you found your true calling. Might be that super special thing only women can do….
Buddy of mine is a VP of IT security. He was telling me at the time everyone busted out laughing when Trump said it was China.
China is the bigger enemy
That's amazing do tell more 👏
Quality coverage. Thanks for outlining this for cyber security laypeople like myself.
Every time Simon dose a ridge wallet thing I just think about how I have more cards for just helth insurance then he apparently has total cards
That has got to be the most "allegedly's" in a single sentence I've ever heard.
Me, clicking on a video that looks interesting, finding Simon
You again! .... well then, let me make some tea.
9:20 you're only partially correct, digital certificates say that they are from who they say they are from
Basically this data is what we meant to sent, it is encrypted by this key and it is us.
The contents, if you examine them, would only raise more red flags... such as why are they sending this code?
The US can be all high and mighty about this, but they did it first with Stuxnet, and the most recent example being BVP-47
Love the lo-fi style of this video. Brings me back to the days where you couldn't wear too intricately patterned clothing on television
Yeah I know your mega rich now Simon with a net worth of ££wayroomuch but a wallet and key holder for £180 is not steep it’s vertical lol
Literally 😭
Lmao
"This could be bad if it got to the press" = "I'm either too incompetent or too blatantly evil to hold this position of authority, and I belong in prison."
It's kinda like when the Blueleaks happened and cops were screaming "that data contains undercover' real names!" Turns out it didn't have any of those, but it had a lot of internal memos about the departments harassing, stalking, beating, and illegally surveilling people, and how they knew everything they were doing was wrong and illegal. Anytime you're told/implied "transparency is bad", it might as well be a blood soaked, smiling Klansman saying it
Rich people by definition don't belong in prison.
That's reality.
Simon should definitely make his own channels for the ones he was booted off of because those channels are dead but the concepts great but only for Simon nobody else can narrate. Simon or no one
Booted off?
Yeah I second the other person, what was factboi booted from?
Um, he backed away from a few channels. He wasn't booted from anything.
Hey! Spotted the Mentalist! What’s Patrick doing in that boardroom?!? 😂
The real crime here is how much the ridge wallet costs!
Also the gambling.
Going back to when this happened, I knew without a doubt the factor of having any NT based kernel as the host OS to the server/s powering Orion was likely one of it's biggest achilles heels...
18:20 , *"Allegedly"* .... ✌️😉✌️
I wonder whether war will one day be played out this way. I mean they didnt open any damns, or overload any nuclear reactors, but maybe one day that will be how countries fight each other.
Which is, if possible, more of a terrifying idea than guns and tanks and missiles.
If you want to cover more hacking stories you could do a video on the recent move it hack. It affected many organizations and has many dramatic aspects like blackmail of some affected companies
Trump, after a cell phone call from Putin: “It’s not Russia!”
The Rest of the World: “It’s Russia.”
North Korea and China are always good candidates. Seriously, who thinks "Russians" when there's a hack? Those guys can't even built a working warship.
China is the bigger enemy
I love how we pretty much “yeeeaah that sucked.”, but we would’ve done it too” like… okay I guess
"This is my daily carry". You can't even open it LOL
The legendary feeling of watching this video when you were actually working at Solarwinds Orion during that attack time and have seen the atmosphere from inside😊
I can recognize the charts on the website we were working on.
Great one Simon. I love these Hack videos. Anymore coming?
How do you keep the perfect secret? Not together in one place. Write some parts down, include traps and loopholes, a back door, memorize some parts, people can't see thoughts and get some tatted on your skin or on that of your lover, If you've got bad skin.
Never put all your eggs in one basket.
Only a dying pirate King will reveal the location of his treasure. Look closer because the closer you look, the less you see.
The 1995 movie The Net, starring Sandra Bullock and currently on Netflix (sept 2023) was largely panned because it seemed like an impossible premise.
Russia had full access to NATO, EU, US armed forces, basically the US entire government for nearly a year? That sounds like...well it sounds like the literally worst case scenario?
Simon and his team (I would love to know just how many people work with him on this content) is the undisputed multichannel TH-cam 🐐
Just cranking out A+ content in a way that scratches so many different itches. I imagine those writers for the different channels are thoroughly stoked about life, and it makes me happy to see that greatness like this can rise to the top. You guys and gals are crushing it.
Great content simon!
3:38: Simon there's no such thing as a "Orion" level security clearance. That's what Solarwinds prodict is called....
Not boring, it’s good to see the word being spread to those that don’t natively speak in “miggedygiggatybytes”
Can we have a boigraphocs on simon and his life story and want photos with hair😂
On a serious note... Could you cover Kevin Mitnik on Biographics?
16:20 " . . . president Donald Trump, always super helpful in a crisis, went quiet for six days after the hack was revealed, and then downplayed it and blamed China." Trump quiet for six days is a super record.
Biden to our enemies and the world: "Im a... im gonna take a nappy".
China is the bigger threat
Factboy slim should be the next channel right hear right now .watching from Scotland peace and love to all
Rich people have one card. Poor people have the wallet stuffed with cards
I'm just wondering if cisco still has backdoors open to attacks considering it's reputation.
No offense to Ridge, I love mwallet and wedding band
But I just went to the hardware store and bout a mini bolt& shackle for my keys...$80?! 😅😂😂😂
That was sobering. I forgot how much this was downplayed at the time
This was a fun week at work when we had to update the orion agent on a ridiculous amount of servers
Simple enough. Two things. Friends don't let friends, use Microsoft. That and having anything to do with Google. OH, and don't fear the Penguin.
Linux isn't hack-proof. Its just less lucrative to hack it.
Also don't use certain CD Drives... this is called a supply chain hack, and do fear the Penguin: BVP-47 :P
This was NOT strictly a Microsoft Hack. It was non - gnu hack. There is a huge difference.
Allegedly, I watched this video and allegedly enjoyed it. Allegedly.
It's OK Simon, network security issues are boring and complicated for most folks, but it pays the bills..... 😀
Papa Bear and Me, Lil britches are going to make you all so fucking proud.
I think they were looking for something specific and when they found it then it didn't matter if everyone found out what they were doing.
About operating systems Windows may be more vulnerable but it also gives you more opportunity to learn how the system works if you're not IT at Apple and there's probably very little way you're going to learn about the inner workings of that operating system
Not necessarily, most of the Proprietary software has base system as Linux, BSD and such. So if you understand them you can deduce other
TEDDY RUXPIN😂🤣🤣🤣🤣
Very interesting :).
Please though don't have so much orange flashing as there are people are vulnerable to strobing and there is no indication when it happens or even any notice in the video info that it is present
I'm not vulnerable to flashing, but I did find it a distraction.
Definitely not an act of war 😂
In the modern world we live in, yeah it kind of is unfortunately.
@@Waverunner21 not at all bud. Every nation engages in espionage. Including the United States.
Berserk Bear 🤬🐻 and Cozy Bear 🥰🐻
With a title like "the most devastating hack in history", I thought we were getting a video about Putin.
We kind of did!
Solar winds software, is pretty great stiff. A pain to set up, but, a great set of tools.
Eveytime someone named "Thompson" screws up.. I'm always checking to see if I'm related lol
50,000! Lines of code those peeps are champs ! Also so why didn’t they pull off Die hard 4 ? Maybe that’s why the 5th one was in Russia
Imagine paying 150 bucks for a wallet.
That can't hold a hundred and fifty quid.
@whoarewe7515 To be fair, small bills aren't practical anyways. I just don't see the need to waste titanium on a wallet people are just going to throw away.
That stuff comes from mainly from Russia and is rare anywhere else.
Imagine paying that for something that doesn’t even hold cash
This would mean that someone in Russia has a copy of the SolarWinds source code and can make forks and access the private classes of the software thus always having access to the software. The only way to fix this would be a long and arduous task of changing all the class names to prevent outside libraries from accessing the software. if they were smart, they would go further to fix the system by protecting the permissions the software has on the core system. This still isn't fool proof as my cyber security professor would say. Trying to find a zero day is a race with time. No software is unhackable you can just make it less and less likely to be hacked. The best way to make things less and less likely to be hacked is to use a physical means to stop gap the system. Like keeping top secret and critical systems isolated from the rest of the world. The funny thing is that creating a back door after obtaining the source code is a very old technique.
Please cover the Darwin Awards on this channel.
Not dark enough in my opinion same with this videos topic
They should present one to anyone who would spend $150 on a wallet.
Microsoft should rename their famous product to Microsoft Doors
Hopefully you'll do a follow up on Microsoft losing a signing key.
How many channels does Simon have?
your glitchy transition noise made me jump, lol... RIP headphone users...
Man they really downplayed the impact of this one
Linus tech tips were recently hacked so this is a facinating watch
Linus probably lied about that too to generate sympathy or draw eyes back to them.
Hey FactBoi?!? Next channel should be Yesterday I found out, instead of today I found out... lol #Factboi legend
Allegedly it wasnt Russia...
It was Dr. Evil , and 4 teenagers in Saudi Arabia...😅
😮😮😂😂 I'm always hesitant to get the updates to TH-cam and Netflix ect not because I'm worried that they are targeted, just that "if it's not broke WHY fix it" is an axiom of mine. Why tinker?
Know when to stop, just because you can do something doesn't mean you should.
My backdoor is open to all. I told you all that. Back door for dayyyyysssss
Want to know why this all started in Tulsa, OK? It's because the center of the universe is here. (look it up)
Carry cold hard cash if going to Vegas
All atms compromised
Huh?
@@eadweard.Hes saying all the atms in Las Vegas habe card skimmers on them
Ever heard of civil asset forfeiture? Go ask a cop what it means while carrying all that money and they'll be all too happy to explain it to you. LOL
as this operation was found out I failed to see why, the Trump administration was silent,
so silent that you almost could hear them think, did Donald shuffle some papers around, let's not ask.
Oh, you mean the same Trump administration we've been told colluded with Russia this entire time while they had zero evidence? Oh yeah, and then there was the whole "most secure election ever" happening, so you do the math.
To a certain extent, isn't espionage an act of war? We just don't go to war over it because every powerful country does it.
Declaring war is an outdated concept these days. A government will do what it wants, and deal with consequences as they come. Little use to shouting "We're at war" unless you aim to drag contractually bound allies into the fight
Fire the guy responsible for the sound effects
I love your videos but listening to while I'm driving is there any way to volume equalize everything? Your voice tends to trail off and get real quiet and then all the sudden roar up lol
Evryone : its russia
Trump: its china
Lmao
gRep if you use it with the | (pipe) symbol, becomes a powerful tool. I think is VERY good to learn. I like your content.
What is the spelling of that compromised sw? Cause i keep hearing “Iran” 😂
Holy shyt... he has legs!
In always thought the vessi shoes where just for show...
The NSA have this with every windows machine anyways.
Why hadn't I heard of this!?..
Would love some stats on how many times “Fucking Microsoft” was said by the people dealing with this
IT staff basically licensed to print money.
Didnt Everyone look at who was compromised and found absolutely nothing on Russia which is why literally every affected country pointed at them.? I vaguely remember hearing about this because there was concern of identity theft for any DOD member or ex member..
We, the whole world, are just a few clicks away from oblivion.
6:45-6:53 @Microsoft - how do you like this defamation piece for example? :)
Educate me Fact Boy!