John overlooked the fact that the attack on Colonial didn’t target the pipeline control and safety systems, it attacked their billing system. They could have continued to deliver oil/gas but opted not to because they didn’t want to lose revenue.
To be fair, an organization with such terrible infrastructure to be the victim of ransomware probably doesn’t do client isolation. Profits were definitely 99% motivation but they had most likely no idea just how much they were comprised.
As somebody in the field of cybersecurity, I'm sooooo glad we're starting to see real mainstream media coverage about just how dangerous ransomware really is. Now we just need to talk about the rest.
I hate having to do that ransomeware training every 2 months, but then I remember that my org was recently hit by an attack that shut down our network for 6 days, and someone definitely lost their job in that situation.
My WiFi lost connection just as John said “and internet service providers are f...”, I seriously thought it was a gag for about a minute, it kept getting funnier!
The single greatest tech knowledge I imparted to my Grandma when she became IT independent (aka got her own devices) was how to spot and avoid malicious emails/websites/ads. In the past 10 years I've helped her through various things like installing a new printer, setting up Netflix on a new TV, how to stalk her friends on facebook without them knowing (that one always leads to fun stories about the things she's found), even sending and receiving emails while on the go using a 4G dongle, and also taught my 88yr old Grandpa to navigate solitare/tripeaks games and watch dash cam footage on youtube.. he then figured out all on his own how to find some classic music on youtube that he hadn't heard in almost 50 years And during this time, the number of callouts I've had to help with viruses or malware - zero Parents should teach their kids about safe sex when they come of age, so kids, now it's your turn to teach your grandparents safe internetting.
Agree... I trying to figure out how to educate my parents on IT. My mom doesn't care about security of her computer. She thinks just b/c she has an anti-virus program, she is safe.
@@Lucius8514 most traditional anti virus' are completely useless, if you have windows defender and a vpn and know how to safely browse your completely fine!
Good point--counterpoint to "average Joe isn't a serious target" @fakename. Grandma is the most dangerous thing on the internet right now. My Grand rolled high on all the traits--75 Constitution, 55 Intelligence, a natural 100 in Charisma. But she's the type who rolls snakeyes after 'walking into the dark screaming tomb entrance.'
Remember everyone, it wasn't even the ransomware that caused the gas stations to run out, it was the people hoarding gas in plastic bags. Source: I live in North Carolina.
@@viktorvaugndoom It can, don't quote me on this but I think there were people trying to get a refund on the excess they bought. The shortage lasted maybe only 2 weeks tops.
the fact that u think that's a source is amazing... Source: I live in Europe so I am smarter Edit: This comment created some out rage and has show that there is some confusion when it comes to the word "source": The same way one video showing a person filling gas in a plastic bag isn't relevant for the question: “Why were there gas shortages?”, the statement of one person claiming to have seen this happening is nothing else but an anecdote. It tells us nothing about the extend of this practice. To understand this aspect in context of the hole shortage U need statistics. This feels to me like a classic case of “Anecdotal evidence". "Anecdotal evidence is a factual claim relying only on personal observation, collected in a casual or non-systematic manner", and not a good source for any information.
Europe gang watching this at 9:00 AM, so we don’t have to stay up late, we just have to wake up “early”. Who gets to call waking up at 9 AM “waking up early”? European programmers. We’re all working remotely, and my job is lucky if I put on pants for our zoom meetings.
As an IT guy, I cannot stress this enough - you need to back up your stuff, and you MUST HAVE AN OFFLINE COPY OF IT. Spending a couple hundred bucks is much cheaper when you need to restore.
I regularly make a backup of the files on my laptop (on a external drive, that I disconnect after the backup), but how about other devices? How can I make an offline backup of, for example, the photos on my mobile phone?
@@timonix2 So, if they encrypt your computer and the external drive is plugged in, they get all of that too? Just checking. This video freaked me out and I need to start learning.
As a developer myself, I can absolutely attest to that. If I ever have to buy a smart appliance, I am going to make sure that I have some kind of physical kill switch just in case.
pretty sure a lot of techs would suggest not having smart devices. Cause let's be real. Does your stuff need to be smart. Your fridge keeps thing cold, thats enough, your oven makes things warm and hot, thats enough. You do not need them to connect to your phone. And for the love of god, nothing is wrong with having a light switch on your wall that you can easily flip rather than some smart system that'll leave you in the dark if someone wants to ransom it.
As an individual in the Cyber Security field, I want to say thank you for talking about this and brining attention to it. Media really doesnt touch on attack types and how much a cyber attacker can actually damage infrastructure. Thank you sir.
Companies just aren't hiring anyone for cyber security nowadays, they all are far to lazy to actually understand that these attacks could happen to them just as easily. It only takes one fool on their network to click a bad link and then it's game over. When I got my cyber security degree I was told they'd be people lining up to hire us, it never happened. Companies are far too reactive instead of proactive.
@@EpicLatios I definitely see your issue, and i chalk it up to terrible HR alignment with the actual security team. The standards to hire are absolutely ridiculous and need to be changed, I definitely fault the industry for that. I wish you well on your job hunt.
I just wish it had been followed up by explaining those steps because that's the part where a lot of us older folks are literally scratching our heads. Like okay don't click on suspicious email well that's been a thing since email existed so I got that, ok. But first I'm setting up some kind of double authentication. . . Not sure what that is, with what I achieve this, nor what it covers- does that cover my whole computer as I'm using it or just every app one by one on my phone, and also WHAT IS THIS. There's so many things to Google there I feel like a lot of older people are just going to give up and just hope it never happens to them.
@@josephinethornton3823 i think Oliver has an episode about non-intuitive interfacing.. computers are meant to make life easier but as i like to say, technolization in the pursuit of comfort is oxymoronic. And whether the programmers and designers intend this kind of gatekeeping, or the learned use their understanding as a status symbol, or anti-fix-it-yourself corporate interest is in narrowing utility.. i imagine all of the above and so much more that i'll never understand about computrons.
@@josephinethornton3823 you are right this segment stopped at the awareness level without really going into education (sadly I don't have any publicly available education link to provide at the moment) and it would have been great if them to provide some inputs about where to find it. That being said you'd be surprised how many people still click on suspicious and too-good-to-be-true emails.
HONEST QUESTION : do cybersec pros also have cyberattack pro that work in conjunction with them? like in any conflit, a good defense is helped with a good offensive response, no?
John, you forgot something that everyone needs to do to avoid paying ransomware; Backup Your Data!!! That way you can wipe the computer and restore your important files if they crypto-lock your computer.
As Don said John had mentioned that albeit briefly, what he didn't mention is that its entirely possible for hackers to encrypt your backups as well or the possibility that already exists in the backup and simply dormant until you try and restore that data.
@@BigHeadClan Which is why you should have regular offline/unconnected backups if it's vital data (rotating thumb drives would work for the average user). If my gaming PC gets ransomware, I'm just gonna wipe it anyway.
@@intiorozco5063 nope, that's just down to companies using poor security practices like running servers with weak authentication or unpatched vulnerabilities, or storing unhashed passwords in an unsecured AWS bucket that somebody just happens to stumble over by pure chance (which has happened multiple times).
This was apart of my high school morning routine. I wake up, get ready for school, and then I watch funny British man remind me that the world outside sucks. (Sigh) Good times
Honestly, they're getting pretty good. What tips me off is the e-mail address. If I'm really concerned, I head to the site independently to check something out.
Always check the address. That will prevent most attacks. Even addresses can be spoofed though (to an extent), so *always* inspect the link before you click it.
The typos, spelling and grammar errors are deliberate. It's an intelligence/education filter. The phishers know that the time they spend on reeling in relatively stupid and uneducated people will be more likely to pay off.
Self-selecting for gullible marks. I'm seeing a few btc scams in TH-cam comments recently, comment threads on popular vids that consist of 20 replies from different fake accounts all registered around the same time about how great some imaginary "investment consultant" is and how his trading advice always pays off, someone asking how to contact, someone else responding with a WhatsApp number. The grammar/syntax is laughably poor but I'm inclined to think that's deliberate once again.
I got a poorly composed e-mail from my property management company yesterday and was convinced it was a scam 😂 I almost told the woman sending it that she needed to take a communication class but I like not getting evicted 😂
Ransomware guy: send a nude. News later that day: In other news Russian ransomware farm employees were found dead earlier, seems they all looked at a photo before dying. Said photo has been classified a weapon of mass destruction.
"If HBO is gonna be publicly humiliated , it'll be by releasing the last season of Game of Thrones, on it's own Terms. Thank You." I almost forgot how much The HBO likes to humiliate itself; on top of that, they paid for this joke and then aired it 😂
My haters throw rocks at me and IT hurts. I hope they don't throw The Rock at me because I like him as an actor. GAGAGAGAGA!!! I am funny!!! I am the funniest TH-camr EVAH! Please agree, dear dhe
"If HBO's going to be publicly humiliated, it'll be by releasing the last season of Game of Thrones on its own terms, thank you very much." That burn was hotter than dragon fire.
"Life just wouldn't be the same without you. And I really wished that life weren't always the same." Thanks John, I think I just found my new catchphrase
About companies not telling about getting hacked: some countries like the Netherlands have a law that obligates companies to disclose if they have had any form of cyber breach or data leak and how it happened. When people's data is stolen (or destroyed?), companies are also obligated to notify all possible affected parties
Just because they are supposed to do it, doesn't mean they actually do it. I guarantee you a lot of companies would rather break the law and try to get away with hiding the truth.
As an IT professional this is all true...this mainly happens bc most businesses dont want to invest in decent IT departments...they rather contract out when needed..and it leaves them vulnerable to things like this. Backup is a thing too...that doesnt happen as much as it should...but the cyber war is on.
There was a big part missing in the advice at the end: Backups. Working backups that are physically disconnected most of the time from the live systems make ransomware more of an annoyance than a threat. "You have encrypted my photos? Well I have a copy on that flash drive over there... so... i just re-install my PC and I'm good to go."
They are not the all-out solution, yes they help, but there has been ransomware that takes weeks or even months to learn about it's users on the infected systems only to deploy much later. That external drive you thought would come in handy might have been compromised by that time as well, so it can be tricky to know if it's been infected with the system that encrypts the files.
@@fragdeinpferd Dick pics. If you only keep dick pics, then the joke is on them. If they lock your files, you can tell them, "go ahead, take a look. You can keep those, plenty more where that came from..."
I’ve watched this show enough to expect that clip with the Russian lady ending with her being arrested for threatening the hackers and the hackers getting away with everything. This show has made me expect the worst in the world and be happily surprised when it’s not that bad.
Funnily enough, if she had made it clear that she is from Russia, the hackers may have let her off without paying. That's because of the "no damage to Russia" policy that they are relying on to stay operation.
reminder, the gas pipeline was never in any danger, it was their billing system that was compromised, so rather than risk customers not being billed properly they shut the pipeline down.
@@thisbymaster I'm usually for having a country handle critical infrastructure instead of profit driven companies (less incentives to cut maintenance for short term profits and all that jazz), but did you see the whole video? Cybersecurity at the country level is not any better than at the private level If that's the only problem you want to solve, that's not a solution
One of the simplest ways to help with cyber Security of our PCs is don't make your main account you use on the PC an admin account. Change it from a Admin to a standard user and every time you need to do something that requires admin rights, just input it.
I work in IT and I have had to explain this to many clients over the years. The number of executives who think they NEED Domain Admin rights on their day-to-day accounts is appalling.
As someone who works in supporting IT teams, it shocks and dismays me how woefully unprepared companies and governments are for these ransomware attacks. A properly set up IT infrastructure should be able to recover from ransomware attacks with minimal downtime. Offsite backups, live backups, file versioning, all of these are part of standard disaster recovery systems that should be employed but aren't. My personal clients computers have better disaster recovery than many of the people I work with in my day job.
Hackers, scammers and thieves using the internet to their advantage to defraud and trick others have skyrocketed while IT-experts and law enforcement hasn't kept up at a linear rate. So it's oversaturated with bad actors and not enough defense forces to keep the bad actors at bay. And companies don't want to pay those extra dollars each month to deal with something relatively rare and difficult.
Yep. In some attacks in my country it turned out pretty critical machines had working USB ports allowing USB sticks to be inserted and used, which I feel should really urge companies to start physically disconnecting those in really critical machines. All sites URL's that give me a weird feeling are opened on a seperate machine that is unable to see other machines in the network, should that get infected, I destroy everything on it, reinstall it and no damage done (would love to have it on a different subnet as well, but that's something our modem-router combination does not provide as an option yet). As for backups, well, practically what you said is what I do, especially off-line backups that are performed on stations switched off so they are only physically accessible unless I put it in a swap-bay.
Most companies are also ran by boomers who don't know or care what cyber security is. Apparently spending a little money to protect alot of money isn't worth it to them.
I mean, at the end of the day, its a team of tech guys vs another team of tech guys using tools made by other tech guys and talent floods to each side. Often times, your team is understaffed and trying to protect the company from the dumbest morons in that company. Even the one that do try could throw everything at the wall and either not find enough staff or find out the opposition is simply better. Honestly, the reality is like breaking into a house, if someone wanted in, they can get in. Gingrich made a lot of sense about the murdering laws if it wasn't so stupid and wouldn't even do anything.
Can we all just take a moment to admire John Oliver's willpower, sitting there with nearly a straight face and say, " Crucially, the barrier to entry has gotten lower." while discussing hacked internet butt plugs without losing it, this man must be carved from granite.
To clarify, the license plate reads "B217OP" which is read "V217OR" in Russian and 217 is not part of the "thief" spelling, it's the "VOR" that means thief, so it's not that blatant. It's like if someone had license plate numbers "TH217IEF"
reason why ransomware attacks are so common, is that every company thinks "yea the attacks are common, but it will probably not happen to us" and then proceed to allocate minimal budged to cybersecurity protection measures. great % of critical systems around the world run on WINDOWS XP, some even on MS-DOS
There are some that still probably even run on vista. Actually, I know there are some that still run on vista. Also, I know for a fact that many point of sales (cash register) systems run on old operating systems.
Also good advice: Always make full backups on external harddrives or flashsticks. So when the Ransomeware strikes, just delete the harddrive and reload the last backup. If everyone would be doing that, there would be no Ransomware.
Others have said this, but it bears repeating. A lot. *_1)_* *Make regular backups that are stored offline* *_2)_* Keep _multiple_ backups. One you update every week, and another you update every 2 wks or each month, stored at another location. If you are a business, you should know how you need to adjust those schedules so you never lose much in case of flood, fire, or ransomware. If you are not running a business, *you are an easier target!* Do backups too, so you don't get trapped.
Would like to add, if possible, use one device for important buisness only (like e-banking etc.) and one where you browse around and watch porn. Your horny mind is much more likley to click on a dangerous link.
I voted for him, but that’s an incredible response from the Biden administration. Since when is our (or any) government’s position on this a shrug and then saying “ pay it I guess”?
what would you suppose they do? If you get robbed, the government won't pay you back your damages either. You won't typically get robbed if you aren't stupid and leave your door open and even shout out on the street "look how open my door is! What, a stranger wants to know where my home is and when I am not there because he wants to see how pretty my house is when the lights are turned off? Well of course good sir, let me tell you exactly where I live and when I am not there." Ransomware works on morons. Would a kind of "internet driver's license" be a solution? Yeah, probably. Well good luck proposing that to your voters.
What we should do is take down the entire 2 trillion dollar crypto industry. Or completely defeat the purpose of crypto and KYC everything. You know, so the government can make sure we're all safe. Just like they do in China. Because that's the style of government John is a fan of.
I never thought I would be so glad to hear John Oliver talk about something I already know a lot about. Thank you for helping spread awareness on this.
The funny thing is, they were still pretty much right. They misjudged the specific protocol, but sending images live from a wireless device on the beach _is_ entirely doable, and probably not uncommon at all. It's just not based on facsimile machines.
"he's like robin hood, if robin hood had gone around taking money from the poor, and promising the poor that he'd definitely give it back to them later". dog that's just ronald reagan
@White wolf I'm open to hearing many different perspectives/ opinions. I actually enjoy it. But I gotta say that when I hear people use nicknames like "sleepy Joe" I find it very hard to take the accompanying message seriously. Doesn't matter which party the jab is directed towards.
@White wolf Nothing says prosperity like tripling the national debt with military spending and reduced economic mobility... ItS gOnNa TrIcKlE dOwN aNy DaY nOw
My wife’s step-mom called me with a computer problem. Said her screen was stuck. Not changing. I said it sounds like your computer has frozen up. She said, “Probably, it is really cold outside!”
Lmao can't beat my mom. She asked why she can't save files in her laptop and I told her that her memory is full and heavy. She legit carried the laptop with a proud face and told me "it's super light what are you talking about" Can't wait till tech advances tho to the point our kids would say "okay zoomer"
It was cute at first when old people started using computers, but now they are falling for obvious scams, paying ransoms, and making scammers and hackers more common as it becomes more lucrative. Some old person saved my number in their phone downloaded some app and gave it access to their contacts and now I get spam text messages every day.
@@stephpears4012 About 6 years ago my wife (passed away in 2018) wanted to pay $75 to a hacker as her laptop was held ransom. I told her no! I knew how to get it back to normal. So yes, I can see how many seniors could fall for that scam.
Newt Gingrich shows up. Me: "Oh, is this going to be one of those 'the worst person you know has a point' moments?" Gingrich: *speaks* Me: "Nope. It is not one of those moments at all."
dont get me wrong: im all for killing those guys, but Newt seems to think you can just "go" to Russia (for example) and start killing Russian folks. that kinda seems like an act of war.
I was also expecting that, lol. Ya let me down, Newt. Also, I can't hear that name without thinking of Harry Potter transfigurations and their end of the year exams.
I was like: Honestly, he made sense (and I loathe to think there are times where Newt makes sense, it's like those times when you actually heard Chris Wallace on FoxNews and had to go: "Darnit...that was true."). So many of these people are really just some of the worst people anyways. It wouldn't be so bad to say...order a drone strike on a ugly-camo paint jobbed Lamborghini being driven by that Russian hacker, would it? I mean...it's a shame for the car...but let's put the really bad ransomware people (the kind that would, say, lock down a freaking hospital or a thermostat) in the same category as what we should do to child molesters and rapists: kill them, leave them for the birds and rot, and walk away whistling.
Most of these clowns aren't actually 'hackers' and it's unearned flattery to refer to them as such. If we imagine a hacker as an expert fly-fisher then these guys are the internet equivalent of a tug trawler. They spread a massive net and then tug boat goes brrr
@@SpiderCat420 I'm taking IT security classes now, and I can confirm they still do call them script kiddies. A lot of these guys don't know anything more than "haha, click button and crypto wallet goes brrrrr"
The sad thing is, the government wouldn't be doing anything about this, had ransomware not been used against corporations, and only targeted regular people.
To be fair - of the two parties that can run "the" government, only one ignored a deadly pandemic to protect business, until like the fifth wave made it clear that sacrificing people to save business doesn't work. Not saying the others don't care about business, but dems are at least aware that business doesn't work without the little people. And business also kinda profits from money not being moved to russian hackers.
Hacking hospitals = not cool. However, ransomware attacks against police departments might be able to do what the government refuses to do, release IA files for everyone to see.
I find the hack of the gas pipeline to be suspect. who was it that profited from the huge increase in price, and the increased demand (due to panic) of gas at inflated prices
Also, "death sentences" can mean people are LESS LIKELY to be found guilty, even if they obviously are. Like, if you could be sentenced to death for obstructing traffic, almost no one's would be found guilty of obstructing traffic.
@@CatHasOpinions734 Say that to the gross nummer of people wrongly convicted and were killed by the state. Some have been fortunate enough to be released due to new DNA-tech, but this is an ongoing issue.
@@idalarsen2540 just in case it's unclear, I'm opposed to the death penalty, and the fact that it's killed a number of innocent people is one of the major reasons. The fact that it can influence juries to not convict someone of a crime even when overwhelming evidence has been presented is just another reason to get rid of it. It makes perfect sense to me that a jury would fail to convict someone they know to be guilty because they don't feel that death is a fair punishment, the problem here isn't them, it's the system, for making them choose between two wrong answers. The fact that people have been let off as a result of bad policy doesn't mean the innocent people who've been killed are any less tragic. If you're interested, I actually borrowed some of these analogies from a PhilosophyTube video on the death penalty, you might like it, it's really interesting.
I remember googling what was happening when I noticed every single gas station around me had lines all the way out into the streets. I saw a couple articles saying “there shouldn’t be too much of a shortage unless everyone goes out to get gas right now” and I immediately knew there would be a huge shortage… ah, the south.
Mob mentality creates self fulfilling prophecies. Exact same thing that happened with TP at start of the pandemic. Everyone worried they would run out and stores wouldn't have enough. Except they did and the shortages were strictly caused by people buying it up. Mobs are only as smart as the dumbest person in it.
I’ve been watching this guy regularly for a few years and I noticed he often exposes people. It’s fuel for me to get mad at random ppl that I otherwise never would have known about. Isn’t Facebook getting in trouble for this or something? Idc. John oliver is a content god and I love watching his shit
The show's whole bit is not quiiiite connecting the separate topics so that they don't outright SAY "the problem is capitalism" but you can figure it out yourself.
@@ImpudentInfidel my take away is unchecked government not capitalism. Maybe capitalism allows it to be unchecked but I will say the same thing about Soviet Russia. Unchecked government not communism. However they used communism really well to be an unchecked capitalist government.
@@treebeard8475 unchecked everything, not government Capitalism without any restraints is as bad as unaccountable state institutions All the episodes in companies exploiting poorly implemented social programs are a merge of the 2
@@Daniel-yy3ty absolutely agree. I guess it breaks down to a lot of unchecked money which can audit and investigate itself. It’s more complex than that but have a great day man!
@@Sebazzz1991 I doubt much could have been done. Insurance won't cover it and all that can be done is to dissolve the company and pay as many people as possible. Alas yes... they got away with it. If you store something dangerous you are required to store it safely. The same should be required for data.
except that he proved in this one that his writers don't do very good research. The chastity belt story is a hoax by lewis spear. Check out his video on his channel "Researchers have found a vulnerability" -> "An australian comedian made shit up"
wtf is going on with these fake porn channels commenting? My entire inbox is full of comments from profiles with variations of the same handful of pictures
Please Hackers. ONLY use Ransomware on corrupt churches, dictators and right-wing assholes And secretly donate some of the money you take from those monsters to the poor!
Would love John to also do another foreign topic like the imminent collapse in South Africa. There's actually a video that goes into the root causes of South Africa’s decline beyond the recent unrest: th-cam.com/video/eGr_0QukEZs/w-d-xo.html&ab_channel=MyTake
We call this the "Boomer Tax" in my company. We're breached a lot because our managers are "in their 60's, haven't grown since the 70s, and force us to use software vendors from the 90s"
@@eponymousIme they *literally* don’t get breached as much. It’s not ageist to know - for a fact - that technology can be bewildering to older people. By your “logic” it’d be ageist to say “millennials don’t know how to use 5.5 soft disks”. You are right, we don’t! Different generations, different skill sets.
The funny thing is, those of us that actually work in tech fields tend to be Luddites when it comes to these internet connected things. We know what can happen and don't want to be caught like this.
I'm not a Luddite because I'm worried about getting hacked/cryptolocked, it's because I think IoT is a bunch of unnecessary bullshit that I have no need for. Not having a bunch of open ports on my network is a bonus. :)
and don't just use an os backup utility. While they are incredibly helpful most of the time, in this case, some ransomware attacks put in a months long delay before activation to make sure your backup has been infected too. You should manually backup the files you care about once a month.
I have been backing up my computers to external drives, not connected to a network, since the early 2000s. More than a decade ago, my pc was hit with ransomware. I simply found the malicious file, cleaned my computer, deleted the locked files, and restored them from an external drive. I also have redundancy, so that if a drive fails, I have multiple external drives with copies. People still fail to routinely back up their files.
Uhm, buttplugs aren't painful, luv. They feel amazing. Yeah, even for guys (arguably more so~ tbh) Well, when you know when you're going to be done with it anyways lol
DocuSign is the embodiment of the blond bimbo thinking that electronic signatures is signing the screen with her lipstick. They make all kinds of compliance claims, but in the end, they only verify that messages were signed by whomever they sent an e-mail demanding a signature on some made up legal terms of service.
@@Luvrnetic Quoting badly written laws is the hallmark of crooked lawyers. I have encountered their agreement process in the past, before they added an imitation of PKI.
"Hello, Locksmith and Co.? I lost a very important key and would need your services." "Are you locked out of your home?" "No. I need you to unlock my butt."
I love this show!! John, please do an episode about the trucking industry. My dad is a long-haul trucker, I've been thinking about going into it (to pay off my fucking student loans which I've been paying into for 20 years already!), but there is clearly a shit-ton of predatory business going on in that industry and I'm afraid to even start. Would love to hear your thorough and inevitably hilarious take on it.
I've got an English degree, about 20 thousand dollars of debt if I'm doing my math right, and two jobs that combine to $42,000 USD a year, assuming everything stays stable enough for me to work 60 hours a week, and my "weekend" being a mere 6-hour shift. Yeah. I'm honestly looking at long-haul as a rescue from what I'm doing. At least long-haul is mostly highway...
@@JAlonge017 I think I feel the same as @luislozano. My mother needed a new laptop. Bought one. But NOW she needs a microsoft account and a microsoft e-mail just to get the ting started !!! ???? Even if all she does is her private bookkeeping and store pictures on it, the big tech COMMANDS you the connect to the internet first in order to be able to use your (personal) computer.
Yeah, for all that John says "Nobody asked you that question", I actually thought "They had a really dumb, easy-to-guess password, didn't they?" before he showed the clip.
That would be wrong then. Solarwinds got hacked by someone using a "backdoor". If you want a definition at what a "backdoor" is, then go watch "War Games". Matthew Broderick did it with a "backdoor"
I love John's new take on the old joke, "Opinions are like a** holes: everyone has one and they all smell." Updated to, "A** holes are like opinions: letting the internet to be in charge of yours is a really bad idea." I'm looking at you, QANON followers.
Joke fail if you believe climate change is only warming. My error. Reptiles like insects speed up in heat (see basking turtles & snakes) so we lizards would be happy! (And better at plotting)
Weirdly, I'm okay with hackers going after Colonial Pipelines. They seem cool. I am not okay with them going after hospitals and grandmas. That's not cool.
They don't really "go after" anyone, they set up a website/email chain/whatever and then just see who bites. The fact is that the people who hacked Colonial Pipelines probably wouldn't care if they hit a major hospital system instead, so long as it earned them the same sum in the end.
IT as a whole, the branch under which cybersecurity responsibility tends to fall, is a criminally underfunded branch of most businesses, because business people are often so disconnected from reality that they truly believe the old joke: "When everything is working: What do we pay you for? When everything is broken: What do we pay you for?" The world is becoming increasingly tech dependent, and yet the people in charge of everything are basically technophobic. It's insane.
It's actual insanity that IT aren't paid more to keep up to date with the most important aspect of today's life for sure. I do not understand, for the life of me, why it's so hard to believe it's an actual job.
The issue is 99% of the people you work for, dont even know what you do. Let alone know what they should do to protect themselves. And even when the company had a course on cybersecuity guidelines, pentesters very frequently manage to find employees who either forgot everything, didnt understand it right or just lack awareness still I feel like pentesters are the only way to get through company leaders thick skulls and make them aware of the issue and why they really need to pay their IT department and train their employees ...but they are also the ones having to hire pentesters in the first place so...
Yeah, exactly. I work as a developer, and I can't tell you how many out of touch suits are out there who cut the funding on these preventative measures just because they don't understand why they have to pay them.
"The Max Power Way," would ALSO be an appropriate enough title. (Some comment elsewhere reminded me of the appropriate Simpsons clip within the past year/couple months, so I looked up said clip, shared the link to it, and got a recent waaaaay-after-the-fact Like on said link-share.) :P
for some bizzare reason the thing that has me shellshocked is that you know have app-controlled sex toys with a "friends" function. What a world we live in. Until i actually checked that it's a real thing I was convinced that Last Week Tonight simply invented it as a joke...
I'm in IT now and am drawing up plans to roll out training to the whole company. Honestly I'm now seriously considering making them watch this ep of LWT
Two-factor authentication reminds me of old anti-virus software which slowed down the rate of your computer as much as the virus you wanted to avoid. The whole point of technology is to make processes efficient. If you have to send a text message, set up a user account, establish a password which is so cryptic you will never remember it, spend 30 minutes finding a unique login, and do a anti-cyber crime dance around your computer every time you want to use an internet page, you might as well go old school and just use snail mail and fax machines instead. It would be more efficient.
@@benjaminkowal7310 Sounds like Norton Antivirus. XD And agreed that if you reach the point that all the security hoops impact efficiency to the point where you actually spend your whole day clearing security then the system has failed. This is why the interesting challenge for IT is making it secure but also user friendly. 2FA is honestly not that bad. I pull out my phone in the morning as I log in, open an app, punch in a code, and boom. The rest of my day runs smoothly now.
The gas shutdown was done because Colonial turned off the flow when they couldn't track how much to bill clients. The hackers didn't close the valve, the company did.
Technically the company may have closed the gas line, as a DIRECT result of the hack. Whose fault it is, can of course be debated, but let's not forget the major contributor here.
@@reshhaverstahm7729 Well, I'm sure you can assign a part of the blame to greed if you like. But it also doesn't serve anyone's interest if the company goes tits up because it gave all its product away for free. Let's not get too deep into defending russian hackers here.
@@TimoRutanen It's hard to figure out if these people are serious or not. I mean, do they really think if a grocery store loses power or their check-out system goes down they are supposed to just wave people through with free items? How in the hell do these people think businesses actually function, from the smallest mom & pop stores to the "biggest evil corporations"?
Somewhere in Ohio, my mom’s crazy old family practice partner is throwing her hands in the air, shouting *I TOLD YOU SO!* in celebration of the fact that she’s refused to use medical record software for the past 20-odd years… (in favor of old-fashioned paper charts) Good job, Annette, but I really hope you’ve given into peer-pressure and let the nurses use air conditioning in the exam rooms again.
The chance of a ransomeware attack on a private doctor's office where employees follow basic security measures (or even one where they don't) is much lower than the chance of her patients ending up in the emergency room and suffering harm due to the hospital not knowing their full medical history and what medications they're taking because all that info is sitting in a stack of papers in an office. To make matters worse, there's a high likelihood that no one will even be in the office to send over those records (most family doctor practices are closed more than 100 hrs/week) and even if the patient goes to the hospital during office hours there will still be a long delay while the hospital obtains those records via fax machine and enters them into the database.
Funny thing. My stepdad once clicked on something unsavory, and ended up with a cheapo ransomware message flashing on the screen and making god-awful noises. I went over to the house on my mother's desperate request, saw it was nothing more than a browser-based prank, started the computer in safe mode, and deleted the installer and folder that was causing the issue. Problem solved. Meanwhile, they were freaking out, thinking some hacker was trying to steal their piddling amount of money from their bank account. Even after that, I still can't get them to use multi-factor verification. They say it's "too annoying" and "doesn't work". Guess I better teach them how to buy bitcoin.
@@AKAJAYGAY True. But it is refreshing to see Ito brought into a conversation based on such a loose but relevant and funny connecting thread, rather than say, in a conversation about horror or manga or Japanese culture.
When I worked at the Canada Post Office, we were taught specifically to look out for people who were coming in to look for unusual ways of paying someone anonymously, especially in similar amounts. And then convince them NOT to and provide them with phone numbers to…police? I worked there about eleven years ago
This is why I'm glad that one of the first things they taught me learning about computer information technology is maintaining regular backups preferably on an external disconnected piece of media
When I started watching this episode, I was definitely not expecting it to end with a commercial where JK Simmons talks about a wifi connected buttplug.
Would love John to also do another foreign topic like the imminent collapse in South Africa. There's actually a video that goes into the root causes of South Africa’s decline beyond the recent unrest: th-cam.com/video/eGr_0QukEZs/w-d-xo.html&ab_channel=MyTake
I swear to GOD and all things held sacred, I miss watching John Oliver's shows lol, haven't watched one since the end of last year but man did this one get me. My chest is still aching a bit from the laughter. Despite how ridiculously serious this is
Lol I have been in audit over 10 years and IT audit over 5 years...and this episode is probably 3X better than the typical IT security training course that cost $100 per hour...much funnier too.
Would love John to also do another foreign topic like the imminent collapse in South Africa. There's actually a video that goes into the root causes of South Africa’s decline beyond the recent unrest: th-cam.com/video/eGr_0QukEZs/w-d-xo.html&ab_channel=MyTake
The funny and sad part of the pipeline hack is that even though the company paid the money, Colonial restored their own systems from backups because "it's just faster." Also, the hack didn't stop the flow of gas, it stopped the software that Colonial was using to process payments. If it had used old fashioned methods to track customers, it would never have had to shutdown at all. Now after hearing something horrible, imagine trying to fit a key in your hacked remote control buttplug.
Just adding another reply because it's important to reiterate that Colonial never had to shut down the gas. They chose to disrupt a vital resource and cause mass chaos rather than let a few pennies slip through their fingers, and all corporations are like this.
@@deborahlimby5549 et.al. No... Just no. Colonial, at the time, didn't know how deep the attack was. They shut down the pipes in the off-chance there was some malware-thing that crossed the air-gap and was going to go 'boom!' IRL & actually kill people. I'd (I do CyberSec for a living) order the same thing from a safety perspective.
@@Lemana28021989 it’s announced that the business daddy will change… it just hasn’t yet. Company sales, especially big ones take time to finally close.
This segment really missed the boat in talking about how insecure so many products are out of the gate. If computer and device security wasn't such a joke, they wouldn't be trivially hackable.
Indeed. I was looking forward to see John address root causes (reckless negligence by software/IT suppliers, incompetent IT procurement in companies and lack of resources in IT departments) but it seems he was advised by the same "experts" that contribute to this insecure ecosystem. I'm just waiting for people downloading a fraudulent "authenticator" app in which they will share all their 2FA tokens...
Totally agree with you. No matter how tech-savvy or untraceable are these hackers, these tech and manufacturing companies can at least bind the two factor authentication by default with every product or service of theirs. Regarding the fraudulent "authenticator" app stealing all 2FA (two factor password authentication) tokens, its hard, if not impossible to create such a software to over-ride security built right inside the manufactured product or a service (software). The harder we make it for hackers, the easier and more worry-free lives of ours become.
There's an endless list of reasonable measures that can be taken to improve security. Bugs can be fixed. Development safety measures can be implemented. Safer languages can be used. Audits can be made less jokey. Defense in depth can be improved. Some things have improved in the last decade or so, but for the most part security is done merely for show and collecting approvals, not a serious effort to make things better. One need only look at the "internet of things" space where things are getting recklessly worse for little to no benefit to anyone.
Ultimately security will not improve until it is more economically efficient to make secure products and software than it is to foist the consequences of insecure products and software onto the customers or simply pay the ransoms. There are few if any penalties for companies that are compromised beyond the immediate monetary ones.
@@joedillian indeed, I had hoped for the show to talk about how costs can be internalized again. Defect rate tracking, time to fix tracking indices for vendors might help. Case law establishing a bar gross negligence might change things. Certainly light bulbs that form mesh networks on their own as side channels to ethenet with known security flaws and zero provision for updates should be beyond the pale. But they are on the shelves.
can you please do a segment on the stock market and how market makers, hedge funds and dark pools are ripping the retail traders off? I feel it would be really informative and a highly rated episode if you did.
"Just locking your door is going to help" It certainly does in the real world. Every so often, kids walk through our suburban neighborhoods at night, checking for cars that are unlocked and rummaging through those that are. Simply locking up the car keeps them from doing this.
When I was a teenager I visited the US - the strangest culture difference was realising that most people in the area there didn't bother locking their cars. Their motivation: "If they want to get in, they'll just smash a window and do it anyway". I wasn't old and wise enough to explain how dumb that is, so I was just speechless :D
Spot on. Crimes are usually those of opportunity and risk assessment. Dogs, for instance, aren't a deterrent because they attack intruders, but because they raise a LOT of noise. Sadly, it also means the ones willing to get through the basic precautions are the really dangerous ones because they're either stupid or don't care about being caught.
@@korenn9381 perhaps you are the idiot? Because I've lived in a few neighborhoods where that was the rule for good reason. Some places people will break your window just to steal a radio and everyone knows that, so you simply never keep anything of value in there and leave it unlocked. You don't have the money to replace a stereo, let alone a window too. Cut your losses.
John overlooked the fact that the attack on Colonial didn’t target the pipeline control and safety systems, it attacked their billing system. They could have continued to deliver oil/gas but opted not to because they didn’t want to lose revenue.
A VERY good point. This comment UTTERLY deserves to be more widely seen and absorbed.
Algorithm! Algorithm! Algorithm!
Bump bump bump!!!
To be fair, an organization with such terrible infrastructure to be the victim of ransomware probably doesn’t do client isolation. Profits were definitely 99% motivation but they had most likely no idea just how much they were comprised.
There also wasn't a fuel shortage. Just a run on gas like it was toilet paper.
Interesting. This open mind goes to read and educate herself
As somebody in the field of cybersecurity, I'm sooooo glad we're starting to see real mainstream media coverage about just how dangerous ransomware really is. Now we just need to talk about the rest.
I hate having to do that ransomeware training every 2 months, but then I remember that my org was recently hit by an attack that shut down our network for 6 days, and someone definitely lost their job in that situation.
Same
I work in hospital IT. I agree with this comment. Ppl so thin skinned over necessary measures
Exactly. Have a table top exercise Wednesday on randomware.
Just an fyi, a half hour weekly show hosted by a comedian is in no way mainstream media
My WiFi lost connection just as John said “and internet service providers are f...”, I seriously thought it was a gag for about a minute, it kept getting funnier!
i wish my shitty internet had that kind of comedic timing
And then the laughing slowly turns into crying, when you realize your Internet still doesn't work properly in 2021 😭
Major L😂
When your ethernet somehow drops the connection like a corded phone in 1995
My computer died once while I was watching a video about Anonymous. I kinda freaked for a second.
The single greatest tech knowledge I imparted to my Grandma when she became IT independent (aka got her own devices) was how to spot and avoid malicious emails/websites/ads.
In the past 10 years I've helped her through various things like installing a new printer, setting up Netflix on a new TV, how to stalk her friends on facebook without them knowing (that one always leads to fun stories about the things she's found), even sending and receiving emails while on the go using a 4G dongle, and also taught my 88yr old Grandpa to navigate solitare/tripeaks games and watch dash cam footage on youtube.. he then figured out all on his own how to find some classic music on youtube that he hadn't heard in almost 50 years
And during this time, the number of callouts I've had to help with viruses or malware - zero
Parents should teach their kids about safe sex when they come of age, so kids, now it's your turn to teach your grandparents safe internetting.
Very good advice indeed!
Definitely a positive karma there
Agree... I trying to figure out how to educate my parents on IT. My mom doesn't care about security of her computer. She thinks just b/c she has an anti-virus program, she is safe.
@@Lucius8514 most traditional anti virus' are completely useless, if you have windows defender and a vpn and know how to safely browse your completely fine!
Good point--counterpoint to "average Joe isn't a serious target" @fakename. Grandma is the most dangerous thing on the internet right now. My Grand rolled high on all the traits--75 Constitution, 55 Intelligence, a natural 100 in Charisma. But she's the type who rolls snakeyes after 'walking into the dark screaming tomb entrance.'
Remember everyone, it wasn't even the ransomware that caused the gas stations to run out, it was the people hoarding gas in plastic bags. Source: I live in North Carolina.
I have given up hoarding gas in plastic bags for the environment's sake. Plus, I'm no longer a child and don't need balloons at parties.
I actually learned that gas can expire.
@@viktorvaugndoom It can, don't quote me on this but I think there were people trying to get a refund on the excess they bought. The shortage lasted maybe only 2 weeks tops.
the fact that u think that's a source is amazing...
Source: I live in Europe so I am smarter
Edit: This comment created some out rage and has show that there is some confusion when it comes to the word "source":
The same way one video showing a person filling gas in a plastic bag isn't relevant for the question: “Why were there gas shortages?”, the statement of one person claiming to have seen this happening is nothing else but an anecdote. It tells us nothing about the extend of this practice. To understand this aspect in context of the hole shortage U need statistics. This feels to me like a classic case of “Anecdotal evidence". "Anecdotal evidence is a factual claim relying only on personal observation, collected in a casual or non-systematic manner", and not a good source for any information.
Most American response possible... 'theyre saying its gonna run out, better get mine'
I enjoy staying awake on Sunday nights, just to be the first to see a video that will ultimately make me more depressed.
While also making you laugh!
*Watch John Oliver on Mock The Week, if you want to see his early days*
you mean wakeing up early on monday to get your weekly dose of depression.
Watch the 14-minute 1942 USDA film *Hemp For Victory* that encouraged American farmers to grow "Marihuana" to defend our country during World War II.
Europe gang watching this at 9:00 AM, so we don’t have to stay up late, we just have to wake up “early”.
Who gets to call waking up at 9 AM “waking up early”? European programmers. We’re all working remotely, and my job is lucky if I put on pants for our zoom meetings.
As an IT guy, I cannot stress this enough - you need to back up your stuff, and you MUST HAVE AN OFFLINE COPY OF IT. Spending a couple hundred bucks is much cheaper when you need to restore.
@cw5001 I hope your external drive is actually disconnected. Would be a shame if your backup was encrypted too
I regularly make a backup of the files on my laptop (on a external drive, that I disconnect after the backup), but how about other devices? How can I make an offline backup of, for example, the photos on my mobile phone?
@@rvdb7363 Uhm, can't you just connect your phone to your computer and copy the photos over it?
@@timonix2 So, if they encrypt your computer and the external drive is plugged in, they get all of that too? Just checking. This video freaked me out and I need to start learning.
@@HARLANP Thank you so much. Valuable information.
People who are enthusiastic about tech: "I have a smart fridge!" People who use/work tech: *have a stash of scissors and hammers, just in case*
As a developer myself, I can absolutely attest to that. If I ever have to buy a smart appliance, I am going to make sure that I have some kind of physical kill switch just in case.
@@draakisback stab the problem away. history has proven that to work great
pretty sure a lot of techs would suggest not having smart devices. Cause let's be real. Does your stuff need to be smart. Your fridge keeps thing cold, thats enough, your oven makes things warm and hot, thats enough. You do not need them to connect to your phone. And for the love of god, nothing is wrong with having a light switch on your wall that you can easily flip rather than some smart system that'll leave you in the dark if someone wants to ransom it.
Remember people, the best way to prevent people from accessing your computer's porn stash is fire. Specifically, lighting your computer on fire.
@@jiminbang5822 That's why I have a "healthy" supply of swords, couple of shields, and helmets, and "gobs" of knives.
As an individual in the Cyber Security field, I want to say thank you for talking about this and brining attention to it. Media really doesnt touch on attack types and how much a cyber attacker can actually damage infrastructure. Thank you sir.
Oh, they will, they will be talking soon. Cyber warfare is still in its infancy
@@LightSourceTemple I guess it is time to learn cyber security.
Companies just aren't hiring anyone for cyber security nowadays, they all are far to lazy to actually understand that these attacks could happen to them just as easily. It only takes one fool on their network to click a bad link and then it's game over. When I got my cyber security degree I was told they'd be people lining up to hire us, it never happened. Companies are far too reactive instead of proactive.
@@EpicLatios I definitely see your issue, and i chalk it up to terrible HR alignment with the actual security team. The standards to hire are absolutely ridiculous and need to be changed, I definitely fault the industry for that. I wish you well on your job hunt.
@Jay G Question is: how does the initial attack usually happen? I figure it's gotta be more than just clicking on suspicious e-mails.
"I could give two shits about the life of any big snake"
Them's strong words for a bird, John...
LOL!
Haha.
*Couldn't
Speaking as a cybersec professional: that was a really good educational segment. Knowing how hard it is to make people listen to us, thank you.
I just wish it had been followed up by explaining those steps because that's the part where a lot of us older folks are literally scratching our heads. Like okay don't click on suspicious email well that's been a thing since email existed so I got that, ok. But first I'm setting up some kind of double authentication. . . Not sure what that is, with what I achieve this, nor what it covers- does that cover my whole computer as I'm using it or just every app one by one on my phone, and also WHAT IS THIS.
There's so many things to Google there I feel like a lot of older people are just going to give up and just hope it never happens to them.
@@josephinethornton3823 i think Oliver has an episode about non-intuitive interfacing.. computers are meant to make life easier but as i like to say, technolization in the pursuit of comfort is oxymoronic. And whether the programmers and designers intend this kind of gatekeeping, or the learned use their understanding as a status symbol, or anti-fix-it-yourself corporate interest is in narrowing utility.. i imagine all of the above and so much more that i'll never understand about computrons.
Best way to combat this is one of two things number 1 teach people to hack or two remove internet out of our lives
@@josephinethornton3823 you are right this segment stopped at the awareness level without really going into education (sadly I don't have any publicly available education link to provide at the moment) and it would have been great if them to provide some inputs about where to find it.
That being said you'd be surprised how many people still click on suspicious and too-good-to-be-true emails.
HONEST QUESTION : do cybersec pros also have cyberattack pro that work in conjunction with them? like in any conflit, a good defense is helped with a good offensive response, no?
John, you forgot something that everyone needs to do to avoid paying ransomware; Backup Your Data!!! That way you can wipe the computer and restore your important files if they crypto-lock your computer.
He mentioned that and the problem that the hackers can still make your data public.
As Don said John had mentioned that albeit briefly, what he didn't mention is that its entirely possible for hackers to encrypt your backups as well or the possibility that already exists in the backup and simply dormant until you try and restore that data.
@@BigHeadClan Which is why you should have regular offline/unconnected backups if it's vital data (rotating thumb drives would work for the average user). If my gaming PC gets ransomware, I'm just gonna wipe it anyway.
@@donteddy1858 Makes me wonder if whenever we see a headline about "data of millions of users leaked" it was just a firm who didn't pay.
@@intiorozco5063 nope, that's just down to companies using poor security practices like running servers with weak authentication or unpatched vulnerabilities, or storing unhashed passwords in an unsecured AWS bucket that somebody just happens to stumble over by pure chance (which has happened multiple times).
I love that John Oliver instills me with a dose of terror every Monday morning before work😐
Me too. It’s a little ritual where I make my Monday even less appealing.
Same. 😬
This was apart of my high school morning routine. I wake up, get ready for school, and then I watch funny British man remind me that the world outside sucks. (Sigh) Good times
If you're not afraid, you're not paying attention.
likewise
The fact that Last Week Tonight got J.K. Simmons for that last part is freaking perfection.
They know that everybody listens to what JK Simmons tells you to do, or else...
My brain's trying to recompile Gaston's song to be about J.K. Simmons reading copy. She's crashing
It was Tom Selleck in the original 1993 AT&T commercial.
as narrator, right?
Oh my God, it is his voice! How did I not notice?!
Here we are, in August of 2021, STILL ripping on Game of Thrones Season 8.
Godspeed, John
HBO has earned it...
Anything to get back at his business Daddy. 🤣
@@andreadehoyos9910 underrated comment !
Pretty sure one of his writers wrote that joke...
If phishing emails and texts didn’t almost reliably include typos or mistakes somewhere, i probably would have fallen victim to a bunch by now
Honestly, they're getting pretty good. What tips me off is the e-mail address. If I'm really concerned, I head to the site independently to check something out.
Always check the address. That will prevent most attacks.
Even addresses can be spoofed though (to an extent), so *always* inspect the link before you click it.
The typos, spelling and grammar errors are deliberate. It's an intelligence/education filter. The phishers know that the time they spend on reeling in relatively stupid and uneducated people will be more likely to pay off.
Self-selecting for gullible marks.
I'm seeing a few btc scams in TH-cam comments recently, comment threads on popular vids that consist of 20 replies from different fake accounts all registered around the same time about how great some imaginary "investment consultant" is and how his trading advice always pays off, someone asking how to contact, someone else responding with a WhatsApp number. The grammar/syntax is laughably poor but I'm inclined to think that's deliberate once again.
I got a poorly composed e-mail from my property management company yesterday and was convinced it was a scam 😂 I almost told the woman sending it that she needed to take a communication class but I like not getting evicted 😂
Ransomware guy: "Pay me or your chastity cage stays locked."
Chastity Guy: "I'm so into this. Do my buttplug too, please."
“jokes on you, i’m into that shit”
Oh, god... Financial Domination just took a turn for the cyberpunk...
lol
Wasn’t that exposed as a hoax by Lewis spears?
Ransomware guy: send a nude.
News later that day: In other news Russian ransomware farm employees were found dead earlier, seems they all looked at a photo before dying. Said photo has been classified a weapon of mass destruction.
And always remember: The S in "IoT" stands for: Security
This is the exact sense of humor I expect computer science guys to have
This is perfect. I might just cross-stitch it on a pillow.
Exactly... that ish goes on a guest WLAN with no access to network resources.
SloT?
Internet of Things [That Shouldn't Be On the Internet]
"If HBO is gonna be publicly humiliated , it'll be by releasing the last season of Game of Thrones, on it's own Terms. Thank You." I almost forgot how much The HBO likes to humiliate itself; on top of that, they paid for this joke and then aired it 😂
My haters throw rocks at me and IT hurts. I hope they don't throw The Rock at me because I like him as an actor. GAGAGAGAGA!!! I am funny!!! I am the funniest TH-camr EVAH! Please agree, dear dhe
@@AxxLAfriku im throwing a digital rock at you rn
@@jmarch_503 throw it hard! 😂
I just finished watching this episode on HBO Max. I came here just looking for this comment.
That's pretty based of HBO, I like that
"If HBO's going to be publicly humiliated, it'll be by releasing the last season of Game of Thrones on its own terms, thank you very much."
That burn was hotter than dragon fire.
And yet, like the Night King, HBO somehow survived it 🤷
Well that doesn't mean to much, because dragon fire can't fucking kill the night king
The fact that they got J.K. Simmons to do the voiceover for the "advertisement" at the end of this makes it that much better
He knows a thing or two because he's seen a thing or two. Terrible, awful things.
I'm sure butt plug guy did not like HIS TEMPO!
@@paineoftheworld 😆😆😆🤣🤣🤣
@@paineoftheworld I'm also curious about your username.
@@looking4therealrepairmanjack , just a portmanteau.
"Life just wouldn't be the same without you. And I really wished that life weren't always the same."
Thanks John, I think I just found my new catchphrase
About companies not telling about getting hacked: some countries like the Netherlands have a law that obligates companies to disclose if they have had any form of cyber breach or data leak and how it happened. When people's data is stolen (or destroyed?), companies are also obligated to notify all possible affected parties
Its called GDPR and its EU wide.
Data isn't stolen. That implies something was removed. Data is copied.
@@theannoyedmrfloyd3998 A product was obtained without the permission and/or knowledge of the owner = stolen.
@@BuriBuster ah I wasn't sure about that, so kept it at "some countries like..". But thanks for clarifying
Just because they are supposed to do it, doesn't mean they actually do it. I guarantee you a lot of companies would rather break the law and try to get away with hiding the truth.
As an IT professional this is all true...this mainly happens bc most businesses dont want to invest in decent IT departments...they rather contract out when needed..and it leaves them vulnerable to things like this. Backup is a thing too...that doesnt happen as much as it should...but the cyber war is on.
There was a big part missing in the advice at the end: Backups. Working backups that are physically disconnected most of the time from the live systems make ransomware more of an annoyance than a threat. "You have encrypted my photos? Well I have a copy on that flash drive over there... so... i just re-install my PC and I'm good to go."
They are not the all-out solution, yes they help, but there has been ransomware that takes weeks or even months to learn about it's users on the infected systems only to deploy much later. That external drive you thought would come in handy might have been compromised by that time as well, so it can be tricky to know if it's been infected with the system that encrypts the files.
@@fragdeinpferd Dick pics. If you only keep dick pics, then the joke is on them. If they lock your files, you can tell them, "go ahead, take a look. You can keep those, plenty more where that came from..."
That doesn't solve the problem of their having access to all your documents. Some of which may be leaked publically
@@aldobonaso3481 This made me laugh :D !!!!!
@@aldobonaso3481 Wait a minute. That sounds exactly like the kind of reverse psychology a hacker looking for dick pics would use on people...!
I’ve watched this show enough to expect that clip with the Russian lady ending with her being arrested for threatening the hackers and the hackers getting away with everything. This show has made me expect the worst in the world and be happily surprised when it’s not that bad.
It is also my weekly dose of depression
Funnily enough, if she had made it clear that she is from Russia, the hackers may have let her off without paying. That's because of the "no damage to Russia" policy that they are relying on to stay operation.
Yeahhh but he funny though
@@pkramer962 nah, they probably knew where she is originally from, her name is VERY Russian.
You're slowly becoming British!
reminder, the gas pipeline was never in any danger, it was their billing system that was compromised, so rather than risk customers not being billed properly they shut the pipeline down.
lmfao thank you for reminding us
So this evil can be used for good?
There was a risk of the ransomware spreading to their SCADA network. It’s SOP to bring systems offline to contain the threat.
Which calls for nationalization of the whole pipeline, if the system to critical to the country then it can't be trusted in private hands.
@@thisbymaster I'm usually for having a country handle critical infrastructure instead of profit driven companies (less incentives to cut maintenance for short term profits and all that jazz), but did you see the whole video? Cybersecurity at the country level is not any better than at the private level
If that's the only problem you want to solve, that's not a solution
One of the simplest ways to help with cyber Security of our PCs is don't make your main account you use on the PC an admin account. Change it from a Admin to a standard user and every time you need to do something that requires admin rights, just input it.
I work in IT and I have had to explain this to many clients over the years. The number of executives who think they NEED Domain Admin rights on their day-to-day accounts is appalling.
Good thing I'm so inept at electronics I did this by accident
As someone who works in supporting IT teams, it shocks and dismays me how woefully unprepared companies and governments are for these ransomware attacks. A properly set up IT infrastructure should be able to recover from ransomware attacks with minimal downtime. Offsite backups, live backups, file versioning, all of these are part of standard disaster recovery systems that should be employed but aren't. My personal clients computers have better disaster recovery than many of the people I work with in my day job.
Hackers, scammers and thieves using the internet to their advantage to defraud and trick others have skyrocketed while IT-experts and law enforcement hasn't kept up at a linear rate. So it's oversaturated with bad actors and not enough defense forces to keep the bad actors at bay. And companies don't want to pay those extra dollars each month to deal with something relatively rare and difficult.
I was part of BMW's CERT team, you would be amazed....
Yep. In some attacks in my country it turned out pretty critical machines had working USB ports allowing USB sticks to be inserted and used, which I feel should really urge companies to start physically disconnecting those in really critical machines.
All sites URL's that give me a weird feeling are opened on a seperate machine that is unable to see other machines in the network, should that get infected, I destroy everything on it, reinstall it and no damage done (would love to have it on a different subnet as well, but that's something our modem-router combination does not provide as an option yet).
As for backups, well, practically what you said is what I do, especially off-line backups that are performed on stations switched off so they are only physically accessible unless I put it in a swap-bay.
Most companies are also ran by boomers who don't know or care what cyber security is. Apparently spending a little money to protect alot of money isn't worth it to them.
I mean, at the end of the day, its a team of tech guys vs another team of tech guys using tools made by other tech guys and talent floods to each side. Often times, your team is understaffed and trying to protect the company from the dumbest morons in that company. Even the one that do try could throw everything at the wall and either not find enough staff or find out the opposition is simply better. Honestly, the reality is like breaking into a house, if someone wanted in, they can get in. Gingrich made a lot of sense about the murdering laws if it wasn't so stupid and wouldn't even do anything.
Can we all just take a moment to admire John Oliver's willpower, sitting there with nearly a straight face and say, " Crucially, the barrier to entry has gotten lower." while discussing hacked internet butt plugs without losing it, this man must be carved from granite.
He’s English, we’re like that lol
That's just called "British."
No, he's just British
In hindsight maybe I should have looked at the other replies first
@@Ashesisemocutcutcut No worries I forgive you, you're British you're just like that.
To clarify, the license plate reads "B217OP" which is read "V217OR" in Russian and 217 is not part of the "thief" spelling, it's the "VOR" that means thief, so it's not that blatant. It's like if someone had license plate numbers "TH217IEF"
+
Farfetched but I’ll take it
where did you learn russian ?
@@serioussam209
Much like most Russian-speakers, I was born with it 😋
@@serioussam209 I mean, his name is 'Peter'. Have you ever met a Russian who _wasn't_ named Peter?
The lesson here: You never really know who might be wearing a butt plug.
"Moving on."
Greatest transition from absolutely anything I was doing immediately before clicking that notification. It's beautiful.
I chuckle every time. It's so wonderfully dumb.
reason why ransomware attacks are so common, is that every company thinks "yea the attacks are common, but it will probably not happen to us" and then proceed to allocate minimal budged to cybersecurity protection measures.
great % of critical systems around the world run on WINDOWS XP, some even on MS-DOS
Think that DOS would be even more secure as ransomware are built on todays standards
^This 100%
Windows XP is run on computers that aren't connected to the internet most often
And those that are on XP & DOS are easily destroyed by those attacks. Most of these ransomware attacks happen due to 100%, Grade A, human stupidity.
There are some that still probably even run on vista. Actually, I know there are some that still run on vista.
Also, I know for a fact that many point of sales (cash register) systems run on old operating systems.
Shout-out to the guy who made the "Ransom-warehouse" graphic. It was on screen for all of three seconds but I do appreciate it.
Also good advice:
Always make full backups on external harddrives or flashsticks. So when the Ransomeware strikes, just delete the harddrive and reload the last backup.
If everyone would be doing that, there would be no Ransomware.
Others have said this, but it bears repeating. A lot. *_1)_* *Make regular backups that are stored offline*
*_2)_* Keep _multiple_ backups. One you update every week, and another you update every 2 wks or each month, stored at another location.
If you are a business, you should know how you need to adjust those schedules so you never lose much in case of flood, fire, or ransomware. If you are not running a business, *you are an easier target!* Do backups too, so you don't get trapped.
Don't have to back anything up if all you have is shitty games on your hard drive 😉
Would like to add, if possible, use one device for important buisness only (like e-banking etc.) and one where you browse around and watch porn. Your horny mind is much more likley to click on a dangerous link.
That guy is going to put on his acting resume, "Played a role of a victim of a butt plug hacker on Last Week Tonight."
And be type cast for all eternity 😂
He done fcked it up! 😊
🤣😂🤣
Especially during "credits" part in full episode, you can see moments when he is into it. xD
So, just... a normal HBO role.
He's actually a very respected improviser. So funny. en.wikipedia.org/wiki/Connor_Ratliff
I voted for him, but that’s an incredible response from the Biden administration. Since when is our (or any) government’s position on this a shrug and then saying “ pay it I guess”?
what would you suppose they do? If you get robbed, the government won't pay you back your damages either. You won't typically get robbed if you aren't stupid and leave your door open and even shout out on the street "look how open my door is! What, a stranger wants to know where my home is and when I am not there because he wants to see how pretty my house is when the lights are turned off? Well of course good sir, let me tell you exactly where I live and when I am not there." Ransomware works on morons. Would a kind of "internet driver's license" be a solution? Yeah, probably. Well good luck proposing that to your voters.
What we should do is take down the entire 2 trillion dollar crypto industry.
Or completely defeat the purpose of crypto and KYC everything.
You know, so the government can make sure we're all safe.
Just like they do in China. Because that's the style of government John is a fan of.
he's right. you either pay hackers or you pay workers by investing in ur fkn IT departments. we need to let the market make decisions.
I never thought I would be so glad to hear John Oliver talk about something I already know a lot about. Thank you for helping spread awareness on this.
man, opening the day with an attack on business daddy.
Seems legit
Replying so that you’re not alone with a bunch of spammers 😅
I’m here for it.
LOL the people who made that ad could have never imagined the incredible staying power of the god damned fax machine
The funny thing is, they were still pretty much right. They misjudged the specific protocol, but sending images live from a wireless device on the beach _is_ entirely doable, and probably not uncommon at all. It's just not based on facsimile machines.
They had already been around for like a century
I recently did send a fax from the beach. Used a e-fax which lets u send any pdf as fax to a fax machine address :D
I mean the semantics were off some but they pretty much nailed it, instead of fax we send photos and pdf. And fax apps exist.
@@JosephDavies exactly
So glad Cave Johnson has recovered and is doing these voice-overs.
You thought moon rock poisoning could keep me down? Clearly you haven’t met me. -Cave Johnson, probably
@@WalterTheWalrus I can't wait till his signature lemonade hits the store shelves!
"he's like robin hood, if robin hood had gone around taking money from the poor, and promising the poor that he'd definitely give it back to them later". dog that's just ronald reagan
Robbin da hood
@White wolf You know what he did take? Took your guns. Ban on new automatic firearms in Firearm Owners Protection Act, and also The Mulford Act
@White wolf Well that's just objectively not true but far be it for me to take you out of your delusion.
@White wolf I'm open to hearing many different perspectives/ opinions. I actually enjoy it.
But I gotta say that when I hear people use nicknames like "sleepy Joe" I find it very hard to take the accompanying message seriously. Doesn't matter which party the jab is directed towards.
@White wolf Nothing says prosperity like tripling the national debt with military spending and reduced economic mobility... ItS gOnNa TrIcKlE dOwN aNy DaY nOw
My wife’s step-mom called me with a computer problem. Said her screen was stuck. Not changing. I said it sounds like your computer has frozen up. She said, “Probably, it is really cold outside!”
That's really sweet. lmao. It's an understandable misunderstanding to have!
@@kellyriddell5014 Except I doubt it was freezing in her house. In fact, I know it wasn’t.
Lmao can't beat my mom. She asked why she can't save files in her laptop and I told her that her memory is full and heavy. She legit carried the laptop with a proud face and told me "it's super light what are you talking about"
Can't wait till tech advances tho to the point our kids would say "okay zoomer"
It was cute at first when old people started using computers, but now they are falling for obvious scams, paying ransoms, and making scammers and hackers more common as it becomes more lucrative. Some old person saved my number in their phone downloaded some app and gave it access to their contacts and now I get spam text messages every day.
@@stephpears4012 About 6 years ago my wife (passed away in 2018) wanted to pay $75 to a hacker as her laptop was held ransom. I told her no! I knew how to get it back to normal. So yes, I can see how many seniors could fall for that scam.
Newt Gingrich shows up.
Me: "Oh, is this going to be one of those 'the worst person you know has a point' moments?"
Gingrich: *speaks*
Me: "Nope. It is not one of those moments at all."
I already knew he would suggest deranged idea like many gop
17:43
dont get me wrong: im all for killing those guys, but Newt seems to think you can just "go" to Russia (for example) and start killing Russian folks.
that kinda seems like an act of war.
I was also expecting that, lol. Ya let me down, Newt. Also, I can't hear that name without thinking of Harry Potter transfigurations and their end of the year exams.
I was like: Honestly, he made sense (and I loathe to think there are times where Newt makes sense, it's like those times when you actually heard Chris Wallace on FoxNews and had to go: "Darnit...that was true."). So many of these people are really just some of the worst people anyways. It wouldn't be so bad to say...order a drone strike on a ugly-camo paint jobbed Lamborghini being driven by that Russian hacker, would it? I mean...it's a shame for the car...but let's put the really bad ransomware people (the kind that would, say, lock down a freaking hospital or a thermostat) in the same category as what we should do to child molesters and rapists: kill them, leave them for the birds and rot, and walk away whistling.
Most of these clowns aren't actually 'hackers' and it's unearned flattery to refer to them as such. If we imagine a hacker as an expert fly-fisher then these guys are the internet equivalent of a tug trawler. They spread a massive net and then tug boat goes brrr
back in my day we called em script kiddies
@Viviana Serena That would pretty much kill the software industry over night. There is no such thing as an impervious program
@@SpiderCat420 I'm taking IT security classes now, and I can confirm they still do call them script kiddies. A lot of these guys don't know anything more than "haha, click button and crypto wallet goes brrrrr"
@@SpiderCat420 back in my day "hacker" meant something completely different and had a positive connotation.
@@rgderen88 Admittedly though, they don't exactly NEED to know much more than that to get results.
The sad thing is, the government wouldn't be doing anything about this, had ransomware not been used against corporations, and only targeted regular people.
To be fair - of the two parties that can run "the" government, only one ignored a deadly pandemic to protect business, until like the fifth wave made it clear that sacrificing people to save business doesn't work.
Not saying the others don't care about business, but dems are at least aware that business doesn't work without the little people. And business also kinda profits from money not being moved to russian hackers.
Remember the attack on the meatpacking company? Fujifilm was attacked too but they were able to solve it themselves, without paying.
Hacking hospitals = not cool. However, ransomware attacks against police departments might be able to do what the government refuses to do, release IA files for everyone to see.
I find the hack of the gas pipeline to be suspect. who was it that profited from the huge increase in price, and the increased demand (due to panic) of gas at inflated prices
@@htopherollem649 Hmm, but even if you're wrong, they'll certainly learn from it.
"Most punishments-and this is true-fall somewhere between 'death sentence' and 'a cash reward'."
Also, "death sentences" can mean people are LESS LIKELY to be found guilty, even if they obviously are. Like, if you could be sentenced to death for obstructing traffic, almost no one's would be found guilty of obstructing traffic.
@@CatHasOpinions734 Say that to the gross nummer of people wrongly convicted and were killed by the state. Some have been fortunate enough to be released due to new DNA-tech, but this is an ongoing issue.
@@idalarsen2540 just in case it's unclear, I'm opposed to the death penalty, and the fact that it's killed a number of innocent people is one of the major reasons. The fact that it can influence juries to not convict someone of a crime even when overwhelming evidence has been presented is just another reason to get rid of it. It makes perfect sense to me that a jury would fail to convict someone they know to be guilty because they don't feel that death is a fair punishment, the problem here isn't them, it's the system, for making them choose between two wrong answers.
The fact that people have been let off as a result of bad policy doesn't mean the innocent people who've been killed are any less tragic.
If you're interested, I actually borrowed some of these analogies from a PhilosophyTube video on the death penalty, you might like it, it's really interesting.
I remember googling what was happening when I noticed every single gas station around me had lines all the way out into the streets. I saw a couple articles saying “there shouldn’t be too much of a shortage unless everyone goes out to get gas right now” and I immediately knew there would be a huge shortage… ah, the south.
Mob mentality creates self fulfilling prophecies. Exact same thing that happened with TP at start of the pandemic. Everyone worried they would run out and stores wouldn't have enough. Except they did and the shortages were strictly caused by people buying it up.
Mobs are only as smart as the dumbest person in it.
That's just America. I know because recently TP was always out due to the same reason, and I'm just about as far north as can be.
People don't realize how much inventory is actually available. Most gas stations have a min of 3days standard sales in storage on-site.
@@ashtonhoward5582 Naw. The same TP-crisis was happening in Germany and other European countries, too. Not "just America".
It's just like the "prisoner's dilemma".
I’ve been watching this guy regularly for a few years and I noticed he often exposes people. It’s fuel for me to get mad at random ppl that I otherwise never would have known about. Isn’t Facebook getting in trouble for this or something? Idc. John oliver is a content god and I love watching his shit
"Companies run by criminals"
Do you even remember half of the episodes you do?
The show's whole bit is not quiiiite connecting the separate topics so that they don't outright SAY "the problem is capitalism" but you can figure it out yourself.
What's the problem? Cringe
@@ImpudentInfidel my take away is unchecked government not capitalism. Maybe capitalism allows it to be unchecked but I will say the same thing about Soviet Russia. Unchecked government not communism. However they used communism really well to be an unchecked capitalist government.
@@treebeard8475 unchecked everything, not government
Capitalism without any restraints is as bad as unaccountable state institutions
All the episodes in companies exploiting poorly implemented social programs are a merge of the 2
@@Daniel-yy3ty absolutely agree. I guess it breaks down to a lot of unchecked money which can audit and investigate itself. It’s more complex than that but have a great day man!
"It is people like that guy that make everything completely impossible, all of the time" - brilliant.
Anything and everything.
The equifax breach should have taught everybody that lesson, their business is data and they lost it.
The Equifax breach learned everyone you can get away with it.
@@Sebazzz1991 I doubt much could have been done. Insurance won't cover it and all that can be done is to dissolve the company and pay as many people as possible. Alas yes... they got away with it.
If you store something dangerous you are required to store it safely. The same should be required for data.
These days, literally every business is data.
The fact that john's videos don't have any advertisement in start or in between gives me another sense of reliability.
except that he proved in this one that his writers don't do very good research.
The chastity belt story is a hoax by lewis spear. Check out his video on his channel
"Researchers have found a vulnerability" -> "An australian comedian made shit up"
wtf is going on with these fake porn channels commenting?
My entire inbox is full of comments from profiles with variations of the same handful of pictures
10 seconds in: “Fuck the internet!”
This is about to be a good episode
Please Hackers. ONLY use Ransomware on corrupt churches, dictators and right-wing assholes
And secretly donate some of the money you take from those monsters to the poor!
Use the internet to change the world.
Watch the 1942 USDA film *Hemp For Victory* and grow fields of Cannabis Sativa to stop climate change.
Would love John to also do another foreign topic like the imminent collapse in South Africa. There's actually a video that goes into the root causes of South Africa’s decline beyond the recent unrest:
th-cam.com/video/eGr_0QukEZs/w-d-xo.html&ab_channel=MyTake
2 years later, and still not a peep about Afghanistan.
This is gonna be a good MSM toadie.
We call this the "Boomer Tax" in my company. We're breached a lot because our managers are "in their 60's, haven't grown since the 70s, and force us to use software vendors from the 90s"
Damn. Ageist much? You think companies with Millennials and Gen-X/Y'ers in charge don't get breached?
@@eponymousIme they *literally* don’t get breached as much. It’s not ageist to know - for a fact - that technology can be bewildering to older people.
By your “logic” it’d be ageist to say “millennials don’t know how to use 5.5 soft disks”. You are right, we don’t! Different generations, different skill sets.
@@eponymousIme not nearly as much, no.
Interesting.
@@eponymousIme Making fun of Boomers isn't ageist. It's the Lord's work.
I knew this was going to be a good episode when the first victim was Business Daddy.🤣
The funny thing is, those of us that actually work in tech fields tend to be Luddites when it comes to these internet connected things. We know what can happen and don't want to be caught like this.
I'm not a Luddite because I'm worried about getting hacked/cryptolocked, it's because I think IoT is a bunch of unnecessary bullshit that I have no need for. Not having a bunch of open ports on my network is a bonus. :)
On a personal level, also do both a physical and digital backup of files you'd be willing to pay a ransom for.
and don't just use an os backup utility. While they are incredibly helpful most of the time, in this case, some ransomware attacks put in a months long delay before activation to make sure your backup has been infected too.
You should manually backup the files you care about once a month.
+
And don't leave your backup drive plugged in to your computer. Unplug it when not in use or else they'll get that too.
I have been backing up my computers to external drives, not connected to a network, since the early 2000s. More than a decade ago, my pc was hit with ransomware. I simply found the malicious file, cleaned my computer, deleted the locked files, and restored them from an external drive. I also have redundancy, so that if a drive fails, I have multiple external drives with copies. People still fail to routinely back up their files.
Jesus! That graphic for the buttplug looks like the historic "pear of anguish." The inquisition is alive and well in the cybersex industry.
Uhm, buttplugs aren't painful, luv. They feel amazing. Yeah, even for guys (arguably more so~ tbh)
Well, when you know when you're going to be done with it anyways lol
But, the buttpulg is called PEAR flower, so maybe they took some inspiration from the torture device.
have you never heard about BDSM? XD
@@Krystalmyth Well good for you, that you have such a boring life that you can focus on your rectum instead of something else.
@@nancyaustin9516 Did you just admonish someone for using butt plugs? lol ok ya prude
Regarding beach faxes: DocuSign is basically this.
DocuSign is the embodiment of the blond bimbo thinking that electronic signatures is signing the screen with her lipstick. They make all kinds of compliance claims, but in the end, they only verify that messages were signed by whomever they sent an e-mail demanding a signature on some made up legal terms of service.
@@johndododoe1411 you clearly have no understanding of esignature law or DocuSign verification functionality.
@@Luvrnetic Quoting badly written laws is the hallmark of crooked lawyers. I have encountered their agreement process in the past, before they added an imitation of PKI.
@@johndododoe1411
You don't look like the informed one here.
@@johndododoe1411 you correctly used Whomever. You are banned from TH-cam
"Hello, Locksmith and Co.? I lost a very important key and would need your services."
"Are you locked out of your home?"
"No. I need you to unlock my butt."
"Honestly, I wish my internet service provider had customer service the way these guys do" that's so fucking funny lolololol
"Life just wouldn't be the same without you, and I really wish life weren't always the same" 😮
I love this show!! John, please do an episode about the trucking industry. My dad is a long-haul trucker, I've been thinking about going into it (to pay off my fucking student loans which I've been paying into for 20 years already!), but there is clearly a shit-ton of predatory business going on in that industry and I'm afraid to even start. Would love to hear your thorough and inevitably hilarious take on it.
I've also been debating being a trucker to pay off my loans 🤣😭🤣
@@KLondike5 one big issue is to get into you need to have your own truck, which is not the most reasonable expense gor a lot of people
@@skoomakity8769 How does the cost compare to a student loan for a worthless liberal arts degree? Might be a better investment.
I've got an English degree, about 20 thousand dollars of debt if I'm doing my math right, and two jobs that combine to $42,000 USD a year, assuming everything stays stable enough for me to work 60 hours a week, and my "weekend" being a mere 6-hour shift.
Yeah. I'm honestly looking at long-haul as a rescue from what I'm doing. At least long-haul is mostly highway...
We actually need that big IT companies create products that does not need to connect to the internet. That's all I'm asking for
Sorry I’m a year late but what exactly were you asking for with this reply?
@@JAlonge017 I think I feel the same as @luislozano. My mother needed a new laptop. Bought one. But NOW she needs a microsoft account and a microsoft e-mail just to get the ting started !!! ???? Even if all she does is her private bookkeeping and store pictures on it, the big tech COMMANDS you the connect to the internet first in order to be able to use your (personal) computer.
The “colonial123” password remark was probably a jab at Solarwinds and their getting hacked
Yeah, for all that John says "Nobody asked you that question", I actually thought "They had a really dumb, easy-to-guess password, didn't they?" before he showed the clip.
That would be wrong then. Solarwinds got hacked by someone using a "backdoor". If you want a definition at what a "backdoor" is, then go watch "War Games". Matthew Broderick did it with a "backdoor"
@@Olivman7 yeah, every IT security professional watching this probably expected that.
Or the suitcase password in Spaceballs
Equifax hack was them using admin for the username and password
As an owner of a big snake:
My boa constrictor Kevin Snacon is doing great and has a wonderful quality of life.
Your snake has an awesome name! 😀👍
I'm gonna have to ask how long is Kevin Snacon 🐍
your snake sounds like the coolest snake EVER 😃
@@EpwnaExeter he's only about 10 months old and over 3ft. He'll be over 8ft as an adult male. Females get bigger.
I'd prefer Kevin Snacey, but to each his own... 😆
I love John's new take on the old joke, "Opinions are like a** holes: everyone has one and they all smell." Updated to, "A** holes are like opinions: letting the internet to be in charge of yours is a really bad idea." I'm looking at you, QANON followers.
Do not look. Global warming is to make we lizard people slow down
@@DARWINZOO LoL!
So people shouldn't have opinions according to the old joke?
Joke fail if you believe climate change is only warming. My error. Reptiles like insects speed up in heat (see basking turtles & snakes) so we lizards would be happy! (And better at plotting)
@@DARWINZOO Wut?
Weirdly, I'm okay with hackers going after Colonial Pipelines. They seem cool.
I am not okay with them going after hospitals and grandmas. That's not cool.
They don't really "go after" anyone, they set up a website/email chain/whatever and then just see who bites. The fact is that the people who hacked Colonial Pipelines probably wouldn't care if they hit a major hospital system instead, so long as it earned them the same sum in the end.
That's because people are simple minded and cannot see the bigger picture. Nothing wrong with that, its just the way we're wired in.
Give that actor playing the guy with the buttplug an award, he's the real mvp here
plot twist: he wasn't pretending.
His name is Connor Ratliff. He's one of the greatest improv comics in NYC.
His turtle head walk at the end was spot on.
MVP? Most Vulnerable Plug?
Actor?
IT as a whole, the branch under which cybersecurity responsibility tends to fall, is a criminally underfunded branch of most businesses, because business people are often so disconnected from reality that they truly believe the old joke: "When everything is working: What do we pay you for? When everything is broken: What do we pay you for?"
The world is becoming increasingly tech dependent, and yet the people in charge of everything are basically technophobic. It's insane.
It's actual insanity that IT aren't paid more to keep up to date with the most important aspect of today's life for sure. I do not understand, for the life of me, why it's so hard to believe it's an actual job.
The answer to the questions is 'You don't pay me to fix this or keep it running, you pay me to know how to do it'
The issue is
99% of the people you work for, dont even know what you do.
Let alone know what they should do to protect themselves.
And even when the company had a course on cybersecuity guidelines, pentesters very frequently manage to find employees who either forgot everything, didnt understand it right or just lack awareness still
I feel like pentesters are the only way to get through company leaders thick skulls and make them aware of the issue and why they really need to pay their IT department and train their employees
...but they are also the ones having to hire pentesters in the first place so...
Yeah, exactly. I work as a developer, and I can't tell you how many out of touch suits are out there who cut the funding on these preventative measures just because they don't understand why they have to pay them.
@@draakisback Yes, this. But they always have to have the latest iToy.
“The Faster Idiot” will be a book title in the next year, with no credit given.
"The Max Power Way," would ALSO be an appropriate enough title. (Some comment elsewhere reminded me of the appropriate Simpsons clip within the past year/couple months, so I looked up said clip, shared the link to it, and got a recent waaaaay-after-the-fact Like on said link-share.) :P
Its a well known type of phrase (in economics) just like the “bigger idiot” etc.
The title works for all kinds of books from safari guides for families to the zombie apocalypse survival tips.
for some bizzare reason the thing that has me shellshocked is that you know have app-controlled sex toys with a "friends" function. What a world we live in. Until i actually checked that it's a real thing I was convinced that Last Week Tonight simply invented it as a joke...
The advice you gave at the end is actually what we told people when I worked in IT is the saame advice we gave in 2014...
I'm in IT now and am drawing up plans to roll out training to the whole company. Honestly I'm now seriously considering making them watch this ep of LWT
No matter how much we tell people to do regular backups, and use 2 factor, the sad truth is most people don't start until something happens to them.
Two-factor authentication reminds me of old anti-virus software which slowed down the rate of your computer as much as the virus you wanted to avoid. The whole point of technology is to make processes efficient. If you have to send a text message, set up a user account, establish a password which is so cryptic you will never remember it, spend 30 minutes finding a unique login, and do a anti-cyber crime dance around your computer every time you want to use an internet page, you might as well go old school and just use snail mail and fax machines instead. It would be more efficient.
@@benjaminkowal7310 Sounds like Norton Antivirus. XD And agreed that if you reach the point that all the security hoops impact efficiency to the point where you actually spend your whole day clearing security then the system has failed. This is why the interesting challenge for IT is making it secure but also user friendly. 2FA is honestly not that bad. I pull out my phone in the morning as I log in, open an app, punch in a code, and boom. The rest of my day runs smoothly now.
WAKE UP BABE NEW JOHN OLIVER
I’m up I’m upppp
*Watch John Oliver on Mock The Week, if you want to see his early days*
STOP CALLING YOUR DAD BABE
Bon Joliver
It's 2AM... oh wait, John Oliver?? I'll put the coffee on
The gas shutdown was done because Colonial turned off the flow when they couldn't track how much to bill clients. The hackers didn't close the valve, the company did.
Yup. All because they could charge people money for shit that taxpayers helped create.
Technically the company may have closed the gas line, as a DIRECT result of the hack. Whose fault it is, can of course be debated, but let's not forget the major contributor here.
@@TimoRutanen The major contributor? I'm guessing that you're referring to corporate greed, right?
@@reshhaverstahm7729 Well, I'm sure you can assign a part of the blame to greed if you like. But it also doesn't serve anyone's interest if the company goes tits up because it gave all its product away for free.
Let's not get too deep into defending russian hackers here.
@@TimoRutanen It's hard to figure out if these people are serious or not. I mean, do they really think if a grocery store loses power or their check-out system goes down they are supposed to just wave people through with free items? How in the hell do these people think businesses actually function, from the smallest mom & pop stores to the "biggest evil corporations"?
Somewhere in Ohio, my mom’s crazy old family practice partner is throwing her hands in the air, shouting *I TOLD YOU SO!* in celebration of the fact that she’s refused to use medical record software for the past 20-odd years… (in favor of old-fashioned paper charts)
Good job, Annette, but I really hope you’ve given into peer-pressure and let the nurses use air conditioning in the exam rooms again.
The chance of a ransomeware attack on a private doctor's office where employees follow basic security measures (or even one where they don't) is much lower than the chance of her patients ending up in the emergency room and suffering harm due to the hospital not knowing their full medical history and what medications they're taking because all that info is sitting in a stack of papers in an office.
To make matters worse, there's a high likelihood that no one will even be in the office to send over those records (most family doctor practices are closed more than 100 hrs/week) and even if the patient goes to the hospital during office hours there will still be a long delay while the hospital obtains those records via fax machine and enters them into the database.
@@nowandaround312That makes perfect sense. Dr Annette is just a paranoid old woman with the social graces of a badger.
How to scare Americans: have the media say "there will be a shortage of..."
How to ensure your sales will go up: declare that "there will be a shortage of..."
“...butt plugs.”
"There will be a shortage of Covid vaccines"
@@antoniof.8614 unfortunately that doesn't scare enough Americans
@@thegreatwillthethrill thatsthejoke.jpg
Funny thing. My stepdad once clicked on something unsavory, and ended up with a cheapo ransomware message flashing on the screen and making god-awful noises. I went over to the house on my mother's desperate request, saw it was nothing more than a browser-based prank, started the computer in safe mode, and deleted the installer and folder that was causing the issue. Problem solved. Meanwhile, they were freaking out, thinking some hacker was trying to steal their piddling amount of money from their bank account. Even after that, I still can't get them to use multi-factor verification. They say it's "too annoying" and "doesn't work".
Guess I better teach them how to buy bitcoin.
Ok, but then they have to learn to use 2FA to buy Bitcoin lol
@@rgderen88 lmao
i love this comment
The same thing happened to a guy I worked with except all I had to do was Control-Alt-Delete out of his browser.
You're not alone. Exact same thing happened with my elder.
John Oliver: “Here are human-shaped bathtubs.”
Junji Ito: “Go on…”
Nice to see someone who knows his works
@@sbk1398 Ah yes, how could anyone know one of the most prolific horror manga artists out there?
@@AKAJAYGAY True. But it is refreshing to see Ito brought into a conversation based on such a loose but relevant and funny connecting thread, rather than say, in a conversation about horror or manga or Japanese culture.
@@gbrinkert agreed.
This is my jacuzzi tub, it was made for me
When I worked at the Canada Post Office, we were taught specifically to look out for people who were coming in to look for unusual ways of paying someone anonymously, especially in similar amounts. And then convince them NOT to and provide them with phone numbers to…police? I worked there about eleven years ago
And funnily enough, this is one of the better working "tactics" against such scams.
This is why I'm glad that one of the first things they taught me learning about computer information technology is maintaining regular backups preferably on an external disconnected piece of media
"don't click on suspicious links in your email"
haha jokes on you I NEVER check my email.
Are you my husband? His inbox scares me haha
I almost never check mine so I can relate.
lol me
When I started watching this episode, I was definitely not expecting it to end with a commercial where JK Simmons talks about a wifi connected buttplug.
Would love John to also do another foreign topic like the imminent collapse in South Africa. There's actually a video that goes into the root causes of South Africa’s decline beyond the recent unrest:
th-cam.com/video/eGr_0QukEZs/w-d-xo.html&ab_channel=MyTake
I swear to GOD and all things held sacred, I miss watching John Oliver's shows lol, haven't watched one since the end of last year but man did this one get me. My chest is still aching a bit from the laughter. Despite how ridiculously serious this is
Lol I have been in audit over 10 years and IT audit over 5 years...and this episode is probably 3X better than the typical IT security training course that cost $100 per hour...much funnier too.
Are you saying there is money to be made in creating IT Security Training courses?
@@Belioyt Yes, that is 100% correct. 1) create courses 2) then qualify each course as eligible CPE for professional certifications 3) collect money.
@@darrellstevenson5364 expound on step 2. Please
@@ichijofestival2576: Have you seen the training videos John Cleese did for a business? I think it was either a hotel chain or a grocery store chain.
I work in IT Sec since 2010 and this is indeed a great piece for awareness.
Another episode detailing the joys of living in CURRENT YEAR.
That's how every episode works. It's not the history Channel.
Well, it's "Last week Tonight" not "Last year Tonight"
Would love John to also do another foreign topic like the imminent collapse in South Africa. There's actually a video that goes into the root causes of South Africa’s decline beyond the recent unrest:
th-cam.com/video/eGr_0QukEZs/w-d-xo.html&ab_channel=MyTake
Turbo says “Hey-oh!” akin to Ed McMahon.
On a side note: Turbo enjoys this show and is thankful of it’s availability on TH-cam.
John Oliver: "Ransomware is a typical business but staffed by criminals"
Me: "So, like the healthcare insurance industry?"
Have you ever tried using your health insurance's customer service line? It's not remotely as good.
Exactly. You willfully pay them thousands of dollars and there is no guarantee that they will give you treatment.
It is not friday, but this needs a CORRECTION: "So, like the _US_ healthcare insurance industry?"
@White wolf They were talking about the insurance industry specifically, not doctors...
@White wolf Um, doctors run the insurance companies? That's new to me.
I’m always amazed at the celebs they get to do the skits for the show lol I never thought I’d hear JK Simmons say “butt plug”
If that's a surprise to hear, then you must have never watched HBO's "Oz"... 😅
The funny and sad part of the pipeline hack is that even though the company paid the money, Colonial restored their own systems from backups because "it's just faster." Also, the hack didn't stop the flow of gas, it stopped the software that Colonial was using to process payments. If it had used old fashioned methods to track customers, it would never have had to shutdown at all.
Now after hearing something horrible, imagine trying to fit a key in your hacked remote control buttplug.
Old fashioned isn't feasible or robust. They stopped the gas line because they're greedy, not because they need the "old fashion way"
Just adding another reply because it's important to reiterate that Colonial never had to shut down the gas. They chose to disrupt a vital resource and cause mass chaos rather than let a few pennies slip through their fingers, and all corporations are like this.
@@deborahlimby5549 et.al.
No... Just no. Colonial, at the time, didn't know how deep the attack was. They shut down the pipes in the off-chance there was some malware-thing that crossed the air-gap and was going to go 'boom!' IRL & actually kill people.
I'd (I do CyberSec for a living) order the same thing from a safety perspective.
Kinda disappointed John didn't say "got you again business daddy" after burning AT&T
Hasn't business daddy changed...?
@@Lemana28021989 it’s announced that the business daddy will change… it just hasn’t yet. Company sales, especially big ones take time to finally close.
This segment really missed the boat in talking about how insecure so many products are out of the gate. If computer and device security wasn't such a joke, they wouldn't be trivially hackable.
Indeed. I was looking forward to see John address root causes (reckless negligence by software/IT suppliers, incompetent IT procurement in companies and lack of resources in IT departments) but it seems he was advised by the same "experts" that contribute to this insecure ecosystem. I'm just waiting for people downloading a fraudulent "authenticator" app in which they will share all their 2FA tokens...
Totally agree with you. No matter how tech-savvy or untraceable are these hackers, these tech and manufacturing companies can at least bind the two factor authentication by default with every product or service of theirs. Regarding the fraudulent "authenticator" app stealing all 2FA (two factor password authentication) tokens, its hard, if not impossible to create such a software to over-ride security built right inside the manufactured product or a service (software). The harder we make it for hackers, the easier and more worry-free lives of ours become.
There's an endless list of reasonable measures that can be taken to improve security. Bugs can be fixed. Development safety measures can be implemented. Safer languages can be used. Audits can be made less jokey. Defense in depth can be improved. Some things have improved in the last decade or so, but for the most part security is done merely for show and collecting approvals, not a serious effort to make things better.
One need only look at the "internet of things" space where things are getting recklessly worse for little to no benefit to anyone.
Ultimately security will not improve until it is more economically efficient to make secure products and software than it is to foist the consequences of insecure products and software onto the customers or simply pay the ransoms. There are few if any penalties for companies that are compromised beyond the immediate monetary ones.
@@joedillian indeed, I had hoped for the show to talk about how costs can be internalized again.
Defect rate tracking, time to fix tracking indices for vendors might help. Case law establishing a bar gross negligence might change things. Certainly light bulbs that form mesh networks on their own as side channels to ethenet with known security flaws and zero provision for updates should be beyond the pale. But they are on the shelves.
can you please do a segment on the stock market and how market makers, hedge funds and dark pools are ripping the retail traders off? I feel it would be really informative and a highly rated episode if you did.
"Just locking your door is going to help"
It certainly does in the real world. Every so often, kids walk through our suburban neighborhoods at night, checking for cars that are unlocked and rummaging through those that are. Simply locking up the car keeps them from doing this.
Exactly. Most criminals are opportunistic in nature so giving them less opportunity to steal from you. Just like with your story with the kids.
Yup - breaking glass is noisy and attracts unwanted attention. But if you open an unlocked car then a random bystander might think that it's yours.
When I was a teenager I visited the US - the strangest culture difference was realising that most people in the area there didn't bother locking their cars. Their motivation: "If they want to get in, they'll just smash a window and do it anyway". I wasn't old and wise enough to explain how dumb that is, so I was just speechless :D
Spot on. Crimes are usually those of opportunity and risk assessment. Dogs, for instance, aren't a deterrent because they attack intruders, but because they raise a LOT of noise. Sadly, it also means the ones willing to get through the basic precautions are the really dangerous ones because they're either stupid or don't care about being caught.
@@korenn9381 perhaps you are the idiot? Because I've lived in a few neighborhoods where that was the rule for good reason. Some places people will break your window just to steal a radio and everyone knows that, so you simply never keep anything of value in there and leave it unlocked. You don't have the money to replace a stereo, let alone a window too. Cut your losses.
"A horrible place that everybody hates" John, you nailed it.
"But are also horribly unavoidably addicted to."
Que "Avenue Q"
"I'll turn up the thermostat to 90 degrees until I'm paid the money!"....*laughs as a HVAC service technician*
Right, that was pretty funny to me too.
Try to imagine how much harm ransomware is doing everywhere else in the world. In poorer countries, states, small, medium and bigger companies etc..
I know that "Ransom Warehouse" only appeared on-screen for 3 seconds but whoever wrote that bit should get a bonus or something. Fantastic joke.