College student just finishing up a BSIT with a concentration in cybersecurity and Jack your interviews and stories are awesome. When I get bored with schoolwork or can't seem to wrap my mind around something I take a break with Darknet Diaries and get back on track. Keep informing and motivating, great job.
I stumbled across one of the episodes and I’m hooked! Been working my way through all the episodes whenever I get spare time. Natural story teller and such interesting topics, so in depth
I'm a web developer, built a number of websites, currently working on a dapp/web app, and your episodes are great in knowing how to make a website much more safer 👍
Use parameterized queries - never trust sanitization. I'm sure you know that but I'd hate for people to watch the video, see your comment, and think that all the advice given in the video is actually sound.
many of the security advises are for centralized databases and servers if you are really making a decentralized app with IPFS and Web3 The Graph etc many of the things are different first of all you dont have passwords, you dont store anything private etc many practices change, if you are giving codes with qr and such people can use, rather than database checks you relay on signing and verifying even frontend is different that you would wanna bundle everything up in one html file as much as possible because ipfs cant always find a file you would wanna have fail checks, retries and loading ui showing what is happening, since accessing a file is not always guaranteed for each user as security, we can probably call solidity and smart contracts as the backend and there are not many videos about what to look for to avoid exploitable solidity code
I am subscribing to this channel because this guy knows how fun yet also challenging and hard it is to actually make waves it tech, good or bad... yet he actually makes a huge point to show how privileged one is to have thus opportunity. Just make sure to jog through a park or something to stay human.
I have plans to build a free energy machine that runs on air that U can use in panes and boats and generators big horse power and unlimited speed in aircraft
great podcast, thank goodness i dont use any of those passwords but even in this cyber security awareness era people still use those . thanks for ringing it to our hearing again!
Binge watching the content available on your channel..Also shared with my kids and believe I gathered some subconscious " mom might be cool points" with this share😊..Thanks for sharing your great and hard work💯
Yayy, go Mom! ❤ my kid is still too young for me to share this cool channel. But hes big into coding, and im sure he'll find this channel soon regardless.
I was hoping you wouldn't make the same mistake. One does not sanitise data. In SQL, you use "parameterised queries". That way it doesn't matter what the input is, it never even touches the query parser. For example, qrystr = "SELECT * FROM USERS WHERE NAME = $1", then you call psql_query(qrystr, name), and apart from now making injection attacks impossible, you also get the benefit that now you are transmitting the same exact query to the database every time, and it can recognise this and build lookup tables to increase the performance of this query, regardless of what data you pass as the parameters. It is actual security best practice to slap people who say "sanitise".
I love this series but would love it even more if Jack would run his scripts by some competent technical people before recording. There are a lot of details like this in several episodes that really bother me and could have been easily avoided.
@@lunafoxfire If you consider that part of the purpose of these videos is to educate people about real world digital security stuff, it's a little annoying that care wasn't taken to avoid misinforming people about best practices.
@@lunafoxfire Parameterised Queries as a feature predates the SQL standard that was codified in 1986. Salted Hashes were best practice in the 1970's. And yet all of these security issues persist in many applications to this day.
I love the podcast! Found you on TH-cam and I've been binging your other episodes on your website. I don't know how you feel about guest suggestions but I think Jim Browning would be an excellent guest if you can get him! His work infiltrating scammers and broadcasting their operations and even their webcams to the internet is in my opinion, one of TH-cam's finest sudo cyber security content creators!
"Rockyou" is the name of the giant password list used in Linux.. coincidence? I think not! Lol - Edit: holy shit this is the guy who essentially created the rockyou password list? Love it!!! by the way, JACK, DO MORE DARKWEB stories!!
RockYou was the name of a company that was breached in 2009. They had stored all of their user passwords in plaintext, so the breached data was turned into the wordlist we all know and love. I don't think Troy had any involvement in that.
awesome podcast to listen to while learning assembly through trial and error at 4:16 AM. Uhhhhhhhh not like I'm doing that right now, or anything... :}
Most annoying this is that it might not be even site you have account in, but 3rd party site that has bought all your info from various locations that gets breached.
I was a teenager with a computer in my room. Internet was new and unaffordable. I bought my computer. From the start I cracked open all of my software and personalized it. I learned by reading books in the library and word of mouth. I didn't need the internet to crack the code of my highschool network, with the computer teachers permission of course. He forgot his password.
I had a computer when I was a kid, an Olivetti 8088, but home internet wasn't a thing then, so I didn't have the ready access to information that is taken for granted now. Learned to program from books, but I became bored with programming PCs and went into embedded hardware and software design.
this reminds me of when I was a kid and I was on a website that was essentially a Santa's list, for children to write and "send" to the north pole. For some reason I decided to try to hack into an account and I picked the first word that came to mind, "Nemo". I put Nemo in as the username and password and it worked. But the only thing on the Santa list was for their dog to come back. I felt so guilty and maybe that's why I'm not a hacker. Lol.
once you have been hacked and seen how many times you have reused the same password you will be shocked, I had my email hacked and they sit and watch you possibly for months, when i checked how many sites i had used the same password it was literally hundreds , random sites you might have signed up to once and forgotten about and your password is suiting there forever , now i use security keys, 2FA etc
I got DDoS'ed at the age of 12, knowing someone could make my internet not work well that just blew my mind and that sparked a now 10 year passion of exploiting and coding,
Makes me feel better about my very meticulous intricate process of picking my passwords by sneezing on the keyboard then cleaning it off and whatever I push is my password! If it don’t make sense to me harder to hack for someone else ??!!?
For me it started with msdos and windows 3.1 on an Amstrad 8086 with a 25mb hdd while my friend had the 2 5.25 floppy drives. Sucked with the single density fdd. Heheh couldn't even read the double density disks. With a cga monitor... good old days.
Lmao I started script-kidding my way around the internet with SQLI. This was later though so a lot less vurnelable websites. Mostly waay outdated. My best find was an admin password leftover on some forgotten website by the origial developers, an outside company. Turned out it was something that many of their clients forgot to remove, even currently. So I got in there too. Which I think also makes for a good example that your shit might be all up-to-date and tip top, but if you don't practice good hygine it's worth nothing. So I got access to a lot of websites then. Nothing really that worthwhile, but for a teenager it was still very exciting.
Many thanks for the show and this episode. Actually, I quit my job just few days ago and I know, that I need to focus wthats I like most. Yes, its something with passwords. Just in time (or six months ago, but i saw it today :-] } Keep go on. I lost my own bitcoins in the "rented cloud computing" because my girlfriend didnt like the noise of my ASIC miner.. Well..
I'm sorry. I had to do a pause and comment at this sentence ; no special characters were allowed? Are you kidding me??? That's TERRIBLE. Even if they're hashed, no spec characters means easy brute force.
@@jacob77788 It doesn't really matter. The total possible combinations is "number of possible characters" to the power of "length of secret". Having a longer secret is, quite literally, exponentially better than having more possible characters. Having said that, there is no good reason to limit the possible characters. The used reason is usually "I'm running a terrible system that insists on converting UTF-8 to something else", for which there is no excuse on the modern internet. There are entire classes of hacks revolving around obscure consequences of character conversion and locale.
One time I dump my county's database, right outside Nashville, all the school logins, SSN, address's etc, all because a scan on a subnet of ips and a old project abandoned, found a sqli in a search, dump CLEAR TEXT PASSWORD EVERYTHING CLEAR TEXT, Being at the end of 9th grade I had too much fun and didn't follow opsec kinda flexed and became known by everyone as the hacker, eventually got caught a week later, couldn't "touch anything with wifi" for a year 😂😂😂 not gonna incriminate myself but if I can dump my counties database I can hide being on the internet, had 120 hours community service did 12,000$ in damages and had probation for a year, I got lucky tbr pulled 5 different felonies but got it expunged when I turned 18, now I'm working to get comp sec + and program like all hell
College student just finishing up a BSIT with a concentration in cybersecurity and Jack your interviews and stories are awesome. When I get bored with schoolwork or can't seem to wrap my mind around something I take a break with Darknet Diaries and get back on track. Keep informing and motivating, great job.
Your channel is such a hidden gem . It will blow up because these podcasts are so awesome !
i dont think it will blow up much because of all low iq morons in world
(they have no interest in important things)
He has 121 Episodes on Spotify
I agree, my brother sent me the stuxnet video and i asked my brother why hadn't he showed me this channel sooner
I stumbled across one of the episodes and I’m hooked! Been working my way through all the episodes whenever I get spare time. Natural story teller and such interesting topics, so in depth
I'm a web developer, built a number of websites, currently working on a dapp/web app, and your episodes are great in knowing how to make a website much more safer 👍
Use parameterized queries - never trust sanitization.
I'm sure you know that but I'd hate for people to watch the video, see your comment, and think that all the advice given in the video is actually sound.
many of the security advises are for centralized databases and servers
if you are really making a decentralized app with IPFS and Web3 The Graph etc many of the things are different
first of all you dont have passwords, you dont store anything private etc
many practices change, if you are giving codes with qr and such people can use, rather than database checks you relay on signing and verifying
even frontend is different that you would wanna bundle everything up in one html file as much as possible because ipfs cant always find a file
you would wanna have fail checks, retries and loading ui showing what is happening, since accessing a file is not always guaranteed for each user
as security, we can probably call solidity and smart contracts as the backend and there are not many videos about what to look for to avoid exploitable solidity code
I am subscribing to this channel because this guy knows how fun yet also challenging and hard it is to actually make waves it tech, good or bad... yet he actually makes a huge point to show how privileged one is to have thus opportunity. Just make sure to jog through a park or something to stay human.
Thanks Elons Musk. U have a smelly bun and cheese on your richard
I have plans to build a free energy machine that runs on air that U can use in panes and boats and generators big horse power and unlimited speed in aircraft
In the process of getting a paten
great podcast, thank goodness i dont use any of those passwords but even in this cyber security awareness era people still use those . thanks for ringing it to our hearing again!
Your ear ringed? Ill tear that now
Your mom still does. I just backdoored her onlyfans.
Binge watching the content available on your channel..Also shared with my kids and believe I gathered some subconscious " mom might be cool points" with this share😊..Thanks for sharing your great and hard work💯
Yayy, go Mom! ❤ my kid is still too young for me to share this cool channel. But hes big into coding, and im sure he'll find this channel soon regardless.
I was hoping you wouldn't make the same mistake. One does not sanitise data. In SQL, you use "parameterised queries". That way it doesn't matter what the input is, it never even touches the query parser. For example, qrystr = "SELECT * FROM USERS WHERE NAME = $1", then you call psql_query(qrystr, name), and apart from now making injection attacks impossible, you also get the benefit that now you are transmitting the same exact query to the database every time, and it can recognise this and build lookup tables to increase the performance of this query, regardless of what data you pass as the parameters.
It is actual security best practice to slap people who say "sanitise".
I love this series but would love it even more if Jack would run his scripts by some competent technical people before recording. There are a lot of details like this in several episodes that really bother me and could have been easily avoided.
lmao the fact that this annoyed you is hilarious to me
@@lunafoxfire If you consider that part of the purpose of these videos is to educate people about real world digital security stuff, it's a little annoying that care wasn't taken to avoid misinforming people about best practices.
@@lunafoxfire Parameterised Queries as a feature predates the SQL standard that was codified in 1986. Salted Hashes were best practice in the 1970's. And yet all of these security issues persist in many applications to this day.
Guys any good website, forum ect you can recommend so i can learn?
I love the podcast! Found you on TH-cam and I've been binging your other episodes on your website. I don't know how you feel about guest suggestions but I think Jim Browning would be an excellent guest if you can get him! His work infiltrating scammers and broadcasting their operations and even their webcams to the internet is in my opinion, one of TH-cam's finest sudo cyber security content creators!
The fact that he exposes the scammers and helps get the victims back their lost money is incredible
Man, just love your podcasts! Keeps me going late at night
"Rockyou" is the name of the giant password list used in Linux.. coincidence? I think not! Lol - Edit: holy shit this is the guy who essentially created the rockyou password list? Love it!!! by the way, JACK, DO MORE DARKWEB stories!!
RockYou was the name of a company that was breached in 2009. They had stored all of their user passwords in plaintext, so the breached data was turned into the wordlist we all know and love. I don't think Troy had any involvement in that.
@@cmwh1te did u watch the video
@@cmwh1te my bad i @d the wrong person lmao
@@txic.4818 lol
@@cmwh1te where can I get the List?
My main email address and password was in a data breach. All they seem to do with it is try and get access to my gaming accounts.
Did the podcast URL change? Many episodes are available on TH-cam but not in the podcast feed
The legend is alive ...
GG Jack ...
awesome podcast to listen to while learning assembly through trial and error at 4:16 AM.
Uhhhhhhhh not like I'm doing that right now, or anything... :}
same, but it's 8am
NO WONDER TOM WAS EVERYBODY'S FRIEND ON MYSPACE 👏🏻😂
Great podcast as always!
If special characters aren't allowed in passwords, it might be because they're being stored in plaintext.
this channel is under rated nice work
The movie Hackers said the most common passwords were “love, sex, secret, God”.
I'm the farthest that one can be from a computer geek, in my 50s, but actually watched and enjoyed Hacker. 😎
"A teenager can easily spend 10 hours a day on a computer".
This *COUGH*ty-ager suddenly feels a bit younger :D
I’m a little concerned about BreakMasterCylinder being hashed first, then salted. The salt should be added before hashing, not after.
Or if you really want it later -> hash -> salt -> hash
Most annoying this is that it might not be even site you have account in, but 3rd party site that has bought all your info from various locations that gets breached.
Wonderful Podcast!
I was a teenager with a computer in my room. Internet was new and unaffordable. I bought my computer. From the start I cracked open all of my software and personalized it. I learned by reading books in the library and word of mouth. I didn't need the internet to crack the code of my highschool network, with the computer teachers permission of course. He forgot his password.
I had a computer when I was a kid, an Olivetti 8088, but home internet wasn't a thing then, so I didn't have the ready access to information that is taken for granted now. Learned to program from books, but I became bored with programming PCs and went into embedded hardware and software design.
Plot Twist: Nobody believed Tom from MySpace and still think that’s a fake name 😔
this reminds me of when I was a kid and I was on a website that was essentially a Santa's list, for children to write and "send" to the north pole. For some reason I decided to try to hack into an account and I picked the first word that came to mind, "Nemo". I put Nemo in as the username and password and it worked. But the only thing on the Santa list was for their dog to come back. I felt so guilty and maybe that's why I'm not a hacker. Lol.
once you have been hacked and seen how many times you have reused the same password you will be shocked, I had my email hacked and they sit and watch you possibly for months, when i checked how many sites i had used the same password it was literally hundreds , random sites you might have signed up to once and forgotten about and your password is suiting there forever , now i use security keys, 2FA etc
at least once a week i namedrop this show to a friend or someone i meet. keep it up JR
Thanks for throwing down the rabbit hole.
10:27 - Every time i hear Czech Republic i have write comment about it
Feel pretty good. I never use one of those passwords in my life 😂
Note: Teenagers need more sleep than little kids. Take care of yourself.
Retired school librarian
I got DDoS'ed at the age of 12, knowing someone could make my internet not work well that just blew my mind and that sparked a now 10 year passion of exploiting and coding,
One day, Darknet Diaries will be considered THE Cyber/Hacker History channel of record. Congrats!
I want more knowledge about this new world to me. I'm getting breached and I don't know know how to verify. What resources can I can to verify?
The common passwords have been known to the AOL scene way before then
Is there any way to support your work? Patreon maybe?
39:57 Hacker's Guide to the Galaxy? 😆
it's funny hearing you talking about funny czech movie site and reading the czech words out:D
Troy Hunt's voice sounds just like @ModernVintageGamer it's crazy!
I thought he sounded a bit similar
Unplug and get chickens, or accept the defense fight...
Create a camp fire and imagine the future.
I hope Tom is fine. He said "they are hunting him" ,this makes me worry about him.
Makes me feel better about my very meticulous intricate process of picking my passwords by sneezing on the keyboard then cleaning it off and whatever I push is my password! If it don’t make sense to me harder to hack for someone else ??!!?
Two passwords I guessed on the first try-Pete network was pizza and Feetz network was Footz.
Just what i needed today :)
Love these videos! 💯🤝
For me it started with msdos and windows 3.1 on an Amstrad 8086 with a 25mb hdd while my friend had the 2 5.25 floppy drives. Sucked with the single density fdd. Heheh couldn't even read the double density disks. With a cga monitor... good old days.
Lmao I started script-kidding my way around the internet with SQLI. This was later though so a lot less vurnelable websites. Mostly waay outdated. My best find was an admin password leftover on some forgotten website by the origial developers, an outside company. Turned out it was something that many of their clients forgot to remove, even currently. So I got in there too.
Which I think also makes for a good example that your shit might be all up-to-date and tip top, but if you don't practice good hygine it's worth nothing. So I got access to a lot of websites then. Nothing really that worthwhile, but for a teenager it was still very exciting.
Crap.. I use every one of those passwords.
SQL is such a jank statem....and WERE STILL USING IT!
Many thanks for the show and this episode. Actually, I quit my job just few days ago and I know, that I need to focus wthats I like most. Yes, its something with passwords. Just in time (or six months ago, but i saw it today :-] } Keep go on. I lost my own bitcoins in the "rented cloud computing" because my girlfriend didnt like the noise of my ASIC miner.. Well..
living = True
while living:
trying = input()
if trying == "":
living = False
Why were you looking at the settings of my phone 👀
27:05 very clever lol😂😂
i'm a princess rockstar , you can never changeme
5 seconds in... yep he's an auzzie. Haha
i acutally use mysql databases myself now imma try to hack into them :)
lol at those passwords, people have no creativity
I'm sorry. I had to do a pause and comment at this sentence ; no special characters were allowed?
Are you kidding me??? That's TERRIBLE. Even if they're hashed, no spec characters means easy brute force.
Why?
@@jacob77788 It doesn't really matter. The total possible combinations is "number of possible characters" to the power of "length of secret". Having a longer secret is, quite literally, exponentially better than having more possible characters. Having said that, there is no good reason to limit the possible characters. The used reason is usually "I'm running a terrible system that insists on converting UTF-8 to something else", for which there is no excuse on the modern internet. There are entire classes of hacks revolving around obscure consequences of character conversion and locale.
@@bur1t0 Thank you, I appreciate the clear explanation!
Lame video title, yet another good video. Keep up the work boo!
Lots of guys dating a Jessica, Michelle, and Ashley lol
sorry for my ignorance but this channel is not in favor of carding
pog episode
Password managers safe or not?
Like opensource app - keepass
yes until FIDO2 and similar become common place
and always 2fa
@@someusername1921 cause apps like these very useful for creating strong passwords
No. Unless they are offline.
❤❤❤❤❤❤
Greetings from Czech ;-] Jaaaj
123456
Algorithm.
Password1
noice
🗿👍
Who tf is rock u?
It is a wordlist
pɹoʍssɐd any text can be turned upside down and used as a password
@anned How do you do that? Make the letters upside down?
One time I dump my county's database, right outside Nashville, all the school logins, SSN, address's etc, all because a scan on a subnet of ips and a old project abandoned, found a sqli in a search, dump CLEAR TEXT PASSWORD EVERYTHING CLEAR TEXT, Being at the end of 9th grade I had too much fun and didn't follow opsec kinda flexed and became known by everyone as the hacker, eventually got caught a week later, couldn't "touch anything with wifi" for a year 😂😂😂 not gonna incriminate myself but if I can dump my counties database I can hide being on the internet, had 120 hours community service did 12,000$ in damages and had probation for a year, I got lucky tbr pulled 5 different felonies but got it expunged when I turned 18, now I'm working to get comp sec + and program like all hell
yessssssss, 1st up
if you go to didigetpwned change your password the second you are done. regardless of status
thnk u, jr
This channel is amazing and your guest is a godsend making a site like haveibeenpwned. What a legend. Thank you so much for your content, true gold 💛
I love the series man, thank you. 🤌
Thank you Tom for rucku.txt