@@BillAnt shit.... i never taught about that... you made a point tho, but i guess if that was the case, they would all be caught already... yet, after the dude breached EUROPOL, sold they're data, and got away with it
so this is how i find out my bank got breached huh 2 months late and from youtube NO email from them confirming nor denying that my data has been breached last straw, brb changing banks
Typically they don't tell people unless they have evidence of them being directly affected. Its slimey, but it makes sense because they don't want all of their customers to panic
thing is this is the LEAST offensive thing about their cybersecurity - the password to enter the site has fewer combinations than customers the bank has - to authorize actions there's a slightly more complex password, but whenever it asks for it it picks half the characters at random to ask, which means they store passwords unhashed - when you make an online purchase, since the app never works you have to 2fa with a text message, but instead of sending you a code they send A LINK TO A PASSWORD INPUT
@@inakilbss Again, when I've made passwords, I usually make up a combination of trying to get over at least 8 to 20 characters, so it makes it much more difficult to enter into the account. I do think that having a USB Key item that unlocks your information would be the better way to access not only your computer, but also your social media account since the password is an encrypted 64 character thing.
Not surprising considering that many of the companies want to be like Australia and China. So hence why they have been implementing S.S.C.S. into our society for a decade now and here we are so, I'm not surprised.
I used to work for a large company which provided end-user remote tech support which was primarily staffed by contractors through a staffing company. The companies we supported often had locked-down systems, but our own machines were pretty much unrestricted. Our employees were frequently under-trained and irresponsible, and I can 100% see this happening to one of their machines.
when the amazon cloud was introduced back in the early 2000's it took us all of 10 minutes to come to the conclusion that letting a 3rd party manage our data was a dumb idea. I think we got it right.
unless you are hosting your own datacenter(from ground up) you automatically you allow a third party to manage your data whether thats a VPS to renting space in someone elses datacenter or renting compute and storage from cloud provider so its not a dumb idea its an ok idea but you still need to follow security practices and such
when shit like this happens I get the urge to go ask my mom to stop paying for the monthly ICloud storage. can't believe we live in a world where Cloud storage is popular and companies can just change TOS whenever they want to fuck us over. we own nothing and we are forced to be okay with that.
this incident has nothing to do with TOSs nor ownership tho, this is billion dollar companies cheaping out on staff with access to millions of customers' data santander's security has always been absolute garbage so i'm not surprised they wouldn't even demand the contractor use 2FA
Especially in a world where decommissioned and wiped-clean enterprise SAS HDD is $3.5/TB. Cheap and environmentally friendly; especially for cold storage.
Speaking of 2FA and credit agencies, I noticed that 2 out of 3 of the big agencies don't have 2FA for customers, and the third does via SMS only. Shame shame
@jxtq27 i'd never trust an outside company to protect my companies data. There could be insider threats youd never know about. On premise if you want security
Thank you. BYOD should not be allowed for federally regulated industries, but Snowflake is a tech company that should've known to push 2FA to its customers. Redditors love Snowflake and this is the end result. Also don't know how they don't have a corporate VPN...Even smaller firms have that!
BOYD has always been a terrible idea. My last few companies have required me to use my personal phone for work. Here we have someone using their personal computer for work. Company work should always mean company equipment. I had one situation where I did a phone interview with a potential candidate who pulled up his current employer's source code on his computer to show us his work. All sorts of red flags there. Keep personal and company computing separate ... always!
Pov: You're a hiring manager and you have the option to train someone for 0.0001 seconds or hire someone who can say 500 buzz words / minute ( You pick the latter).
And I thought the benefit of such clouds would be security, because now you have experts run the system, but no you still need to be a security God to not mess up.
so... what's so great about AI companies again? I thought they were supposed to create money, not have a hand in just dropping it all over the floor...
They've screwed every one of their customers that I personally know, usually to the tune of thousands. They created a few ghost lines on my account that I couldn't get rid of until I switched providers.
If only MegaCorporations could afford not to exploit feudal style seasonal hired help, maintaining their labor base with dignity and respect, if only 😔
Because we're living through late stage capitalism, I full expect one of these companies soon to fake a breach, to sell a copy of their database for extra revenue. So long as the cost of being caught * likelihood of being caught < profit why wouldn't they?
No. For contractors they should use a VPN and connect to a Virtual Desktop owned and managed by the client. Client resources can only be accessed via the virtual desktop, either by network or conditional access. Data should not be able to be transferred from the contractor's machine and the virtual desktop, even email access should only be via the virtual desktop. Edit: MFA for access to the virtual desktop.
I disagree. They should use company equipment 100%. Don't allow un-trusted computers to connect ever. This isn't super expensive to do, compared to running a bunch of VMs. Do you expect contractors to provide their own servers? Of course not, that is crazy. Then why would we expect them to provide their own PCs?
@@username7763 You provide the OSE (operating system environment), you can do that virtually or physically. The logistics of the physical option increase costs and lower security as you are increasing the surface area of attack Edit: second thoughts on " and lower security as you are increasing the surface area of attack." that is moot at best :)
@@snuscaboose1942 It still involves using a contractor-owned computer connecting to the network via VPN and accessing the VDI. This data leak happened due to malware stealing credentials which can happen in the scenario you describe. It doesn't solve it, it just makes things more complicated.
my data have been leaked so many times in the last few years, i should simply make a post on socialmedia with all my data, it will make no difference 🤣
Interesting, thanks. Sorry, if it's not on topic, such a question, how to transfer USDT from OKX wallet to Binance? Apart from the seed phrase, nothing: bar buffalo stone electric maze limb oil match obtain rice above asset. Can you describe how to do it correctly?
Just got fired from dicks sporting goods for the exact reason at 6:00. I was hired on full time from contractor and now they're changing stuff theyre finding ways to fire all the better techs so they dont have to give out promotions.
Well, make having the data secure the cheapest option. Take a percentage of the yearly revenue (not profit!) of a company that let the data out (Santander, or what have you). I bet 5% would make *wonders* to their security.
Lol, you think password would stop anyone? You don't know what bypassing is then. I had a router that I discovered a vuln for around a decade ago that I can bypass the login prompt and change what i want, people who enable wan management on that router got impacted since google indexes everything out there. Good luck with your password.
Proxmox or some other in-situ VM is a good thing for these contractors to learn if they value their position. Such knowledge should be mandatory for fitness of position. Wish I could write the way I want to, but UA-cam keeps eating my words.
At the same time it is not feasible to run an entire os for every program or website you use professionally. Many times you even have to use them together.
@MentalOutlaw, I was really hoping you might address Snowflakes main selling point, "Unsiloed Data Storage". They're biggest selling point, IMO is essentially, insecurity. Siloed data does add hurdles to information sharing between apps and geographical spaces, but when configured correctly, dramatically reduces the scope and scale of any one breach. Snowflake is basically saying, Hey hackers! Here's all your data in ONE PLACE! Just break a single account for any one of our applications and it's all yours! I'd love to get your take on that.
10:00 Yep, one of my family almost got baited by scammers yesterday if they didn't consult my simple link check for spending online, because they got baited by some random discount by some known actress that is not actually her. Take care of your friends and family folks. One more thing, from my experience they will do some sussy moves online once or twice a year, so be careful. XD
I was so scared that this had something to do with TOR's snowflake proxy's even though I knew that the proxy wasn't a server. Thank god its just a rando AI tech company lmao
"Sir, we should make our own cloud infrastructure. It'll be absolutely free because it's open source, but it'll take a week or two to get it running "Hmmmmm... I'll think on it..." "Don't listen to him sir! I have an ONLINE cloud solution!" "How is it better?" "It's an AI CLOUD!" "GENIUS, JENKINS! YOUR SALARY IS NOW $4.7M!"
hey Mental Outlaw, I was wondering if you'd be willing to cover a kind of touchy subject; the guy who shot at Trump. Why? because the media is absolutely perplexed at how he was able to cover his tracks online, generally a bunch of boomer opinions on it... I think it would really show people a different perspective (an accurate one)
Babe wake up new data breach just dropped
😂😂
😂
Every other day?
Bobby, don't pull out please, it feels so good baby! :D :D
Babe go to sleep, it is one more of data breaches.
Isn't this like the fourth time AT&T has had a massive breach?
2nd this year alone
Is it gonna be exponential? See y'all next week 😆
AI is awesome..... for the hackers to impersonate employee's voice and video in real-time. lol
@@BillAnt shit.... i never taught about that... you made a point tho, but i guess if that was the case, they would all be caught already... yet, after the dude breached EUROPOL, sold they're data, and got away with it
4th that we know of
so this is how i find out my bank got breached huh
2 months late and from youtube
NO email from them confirming nor denying that my data has been breached
last straw, brb changing banks
Typically they don't tell people unless they have evidence of them being directly affected. Its slimey, but it makes sense because they don't want all of their customers to panic
thing is this is the LEAST offensive thing about their cybersecurity
- the password to enter the site has fewer combinations than customers the bank has
- to authorize actions there's a slightly more complex password, but whenever it asks for it it picks half the characters at random to ask, which means they store passwords unhashed
- when you make an online purchase, since the app never works you have to 2fa with a text message, but instead of sending you a code they send A LINK TO A PASSWORD INPUT
@@inakilbssfeel like naming names?
@@wtfdid_i_justsee i'm just a user
@@inakilbss Again, when I've made passwords, I usually make up a combination of trying to get over at least 8 to 20 characters, so it makes it much more difficult to enter into the account. I do think that having a USB Key item that unlocks your information would be the better way to access not only your computer, but also your social media account since the password is an encrypted 64 character thing.
So awful we have a credit score at all but one that is tied to forces beyond our control.
How would the companies lending money know who to trust with the money they loan, though?
Not surprising considering that many of the companies want to be like Australia and China. So hence why they have been implementing S.S.C.S. into our society for a decade now and here we are so, I'm not surprised.
Soon everyone will have a "hack score" on how many times our info has been leaked. lol
@@Rightly_Divided from their actual interactions with you? how do you know to trust your friends without a social credit score?
@@Rightly_Divided collateral
If I had a dollar for every time my sensitive info was leaked from a large tech company, I would be making money in a very strange way.
You would be google
@@SilverLining1 lmao
😂
I used to work for a large company which provided end-user remote tech support which was primarily staffed by contractors through a staffing company. The companies we supported often had locked-down systems, but our own machines were pretty much unrestricted. Our employees were frequently under-trained and irresponsible, and I can 100% see this happening to one of their machines.
OH BOY can't wait for your next vid.....
It's gonna be great
SAARS
@@maxamps45 DO NOT REDEEM
If I had $10 for every time my personal data has been leaked in a data breach, I'd be *so* high right now:D
LOL - sounds like me - disposable income MAY =
esoteric psychedelics, etc. ;*[}
i'd have $20
it isn't much but it strange that it has happened twice.
"... in human history" - glad to hear you acknowledge non-human history might include greater breaches :)
I am Lrrr! Ruler of the planet Omicron Persei 8!
when the amazon cloud was introduced back in the early 2000's it took us all of 10 minutes to come to the conclusion that letting a 3rd party manage our data was a dumb idea. I think we got it right.
unless you are hosting your own datacenter(from ground up) you automatically you allow a third party to manage your data whether thats a VPS to renting space in someone elses datacenter or renting compute and storage from cloud provider
so its not a dumb idea its an ok idea but you still need to follow security practices and such
when shit like this happens I get the urge to go ask my mom to stop paying for the monthly ICloud storage. can't believe we live in a world where Cloud storage is popular and companies can just change TOS whenever they want to fuck us over. we own nothing and we are forced to be okay with that.
Fireproof safe + some harddrives / SSDs would be good enough. Plus you own it!
this incident has nothing to do with TOSs nor ownership tho, this is billion dollar companies cheaping out on staff with access to millions of customers' data
santander's security has always been absolute garbage so i'm not surprised they wouldn't even demand the contractor use 2FA
Capitalism is a bee-otch
Especially in a world where decommissioned and wiped-clean enterprise SAS HDD is $3.5/TB. Cheap and environmentally friendly; especially for cold storage.
what was leaked is active data, not archived
I died when he said "Interpol honeypot" 😂
Is it really?
@@adediranadeife7903that’s the joke, people said the new one was a honeypot but they’re actively selling leaks still lol.
@@adediranadeife7903we won't know unless it gets busted (a-fucking-gain)
Probably is
Waiting for the Crowdstrike vid yo to drop...
Shiny is no longer administrator BTW, I'd assume this recording is old but as of June 14th, it's now 'Anastasia'
Sus
@2rx_bni If you're talking abt Anastasia then ya, came outta nowhere, 0 posts, 0 threads, -1.2k rep, 0 msgs in Shoutbox after 1 month
Sad. I liked the pokemon profile picture
avg linux user
@@ImNotQualifiedToSayThisBut Umbreon my beloved
Speaking of 2FA and credit agencies, I noticed that 2 out of 3 of the big agencies don't have 2FA for customers, and the third does via SMS only. Shame shame
Snowflakes are unique like a good encription pattern, but also extremelly fragile at the touch like a server with poor data security.
Indeed. But you know this wasn't a snowflake problem right? AT&T had a user with an insecure password
I wouldn't trust my data to a company with a name like snowflake. They sure live up to their name. lol
@@jxtq27 no they had the credentials in the database along with tons of others to use
@@kingpin3690 Can you be more specific? Who had what credentials in which database? That were used by who?
@jxtq27 i'd never trust an outside company to protect my companies data. There could be insider threats youd never know about. On premise if you want security
Thank you. BYOD should not be allowed for federally regulated industries, but Snowflake is a tech company that should've known to push 2FA to its customers. Redditors love Snowflake and this is the end result. Also don't know how they don't have a corporate VPN...Even smaller firms have that!
Patiently waiting for the CrowdStrike video
"...the compromised accounts were not using any kind of multi factor authentication..."
It's 2024, this still happens WAY too often!
About time someone covered the actual cause behind all these recent leaks, I've been trying to post about this in a few comment sections
Funny how people can make videos about topics or subjects but god help you if you try comment about it
I hate living in this digital gulag.
Whenever you use the cloud, your data is basically in the public.
BOYD has always been a terrible idea. My last few companies have required me to use my personal phone for work. Here we have someone using their personal computer for work. Company work should always mean company equipment. I had one situation where I did a phone interview with a potential candidate who pulled up his current employer's source code on his computer to show us his work. All sorts of red flags there. Keep personal and company computing separate ... always!
Pov: You're a hiring manager and you have the option to train someone for 0.0001 seconds or hire someone who can say 500 buzz words / minute ( You pick the latter).
Great content as always man, very informative for those of us a little newer to security
time to cook, my dude
And I thought the benefit of such clouds would be security, because now you have experts run the system, but no you still need to be a security God to not mess up.
This feels like Solarwinds 2.0
It is. Similar kind of company
so... what's so great about AI companies again? I thought they were supposed to create money, not have a hand in just dropping it all over the floor...
at&t cant catch a break
They can, though; they've caught enough breaches…
They've screwed every one of their customers that I personally know, usually to the tune of thousands. They created a few ghost lines on my account that I couldn't get rid of until I switched providers.
Thanks for the info!
If only MegaCorporations could afford not to exploit feudal style seasonal hired help, maintaining their labor base with dignity and respect, if only 😔
I remember working with a company that required a couple of security software to be installed on my work machine
Because we're living through late stage capitalism, I full expect one of these companies soon to fake a breach, to sell a copy of their database for extra revenue. So long as the cost of being caught * likelihood of being caught < profit why wouldn't they?
my guy thinks in 4d
They already do that feds pay good
They don't care about getting caught as long as the company is treated as a person and liability for people's actions is offloaded on the company
yo appreciate the update and news
2FA and security to log everywhere... why the hell not every service move to that standard??
Got an ad for migrating away from snowflake under this video 😂
No. For contractors they should use a VPN and connect to a Virtual Desktop owned and managed by the client. Client resources can only be accessed via the virtual desktop, either by network or conditional access. Data should not be able to be transferred from the contractor's machine and the virtual desktop, even email access should only be via the virtual desktop.
Edit: MFA for access to the virtual desktop.
I disagree. They should use company equipment 100%. Don't allow un-trusted computers to connect ever. This isn't super expensive to do, compared to running a bunch of VMs. Do you expect contractors to provide their own servers? Of course not, that is crazy. Then why would we expect them to provide their own PCs?
@@username7763 You provide the OSE (operating system environment), you can do that virtually or physically. The logistics of the physical option increase costs and lower security as you are increasing the surface area of attack
Edit: second thoughts on " and lower security as you are increasing the surface area of attack." that is moot at best :)
@@username7763 I do agree with you if the risk justifies the expense, banking or national security.
@@username7763 "They should use company equipment 100%." yes a VDI is 100% company equipment that is my point.
@@snuscaboose1942 It still involves using a contractor-owned computer connecting to the network via VPN and accessing the VDI. This data leak happened due to malware stealing credentials which can happen in the scenario you describe. It doesn't solve it, it just makes things more complicated.
At this point hacking is now dead.. it's just another hour of browsing for some people 😂
0:40: Outlaw: SAN-TAN-DEHR- BAYNK
Me British Ears: Arghhh!!!!
Why'd you say that like Mr. Krabs
Cus Mr krabs is bri'ish bruv
I shortly thought you were talking about Tor Snowflakes omg
Im happy leaks happen im always curious whats happening behind thr scenes
i wake up 🔁 there is another data leak
corps will say to put as much security as possible into these "cloud" services
and then have them dismantled by the simplest rickroll
Just changed my password for att 😢
Make sure to update it in LastPass whilst connected via NordVPN.
Can't be too careful these days.
new vid when
my data have been leaked so many times in the last few years, i should simply make a post on socialmedia with all my data, it will make no difference 🤣
The owner of this channel, Jayson Tatum has a lot of knowledge about security, both digitally and within the NBA
Deep cut, he hasn't made a deep fake in a while
Imma let u finish, but Kenny has one of the best music videos of all time.
Lirbals when Snowflake 😂 **smashes keyboard on dog**
@mentaoutlaw Next Video ?
Boring times in the market are the best times to hold and buy more on every dip.
Interesting, thanks. Sorry, if it's not on topic, such a question, how to transfer USDT from OKX wallet to Binance? Apart from the seed phrase, nothing: bar buffalo stone electric maze limb oil match obtain rice above asset. Can you describe how to do it correctly?
How do you vote with your dollar if all the companies are being hacked?
whats the point one time passcodes if theyre generated from a seed that can be "stolen"
They are not tracking UNC5537 for this ‘incident’ UNC is a prefix for any uncategorized threat actor, ie don’t know their motivations or affiliation
Just got fired from dicks sporting goods for the exact reason at 6:00. I was hired on full time from contractor and now they're changing stuff theyre finding ways to fire all the better techs so they dont have to give out promotions.
Good day to remember that I don't give my credit card data for long term storage to any service.
saint tender bank lol nice vid kenny
Are contractors with specific skills less sought after and therefore less costly?
electricians can make a good living!
so that explains why i'm getting random texts advertising "WFH" opportunities.
Revux is creating waves in the crypto world. The concept of an integrated financial platform is a game-changer!
Is this relate to tor snowflake network?
Well, make having the data secure the cheapest option. Take a percentage of the yearly revenue (not profit!) of a company that let the data out (Santander, or what have you). I bet 5% would make *wonders* to their security.
only time I'd store any data in a cloud platform is if they're encrypted with a 75 character password
Lol, you think password would stop anyone? You don't know what bypassing is then.
I had a router that I discovered a vuln for around a decade ago that I can bypass the login prompt and change what i want, people who enable wan management on that router got impacted since google indexes everything out there. Good luck with your password.
Proxmox or some other in-situ VM is a good thing for these contractors to learn if they value their position. Such knowledge should be mandatory for fitness of position. Wish I could write the way I want to, but UA-cam keeps eating my words.
At the same time it is not feasible to run an entire os for every program or website you use professionally. Many times you even have to use them together.
@MentalOutlaw, I was really hoping you might address Snowflakes main selling point, "Unsiloed Data Storage". They're biggest selling point, IMO is essentially, insecurity. Siloed data does add hurdles to information sharing between apps and geographical spaces, but when configured correctly, dramatically reduces the scope and scale of any one breach. Snowflake is basically saying, Hey hackers! Here's all your data in ONE PLACE! Just break a single account for any one of our applications and it's all yours!
I'd love to get your take on that.
A new day, a new data breach 💀
Does 2FA really make that big a deal?
10:00 Yep, one of my family almost got baited by scammers yesterday if they didn't consult my simple link check for spending online, because they got baited by some random discount by some known actress that is not actually her.
Take care of your friends and family folks. One more thing, from my experience they will do some sussy moves online once or twice a year, so be careful. XD
Can't wait to see $RVX (Revux) hit $5 by the end of the year.
Turn off the phone! Claim your privacy
But I can't 😂
Not pragmatic
'You have any idea how much shit requires a phone these dayz?
They’ll move to cloud sessions workers remote into. Shuffle more money to the hyperscalars.
Just invested $10,000 in Revux! This project is set to soar.
I was so scared that this had something to do with TOR's snowflake proxy's even though I knew that the proxy wasn't a server. Thank god its just a rando AI tech company lmao
Damn at first i thought there was an issue with Tor's snowflake bridge
Experian itself is a data broker.
They're not being hacked, they just sell the data, wait a bit and then say "We got haxx0red, sowwy! pls update your passowords :)"
Call Sridhar Ramaswamy! the Puppy CEO😂
"zero trust" ¯\_(ツ)_/¯
10:09 amongst us
Actually a pretty good take !
Well said.
Bro where's the microsoft outage video? Oh, you use Windows, so you couldn't upload it. I get it.
"Sir, we should make our own cloud infrastructure. It'll be absolutely free because it's open source, but it'll take a week or two to get it running
"Hmmmmm... I'll think on it..."
"Don't listen to him sir! I have an ONLINE cloud solution!"
"How is it better?"
"It's an AI CLOUD!"
"GENIUS, JENKINS! YOUR SALARY IS NOW $4.7M!"
data? i hardly know a’
Data? I hardly knew her
@@jamad-y7m painter? I hardly knew her.
Another thing to disturb my sleep for tonight.
i thought of snowflake as in the tor bridge 😭
It’s ok, I’ve had so much fraud hit my cards lately that I have no money and all my cards are new. i’m good.
Although I am critical of the cloud, but in this case Snowflake was not the problem, it was just a skill issue from the customers.
at least 'this time' it was a data breach and not just being sold to bad actors
They tried so much to make my company switch to snowflake. Thanks god I didn't
Everything getting hacked now in days 😭
Wow a lot of likes, that's cool
Now a days*
@@HardPourCorn Maybe they do mean in days, as in way to quickly for any of these companies to have any sort of decent bloody security
@HardPourCorn
Huh
@@SuperLimeWorld Thats how that saying normally goes, now a days, as in "in these days", "in the current day" etc
Adding 2FA isn't that hard - especially if you use a third party cloud vendor e.g. Duo, rather than "send me a text and I'll type in the code"
well if people accessing cloud systems dont do security properly this isnt cloud's fault but users
If it's on a INTERPOL honeypot it's probably not legit, right?
Database leaks? No way
hey Mental Outlaw, I was wondering if you'd be willing to cover a kind of touchy subject; the guy who shot at Trump.
Why? because the media is absolutely perplexed at how he was able to cover his tracks online, generally a bunch of boomer opinions on it...
I think it would really show people a different perspective (an accurate one)
Another L for online fiat banking
AT&T is LITERALLY the nsa. Wtf 🤣
......oh shit, my work place has a addon for all browsers with a snowflake ❄️ icon.