New PuTTY Vulnerability - ThreatWire
Вставка
- Опубліковано 7 чер 2024
- ⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: / endingwithali
Twitter: / endingwithali
UA-cam: / @endingwithali
Everywhere else: links.ali.dev
[❗] Join the Patreon→ / threatwire
0:00 Sophia d’Antoine
0:36 - Potential T-Mobile Directory Leak
2:32 - Palo Alto Networks Firewall Python Backdoor
4:20 - Twitter Hosted the Phishing Olympics
6:14 - PuTTY Project Vulnerable
7:28 - Outro
LINKS
🔗 Story 1: Potential T-Mobile Directory Leak
www.t-mobile.com/support/plan...
www.sciencedaily.com/releases...
tmo.report/2024/04/t-mobile-e...
🔗 Story 2: Palo Alto Networks Firewall Python Backdoor
www.volexity.com/blog/2024/04...
unit42.paloaltonetworks.com/c...
security.paloaltonetworks.com...
labs.watchtowr.com/palo-alto-...
/ 1780239802496864474
🔗 Story 3: Twitter Hosted the Phishing Olympics
krebsonsecurity.com/2024/04/t...
🔗 Story 4: PuTTY Project Vulnerable
www.chiark.greenend.org.uk/~s...
thehackernews.com/2024/04/wid...
www.openwall.com/lists/oss-se...
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. - Наука та технологія
YT shorts are like a fridge full of condiments and no "real" food.
"We want to be like TikTok" so cringe...
You just described my own fridge 😭😭😭
But you leave satisfied
it's just easy clickbait mostly for honry kids
Sometimes I agree. But there are many YT videos that are 25-35 minutes long that could have been explained in 60 seconds or at least could be used to give an overview of something with a link to the full content if desired.
Thanks Ali! Appreciate the info on PuTTY as so many of us deving in microcontrollers use it for UART.
"Shoot me a DM".... Famous last words 😅
IMHO YT shorts devalue and dilute quality content
Seconded. It’s the final stage of the death of discord (that thing people should do, not the app)
Thirded (sic)
Fourthed, but it goes hand in hand with these days zoomers that cant hold their focus for more than a minute at a time.
I dont know. When done well they could be good just like PirateSoftware.
IMHO YT devalues & dilutes any quality content with a pathetic layout 😂
I hated shorts at first but I am a little more used to them now, it just depends how they are used. Just don't replace everything with them and I prefer if it is some sort of link or summary of another video. It bothers me when people just make a 10 second video speaking in fast forward on something that could be discussed in detail in ten minutes
meh shorts i tend to find myself watching them by accident , i like watching videos where i learn something , but now and again i see a short and before i know it , im clicking through shorts for 10 mins and couldnt tell you a thing about a single one of them , but then im an old bugger who uses the web as a library not , as it seems, like the youngsters who use it to fill their lives
Great content as always
Only ten minutes? I can get lost in them for hours as long as they keep giving me interesting ones. Steve Mould usually has some that draw me in for his full video.
Thank you for the link to enable SIM protection. The obvious question is why the hell is that even something that the customer has to opt in for?
Yubikey works great... Cant even open the authentication app without the hardware key
Thanks for the info.
thanks for the info
Great job 😊
As if you needed to pay a T-Mobile employee to do the SIM swap … 😬 *sigh*
Hi Ali thanks for the report. I wonder what if any kind of cybersecurity training or pentesting is done at T-mobile...
Thx again 👨💻
re shorts: Hate them and never ever ever watch them, but then again I'm not in teens or early 20s either so maybe I'm the wrong demographic for vertical video!
I'm curious why your example on the sim sales is a retail level employee making $10 - $18 per hour...what exactly does that have to do with how honest you are? I've worked minimum wage on my way to where I am many times and I never considered it a license to act unethically. At what hourly rate would these employees who commit larceny become honest, or do you have to make them salary to get an honest employee? I see well paid people go to prison for embezzling money all the time, accountants, town clerks, sheriffs, attorneys, sometimes for relatively petty amounts, how much you make doesn't actually determine your sense of morals or ethics, at most it lowers your price.
Umm university of luxemborough? Is that a real university or did she actually mean Luxembourg?
she seems a little off, I think that announcement at the start of the video could have something to do with it. She flipped the words when reading the comment as well.
Good info! Thanks 🏴☠️
Have a happy Pesach Ali. Good show.
What a QT! Good content too.
Anyone hear that MGM got hit and was shut down for the day I think?
I only heard about FTC vs MGM situation
what'd you hack to get them lip fillers
excelente canal
do you have to be a member to get their discord access?
Not only was the Palo issue nasty, but their general handling of it was poor, at best, likely closer to downright bad to horrid. So many things to say, so many NDA’s.
String replacement mishaps have been around forever. Sadly, even high-impact mishaps are not that rare.
Vulnerabilities probably shouldn't be published in great detail. At my former employer, we locked down the details, and only gave a generic overview for the published report. Unfortunately, many will read security vulnerabilities as a step to further exploitation.
And thanks for reminding me to disable SIM-swapping!
You got a chocolate bar.... All i got was this stick that sounds like its raining, how come you get a chocolate bar !
I feel Ike that chocolate bar study had to have had participants make an account for something related to the study, or just make up a password, then asked the participants for that password. A password like that wouldn’t be linked to any of the participants’ personal information, and that may have made them less reluctant to share that specific password.
I could be wrong. About to go look up the study. So I’ll find out. I sure hope I’m right, but wouldn’t be surprised if I’m wrong. If I am right, I’d love to see a similar study with a more robust methodology.
enjoy youre pass over tc.
understandable, have a nice day.
Microsoft MFA App is great, it records login attempts from all over the world haha it’s funny to see India and Indonesia trying so hard to get in
YT Shorts are good. Example. The report about Putty was very short. That could be a shorts video. Bring more people to the channel sharing short good videos.
Personally don't like shorts, but you should go for it anyway. You've got to play the UA-cam game if you want the views. Getting on shorts is a way you can grow more audience.
1:00 I thought that was patched??? That *still* is a vulnerability??? Duuuuude, I read about that like two years ago 😶
Didn't Elon disband most of the Twitter security team?
You would put out puTTY info on the 22nd. ;)
❤❤❤❤❤❤
Does the putty bug affect kitty?
It seems like a bit since we have had a threatwire
My apologies for the delay - we had a little trouble with this edit. It was supposed to have gone out Thursday or Friday. We're making some backend workflow changes and running into a few growing pains. Thanks for the patience and understanding. ~Darren
@@hak5 no worries)
I am just thinking about it, nothing more. Maybe I missed an episode or maybe nothing happened of great significance.
Don't take my comment to be negative. I love hak5. )
I absolutely love YT shorts, the only thing is that sometimes…. Hey did you see the one with the ADHD people….
YT shorts are a tool and like any tool can be used either well or badly. For concise bits of information, which have little depth or which can assume existing knowledge or which at least point people in the right direction they can often work well.
So kong as you understand how use them and stay away from pointless, 'hollow' content you'll probably be fine.
Darren please do it this aint fair it has that guys texts about that tunnel
Anyone that wants to see shorts already has TikTok for that.
About 70 multi character alpha numeric
Heck, I dont even need the whole chocolate bar either. I'de compromise my account just for a bite.
What would you do for a klondike bar?
I use Microsoft for Microsoft, Google for Google, synology for synology, Ubiquiti for everything else
shorts are evel
UA-cam Shorts contribute to Goldfish Brain.
🥳🥳🥳
When it comes to MFA apps I really like 2FAS
Shorts can be fun to watch but a lot of them are unfortunately recorded in such a way that to really get information that you want you have to watch the video that the youtuber wants you to watch. So basically another ad and nothing else, and hate these ones.
5:35 nah just ctrl f and replace all…. that’ll do it
I will not update anything this week.
Happy Pesach! I was actually snacking on a box of Matzos my dad sent me home with while watching this. As for YT Shorts? I'm going to be the embodiment of the old, set-in-his-ways codger that hates the new generation and thinks these new things are everything bad with the world, etc... but in a less joking response, I do dislike YT Shorts (if only because YT refuses to allow opt-outs).
im pretty Meh on "shorts" i like short videos, but not the youtube shorts.
smart people use EdDSA instead of ECDSA 🤭
can we get rid of Short all together? - please
I use a YubiKey!
Also, I hate UA-cam shorts!
They always show the most irrelevant videos of yoga and shuffle girls... and never Ali the mmap in my strcpy...
AH lol, well T-mobile any any other company that sells mobile stuff, pay the front end staff better.
UA-cam shorts are like clickbait.
Everyone says they hate them but they just keep watching. 🤷♂️
Putty is Dutty!😮
Free otp+.
for some reason threat wire seems.... less lately.
It smells like Upstyle in here
This girls cool but is this all hak5 is now?
I prefer Aegis
Not a fan of shorts that are more than 1 part. If it is an entire story in 60 seconds no issues from me.
I like Shorts for quick digestible content
I like shorts because they're easy to take off.
@@j0hnny_R3db34rd true :)
...What's UPSTYLE? 😉
Putty 😂
Please NO UA-cam-shorts, we will wait for a proper video release. This channel is fantastic, don't degrade the content.
Globalprotect is trash and ironically my last 5 jobs and currently use it haaaa lol
Dios, por favor vuelvan al formato anterior donde se preparaban de antemano para hacer el video, usaban cambios de ángulos de cámara y no se veía tan forzado.
I hate shorts. I also get that the algorithm loves them and will recommend your other content more often if you post shorts. So really I don't think you have a choice if you want to grow.
Any short format is awful. It’s the best way to say nothing. It really just causes frustration since the viewer normally wants more.
Maybe if your subject is super simple, it could work. Like if it’s a tip or something.
Please don't waste your time on shorts...
who needs sim swapping explained in 2024
UA-cam shorts is waiting for TikTok to get banned
NO SHORTS! Please! YUCK!!
What happened to the old host? The old host flowed way better.
Not a fan of YT shorts. Honestly, just chill and do your Passover thing with the family.
damn 5 views in 15, aly fell off