Small correction, a Flash login form is not especially vulnerable to SQL injections. Nothing client-side can help you against those, not Flash, not an HTML form, not JavaScript, reason being that you can't actually control what runs on the clients in any meaningful way. The server the form sends its data to must handle all user input with special care, usually with prepared statements or input filtering.
I was thinking this whilst watching, honestly hearing stories of these big organizations or even governments not sanitizing their input is ridiculous, it's literally one of the easiest attacks you can do and it's ridiculous it still happens
yeah it's like the client web app sends malformed data with the REST API. It's like...so? That should be expected as a possibility. Flash and the web browser are both the client. You don't just trust the client.
This is the most chaotic good person I've ever heard of. I think he is pretty much a cyber Robin Hood. He steals data from the mega companies either to give fans access to things the company didn't want them to (like the Gigaleak), or leaks things to the media to try and get awareness of how messed up these companies are. It makes sense it's illegal but I wish there was a way he could go about this without getting arrested.
I think that it shouldn't be illegal, a special case should me made for cases like these, where as long as they themselves don't leak to the public the personal data and inform the authorities they are exonerated from the crimes required to do it, and not only that they get a medal and a cash price. This would incentivice individuals to hack non malicously to get the medals for their resumee or the cash if they are bad on cash and at the same time it would incentivice companies to invest more in security to avoid legal problems and PR blows
@@diablo.the.cheater I agree this. I think I'm more so talking about copying the data to yourself instead of just finding out you can copy the data and reporting it in which case that should be legal. When he took the Vtech data he could have very easily made multiple copies and sold them off anywhere and it wouldn't be traceable so having that information on a civilian third party computer is quite dangerous itself. This solution is messier though because than you don't have the evidence about the leak and the police most likely won't have hackers who can retrace your steps.
It always drives me nuts when they "crack down" on hackers that find issues like this, especially when they make it apparent they have morals. They should be hired.
Giving young children a device that connects them to the internet, while most of the adults around them don't even know what a phishing attempt is? No way this could go wrong.
This has been happening before the internet was thrown into their hands, just differently packaged through school assignments, surveys and questionares. Also being socially engineered and indoctrinated by sandbox framing or other words secret concentration camps by corporations... It's a big slap to the face if free will and freedom of thought were living things and were in fact not being infringed and violated by generations before us. (Classical violation of private conscience begins from the beginning of all things.) It's questioning and researching through observation and empirical data that you realize everything taught isn't necessarily true and many times contains embedded commands and I statements that programs individuals to believe they are not what they are but rather what operators / the hidden enemy working against them want them to believe so over time they become unrecognizable to even themselves.) The enemy is lurking everywhere, could be right in front of us and never know it. Science is the enemy. The Bible holds so many algorithms and scientific evidence that can be proven by many great thinkers and artists before us.
If I was a multimillion dollar company, I'd hire this guy for security reasons. He's seriously amazing at what he's done, huge props for the vtech thing too
The fact that the hacker who started this entire story is ALSO the hacker who dumped the historic Nintendo Gigaleak is the biggest plot twist of all time holy shit
The fact that VTech is still making camera-based kids toys is wild. Like I'm not surprised since it happened a while ago but still, that seems like SUCH a risky move 😂
Damn. Didnt know the nintendo and microsoft gigaleak was by the same guy. Mad props to him. As far as im concerned, this guy did an amazing service to the world by publicly archiving history of some of the biggest and most important companies in the world who'd be glad to let old stuff rot away and die without seeing the light. Any archival of man's creation is important and a global good imo so i have nothing but praises for him.
Did he leak people's personal data? Cause that's not good. Discretely disclosing major security flaws of big companies to authorities, said companies and responsible journalists: good. Publicizing people's private information: bad.
@@ReddoFreddo If you noticed in the video, he refused to leak anyone's private data. He exposed V-tech without releasing any of it to the public, only giving some of it to a professional in data security as proof that it was real.
We are entitled to this content. We deserve it. The fact that these companies considered it "their" property, and tried to keep it from us, just shows that they had it coming.
He hasn't posted to Twitter since 2018 and he hasn't been in the news for anything since the Nintendo leak in 2019. Hope he's still alive lol, maybe he works for an intelligence agency now or something
@@bingonight1504 He's probably under state supervision of some sort, they may not have sent him to prison, but they also couldn't just leave him to his own devices to keep hacking.
Sometimes it can't really be helped though. (Stuff like medical history and bank and police records for example, for those companies that work with that kind of data.)
i know why they collect it, but why is it so damn hard for companies to just... not have the sensitive info of their customers stored... it would create a LOT less headache for the company AND the consumer...
So you're telling me this guy is responsible for hacking one of the biggest children's companies in the world, the hacking of Microsoft, the nintendo gigaleak and the only version we have of North Korea's operating system? That's a hell of a track record...
Young people do better at this, you need to have huge amount of time and do lot of trial and error to get some way into the servers, and it does involve certain amount of creativity too. In contrast, very few young people do well in realm of hacking intricate computer architectures, since that calls for lot more technical aspects, which only few young people ger around, if any does at all
@@canofbeans7631 thats what these kinds of hackers do though. it's basically telling them "hey, you have a problem. im gonna put a virus here to show you that you need to fix it." if anything, it's a good thing. people aren't gonna fix anything until something breaks.
I never heard of Vtech before. But the CEO is dumb. The problem with this world, intelligent people are full of doubts, while stupid ones are full of confidence.
@@fynkozari9271 V-Tech are basically the people behind Leapfrog which were the most popular K-5th US assisted reading tools. Basically books that had speakers where if you touched the page in certain spots would read out the pages, which included a bunch of little games. Once computers were easy to manufacture, V-Tech then started branching out into using full on low quality tablets with a standard Linux based OS. From what I understand, they basically just used and modified Android OS kernels just like Amazon did with the Kindle series. Basically they had a great learning platform and then over engineered it and middle class parents ate that shit up in the US.
Slipstream was genuinely just a curious guy. It's terrifying to think that if someone with malicious intent gained his skill and knowledge, they may have caused a lot of damage.
Pretty much anyone who goes to school for cyber security could decide to ruin anyone's life in an instant. It's something you need to be very responsible with lol I've heard tell of people who will gain remote access to a targets phone and computers, and implant CP onto them. Then alert the police, provide them enough evidence to get a warrant, and boom your life is over
"why would someone want pictures of children?" Given her line of work and the types of people that she has probably covered for, she knows damn well what the answer to her own question is.
You ask even obvious questions so that the answer will be given. She may know, everyone watching may know, but it gives like a reminder people like that exist that do want kid photos. It's like a "People want your kid's photos and this company made it easy for them to gain access to it!"
When I was younger, I had the Vtech watch, and obviously, being a kid, I took photos, played with it, and wore it 24/7. Seeing this honestly makes me feel sick. I hope nobody was able to do this to me.
Holy sh*t! My little brother had this tablet when he was younger and he took pictures ALL the time. He eventually threw it away and we all got mad at him but thank god he did… he knew something we all didn’t.
Slipstream should become a CEH (Certified Ethical Hacker), because there’s a lot of people who want to hire people like that, and you can make actually really good money depending on your skill. He might even make more money than his other good job.
I believe slipstream 100% is that hacker from the movies who just casually hacks into the aecurity data of a base opening all the doors and locking the cameras by just pressing random buttons
He was at Malwarebytes and committed multiple federal crimes. No company is willing to lose it all because one employee thought it would funny to commit federal crimes. Maybe the government would hire him for Cyberwarfare.
@@BiigiieCheeese also look up defcon or any of the other hacking conventions, people are very public with some of the shit they've done, or even revealed major exploits at them Im not an expert on the hacking community, but I'm confident he won't have any issues with employment
craziest part is if he sold all of the data he would've never gotten in trouble. He became a criminal after being punished for doing the right thing. We need international powerful whistleblower laws.
@@uknown1546 No Vtech stole the information in the first place. This information did not belong to Vtech, it wasn't theirs. They should have been held accountable, not the hacker who exposed them. That mentality is just fucked up!
@@Yourebeautyfull I think he did the right thing morally to start. Often though morales and the law dont see eye to eye. Thats like saying someone whos caught in the act of robbing a drug dealer wouldn't or shouldn't get in trouble too, cause the drug dealer was selling drugs illegally. What he did was against the law, he knew it when he did it. At the end of the day he did steal personal data, doesnt matter if they should not have had it.
Slipstream has got to be the most based man I've seen on the entire internet. I love this guy. When he hacks a database that's sensitive to innocent people, he tries to break the story, but when he's hacking companies, he just goes wild with it.
@@yazzy3177 you look like an ego filled white nationalist. You don’t know the meaning of that symbol you’re using as a pfp. Be quiet scrub, and go learn C++
Honestly, thank God he was able to hack into Vtech and let them know about it... could have been someone with more ulterior motives, a/k/a a creeper, who wouldn't bother to do anything about it. Anyhow, this guy sounds like a genius when it comes to computer stuff. Love your videos - thanks for the upload & enjoy the rest of your day!!
considering there was an active hacking community for the tablets it's very likely quite a few of them realized the vulnerability of using flash in the year of our lord 2020 slipped in did their thing and were never noticed every time you hear about a hacker exposing a vulnerability in a system, you gotta remember there's probably more than a dozen that abused it and did not report on it
What makes you think Slipstream was the only one who did it? If there was a security flaw as blatant as that it would be safe to assume other people might have also discovered it by themselves. All we know is that Slipstream was the first to publicise it, but that doesn't mean he was the first to discover and use it. Just food for thought.
@@arstulex yeah honestly considering he started the video by saying what a big community there was around hacking these things there's no chance other people didn't also get the data. And there's no way to know because Vtech didn't even notice Slipstream taking every single users information
as someone that's pretty jaded, the "Creeper" that would hack those systems likely would be looking for self incriminating photos of those children. because the law is stupid and when children have cameras, laws are broken, which puts v-tech in criminal possession and yeah... there is far more wrong and concerning with v-tech then just the fact their security was beyond crap and broken that easily.
he's like the batman of the internet. he exposed a children's company for vulnerabilities, leaked info from both Microsoft and Nintendo, and stole the only OS from north korea and published it. a true anti-hero
2 year old video, but first one I'm watching from you. Your excellent simplified explanation of what a SQL injection is and how vulnerable an Adobe Flash input page is earned you a new subscriber. Just brilliant man.
The "hacker" SlipStream is actually the hero of this story. His curiosity and his general well being has made this huge security flaw to the public. Instead of being prosecuted, he should be given rewards.
@@fel524 never said he wasnt, i respect him because he never had any bad intentions in the first place and hes a genius (or they were just so fckin easy to hack)
And my family thought I was crazy a few years ago to reject the creepy V-Tech "stuffed animal" that wanted to know WAY too much information about my child, connect to the internet, and talked. That is not a cuddle buddy; that is a potential spying device that can be hacked.
I got one of those v tech tablets, thank god that we never connected it to anything or put info onto it, it was a game machine/calculator, so if it was hacked they didn’t get any info. Also I was too stupid to use the camera
@@sidneyboo9704 well audio based baby monitors that work on radio waves and have absolutely no form of wifi connectivity exist… if that’s what you’re after
Attach an LLC to your name. Make some money then incorporate the bloodline. You're welcome. Also look into the rights of private clubs. Secret societies are a thing for a reason.
not even really journalistic integrity, more like covering his ass. If he had published an article claiming a data breach of a massive company like that without proper confirmation he could be sued into the ground.
Instead of arresting this guy, someone should hire him. This is raw talent that could be a very valuable asset to any IT company. Friggin Google, for instance.
It was said in the video that he already works for MalwareBytes as a researcher and yet I see so many people saying "lol someone should hire him". Someone already did lmao.
@@fuyumi4309 not the only time North Korea has been "hacked" the entire country was once hit offline for a long period of time from a group of people. Lizard squad I think back in the day. But still slipstream is pretty impressive
@@SomeOrdinaryJanitor that is a step down. Working as a researcher in the private sector, you can hack kids toys for LOLs, get contracted to work on serious industrie products... lots of things to do. No limits, little red tape, as long as you not reapitadly step on the wrong foot. You can even earn goverment and military contracts if you really try. Goverment? Red tape every where. "this is system is safe - no body has hacked it - no you are not allowed to try" "no, you can not publish that - as goverment employee, your always represent the goverment" "no, you can not use unapproved software, that would be unsafe" "we recently upgraded our system - it still runs code written in the 1960s on 2010 era hardware"
I'm amazed VTech is even still around, and only got off with a fine in the thousands. They illegally spied on millions of children, downplayed it when caught, and had all their data (that they weren't even supposed to have) unencrypted. They should have been been severely punished for an error of that magnitude. If someone with more malicious intent had been the one to discover how easy it was to get into their data storage, I can't even imagine the damage they couldve caused.
i just found out about this channel this week, simply stumbled upon one vid and kinda went thru a rabbit hole w your content. ngl youre an amazing storyteller o: your content is very compelling
SlipStream shouldn't have even gotten a warning. They should have given him a reward for finding this and not exploiting the data. Good people like that shouldn't be punished. Edit: I don't usually do edits but goddamn I feel like my comment has become a general discussion war. I'm still getting notifications lmao
I mean if you broke into a bank to prove how easy it was to break into a bank, you'd still be breaking in even if you didn't take anything. I agree with this statement but also Slip did basically trespass and go somewhere he wasn't supposed to, even if it was for good
@@TarigonTetradactyl correct. But he didn't just break in and didn't do something. He warned the owners of the bank giving them the chance to improve their security. Had he not warned them, he wouldn't have been warned. He gave them the warning and basically told them they should upgrade their security here and there.
Let me fix this statement. I just love the fac that some guy who barely was an adult casually hacked into NORTH KOREAS SYSTEM SOMETHING THAT USA GOVERMENT OFFICIALS COULD NOT EVEN DREAM OF.
My opinion on this is that everything he did was fine. Yes, they did something incredibly illegal, but if their servers were so horribly protected that a 24-year-old was able to steal tons of their data, that's more on them for not patching their security vulnerabilities. As for the VTech hack, even I could've done that. Why the fuck were they using Flash for their login page???
Yeah, I agree that a white hat would've been better, as in they just report the vulnerabilities and go, but seeing how hard it was to get ahold of VTech, I can't imagine they would've been able to. As I said, when your service is so easy to hack that a 24-year-old can get root access to all your servers and data by copying a script, then that's entirely on you, and you are the only one to blame for letting your service be that vulnerable.
I had one of these leap frog tablets as a kid. THANK GOD it was a one that never connected to the internet. That leap frog tablet and my Nintendo DSI were my childhood.
That TOS is exactly why we need Privacy legislation passed in the United States. I cannot believe the hacker who only wanted to help almost gets major jail time but Vtech gets not even a slap on the wrist for ilegally gathering the data of millions of children.
he got no jail time dude he got a caution, very common in the uk for even the pettiest of shit, i stole from a store once and got a caution, theyre really really harmless and go away after a few years
14:00 that plot twist. yeah hacking nintendo is crazy yeah hacking microsoft is crazy BUT HACKING INTO NORTH KOREA AND STEALING THEIR ONLY OPERATING SYSTEM THEN LEAKING IT TO THE PUBLIC IS TRULY INSANE
@@burymeinjhenny918 If he's responsible for what I assume they are talking about, he hacked into Nintendos own servers and grabbed years worth of game development data. Not anything recent, but archive from the mid 2000s and earlier which solved a lot of game mysteries and lead to the preservation of a lot of lost material that would have never been seen publically.
Idk why but Slipstream is so cool to me😂 like the fact he’s able to do that stuff and he’s not being malicious to day to day people. What a goat man!!!
I just started laughing ENTIRELY too hard at “some guy figured out how to run doom on it, of course he did” thats just the funniest thing to me! Seriously, what HAVENT people ran doom on? I just love the maniacal obsession hackers and modders have with making every single object run doom!
VTech should've employed Slipstream. Albeit some hiccups, he saved the company. He had three options--like selling the stolen data on the dark web or something, but chose the right option. And, like, what, he was punished for it?
@Kishan02 yeah, but it's not really "there" People really overstate how much it means to have a crime on your record. You can get a job, and as long as you don't need to have any security checks done and you have "done the time", you're fine, nobody would ever know.
@@Kisher02 just to add, the only thing it really does interfere with is your credit score, but nearly everything bad like that is wiped from your credit score after 2 years anyway
Slipstream is straight up an anime protagonist. He gets away with breaking the law multiple times with barely even a warning, and still does the illegal stuff he does to protect people.
I once worked with a Chinese tech company, I can verify that this type of complete lack of care and effort over security is rampant. At first I couldn't believe why they didn't care, until I realized the emergency exits from their office all had locked padlocks on them. If they don't even care about risks involving their own lives, imagine how little they care about the risk of customer data leaks.
Even though I moved away from Russia years ago and now work in Europe, emergency exits that are *actually* open are still a foreign concept for me. In Soviet Mindset, you dont keep any doors open you simpleton, are you just inviting homeless people?? Who cares about fire safety, what's the probability of a fire anyways? And if it happens people will just figure it out somehow, nah uh we're not keeping open doors on a company building /s So yeah, this might come as a surprise for you, but for a big chunk of the world emergency doors are essentially just another wall but with a door handle.
@@jeremiahsmith916to be fair i think they are 1 way. walmart is full of emergancy exit doors you can see outside the store but i dont think you can walk inside the store thru those doors. Many have alarms so if you do go thru the door it is extreamly loud which is good in a real emergancy. Most here just ignore them ive herd of a few people shoplifting than escaping thru those doors
He hacks into multiple companies and gets away with it. He lets people know of problems and they don’t fix them. He gets arrested. What? He’s doing us a service! He should be praised! I also just love the sentence, “He hacked into North Korea.” I’m very glad this guy is not trying to be malicious!
How is he not malicious, the fact he uploaded malware onto the internet shows his intentions to make money by hacking innocent people. Don't make claims before watching the full video
@@redtortoisethe malware could have been light, a none malicious virus that alerts them to the presence of it and how it got in. Since he probabyl didnt want to get arrested again like with vtech
@@redtortoisemy brother in Christ, do you know what malware is? It’s not some scary evil Code that steals all of your money. It can be used for more than that, like warning Microsoft that they have a breach
Slight note: MD5 is broken cryptographicly as a hash function (that is, you can generate to pieces of data that can predictably give the same hash value), it is still fairly difficult to reverse a salted MD5 hash back to its original plaintext. SO it's use is inexcusable at the time VTech was using it, but it wasn't 'hair on fire' bad. More like 'using your tablet in the bathtub bad'.
Not even as much broken cryptographically as just having every possible MD5 output for every input pre-calculated and stored it many terabyte large databases
thepirateybay creators stole all of north koreas ip space making them lose internet access, just so they could make it look like the site was hosted in north korea for an april fools joke.
You know you're security protocols are broken when even the 21-year-old hacker is like "This is like all kinds of fucked, I should probably tell someone about this."
Gotta love the "hackers" who act without malice. Being able to acquire that data, let alone hold that much potential money in your hands and not have a malicious thought in your head... true power
The analogy of him firing a gun in an airport is incorrect. What he did was demonstrate he COULD walk into an airport, fire a gun into the air and receive no security response. They should have thanked him massively.
I mean, he *did* copy the data. It's not like he just verified he had full permissions and left. If actually transferring data off server side isn't at least firing the gun, I don't know what is.
Well, they should have thanked him if he went to them first when he found a vulnerability. The way he did it made sure to harm their public image first.
I agree, expect for the part that he uploaded malware to Microsoft network, sure pointing out the flaws is good, but why hurt them more by uploading the malware and potentially having data of all employees leaked? I mean they aren't (most of them at leastr) responsible for the flaws in the systems.
So, let me get this straight : The company which was caught collecting data from more than six million children didn't even have to admit that they did anything wrong, but the hero who alerted the public had to admit that he did something wrong? The irony here is that if he stayed silent he never would have been caught because they didn't even know a breach had occurred which means they just taught a lesson to whistle blowers everywhere to stay silent. I don't think it's fair to say that he caused damage to vtech. I mean, yes that had to shut down the servers but only because they screwed up. That would be like suing a police officer for making you fix your broken light on the basis that you can't drive it for a few days. It's not the officer's fault that that you have to fix something. I absolutely condone his actions.
Except that he did take the data. An ethical hacker would see that the login is vulnerable to SQL injection, stop there and inform Vtech so they could fix it. Then again, seeing how hard it was to get ahold of anyone there, they probably would have ignored it until some actual malicious hacker stole the data and sold it all.
@@joemck85 Sure he copied the data, but the data itself was illegally collected by vtech. They collected video and images and names and addresses without informed parental consent. Even if vtech fixed their login system it would change the fact that vtech was collecting information they had no right to. By not holding vtech accountable that gave the green light for other companies to do the same thing. Google collects audio through its smart TVs via the "Google Assistant" even when Google assistant is set to off and I personally caught a smart TV record audio while the screen is on. There is no way to stop it short of ensuring the microphone isn't functional and the newest smart TVs also have cameras. Maybe we wouldn't live in a world where your own TV will spy on your children if companies like vtech were actually held accountable.
This guy was lucky as hell, he basically just got a slap on the wrist and still continues to do his thing. We have much more serious examples of whistleblowers getting fucked over like Julian Assange, Edward Snowden and others. It's wrong, but being a whistleblower is a high risk and often times zero reward/outcome type of endeavor. There's lots of these stories of ethical hackers pointing out a vulnerability and getting in trouble or receiving legal threats from the companies called out. They should be rewarded but often times they are uncomfortable for the people in power.
@@seperempat4325 When the cops do it, it's collecting the evidence, though this would be done through the legal system, not hacking. When random people do it, it's breaking in, theft, and possibly tampering with evidence. After all, there was question as to whether the data was even real before it was reviewed. To be usable in court, evidence needs to have a documented chain of custody as it's transported and analyzed.
was not expecting this hacker to be the nintendo leak guy, that was actually a massive deal, especially with all the old content that got leaked, including both games people didn't know existed, and games that had been ruled out as lost media. while not as serious as the v-tech leak, the nintendo leak was certainly a historical moment for video game culture.
Having proper guidance, he could probably take down censorship in North Korea… That’s historical figure-level potential. I have high hopes for people like this
NK is incredibly poor, the amount of people that have internet access is very small. Censorship would still be a massive thing and it wouldn’t resolve anything except him getting killed by their government.
Slipstream seems like a pretty cool dude, hacked all this data and never did anything malicious with it (Other than putting north Korean stuff for free on the internet)
i think its a pretty common thing with company security that they get hacked and are then hire the hacker or pay them for explaining their security problems as long as they dont do anything bad with what they find. its basically a service. happens all the time
Slipstream is a literal tech beast like hoooly. He should be hired by a government with all this knowledge he has. Not only that but he had some good intent in that too.
@@hashoshanimhoney2956 would you rather a person like this to be hired by a government or some malicious group which either sells that data or does something worse with it? A government owning a 9 year old's data isn't a problem. You think anything good would happen if that data would be in the hands of a dangerous group? No need to be so aggressive for a UA-cam comment.
@@rustyshade2971 There's the White hats, and there's the Government of debt . There's the black hats and there's the government of safety. Government isn't always good, and third party groups aren't always bad, and it's never clear cut one or the other.
@@rustyshade2971 "a government owning a 9 year old's data isnt a problem" this mindset is the issue with society and the perpetual fear of some third party group with multitudes less power than a government who has shown time and time again to be even less trustworthy than those oh so scary third parties
@@rustyshade2971 id rather him be hired by a third party group than waste his skill in some corrupt bureaucracy whom the higher-ups (or even lower ranked people) do the same bad corrupt shit and invade the privacy and rights of citizens
The crazy part about all of this is that if Slipstream just wanted to make some money he could have and no one would have even noticed. Great video Vince!
Yeah, but he didn't really know that no one would have noticed. When you get hold of millions of dollars worth of data from a mutli billion dollar company you would think that they would notice.
I had known Wack0 as a humble but very knowledgeable member of a pokemon glitching forum in my youth... only knew about how "in"famous he was when the gigaleak happened and the glitching community was sent into scrambles. We thought it was just Spaceworld 97, then other Pokemon leaks, but soon enough it was everything Nintendo. I was only aware of his responsibility behind the gigaleaks even then, I had no idea he had such a storied history. I didn't even know he went by Slipstream until you mentioned he was behind the gigaleaks. Then everything came together. It's very very wild to have passed by so closely to him. I feel like I brushed with a famous celebrity in their youth lol
I absolutely condone what Slipstream did. Not condoning it is kind of unconsciously condoning companies collecting the data to begin with, which is probably worse. No one ever hacked me for my information, they hacked target. Curious.
Quick annoying technical correction. Flash isn't what introduces the SQLi vuln, it handles the UI and talks to a vulnerable backend (probably written in PHP). Sounds like he figured out the endpoint that the flash app spoke to and exploited that. Flash is dangerous and browsers all dropped support for it mostly because it had a history of bugs to break out of its sandbox, so visiting a page using it would lead to control of your computer.
I don't think it's annoying, the video has quite a large amount of technical mistakes. They didn't have access to the entire network, mostly just one machine. The passwords aren't all recoverable, MD5 just allows you to find another input that also works. Another comment also mentioned the bit about not all MD5 passwords being crackable, and Vince reacted by saying the audience wouldn't understand the technical jargon. Which I thinks is a supremely disappointing reaction, it shows a lack of being able to admit mistakes while blaming your audience for not being smart enough to get it
A few years back I basically walked in the 'back door' of a local museums computer system. I did no programming, no crazy stuff - I simply opened a museum website page and chose to open a page link in a certain way (it was done using 3 moves) and bang - I was in their website on the part that staff used for the museums collections. It did not give access to accounts etc. I could add and remove data if I'd wished. The staff side of their website also allowed full access to everything they'd digitised whereas the public side only showed a tiny fraction of the whole museum scanned collection. I'm actually a good person and used the back door simply to gain more data for my research - it saved me travelling to that museum, saved me money on copies of documents and gave me full resolution on scans. The open door lasted around 8 months until a new server system was installed at the museum.
@@Deleted_CatExactly, dump all the good data to your PC, so you don't lose it, and then start playing. Can't believe the dude refused to have fun with it.
At the center of all of this, the one thing I'm touched about is how much morals the people involved had in this. Slipstream had a conscience, and that's what sets him apart from a large degree of hackers, and the people he handed the info to as well could have and would have handled this thing horribly in the wrong hands, but didn't. This is one of those things that gives me faith in the world lemme tell you.
Majority of hackers are curious people breaking stuff apart,almost every big company thrives on bounties to fix their shitty security flaws. Governments around the world have a love boner for hackers.
Not sure why this video popped up on my recommended feed.. I’m glad it did though. This video was a f*cking BANGER! You my good sir have a new sub. Thank you for this.
Yeah he’d also always have his head in a guillotine. That’s a fuck ton of sensitive information about children to be responsible for. I really doubt he would’ve just gotten away with it and get to just ride off into the sunset. Once people realized what happened they’d be after him and he’d always have to fear that
Slipstream sounds like a guy who tried to do something "wrong" for the greater good and was punished for it, then decided he'd just do whatever the hell he wanted to after that. Sad that someone with so much talent gets punished for their actions instead of praised. This world is broken.
I mean, he *did* already have a job. And even if we're going to say that it wasn't wrong, and that he was doing it for the better good, there are way *way* better ways to go about that. What he did was grey-hat at best, and I don't think he'd deny it. And don't get me wrong, notifying relevant parties of security vulnerabilities is good, and, failing those responsible for maintaining that security notifying the public themselves, it's good to make that information public. But incentivizing shit of this level is how you get a bleeding wound. Yeah, it's good to know that my stitches are loose, but you don't have to pick at them, and you certainly don't have to rip them open.
@@SaberToothPortilla "But incentivizing shit of this level is how you get a bleeding wound." Companies literally hire hackers to attempt to break their systems all the time. It's not new.
@@TheRumpletiltskin Yes, they *hire* them, as in they are expecting it to happen, it is occurring with their knowledge, and they have clear legal recourse in the case that something they didn't sign off on happened. This isn't penetration testing, this is just penetration. You incentivize people doing it in a controlled environment, again, like his actual job as a security researcher at the time, not doing it randomly to organizations that they have no affiliation with. They aren't paying to just get hacked, obviously, that's not the service, they're paying for someone to notify them of potential security vulnerabilities which would (generally) not include, for instance, *actually copying the data*. That's not penetration testing, you just got properly hacked.
Lmao, I actually get this dude; I have High Functioning Autism (ASD1) and ADHD-C. The obsessive nature of this condition makes us really aware of patterns and obscure connections between various subjects. He wanted to know something and when I feel like that it becomes a drive to do so, almost a compulsion.
Small correction, a Flash login form is not especially vulnerable to SQL injections. Nothing client-side can help you against those, not Flash, not an HTML form, not JavaScript, reason being that you can't actually control what runs on the clients in any meaningful way. The server the form sends its data to must handle all user input with special care, usually with prepared statements or input filtering.
exactly this. I didn't see your comment so I wrote my own little rant about the false statements in the intro.
I was just thinking the same. SQL injection has nothing to do with the login method used and if it has, you're doing it wrongly since the beginning.
This is why sanitizing inputs is so important for webforms that use any type of database.
I was thinking this whilst watching, honestly hearing stories of these big organizations or even governments not sanitizing their input is ridiculous, it's literally one of the easiest attacks you can do and it's ridiculous it still happens
yeah it's like the client web app sends malformed data with the REST API. It's like...so? That should be expected as a possibility. Flash and the web browser are both the client. You don't just trust the client.
This is the most chaotic good person I've ever heard of. I think he is pretty much a cyber Robin Hood. He steals data from the mega companies either to give fans access to things the company didn't want them to (like the Gigaleak), or leaks things to the media to try and get awareness of how messed up these companies are. It makes sense it's illegal but I wish there was a way he could go about this without getting arrested.
I think that it shouldn't be illegal, a special case should me made for cases like these, where as long as they themselves don't leak to the public the personal data and inform the authorities they are exonerated from the crimes required to do it, and not only that they get a medal and a cash price.
This would incentivice individuals to hack non malicously to get the medals for their resumee or the cash if they are bad on cash and at the same time it would incentivice companies to invest more in security to avoid legal problems and PR blows
@@diablo.the.cheater I agree this. I think I'm more so talking about copying the data to yourself instead of just finding out you can copy the data and reporting it in which case that should be legal. When he took the Vtech data he could have very easily made multiple copies and sold them off anywhere and it wouldn't be traceable so having that information on a civilian third party computer is quite dangerous itself. This solution is messier though because than you don't have the evidence about the leak and the police most likely won't have hackers who can retrace your steps.
Making being a whistleblower not suck is a nice start,
but neither corporations or the government want or will allow such accountability
Chaotic good is whistle-blower energy
That's actually just a classical whitehat hacker leaning to gray. Which probably all are chaotic good, though.
It always drives me nuts when they "crack down" on hackers that find issues like this, especially when they make it apparent they have morals. They should be hired.
this.. the company should applaud them for finding said breach and reporting it.. most people would have sold it for a profit
The problem is that you can't prove they never sold anything or hid more files somewhere else no matter how ''morally correct'' they seem.
@@timovandenheuvel9502 you can't prove that of anyone.
@@SuperDuckyWho Yes, so until we have way to prove it they are cracking down on them as it is an illegal act.
@@SuperDuckyWho You cannot prove they didnt lol. Tf kind of logic
Giving young children a device that connects them to the internet, while most of the adults around them don't even know what a phishing attempt is? No way this could go wrong.
Ah yes let’s give children a thing that responsible adults don’t check or understand
@Heidinfinite " "
I just can't understand why they thought collecting the data was a good idea.
Right its SUCH A GREAT IDEA
This has been happening before the internet was thrown into their hands, just differently packaged through school assignments, surveys and questionares.
Also being socially engineered and indoctrinated by sandbox framing or other words secret concentration camps by corporations... It's a big slap to the face if free will and freedom of thought were living things and were in fact not being infringed and violated by generations before us. (Classical violation of private conscience begins from the beginning of all things.)
It's questioning and researching through observation and empirical data that you realize everything taught isn't necessarily true and many times contains embedded commands and I statements that programs individuals to believe they are not what they are but rather what operators / the hidden enemy working against them want them to believe so over time they become unrecognizable to even themselves.) The enemy is lurking everywhere, could be right in front of us and never know it.
Science is the enemy. The Bible holds so many algorithms and scientific evidence that can be proven by many great thinkers and artists before us.
If I was a multimillion dollar company, I'd hire this guy for security reasons. He's seriously amazing at what he's done, huge props for the vtech thing too
They *do*. MalwareBytes Labs does analyses on security breaches for companies.
If I was the CCP, I'd use Vtech as a front for getting information on Americans through their children.
It's sinister
He could be eventually. Some cybercriminals have been hired by large firms due to their experience.
And then he would hack your entire database for shits and giggles
@@Dumb_KilljoyI know the best money counterfeiter was hired by the U.S government to catch counterfeit bills
The fact that the hacker who started this entire story is ALSO the hacker who dumped the historic Nintendo Gigaleak is the biggest plot twist of all time holy shit
That hacker must've had a good gaming chair to do that
@@AgIsANoob gaming socks & gaming underwear
@@Vyclops he definitely had the programmer socks
Proceeds to hack north Korea
man has gaming gloves and gaming mask
The fact that VTech is still making camera-based kids toys is wild. Like I'm not surprised since it happened a while ago but still, that seems like SUCH a risky move 😂
2 dodge
Ikr
I used to have one 💀😭
They just hid the important files within more files labeled something inconspicuous.
The more fucked up thing is vtech, to my recollection, has a history of being hacked
Damn. Didnt know the nintendo and microsoft gigaleak was by the same guy. Mad props to him. As far as im concerned, this guy did an amazing service to the world by publicly archiving history of some of the biggest and most important companies in the world who'd be glad to let old stuff rot away and die without seeing the light. Any archival of man's creation is important and a global good imo so i have nothing but praises for him.
Absolutely all of this
Did he leak people's personal data? Cause that's not good. Discretely disclosing major security flaws of big companies to authorities, said companies and responsible journalists: good. Publicizing people's private information: bad.
I always wondered how the fuck redstar os was publicly available, this man is such a big chad
@@ReddoFreddo If you noticed in the video, he refused to leak anyone's private data. He exposed V-tech without releasing any of it to the public, only giving some of it to a professional in data security as proof that it was real.
We are entitled to this content. We deserve it. The fact that these companies considered it "their" property, and tried to keep it from us, just shows that they had it coming.
someone needs to hire him 😭 my jaw dropped when you said he hacked into north korea
I'm crying laughing at that
at the age of 15 as well
He hasn't posted to Twitter since 2018 and he hasn't been in the news for anything since the Nintendo leak in 2019. Hope he's still alive lol, maybe he works for an intelligence agency now or something
@@bingonight1504 He's probably under state supervision of some sort, they may not have sent him to prison, but they also couldn't just leave him to his own devices to keep hacking.
@@bingonight1504 he does have a mastodon so check that?
The first line of defence of protecting user data is not storing it in the first place.
All the huge companies seem to forget that part.
Dumb comment
How are they gonna sell it under the table if they delete it
Sometimes it can't really be helped though. (Stuff like medical history and bank and police records for example, for those companies that work with that kind of data.)
i know why they collect it, but why is it so damn hard for companies to just... not have the sensitive info of their customers stored... it would create a LOT less headache for the company AND the consumer...
@@SomeOrdinaryJanitor mony
So you're telling me this guy is responsible for hacking one of the biggest children's companies in the world, the hacking of Microsoft, the nintendo gigaleak and the only version we have of North Korea's operating system? That's a hell of a track record...
And he is still on his 20's
And he's in his early 20's
Young people do better at this, you need to have huge amount of time and do lot of trial and error to get some way into the servers, and it does involve certain amount of creativity too. In contrast, very few young people do well in realm of hacking intricate computer architectures, since that calls for lot more technical aspects, which only few young people ger around, if any does at all
@@zaytaz9331 dude's autistic so most likely he's a savant
That man is an inspiration
Slipstream doesn’t seem malicious. He should be hired to test the encryption and privacy or certain companies
he works for malwarebytes lol
He put malware in Microsoft’s servers💀
I’m surprised he wasn’t assassinated after hacking into North Korea
@@canofbeans7631 Good thing 👍 That shows that Microsoft has bad security
@@canofbeans7631 thats what these kinds of hackers do though. it's basically telling them "hey, you have a problem. im gonna put a virus here to show you that you need to fix it." if anything, it's a good thing.
people aren't gonna fix anything until something breaks.
he hacked into a country. How has he not been hired as head of security somewhere
Difficult to comprehend the damage Slipstream could have caused if he had malicious intent.
Exactly my thoughts
I never heard of Vtech before. But the CEO is dumb. The problem with this world, intelligent people are full of doubts, while stupid ones are full of confidence.
@@fynkozari9271 V-Tech are basically the people behind Leapfrog which were the most popular K-5th US assisted reading tools.
Basically books that had speakers where if you touched the page in certain spots would read out the pages, which included a bunch of little games.
Once computers were easy to manufacture, V-Tech then started branching out into using full on low quality tablets with a standard Linux based OS. From what I understand, they basically just used and modified Android OS kernels just like Amazon did with the Kindle series.
Basically they had a great learning platform and then over engineered it and middle class parents ate that shit up in the US.
Exactly, its not that bad, dude did more good than harm tbh damn greyhats
A massive difference between white hats and black hats but sure governments, treat them all the same.
Slipstream was genuinely just a curious guy. It's terrifying to think that if someone with malicious intent gained his skill and knowledge, they may have caused a lot of damage.
Pretty much anyone who goes to school for cyber security could decide to ruin anyone's life in an instant. It's something you need to be very responsible with lol I've heard tell of people who will gain remote access to a targets phone and computers, and implant CP onto them. Then alert the police, provide them enough evidence to get a warrant, and boom your life is over
@@GlorifiedGremlin holy fuck
@@GlorifiedGremlin What? I need to know more about this, this sounds horrifying.
I'm trying to google this incident but can't find anything.
Where is your pfp from? i see a lot of people using it and i wanna know the origin
He went from "Malwarebytes is such a cushy job" to "COME ON BOYS I GOT THE OPERATING SYSTEM OF FUCKING NORTH KOREA"
Lol
frl lmaooo bro he's the goat 🐐
he's a man of focus, commitment, and sheer fucking will!
oh god that dude
@@aparanoidbw ... with a FOOKING PENCIL!!! ✏
"One guy figured out how to run DOOM on it"
Of course he did...
If it has a screen, it runs doom
if hardware is someway related to computers or computer it self someone gonna make it run doom. NO EXPECTIONS. :D
@@lfgdestruptor4650 thanks for reminding me how cringe I was five months ago.
@@lfgdestruptor4650 Computational universality, colloquially (and imprecisely) called 'turing completeness.
"why would someone want pictures of children?"
Given her line of work and the types of people that she has probably covered for, she knows damn well what the answer to her own question is.
She asked it so that the answer would said on air. That happens all the time.
You ask even obvious questions so that the answer will be given. She may know, everyone watching may know, but it gives like a reminder people like that exist that do want kid photos. It's like a "People want your kid's photos and this company made it easy for them to gain access to it!"
I may be dumb, but why DID she need them?
@@colepalmer4744 Perverts want them.
@@colepalmer4744 she needed the answer to be said publicly so it builds awareness of child-watching creeps (p3dos possibly)
That Nintendo hack confirmed that “L is real” in SM64
Hey its that one guy who does that one thing on the internet. Cool!
@@Charlie-hv3dh CONNOR6SUS
Hey, that comment wasn't spooky
Wahoo
It confirmed "L is real 2401"... 24 years and 1 month after Mario 64 was released in Japan.
Slipstream is a genius. He just needs to be more careful, as it seems that they always tracked him down.
Maybe he let them
Honestly he should be hired by these big multies. They should beg him to hack them so they can avoid the embarasemt later.
Tbh he probably done like he did with vtech and tell them “yo get better security”
he was being the good guy imo.
@@galacsinhajto I think you trust multies too much.
When I was younger, I had the Vtech watch, and obviously, being a kid, I took photos, played with it, and wore it 24/7. Seeing this honestly makes me feel sick. I hope nobody was able to do this to me.
Same 😮
Same I also had the camera..
Dude he's not a criminal he's a valuable asset. I bet the government really wants him to work for them
The fact that he only got slap on the wrist prove that he's already did
uh doubt it
@@SpanishArmadaProd he hacked multiple giant companies and didn't do anything malicious (for the most part)
Who the heck wouldn't hire him?
@@SpanishArmadaProd every country would want him in their arsenal,even north korea knows his value
@@thalassaer4137 North Korea ESPECIALLY knows his value. XD
Holy sh*t! My little brother had this tablet when he was younger and he took pictures ALL the time. He eventually threw it away and we all got mad at him but thank god he did… he knew something we all didn’t.
His photos and information are still in cyberspace and God knows where else.
you should tell him what happended
I don't think that is a correlation
@@travisconfer2255 not to you 😂
@@NovaQuinzel shit* Don't censor.
Slipstream should become a CEH (Certified Ethical Hacker), because there’s a lot of people who want to hire people like that, and you can make actually really good money depending on your skill. He might even make more money than his other good job.
With his expertise he totally should go into pentesting
@@HappyBeezerStudios Yeah, some CEH’s do pentesting for companies, one of the many jobs CEH’s can do.
he worked for Malwarebyte (antivirus software)
I -can't- believe that these companies didn't already have someone like that on the payroll.
THIS DUDE HACKED AN ENTIRE COUNTRY
12:52 bro wanted to check if he still had it in him 😭😭
😭
I believe slipstream 100% is that hacker from the movies who just casually hacks into the aecurity data of a base opening all the doors and locking the cameras by just pressing random buttons
That would be hilarious!
Slipstream: this is very simple hacking a baby could do it! *literally hacks north korea*
*press space 3 times* I'm in the OS
*I'm hacking into the mainframe, and I'm disabling their algorithms*
*I'M IN*
*puts ambiguous and unexplained usb stick into pc*
*random green text fills the screen*
*”I’M IN”*
Slipstream should be hired by some of the biggest firms. Like holy sh*t.
He was at Malwarebytes and committed multiple federal crimes. No company is willing to lose it all because one employee thought it would funny to commit federal crimes. Maybe the government would hire him for Cyberwarfare.
He seems more like a liability.
@@BiigiieCheeese lmao look up Kevin mitnick and that alone should instantly prove you wrong on this point
@@BiigiieCheeese also look up defcon or any of the other hacking conventions, people are very public with some of the shit they've done, or even revealed major exploits at them
Im not an expert on the hacking community, but I'm confident he won't have any issues with employment
If he’s working for the government, we wouldn’t know
craziest part is if he sold all of the data he would've never gotten in trouble. He became a criminal after being punished for doing the right thing. We need international powerful whistleblower laws.
He saw it could get hacked easily followed through stole data
Didn’t do anything but still took data
@@uknown1546 No Vtech stole the information in the first place. This information did not belong to Vtech, it wasn't theirs. They should have been held accountable, not the hacker who exposed them. That mentality is just fucked up!
Well, I mean he did get off with a warning the first time, which is hardly being punished.
@@Yourebeautyfull I think he did the right thing morally to start. Often though morales and the law dont see eye to eye. Thats like saying someone whos caught in the act of robbing a drug dealer wouldn't or shouldn't get in trouble too, cause the drug dealer was selling drugs illegally. What he did was against the law, he knew it when he did it. At the end of the day he did steal personal data, doesnt matter if they should not have had it.
Bro went from 1 to 100 from hacking companies to entire countries
Slipstream has got to be the most based man I've seen on the entire internet. I love this guy. When he hacks a database that's sensitive to innocent people, he tries to break the story, but when he's hacking companies, he just goes wild with it.
EXACTLY
YES XDD
He is just a hell of a awesome guy.
@@desirelabelle2199 cringe asf
@@yazzy3177 you look like an ego filled white nationalist. You don’t know the meaning of that symbol you’re using as a pfp. Be quiet scrub, and go learn C++
Honestly, thank God he was able to hack into Vtech and let them know about it... could have been someone with more ulterior motives, a/k/a a creeper, who wouldn't bother to do anything about it.
Anyhow, this guy sounds like a genius when it comes to computer stuff.
Love your videos - thanks for the upload & enjoy the rest of your day!!
considering there was an active hacking community for the tablets it's very likely quite a few of them realized the vulnerability of using flash in the year of our lord 2020 slipped in did their thing and were never noticed
every time you hear about a hacker exposing a vulnerability in a system,
you gotta remember there's probably more than a dozen that abused it and did not report on it
What makes you think Slipstream was the only one who did it?
If there was a security flaw as blatant as that it would be safe to assume other people might have also discovered it by themselves. All we know is that Slipstream was the first to publicise it, but that doesn't mean he was the first to discover and use it.
Just food for thought.
@@arstulex yeah honestly considering he started the video by saying what a big community there was around hacking these things there's no chance other people didn't also get the data. And there's no way to know because Vtech didn't even notice Slipstream taking every single users information
or even if he report it, Vtech doesn't care he went to jail and someone else hack it in a most malicious way possible
as someone that's pretty jaded, the "Creeper" that would hack those systems likely would be looking for self incriminating photos of those children. because the law is stupid and when children have cameras, laws are broken, which puts v-tech in criminal possession and yeah... there is far more wrong and concerning with v-tech then just the fact their security was beyond crap and broken that easily.
he's like the batman of the internet. he exposed a children's company for vulnerabilities, leaked info from both Microsoft and Nintendo, and stole the only OS from north korea and published it. a true anti-hero
not what an anti hero is but ok
Anti-villain would be a better term!!
This has happened to me when I was little somehow I literally heard talking from it
it's all vrtech fault and the fact that there has been no justice for the six million children getting they privte information is truly disguesting
Slipstream: whats the most ridiculous thing I can do with my skills
North Korea: exists
Slipstream: *p e r f e c t*
2 year old video, but first one I'm watching from you. Your excellent simplified explanation of what a SQL injection is and how vulnerable an Adobe Flash input page is earned you a new subscriber. Just brilliant man.
The "hacker" SlipStream is actually the hero of this story. His curiosity and his general well being has made this huge security flaw to the public. Instead of being prosecuted, he should be given rewards.
Yea that’s true
yeah but why continue hacking?
@@lampy1801 your honor, he's based
@@fel524 never said he wasnt, i respect him because he never had any bad intentions in the first place and hes a genius (or they were just so fckin easy to hack)
@@lampy1801 There is a fine line between brilliance and madness and it often overlaps.
And my family thought I was crazy a few years ago to reject the creepy V-Tech "stuffed animal" that wanted to know WAY too much information about my child, connect to the internet, and talked. That is not a cuddle buddy; that is a potential spying device that can be hacked.
It's literally the equivelant to a creep putting a hidden camera in your room
I got one of those v tech tablets, thank god that we never connected it to anything or put info onto it, it was a game machine/calculator, so if it was hacked they didn’t get any info. Also I was too stupid to use the camera
Thats why I don't have a baby monitor. My family was insisting I should get one and I was like Nope!
@@sidneyboo9704 well audio based baby monitors that work on radio waves and have absolutely no form of wifi connectivity exist… if that’s what you’re after
im happy that im kinda poor so i cant buy that kind of stuff
Anyway im watching this by my phone so lol im screw anyway xd
Remember, when companies do these illegal acts it's a civil crime; however, when you do it, it's criminal. Double standards are fun kids
Like how it's illegal to expose the illegal things your government is doing
Attach an LLC to your name. Make some money then incorporate the bloodline. You're welcome.
Also look into the rights of private clubs. Secret societies are a thing for a reason.
I’m going to become a company and eat a plane on the runway.
It is?! I never knew that. But, what's the difference
Who is a really simple exclamation why hackers want to see kids faces
Hackers who do this are a paedophile
Finally, an actual content creator!!! Just subbed man!
Most insane thing about this story is that a Motherboard reporter had journalistic integrity.
Lol
not even really journalistic integrity, more like covering his ass. If he had published an article claiming a data breach of a massive company like that without proper confirmation he could be sued into the ground.
What's the reputation of Motherboard?
@@WonderfulBoness whatever vices reputation is. Not good....
@@samholdsworth420 oh lol
Instead of arresting this guy, someone should hire him. This is raw talent that could be a very valuable asset to any IT company. Friggin Google, for instance.
It was said in the video that he already works for MalwareBytes as a researcher and yet I see so many people saying "lol someone should hire him". Someone already did lmao.
@@zephyfoxy lmao, the only step up would be working for governments.
@@ThatGuy-kz3fx my guy he hacked into north korea wtf u mean "not that impressive" lets see you try to do that
@@fuyumi4309 not the only time North Korea has been "hacked" the entire country was once hit offline for a long period of time from a group of people. Lizard squad I think back in the day. But still slipstream is pretty impressive
@@SomeOrdinaryJanitor that is a step down. Working as a researcher in the private sector, you can hack kids toys for LOLs, get contracted to work on serious industrie products... lots of things to do. No limits, little red tape, as long as you not reapitadly step on the wrong foot. You can even earn goverment and military contracts if you really try.
Goverment? Red tape every where.
"this is system is safe - no body has hacked it - no you are not allowed to try"
"no, you can not publish that - as goverment employee, your always represent the goverment"
"no, you can not use unapproved software, that would be unsafe"
"we recently upgraded our system - it still runs code written in the 1960s on 2010 era hardware"
I'm amazed VTech is even still around, and only got off with a fine in the thousands. They illegally spied on millions of children, downplayed it when caught, and had all their data (that they weren't even supposed to have) unencrypted. They should have been been severely punished for an error of that magnitude. If someone with more malicious intent had been the one to discover how easy it was to get into their data storage, I can't even imagine the damage they couldve caused.
There probably was room for a larger class action lawsuit, but I guess nobody cared enough?
@@kimgkomg absolutely should have happened.
It's because VTech is now supplying the government prunes with photos and videos of children.
That company should have been shut down
That's america for you
i just found out about this channel this week, simply stumbled upon one vid and kinda went thru a rabbit hole w your content. ngl youre an amazing storyteller o: your content is very compelling
SlipStream shouldn't have even gotten a warning. They should have given him a reward for finding this and not exploiting the data. Good people like that shouldn't be punished.
Edit: I don't usually do edits but goddamn I feel like my comment has become a general discussion war. I'm still getting notifications lmao
true, he could have easily sold that data but he didnt and just made everyone aware that the security is poor
I mean if you broke into a bank to prove how easy it was to break into a bank, you'd still be breaking in even if you didn't take anything. I agree with this statement but also Slip did basically trespass and go somewhere he wasn't supposed to, even if it was for good
@@TarigonTetradactyl correct. But he didn't just break in and didn't do something. He warned the owners of the bank giving them the chance to improve their security. Had he not warned them, he wouldn't have been warned. He gave them the warning and basically told them they should upgrade their security here and there.
@@NeeNiekVG He was lucky that he got a warning and not a sentencing for hacking into all the data stores of a 2 billion dollar company
@@Marshall1q. they were lucky they didn't get their asses sued by billions of angry moms noticing their child's faces were just so insecured like that
i just love the fact that some guy who was barely an adult casually hacked into all of these corporations
and countries
and hes autistic. Who said autistic children are problematic? I bet his parents are like urgh, its the police again.
Let me fix this statement. I just love the fac that some guy who barely was an adult casually hacked into NORTH KOREAS SYSTEM SOMETHING THAT USA GOVERMENT OFFICIALS COULD NOT EVEN DREAM OF.
My opinion on this is that everything he did was fine. Yes, they did something incredibly illegal, but if their servers were so horribly protected that a 24-year-old was able to steal tons of their data, that's more on them for not patching their security vulnerabilities.
As for the VTech hack, even I could've done that. Why the fuck were they using Flash for their login page???
He probably should have not looked at what the data was once he got in, but otherwise yes he was in the right
Everything else he did was wrong. Hacked into North Korea, Nintendo, Microsoft. That’s just wrong.
Yeah, I agree that a white hat would've been better, as in they just report the vulnerabilities and go, but seeing how hard it was to get ahold of VTech, I can't imagine they would've been able to.
As I said, when your service is so easy to hack that a 24-year-old can get root access to all your servers and data by copying a script, then that's entirely on you, and you are the only one to blame for letting your service be that vulnerable.
Not only did they use flash, they also didn't SQL sanitize things.
Also, you forgot to mention the fact that he also hacked into North Korea.
21 year old*
I had one of these leap frog tablets as a kid. THANK GOD it was a one that never connected to the internet. That leap frog tablet and my Nintendo DSI were my childhood.
That TOS is exactly why we need Privacy legislation passed in the United States. I cannot believe the hacker who only wanted to help almost gets major jail time but Vtech gets not even a slap on the wrist for ilegally gathering the data of millions of children.
Vtech: Oopsies didn’t mean two endanger chilwdren, sowwy government 👉👈🥺
@@MrDsktlldwn government: ish okay, i fowgwive yuwo ÓwÒ👉👈💖💖
he got no jail time dude
he got a caution, very common in the uk for even the pettiest of shit, i stole from a store once and got a caution, theyre really really harmless and go away after a few years
@@azzzertyy but is stealing really something you would be proud of? :(
@@user-sp1sj3mv2u i was 17 and within the poverty line
A hacker better than that guy 4chan
Haha first 😎😎😎😎😎😎😎
Now I’m going to get pinged every time someone replies to the comment
Replying so the guy who said first gets pinged
@@creeperdash2967 sup
@°-*L!ttle*-° third ☺☺☺☺☺☺☺☺☺
Man? I am so mad I just found your content. I love it so much. Thank you!!
14:00 that plot twist.
yeah hacking nintendo is crazy
yeah hacking microsoft is crazy
BUT HACKING INTO NORTH KOREA AND STEALING THEIR ONLY OPERATING SYSTEM THEN LEAKING IT TO THE PUBLIC IS TRULY INSANE
Lol
Frankly though he should've done something that would force an auto-update and kill the OS; anything to cause the Nork's problems is ok in my book ;)
Man's a legend
Hacking North Korea? How is man not dead? That’s like a international crime! Wouldn’t UN NATO, etc. Have to talk to the United States to arrest him?
@@_The_RFG_Club_ isn’t North Korea not in the UN or NATO?
Oh, THIS IS THE GUY WHO GAVE US THE SOURCE CODE FOR NINTENDO. this guy is beyond a legend
I feel like we should all be eternally indebted to this man for introducing us to beta Wooper
Ah yes, the source code of the Nintendo company building, there are a lot of brick and cement assets tho
And yet are man slipstream here confirmed l is real 2401
So, the guy who did this fiasco also did a legendary discovery
seek help
As someone who is into game preservation, Slipstream is a goddamn hero for the Nintendo giga-leak.
giga-leak? giga-chad.
What do you mean? Can you explain further? Did he hack into Nintendo or something?
@@burymeinjhenny918 If he's responsible for what I assume they are talking about, he hacked into Nintendos own servers and grabbed years worth of game development data. Not anything recent, but archive from the mid 2000s and earlier which solved a lot of game mysteries and lead to the preservation of a lot of lost material that would have never been seen publically.
more like tera-leak
Yep, hero. Nintendo is shit
As an autistic 25 year old not familiar with coding, i am both offended by and proud of this man. Keep it up slipstream!
Idk why but Slipstream is so cool to me😂 like the fact he’s able to do that stuff and he’s not being malicious to day to day people. What a goat man!!!
He’s literally the world villain with mc plot armor 😭
Tbh i think he would get into big trouble and i dont think that even if he sold all these accounts he wouldnt be suspicious because its a lot of money
This might sound stupid to you, but will slipstream be able to access my data? I’m worried now.
@@haxozr dawg he hacked into north korea’s network. no doubt that he can find ur data 💀💀💀
@@naomimeek would he WANT to hack into innocent people’s data?
I just started laughing ENTIRELY too hard at “some guy figured out how to run doom on it, of course he did” thats just the funniest thing to me! Seriously, what HAVENT people ran doom on? I just love the maniacal obsession hackers and modders have with making every single object run doom!
If it has a screen and accepts inputs, someone has run doom on it.
@@FinalFantasyIXIIII and if it has a grid of at least 2 states it can play bad apple!
Someone got doom to work on an ATM machine
Didn't someone get doom to run on a pregnancy test device?
@@maku8608 w for elly I guess lol
VTech should've employed Slipstream. Albeit some hiccups, he saved the company. He had three options--like selling the stolen data on the dark web or something, but chose the right option. And, like, what, he was punished for it?
Laws are made for business, not people
He did get punished, he got arrested and then let off the hook
@@Funrollercoaster606 idk man having a criminal record on you for the rest of your life seems like a pretty big punishment to me
@Kishan02 yeah, but it's not really "there"
People really overstate how much it means to have a crime on your record. You can get a job, and as long as you don't need to have any security checks done and you have "done the time", you're fine, nobody would ever know.
@@Kisher02 just to add, the only thing it really does interfere with is your credit score, but nearly everything bad like that is wiped from your credit score after 2 years anyway
Now that started slowly but when it took a dark turn then it just escalated so quickly...
the fact someone just instantly managed to run doom on it is just perfect
It's like a right of passage for a hacked device, run DOOM
@@PliskinYT if the hardware can run an OS, it can run Doom. Somehow.
You know the rules, if it has a screen it can run Doom.
@@grinningllama89 you know the rules, and so do i.
@SB Media say goodbye.
Slipstream is straight up an anime protagonist. He gets away with breaking the law multiple times with barely even a warning, and still does the illegal stuff he does to protect people.
it's giving light yagami
He's light from death note
A caution basically has most of the effects of a prosecution without the prison time so not really getting away
I once worked with a Chinese tech company, I can verify that this type of complete lack of care and effort over security is rampant. At first I couldn't believe why they didn't care, until I realized the emergency exits from their office all had locked padlocks on them. If they don't even care about risks involving their own lives, imagine how little they care about the risk of customer data leaks.
Even though I moved away from Russia years ago and now work in Europe, emergency exits that are *actually* open are still a foreign concept for me. In Soviet Mindset, you dont keep any doors open you simpleton, are you just inviting homeless people?? Who cares about fire safety, what's the probability of a fire anyways? And if it happens people will just figure it out somehow, nah uh we're not keeping open doors on a company building /s
So yeah, this might come as a surprise for you, but for a big chunk of the world emergency doors are essentially just another wall but with a door handle.
Not "their own lives". I'm sure the people at the top have no need to even set foot in those buildings.
Yup, that's how China works.
Funny to asssume the Chinese don’t lie and steal about everything
@@jeremiahsmith916to be fair i think they are 1 way. walmart is full of emergancy exit doors you can see outside the store but i dont think you can walk inside the store thru those doors. Many have alarms so if you do go thru the door it is extreamly loud which is good in a real emergancy. Most here just ignore them ive herd of a few people shoplifting than escaping thru those doors
Just found your channel and dude you look so familiar. Love the content and it shows how much time you put into it.
He hacks into multiple companies and gets away with it. He lets people know of problems and they don’t fix them. He gets arrested. What? He’s doing us a service! He should be praised!
I also just love the sentence, “He hacked into North Korea.”
I’m very glad this guy is not trying to be malicious!
The moment in the videogame when you look at the friendly eldritch entity and think "I sure am glad that thing is not evil". What a gigachad.
How is he not malicious, the fact he uploaded malware onto the internet shows his intentions to make money by hacking innocent people. Don't make claims before watching the full video
@@redtortoisethe malware could have been light, a none malicious virus that alerts them to the presence of it and how it got in. Since he probabyl didnt want to get arrested again like with vtech
@@redtortoisemy brother in Christ, do you know what malware is? It’s not some scary evil Code that steals all of your money. It can be used for more than that, like warning Microsoft that they have a breach
@@dogman3362 *kirby*
Slight note: MD5 is broken cryptographicly as a hash function (that is, you can generate to pieces of data that can predictably give the same hash value), it is still fairly difficult to reverse a salted MD5 hash back to its original plaintext.
SO it's use is inexcusable at the time VTech was using it, but it wasn't 'hair on fire' bad. More like 'using your tablet in the bathtub bad'.
Exactly man! My thought was if i stated they were unsalted hashes, people would be like wtf is that lol
Not even as much broken cryptographically as just having every possible MD5 output for every input pre-calculated and stored it many terabyte large databases
Unsalted hashbrowns taste very bland. I agree.
@@VinceVintage but un tour video you represented md5 as if it could magically be broken, which it can’t
To be honest, the hair on fire part was not even encrypting the password reset stuff.
Slipstream is genuinely the biggest Madlad out there, true greyhat.
I love coming back to this video, the glimpse of slipstream's lore at the end is just way too interesting
Ok, that man deserves an award for the simple fact that he had the balls to hack North Korea of all places! And succeed!
Top line of his CV should always say “I hacked North Korea”
North Korea- Hacks Sony
Slipstream- Hacks the whole of North Korea
@@scotttowers1759 Should've left the playstations alone
I'd be scared they'd send an assassin to kill me.
thepirateybay creators stole all of north koreas ip space making them lose internet access, just so they could make it look like the site was hosted in north korea for an april fools joke.
Leaving the decryption key in with everything else is like putting a padlock onto a decorative doorknob
... or leaving the key in said padlock! lollll
You know you're security protocols are broken when even the 21-year-old hacker is like "This is like all kinds of fucked, I should probably tell someone about this."
same year of the hl2 beta leaker
Gotta love the "hackers" who act without malice. Being able to acquire that data, let alone hold that much potential money in your hands and not have a malicious thought in your head... true power
The analogy of him firing a gun in an airport is incorrect. What he did was demonstrate he COULD walk into an airport, fire a gun into the air and receive no security response. They should have thanked him massively.
He uploaded malware to Microsoft's servers. That is firing a gun.
He basically did a no russian mission with airsoft rifles
I mean, he *did* copy the data.
It's not like he just verified he had full permissions and left. If actually transferring data off server side isn't at least firing the gun, I don't know what is.
@@Cr3zant Microsoft is malware what did he do shoot a gun at a shooting range?
Well, they should have thanked him if he went to them first when he found a vulnerability. The way he did it made sure to harm their public image first.
I am condoning what he's done. He's pointing out the flaws of big companies, better him than an malicious hacker.
I agree, expect for the part that he uploaded malware to Microsoft network, sure pointing out the flaws is good, but why hurt them more by uploading the malware and potentially having data of all employees leaked? I mean they aren't (most of them at leastr) responsible for the flaws in the systems.
@@fpser4888 The malware was most likely just alerting them that there security was ass.
Sums up this 15 minute video with a huge clickbait title, thank you for giving me a quick answer so I don't have to waste my time.
So, let me get this straight : The company which was caught collecting data from more than six million children didn't even have to admit that they did anything wrong, but the hero who alerted the public had to admit that he did something wrong?
The irony here is that if he stayed silent he never would have been caught because they didn't even know a breach had occurred which means they just taught a lesson to whistle blowers everywhere to stay silent.
I don't think it's fair to say that he caused damage to vtech. I mean, yes that had to shut down the servers but only because they screwed up. That would be like suing a police officer for making you fix your broken light on the basis that you can't drive it for a few days. It's not the officer's fault that that you have to fix something.
I absolutely condone his actions.
Except that he did take the data. An ethical hacker would see that the login is vulnerable to SQL injection, stop there and inform Vtech so they could fix it. Then again, seeing how hard it was to get ahold of anyone there, they probably would have ignored it until some actual malicious hacker stole the data and sold it all.
@@joemck85 Sure he copied the data, but the data itself was illegally collected by vtech. They collected video and images and names and addresses without informed parental consent. Even if vtech fixed their login system it would change the fact that vtech was collecting information they had no right to.
By not holding vtech accountable that gave the green light for other companies to do the same thing.
Google collects audio through its smart TVs via the "Google Assistant" even when Google assistant is set to off and I personally caught a smart TV record audio while the screen is on. There is no way to stop it short of ensuring the microphone isn't functional and the newest smart TVs also have cameras.
Maybe we wouldn't live in a world where your own TV will spy on your children if companies like vtech were actually held accountable.
This guy was lucky as hell, he basically just got a slap on the wrist and still continues to do his thing. We have much more serious examples of whistleblowers getting fucked over like Julian Assange, Edward Snowden and others. It's wrong, but being a whistleblower is a high risk and often times zero reward/outcome type of endeavor. There's lots of these stories of ethical hackers pointing out a vulnerability and getting in trouble or receiving legal threats from the companies called out. They should be rewarded but often times they are uncomfortable for the people in power.
@@joemck85 data theft, it should be called securing evidence
@@seperempat4325 When the cops do it, it's collecting the evidence, though this would be done through the legal system, not hacking. When random people do it, it's breaking in, theft, and possibly tampering with evidence. After all, there was question as to whether the data was even real before it was reviewed. To be usable in court, evidence needs to have a documented chain of custody as it's transported and analyzed.
Love your editing style
was not expecting this hacker to be the nintendo leak guy, that was actually a massive deal, especially with all the old content that got leaked, including both games people didn't know existed, and games that had been ruled out as lost media. while not as serious as the v-tech leak, the nintendo leak was certainly a historical moment for video game culture.
Having proper guidance, he could probably take down censorship in North Korea… That’s historical figure-level potential. I have high hopes for people like this
most people in north korea dont have acess to internet, so theres nothing to censor lmao
NK is incredibly poor, the amount of people that have internet access is very small. Censorship would still be a massive thing and it wouldn’t resolve anything except him getting killed by their government.
ok misato
Slipstream seems like a pretty cool dude, hacked all this data and never did anything malicious with it
(Other than putting north Korean stuff for free on the internet)
But pirating the North Korean government is always funny.
he also put malware in Microsoft's system
That wasn't malicious either
@@NoOne-rk1iw they deserved to be taken down a peg, let's be honest. Pride is only good in small amounts.
@@NoOne-rk1iw microsoft also puts their own malware on/is/as windows so thats a real moot point.
I remember when I was around 5 I got a small yellow vtech camera for Christmas and I never even knew that that was happening with the company
What an absolute chad (that I can't legally condone) but wow. Slipstream is radiating real chaotic neutral energy
i think its a pretty common thing with company security that they get hacked and are then hire the hacker or pay them for explaining their security problems as long as they dont do anything bad with what they find. its basically a service.
happens all the time
Fuck the law, scummy corporations deserve being exposed
More chaotic good, his goals were directly good
Definitely chaotic good.
@@KyunaCookies well except for every other hack he committed after that one, which were just for the lolz.
Slipstream is a literal tech beast like hoooly. He should be hired by a government with all this knowledge he has. Not only that but he had some good intent in that too.
The last people on earth who he should be hired by...is any government. Who do you think mines all that data? Wake up.
@@hashoshanimhoney2956 would you rather a person like this to be hired by a government or some malicious group which either sells that data or does something worse with it? A government owning a 9 year old's data isn't a problem. You think anything good would happen if that data would be in the hands of a dangerous group? No need to be so aggressive for a UA-cam comment.
@@rustyshade2971 There's the White hats, and there's the Government of debt . There's the black hats and there's the government of safety. Government isn't always good, and third party groups aren't always bad, and it's never clear cut one or the other.
@@rustyshade2971 "a government owning a 9 year old's data isnt a problem"
this mindset is the issue with society and the perpetual fear of some third party group with multitudes less power than a government who has shown time and time again to be even less trustworthy than those oh so scary third parties
@@rustyshade2971 id rather him be hired by a third party group than waste his skill in some corrupt bureaucracy whom the higher-ups (or even lower ranked people) do the same bad corrupt shit and invade the privacy and rights of citizens
The crazy part about all of this is that if Slipstream just wanted to make some money he could have and no one would have even noticed. Great video Vince!
Yeah, but he didn't really know that no one would have noticed.
When you get hold of millions of dollars worth of data from a mutli billion dollar company you would think that they would notice.
Slipstream is a fucking menace ☠️ Every time he gets caught doing something insane he goes back for more. I absolutely love it
He's just curious
Hacking into North Koreas Redstar OS should be it’s own movie
It already sounds like a movie title
He probably did it on a boring afternoon, wouldn't be an interesting movie
I don't care how much they would dramatize it, I'd watch
"For you it was the biggest security breach in your country's history. For me it was just a Tuesday afternoon."
@@anthonymcrooster3703 DAMNN
Slipstream is like who I thought I would become after taking my first compsci class lmao
Lol
That law he broke was made to protect companies more than people, I guarantee that a lot more companies do this than we know of...
I had known Wack0 as a humble but very knowledgeable member of a pokemon glitching forum in my youth... only knew about how "in"famous he was when the gigaleak happened and the glitching community was sent into scrambles. We thought it was just Spaceworld 97, then other Pokemon leaks, but soon enough it was everything Nintendo. I was only aware of his responsibility behind the gigaleaks even then, I had no idea he had such a storied history. I didn't even know he went by Slipstream until you mentioned he was behind the gigaleaks. Then everything came together.
It's very very wild to have passed by so closely to him. I feel like I brushed with a famous celebrity in their youth lol
Slipstream is like the real world embodiment of all those technobabbling, "guy behind the computer" archetypes in spy movies and cop dramas
I absolutely condone what Slipstream did. Not condoning it is kind of unconsciously condoning companies collecting the data to begin with, which is probably worse. No one ever hacked me for my information, they hacked target. Curious.
Quick annoying technical correction. Flash isn't what introduces the SQLi vuln, it handles the UI and talks to a vulnerable backend (probably written in PHP). Sounds like he figured out the endpoint that the flash app spoke to and exploited that.
Flash is dangerous and browsers all dropped support for it mostly because it had a history of bugs to break out of its sandbox, so visiting a page using it would lead to control of your computer.
I don't think it's annoying, the video has quite a large amount of technical mistakes. They didn't have access to the entire network, mostly just one machine. The passwords aren't all recoverable, MD5 just allows you to find another input that also works.
Another comment also mentioned the bit about not all MD5 passwords being crackable, and Vince reacted by saying the audience wouldn't understand the technical jargon. Which I thinks is a supremely disappointing reaction, it shows a lack of being able to admit mistakes while blaming your audience for not being smart enough to get it
The dude literally hacked into NK because “why not” 😂
It's disgusting how Slipstream got arrested for exposing one of the worst corporations ever.
Unfortunately
Hacking to get an open door to a big website is still a crime
It doesn’t matter if you’re a villain or a hero it’s still against the law
@@SinisterBlitzo9 yeah but people deserve to know the truth.
@@SinisterBlitzo9 LOL so is collecting millions of people & their children's data without their consent.
@@JoeMemes I know they do
im not on the side of the law
im just saying
unfortuantetly no one is above the law
@@SinisterBlitzo9 it being the law isn’t enough
The law is bad the law is flawed
A few years back I basically walked in the 'back door' of a local museums computer system. I did no programming, no crazy stuff - I simply opened a museum website page and chose to open a page link in a certain way (it was done using 3 moves) and bang - I was in their website on the part that staff used for the museums collections. It did not give access to accounts etc. I could add and remove data if I'd wished. The staff side of their website also allowed full access to everything they'd digitised whereas the public side only showed a tiny fraction of the whole museum scanned collection.
I'm actually a good person and used the back door simply to gain more data for my research - it saved me travelling to that museum, saved me money on copies of documents and gave me full resolution on scans.
The open door lasted around 8 months until a new server system was installed at the museum.
I would have done a little trolling if you know what i mean
@@Deleted_CatExactly, dump all the good data to your PC, so you don't lose it, and then start playing.
Can't believe the dude refused to have fun with it.
So you call yourself a good person, but don't mention the security problem to them?
@@SioxerNikita if he did, he prolly would have gone to prison
@@Bready- No
At the center of all of this, the one thing I'm touched about is how much morals the people involved had in this. Slipstream had a conscience, and that's what sets him apart from a large degree of hackers, and the people he handed the info to as well could have and would have handled this thing horribly in the wrong hands, but didn't. This is one of those things that gives me faith in the world lemme tell you.
I don't think you know the difference between "Hackers" and "Crackers".
@@Seth9809 and I don't think youre quite getting my point I'm making stranger.
Majority of hackers are curious people breaking stuff apart,almost every big company thrives on bounties to fix their shitty security flaws. Governments around the world have a love boner for hackers.
Slipstream really be doing the biggest side quests in life
"They would do everything they could to protect us"
They would advertise everything they could, to assure us.
Sounds familiar...
@@ShwappaJ true but idk why, oh wait i just remembered that the government would say that i think
Not sure why this video popped up on my recommended feed.. I’m glad it did though. This video was a f*cking BANGER! You my good sir have a new sub. Thank you for this.
Same bro, same
slipstream is a fucking legend. I can't believe I haven't heard of his name before
Gotta love how the media treated this hacker like a creep for disclosing illegal data practices done by Vtech. Disgusting
$314,000,000?!? You could be set for life with that kind of money! He really did worry about the well being of those families and children.
That would be a lot to have on your conscious tho
@@burymeinjhenny918 I dunno, that's big money to make...
Yeah he’d also always have his head in a guillotine. That’s a fuck ton of sensitive information about children to be responsible for. I really doubt he would’ve just gotten away with it and get to just ride off into the sunset. Once people realized what happened they’d be after him and he’d always have to fear that
you only need 1 mill to be set for life
@@eclipse369. lol not in todays economy. Minimum 10 million and then you'd have to be careful on your spending habits.
Slipstream sounds like a guy who tried to do something "wrong" for the greater good and was punished for it, then decided he'd just do whatever the hell he wanted to after that.
Sad that someone with so much talent gets punished for their actions instead of praised.
This world is broken.
I mean, he *did* already have a job.
And even if we're going to say that it wasn't wrong, and that he was doing it for the better good, there are way *way* better ways to go about that. What he did was grey-hat at best, and I don't think he'd deny it.
And don't get me wrong, notifying relevant parties of security vulnerabilities is good, and, failing those responsible for maintaining that security notifying the public themselves, it's good to make that information public.
But incentivizing shit of this level is how you get a bleeding wound. Yeah, it's good to know that my stitches are loose, but you don't have to pick at them, and you certainly don't have to rip them open.
@@SaberToothPortilla
"But incentivizing shit of this level is how you get a bleeding wound."
Companies literally hire hackers to attempt to break their systems all the time. It's not new.
@@TheRumpletiltskin true they are called white hats
To be fair I think that the government needs to have some hackers to try and hack into companies to test them. If they don’t do it you will.
@@TheRumpletiltskin Yes, they *hire* them, as in they are expecting it to happen, it is occurring with their knowledge, and they have clear legal recourse in the case that something they didn't sign off on happened.
This isn't penetration testing, this is just penetration. You incentivize people doing it in a controlled environment, again, like his actual job as a security researcher at the time, not doing it randomly to organizations that they have no affiliation with.
They aren't paying to just get hacked, obviously, that's not the service, they're paying for someone to notify them of potential security vulnerabilities which would (generally) not include, for instance, *actually copying the data*.
That's not penetration testing, you just got properly hacked.
Lmao, I actually get this dude; I have High Functioning Autism (ASD1) and ADHD-C. The obsessive nature of this condition makes us really aware of patterns and obscure connections between various subjects. He wanted to know something and when I feel like that it becomes a drive to do so, almost a compulsion.
It's so refreshing to stumble upon a video essay UA-camr that talks like a normal human being for once.