@@annnooon8455 Shannon left due to health issues. She still posts on her channel. You can find her final episode where she discusses her departure in the Nov 7 2023 ThreatWire.
I think if your IOT product holds important customer data it should absolutely be patched regardless of how long it's been. Or at the very least, when support is ended it should be cut off from the manufacturer's cloud and only work locally.
Data can be traced but can be removed from your iot devices, iasae devices. Etc he who can think like a hacker can prevent one from attack another person. 😮😅😉 Just remember that each motif can have a long term affect or effect or both? You be the judge of the that.
Why? The only thing shitty is it's flaws like viruses it can get. Best option? Buy a client oem and ask network administrator with ISP to do that dual boot if you're phone is compatible with. Client OEM devices sound alot like Motorola or Verizon or metro would do
Yeah that was the weirdest line like, okay that technique for a device compromise is "solved" as in we know how it works (yay microsoft wowee) but we ajn't doing anything. My rule is I never click anything in an email unless it's a password reset I know I just initiated.
Where's the rest of the info on the phishing attack? How does hiding elements result in a phishing attack anyway? Is there a CVE? Suggestions for the laymen?
The CSS can change what the email says after it detects that it has been forwarded because an email that has been forwarded has been offset. It could be programmed to notice that, then change what the text says based on that. The scheme was to trick the first recipient to forward the email. Next, the email changes the text to something "malicious" like sending money as the article used as an example. In the long run, it appears that the email was forwarded from your boss (because it was) and says to send money. You ask your boss to confirm he sent you an email, and he says that he has indeed sent an email. He did not know you meant an email to send money. He thought you meant the innocent email which may have only said "forward this to (person 2) because I do not know his email address" but the text was changed by the CSS after detecting the format change due to being forwarded. Hopefully you understand now, and this isn't too long.
Imagine a car company telling their customers that their vehicles are designed to last 5 years, because that's when the warranty expires; at the end of 5 years, customers should take their vehicles to the junkyard and sell it as scrap. Then the customer should return to buy the next round of vehicles, also with a 5 year lifespan. This is what D-Link is telling their customers. Worse, the manufacturer created the issue by including default logins and passwords, which is an industry norm to AVOID at all costs. Yet, D-Link says to their customer base - toss it in the trash, and come buy something new instead. Folks, it's time to NEVER buy a D-Link device, even to include a unmanaged switch, or a cable ; vote with your money and send it anywhere but D-Link.
It's a balance because there's technical folk who want some details and more layman level of knowledge who just want to know what to do for protection.
In D-Link's case, it would have meant that hackers would have gained access to the devices much earlier; default logins and passwords are always a bad thing; usually a sign of a company that does not give a crap about security, just selling product, abandoning it when it stops making money, then selling more new product just as long as they can make a dime. People should steer clear of D-Link products. Their approach to security and how it sees its customer base is abhorrent.
Great work! Ignore bad comments, embrace useful criticism and focus on the positive ones, tough for us humans to do but it helped me quite a bit. Keep on rocking!
Many creators suggest not reading the comments. Kinda defeats the purpose of commenting, though. Maybe hire someone to proof the comments, remove the negative, overly critical and childish ones? Although you've no need to worry about them. You're doing great. Thx and keep it up! 😊
I believe she was referring to Sonos's "Recycle Mode" that bricked old speakers and was required to enable for Sonos's trade-up program to get a discount. Edit: clarification
@@oxoboo hmm yea. True that. But that was opt-in. It was basically a trade-in, but without actually sending the hardware to them. So essentially it's the same thing. You 'trade-in' aka disable your old hardware and get the discount
Its very annoying these situations exist. Although the public can't top this we can more careful in the selection of products we choose to use. We need to strive to not choose products that are D-Link to a bad experience. 😅
You're kicking ass. I'm glad Hak5 is continuing with Threatwire and I'm glad you're taking it over. Wish you the best in this role. Ignore the haters, for haters will only hate.
if a company is going to EOL/EOS a hardware product, then they should release the software and firmware so owners at least have the option to maintain them on their own.
dlink attitude to security is the reason I won't buy any more of their products. hard coded reds warrants and update if out of support because of the stupidity of the vendor to include one Mr Potato Head... Mr Potato Head back doors are not secret and they should know it
Yeah hardcoded creds are an invite for compromise. And they're usually unbelievably easy, short and predictable. Probably didnt even need to bruteforce it with a program lol
Honestly, even if D-link released a patch, the type of person who is exposing an EoL device's management interface (or ANY device really) directly to the internet isn't going to update it anyways, and probably will never even hear about this CVE.
The fact D-Link won't just release a patch makes me never want to buy another D-Link product again. Also I just noticed you got the cutest dimples ever.
While im still looking for a job atm, throughout my learning on Tryhackme, Hackthebox, portswigger(so far), some books and studying for my Sec+ exam I don't think it has ever been mentioned. Perhaps once but not in enough detail to remember. Ive heard of the IEEE and IANA, but not w3c, there's sooooo much info in learning the fundamentals of the web/software/different OS'/networking/Active Dir/cloud/back-end & front-end, cyber- security, coding... Obvs I know you don't need to be proficient in all these areas, but the amount of information is mind boggling. It's so easy to miss stuff that more experienced people assume you would run across.
Ignore the haters, idk why anyone would make fun of your name. My driving instructor's last name was Diamond and it was pretty kewl! Anywho, keep up the great work.
I came to this video with an open mind, but your delivery of pertinent information is REALLY bad. This I think, is down to some terrible writing. Now I'm not entirely sure what you're aiming for, but it sounds like some like some sort of badly written news segment with various quotes from whatever sources you can find. There's nothing here about what people should look for in detail, or how they can avoid these threats. This video is actually hard to watch because of the way things are delivered, to the point I couldn't make it all the way through. If I feel this way and I'm trying to be as constructive as I can, I'm sure others will have a similar opinion. However, the worst thing here are the comments. All the supportive ones with no real reason for the support other than the "you go girl" perspective. Sure, there's are trolls, but a lot of the comments are bad because of the reasons I mentioned above. With other commenters saying "ignore the haters" and other moronic things without trying to understand why the haters are saying what they're saying. As someone who works in this field, I found this incredibly difficult to watch and I think you have a lot of work to do in order to maintain engagement.
I have a hard time thinking this young gal has any technical credibility. She talks WAY too fast with too many unexplained jargon terms for my ears, so I am out of here.
