Panel August 1st--4th, 2013 Rio Hotel & Casino • Las Vegas, Nevada
Пікірлер: 232
@mbunds5 жыл бұрын
We deliver a 500 page instead of 403 after auto-black list to make the script kiddies believe they broke our website.
@creepychris4205 жыл бұрын
lool
@manishbhatt76535 жыл бұрын
lol
@AskJoeTaylor5 жыл бұрын
Lol smart
@AskJoeTaylor5 жыл бұрын
Hopefully they do not use VPN and find that the website is not broken and have professional hackers attacking your website.
@kleckson54895 жыл бұрын
@@AskJoeTaylor If you have professional hackers attacking your website you're not really worried about the script kiddies in the first place.
@mdo6 жыл бұрын
HellNet only returns 666 responses. Confuses the crap out of browsers.
@DMessham4 жыл бұрын
Wonder if I can do that on my ftp server
@Eo_Tunun5 жыл бұрын
An IOT tea cooker that replies with 418 would be the only piece of IOT gear I might actually consider to buy. ^^)
@mayube92925 жыл бұрын
418 was actually joke-proposed for the then-fictional "Coffee pot over IP" protocol. The idea being if you ask your coffee pot to make tea, but it's actually a teapot, it uses 418 to tell you it can't make coffee because it's a teapot.
@drumguy13844 жыл бұрын
@@mayube9292 This would be a perfect example of using a joke error code to provide real security. I love it!
@untrust20334 жыл бұрын
Could be possible with a raspberry pi or something just set up to throw 418s and have some controls for the tea cooker :3
@overtheworl Жыл бұрын
@@drumguy1384 "real security"
@ChrisJohnRiley10 жыл бұрын
Not sure why this was listed on the Def Con DVD as a panel… I'm big, but I'm no panel ;)
@z3r0f0xvideos10 жыл бұрын
Really good talk, man. I'm somewhat new to infosec and your presentation was well laid out and made a lot of sense. Keep up the good work
@aporsuger10 жыл бұрын
Awesome stuff! Thanks for the entertainment.
@eX0Noah10 жыл бұрын
Really enjoyed the talk! Funny and informative.
@Jango198910 жыл бұрын
Great Talk!
@MAGACAT6 жыл бұрын
WARGARBL
@aten747official9 жыл бұрын
I should set my website up to only throw 7xx errors
@MegaZsolti7 жыл бұрын
Throw in the 418 as well :p
@AndreasDelleske4 жыл бұрын
401.0000000000001
@devikakrishna44643 жыл бұрын
@@MegaZsolti iit should throw ouy 42069
@samiraperi4677 жыл бұрын
500 is actually shamefully common even if you're not doing anything weird.
@kiraPh1234k4 жыл бұрын
Especially in an Enterprise application!
@l-l6 жыл бұрын
He's a fantastic first time speaker.
@JoshSweetvale5 жыл бұрын
English Accent. +10 to Speech
@JayLim-bn9fh4 жыл бұрын
nice username
@amicloud_yt5 жыл бұрын
Lol, I actually made that "Loading... Please Wait" picture used at 16:10. You can pay me my royalties in the form of HTTP 7xx response codes
@ChillerDragon5 жыл бұрын
11:15 Even if you have 8gb of ram... when you suddenly realise the talk is from 2013 xd
@RyanLynch14 жыл бұрын
ChillerDragon that's almost enough for like 3 chrome tabs nowadays...
@Masterrunescapeer4 жыл бұрын
8GB was the norm for dev laptops in 2013, or at least in my company, moved to 16GB in 2015, and half of us have shifted to 32GB this year, with next year having the other half swapped out. Mostly to help with caches on result queries when you're just testing small changes on test data. Normal dev machine I'd still stick with 16 nowadays.
@ukyoize4 жыл бұрын
I stil have 8 gigs.
@Masterrunescapeer4 жыл бұрын
@@ukyoize what do you do? If you don't need it, then no point in upgrading/wasting money, can spend it on e.g. a better screen, mouse, keyboard, etc. As I mentioned, for the work I do, it's one of the easiest performance improvements one can do, should be one of the main jobs of your manager to make sure you have the tools you need to be most productive.
@JasperJanssen4 жыл бұрын
A KZfaqr my work laptop is supposed to run a browser and office. 8GB is fine. Not a coder though.
@AJMansfield15 жыл бұрын
You could combine the "HTTP tarpit" idea with a full slow loris-style thing to _really_ extend those scan times.
@trevorthieme51575 жыл бұрын
Fun times fun times!
@whatever15024 жыл бұрын
Rly nice idea :'D
@JohnSmith-he5xg8 жыл бұрын
Great stuff. It's surprising how brittle so many implementations are and how simply you can muck things up by going slightly off the beaten path response wise.
@NatoBoram4 жыл бұрын
I mean, they are beaten paths for a reason. It's to ensure interoperability between services and tools. Malicious scripts are just using this interoperability to their advantage.
@chaseroberts28605 жыл бұрын
Proxy login User- Nice Pass- Try
@BenSherman4210 жыл бұрын
@4:00 is actually 732 - Fucking Unic(U+1F4A9)de (turd symbol) haha
@abitofyourbrain7 ай бұрын
Oh, I forgot about this talk Absolutely pristine, well spoken wonderfully given talk on the subject Somehow, even as we reach DEFCON 31 somehow every part of this is still very very astute in regards to current affairs and Internet management Nothing changes really does it What a Time to be alive To this day, my absolute favorite lecture I do hope to find more by this man-he seems to be ahead of his time or conceptually people that make browsers don’t move with the times either way what a gem of a human So glad KZfaq suggested it
@NekoYuki6 жыл бұрын
That moment when you know most of the stuff is going over your head, but the gist is there, you can understand that much, and you're enjoying what you KNOW is about to follow.
@ablindgibsongirl9 жыл бұрын
i love watching these presentations. Thank you for uploading. Not a script kitty, interested in first principles. Learning linux via Vinux, reading up on Unix and other whys and hows of computing. This is the next best thing to going. Fully capable of admitting I know nothing. No one gives a shit about the geek blind lady any way. Happy to continue nibbling away at the bytes and bits of computing that are available to me.
@minihjalte9 жыл бұрын
Its not script kitty, its script kiddy. Script Kiddy.
@corymarsh9 жыл бұрын
minihjalte Now I want a Script Kitty.
@minihjalte9 жыл бұрын
Cory Marsh They are quite cheap actually, i think they go for 5 dollars right now.
@corymarsh9 жыл бұрын
minihjalte Do I need to buy a special keyboard for the script kitty or can they use a normal mac keyboard? I am assuming they come pre-trained.
@paulhendrix85997 жыл бұрын
Alex do consider that this could have been a joke. Check out AvE, man
@ehifnvhiebvzeruwdnivbvzbe56444 жыл бұрын
He has a real nice voice to listen to
@MazeFrame4 жыл бұрын
410, because this website is only available when all planets, including but not limited to the ones of our solar system, line up.
@Walter_4 жыл бұрын
31:00 I know a way to counter the strategy of sending random or static status codes. Just run w3af like normal but use charles web debugging proxy ( or any other proxy ) and automatically replace every statuscode with a 200. You showed that 200 statuscodes takes the scanning software multiple hours longer to complete but at least the scan will be accurate.
@HritikV3 жыл бұрын
About fingerprinting, I guess you could do all of those with x-webkit-* CSS directives
@w0ttheh3ll4 жыл бұрын
I like "737 - FuckThreadsing"
@marcosantimaria38795 жыл бұрын
does anyone know where you can get the files from this talk?
@MLIOGJXNUYAT5 жыл бұрын
One of my pet peeves is that a lot of 404 responses are more correctly 410 responses. 404: "Not here, try again later"; 410 "Not here, and won't ever be here so don't ask".
@kiraPh1234k4 жыл бұрын
It's a bold assumption that some request will be invalid forever.
@NineSun0013 жыл бұрын
THis is wrong. 404 statest that the requested resopurce was never here to begin with. 410 states that an existing resource got deleted. Every 410 should become over time a 404.
@ConstantlyDamaged Жыл бұрын
So you mean I should stop 301ing attackers to their own loopback? I might have to investigate that 1xx idea, though. That sounds like fun.
@XxxionxX5 жыл бұрын
I use this talk as Ambien, it's perfect.
@yxngsixto.44014 жыл бұрын
ayeeee.
@danielbrunner8297 жыл бұрын
4:58 does he really say "Gesundheit!" ?
@averagegeek39576 жыл бұрын
Ja, hat sich so angehört.
@talhatariqyuluqatdis6 жыл бұрын
Daniel Brunner ich bin ein berliner
@mcMineoc5 жыл бұрын
It’s a common word in some parts of the US
@boblewis55585 жыл бұрын
@@talhatariqyuluqatdis you're a hamburger?!
@Grimpmann5 жыл бұрын
@@mcMineoc Only douches who want to seem cool.
@Mixer-he2wb5 ай бұрын
Just thinking on the authentication error. Send bad ASCII. Bell tones?
@johnmckay19619 жыл бұрын
Awesome :)
@MrRandsauce5 жыл бұрын
awesome talk man
@pgoeds74204 жыл бұрын
41:39 What web standard is he using from 1990?
@Shadow819895 жыл бұрын
About 23:00 when he talks about telling the website you're using a different browser than what you actually run... Opera had this fantastic feature to: a) "pretend to be browser x" b) "mask as browser x" with browser x being firefox or internet explorer - with chrome just appearing over 5 years later... That was a feature that I regularly used, when websites wouldn't load, because I wasn't using their preferred browser. When using the "wrong" browser, they would not even try to show the content, but just display a warning message... For most websites it was enough to use solution (a) to get it run, which I guess just changed what opera rightout TOLD the website about what browser it was. On SOME websites that would fail though, and you would have to "mask as...", which now I guess made Opera send the typical respond of [whichever browser it was masking as] for the most generally used "browser detection" status codes, when receiving them.
@alexbuhl13164 жыл бұрын
I still use opera. on every front they actually innovate. I love it. >50% doesn't work out, yet they still try again and again. commendable.
@kiraPh1234k4 жыл бұрын
As an aside to this: Bypassing a browser check like that can result in using a broken web page. Often, if the site has a preferred browser, it's because they use some feature they know to be implemented on that browser that isn't implemented on others, or they use some specific browser extension (activeX, moz, webkit, etc). It's certainly bad programming on their part and an annoyance, but at least they're giving you the message that says "Hey, I know my garbage web page only works properly in Firefox" rather than letting you wonder why the site isn't working properly.
@johnfrancisdoe15634 жыл бұрын
Rue U There's also Goanna that is a complete Gecko fork.
@NineSun0013 жыл бұрын
@@kiraPh1234k Mostly it is used to block out old and skimpy browser which don't comply witht he RFC. Of course I can use a ployfill, but honestly I don't want to serve an IE8 in 2021 and people should feel bad for using it.
@kiraPh1234k3 жыл бұрын
@@NineSun001 Uh, no. The situation i pointed out of a web developer using features that exist only in specific browsers is much more common than a situation where a web developer is just not supporting very old browsers. These situations will often happen because either the developer wants to utilize a web feature only implemented on one browser, or wants to implement a browser feature as part of their project. So usually these are browser specific extensions like moz, webkit or activeX controls (and even out of those it's mostly activeX and moz...). You will see this go side by side with supporting only Firefox or only Edge (Firefox so they can keep using moz, or Edge for activeX). This is actually why I used Firefox specifically in my first example. Since it's never a leader in implementation of RFC you'd almost never want to support just Firefox which has some of the worst web compliance of any available browser. So to be clear, in most situations and especially in situations where you see "Only works in IE" or "Only works in Firefox" - this is because the developer isn't following web standards/RFC. It's not because they're stopping RFC compliant browsers (Like say, Chrome, Brave or even Edge - all of which implement more of the RFCs for HTML5/CSS3 and such than Firefox. Next time you see a site supporting only Firefox, look at it's source. Most likely you'll see them using moz extensions for things which other browsers use normal HTML for. Edit: Remember, most humans have bad habits - even in their jobs. Programmers or web developers have never been an exception.
@sham69ohio3 жыл бұрын
How can I get the slides used in this video?
@firstnamelastname22986 жыл бұрын
Thumbs up for numbers )
@elukok6 жыл бұрын
Probably not a good idea to use, i would be worried that browsers change the status code behavior in different versions. Firefox 30 could behave differently then Firefox 45. One displaying the content and one not displaying it.
@elukok6 жыл бұрын
Not everything. Most major functionality stays the same, at least trough the miner releases. The things mentioned here will probably be different every small release. It would be quite hard to keep up and test every new version of the browser. Automating it would be one solution though.
@MobCat_4 жыл бұрын
Error 200 - This is a nice message telling you to piss off nice, i am soo using that >__
@onyxtay72466 жыл бұрын
411 Ouch. Really don't want to get that one huh.
@sticky1706 жыл бұрын
411 that's what she said
@fartyperson5 жыл бұрын
Tongue slaps
@philswaim3925 жыл бұрын
Really cool info on http and how to bend rfc vs reality. However i dont think this type of obscurity is very sustainable through turnover in companies. I could see using honey headers or other kinds of trickery to get attackers to reveal themselves and their techniques more clearly, but you have to be able to manage these kinds of configurations. It would be better to hold to standard configuration for your production stuff and throw curiosities in the environment to distract ne'rdowells and make their presence and their movement more obvious. I can get behind obscurity helping security, but you cant confuse your developers and 3rd parties as to why your webserver is always showing 300 or 400 when everything is working just fine.
@benistingray60976 жыл бұрын
I would call myself a script "kiddi" but in a good way, let me explain. As i started to get interested in these things i was 28 years old and i tried my best to start with some python but honestly i just cant remember all that stuff lol. But im still interested in it and want to know how these things work and such scripts help me a lot to understand at least basicly whats going. Im just messing around in my home network and my biggest "achievment" was to crack my own wpa2 network. A lot didnt work but i didnt give up and researched a lot of things and at the end it worked. So yeah i think it isnt allways bad, i learned some things, i felt i achieved something and at the end it was also a lot fun. Anyway have a nice day folks ;)
@JoshSweetvale5 жыл бұрын
The vernacular difference is the same as the one between difference between 'noob' and 'newbie'. Taking scriptcode apart isn't what 'Scriptkiddies'(vernacular) do. They find these programs and use them as blunt instruments of cyberwarfare, without much thought as to how. The 'lout with a brick' of hacking.
@adgasdggfg5 жыл бұрын
Give a man a wifi password and he has internet for a spot Learn a man how to hack a wifi password and he has internet forever
@luxzartheglorious4 жыл бұрын
@@JoshSweetvale skript kiddies will beat you with a stick, where a skript noob will learn to sharpen said stick
@broquestwarsneeder76174 жыл бұрын
i like this dude
@alexchristensen26514 жыл бұрын
601: i like this guy
@TheKorrent5 жыл бұрын
4:59 Gesundheit
@minnermin5 жыл бұрын
"The wisest man is the man who knows he doesn't know jack shit" ~socrates
@SamJakob16 жыл бұрын
420! It is used by Twitter!
@Yuzuki13374 жыл бұрын
Error 420 - the cache is too high
@nnslife4 жыл бұрын
Start watching at 19:50. First 20 minutes is a complete waste. This is talk about HTTP response codes, specifically about two things: 1) Different browsers behave differently when receiving rare HTTP codes. You might use it to detect the real browser person using. It's easy to fake request http header with browser info, but it's harder to fake browser behaviour and fewer people will do that 2) You can really confuse automated scanners by returning rare/wrong/random HTTP codes If these two things are not of your interest than you don't need to watch the talk. Otherwise start watching at 19:50. First 20 minutes is a complete waste.
@THEFRISKIESTDINGO10 жыл бұрын
42:50 - I want to go to Defcon
@Gredddfe4 жыл бұрын
I've been pronouncing nginx as "en-ginks" for years.
@kiraPh1234k4 жыл бұрын
Same, and now I can't get "N Gin X" put of my head
@SonOfNone6 жыл бұрын
I worked for a company that used 503 - busy/try later response codes for all email not in a custom white list. Seems smart since spam never retries emails, but sometimes neither does legitimate email servers. Fucking nightmare
@ThoriumHeavyIndustries10 жыл бұрын
Nice talk unless the comment about loadbalancers. Loadbalancer like F5 or Cisco can help you a lot with fighting of skriptkiddies and DDoS. And If you host websites, you have loadbalancer, at least for redundance.
@larsfinlay73259 ай бұрын
I'm something of an edge case myself
@AlaricScandoveski4 жыл бұрын
... Why does he sound like 'Internet Historian'?
@Mmouse_4 жыл бұрын
500 I see a lot because I like to miss punctuation in php
@Ratty24804 жыл бұрын
Dude have a drink
@AssemblyWizard5 жыл бұрын
39:21 the regex is wrong, it should've been parentheses instead of square brackets. This means there should be more than a 1000
@atorac5 жыл бұрын
() parentheses are for group matching, no use there.. res[p|ponse]? matches 3 options: res resp response Which is exactly what he meant to do. Not crazy complex and gets the job done.
@AssemblyWizard5 жыл бұрын
Puffo Sciamano No, `res[p|ponse]?` matches: res resp res| reso resn ress rese While `res(p|ponse)?` matches res, resp, response Like he wanted. Or better - `res(p(onse)?)?` Know your regexs.
@atorac5 жыл бұрын
@@AssemblyWizard oh my.. uops :) I stand corrected, kids dont drink and regex
@opensourceftw32828 жыл бұрын
200 Hacking Appempt Detected...
@lonewanderer17768 жыл бұрын
699 - Deez nutz
@paulhendrix85997 жыл бұрын
Lone Wanderer is 666 a thing?
@pawpatrolnews3 жыл бұрын
You don't need to be mean to the people with spiders! They aren't hurting you.
@CrucesNomad14 жыл бұрын
good primer
@CaboLabsHealthInformatics3 жыл бұрын
why assume everyone scanning is a script kiddie?
@visvge49342 жыл бұрын
Anyone scanning without your permission might as well be considered potentially checking for weaknesses
@minnermin5 жыл бұрын
Appachkey
@repairaholic48584 жыл бұрын
Why would you have to restart your android phone when you can go to app and force close it 🤔
@LiEnby4 жыл бұрын
if you sent 404 on every request then most libaries would have *issues* GET-ing pages, like python requests would throw an exception lel though its worth mentioning the PS4 browser does check for status code 404 then display a generic "Not found" message^
@destiny_02 Жыл бұрын
And so does Chrome Mobile
@hosting_utilities5 жыл бұрын
Way too many problems with this: I believe this is bad for SEO. No research was done about how this affects screen-readers. This could negatively affect bots that a marketing department uses to do things like scanning a website for info about the internal link structure. I could see a caching mechanism or a caching preload bot failing to cache pages that do not return a 200 response. Programs that analyze the health of the network will fail to work properly. And some of these programs it would be interfering with could be third-party programs that would have to be replaced with in-house solutions.
@lerubikscubetherubikscube28134 жыл бұрын
Could you not have this setup to change the return code rules dynamically depending if you want to use a tool to check the health of your website? Also, could you not whitelist certain bots while still avoiding malicious ones?
@kiraPh1234k4 жыл бұрын
Actually, this setup is easy to use with in house interference. When you have access to your own network, it's a different beast than the Internet coming in. The Internet traffic is restricted to whatever you exposed to them, but from inside you could for example, simply use your health checking tool on the server directly, ignoring the proxy that all the internet traffic is coming through, hence getting all the correct response codes into any needed tool. Edit: It likely won't actually impact SEO much either, mainly due to search engines using content and reference to judge rank, not response code. It could impact the spider's ability to crawl the site, but there are solutions to that as well.
@creepychris4205 жыл бұрын
Opera is awesome again dude, it's 2018 check that shit out
@isbestlizard4 жыл бұрын
i HATE that browsers don't respect 410 Gone for their stupid fucking favicon requests and keep DEMANDING more favicons even though every response is me saying NO it's NOT HERE and is NEVER GOING TO BE HERE
@isbestlizard4 жыл бұрын
how much net traffic could be saved if fucking edge and mozilla and chrome RESPECTED 410 Gone for crappy speculative requests and STOP ASKING on that domain/whatever
@isbestlizard4 жыл бұрын
i wish my wishes came true except typing them here as a reply to a random video about http status codes probably isn't going to make it happen :
@isbestlizard11 ай бұрын
I was right then and I stand by old me
@uimvbjhjzephhmfvyvjlhccabj38558 жыл бұрын
i use lynx!!!!!!!!
@nullplan015 жыл бұрын
For youtube?
@pteppig5 жыл бұрын
Oh, that was you
@authorizedblock23735 жыл бұрын
WORLDSTAGE- be safe, have fun. But RESULTS AND irreconcilable RUIN Runs Randomly recurring risk.
@Skylarr7 жыл бұрын
I'm a little late here xD but I have my servers set up to try to attack the person who's attacking me back
@luxzartheglorious4 жыл бұрын
He's 13 now
@daydodog5 жыл бұрын
this is *by far* the most lost i've been watching a defcon talk
@ukyoize4 жыл бұрын
Why not just write code without wurnerabiblities?
@lort256c8 жыл бұрын
GG first GG
@Shadowlogic4204 жыл бұрын
Am I the only one noticing Bitcoin miner scripts in the sources of websites these days? That's some shady shit.
@asbeltrion4 жыл бұрын
Wait, what?
@pinguimgutembergcarvalho77754 жыл бұрын
Eu só fiz isso pois não quero ser preso por hackers vcs. Simples assim.
@DeeWeext8 жыл бұрын
"a 300 fold" .....
@casportflyers8 жыл бұрын
A 300 fold. wut
@alextilson97415 жыл бұрын
This has to be fucking terrible for SEO lol
@ShroudedWolf515 жыл бұрын
....why is he using IE6 as the Internet Explorer example? IE has been decent enough since IE9 came out and IE10 released nearly a year before this talk.
@thedarkness1254 жыл бұрын
Internet explorer still isnt decent.
@johnfrancisdoe15634 жыл бұрын
ShroudedWolf51 He only mentions trying "all" IE versions and IE6 being the extra weird one.
@HackersOnBoard4 жыл бұрын
Hello dear friends Today we get notified of the censorship of our channel by the new KZfaq Guidelines (who change every 6 months) because of "Content reusing without including substantial original commentary or educational value" This is a little bit tricky because these Guidelines wasn't there in 2013, 2014, 2015 and so on... It is abnormal to change the rules during a game ...even more before Christmas! Since 2013 we are trying to share the best Security Conference on our channel and we need your help to keep it up. As you already know I was fighting the disease since the last 2 years and it's difficult and without resource and support I wouldn't be able to keep up on this way. You can support us on Patreon if you find our work valuable. You can also express your dissatisfaction regarding our situation to KZfaq on Twitter, Facebook, Instagram and wherever you can. to help us regain our rights. Your support in anyway will be truly appreciated Thanks guys for taking time reading me and stay tuned! Merry Christmas to you all and God bless you all! www.patreon.com/HackersOnBoard Bitcoin Wallet: 1NWM4upgKj8iF7zknzmnHG8Mm2pvAyTHqc
@m.h.87299 жыл бұрын
i dont understand anything
@talhatariqyuluqatdis6 жыл бұрын
Angry addict lol
@jonharson5 жыл бұрын
Found the script kiddy.
@m00str6 жыл бұрын
it freaks me out every time a English speaker says "Gesundheit". since it's German for health
@RnBandCrunk6 жыл бұрын
Rou Lor it's the equivalent of "bless you" in english.
@ERIK313515 жыл бұрын
Why would that freak you out?
@nopenope71845 жыл бұрын
@@ERIK31351 Because "bless you" at least somewhat makes sense and just saying "health" is weird.
@alex1902915 жыл бұрын
the german set phrase "Gesundheit" has its origin in the idea, that you wish health ("Gesundheit" in german) for yourself when somebody sneezed around you. But nowadays it means you wish "Gesundheit" for the sick person, even if the origin is, that you wish health for yourself :D
@berndlauer28945 жыл бұрын
I hate it that they disrupt talks for drug usage.
@alex1902915 жыл бұрын
@Bobby Fisher i also hate, when someone disrupts my drug usage for talking...
@robpatershuk5 жыл бұрын
I much prefer when a talk incorporates drug usage. Far more interesting than the alternative.
@thedarkness1254 жыл бұрын
Man that alcohol is so evil. I wish the devil would burn them down with his fury...shut the fuck up.
@OEFarredondo5 жыл бұрын
Haters lol lazy hackers is all a skittie is
@kiraPh1234k4 жыл бұрын
Nah, that's too much credit. A hacker actually creates solutions to problems and makes tech do what they want. A script kiddie is generally not a hacker, they have less interest in engineering any solutions and more interest in commiting crime.
@carcolgeo5 жыл бұрын
"No one cares about edge case stuff" says someone who knew nothing about ai as late as 2013.
@zeroskill. Жыл бұрын
im going to save you 49 minutes, common scanning tools are poorly crafted when it comes to out of the ordinary http response codes, you can (as of 9 years ago) fingerprint which browser a client is connecting with with php using response codes. sending random response codes to suspicious ips can cause scanners to behave strangely. in the end more of a deterrent than any real solution
@blackneos9404 жыл бұрын
What if you speak at Defcon and don't drink because of Bipolar and Autism?
@undefined8794 жыл бұрын
blackneos940 what
@blackneos9404 жыл бұрын
@@undefined879 I asked exactly that. :)
@thesuperpunmaster63694 жыл бұрын
@@blackneos940 do it pussy
@HelloKittyFanMan.5 жыл бұрын
So... what if some "script kiddies" are watching this and will now learn how to circumvent this kind of defense?
@Roxor1285 жыл бұрын
Script kiddies are called that because running scripts is about as far as their computing knowledge goes. They don't have the experience to modify their tools to circumvent these measures yet. If they're interested enough to try, they'll probably develop a more-productive interest and end up writing code for a living or end up becoming security researchers themselves a decade down the line.
@Tridd6664 жыл бұрын
"the big three" "Firefox" This video did not age well
@HelloKittyFanMan.5 жыл бұрын
Wow, you tested IE from the current one for this part of 2013 clear down to 1.0, eh?
@SJWBach6 жыл бұрын
you could rediredt attackers to childporn so the police breaks thair doorin the next 30 minutes xD
@SJWBach6 жыл бұрын
maybe even government honeypods and not real childporn so they arrive even faster xD
@ownageDan5 жыл бұрын
@@SJWBach ecksdee
@luxzartheglorious4 жыл бұрын
@@SJWBach yer
@HelloKittyFanMan.5 жыл бұрын
Oops, there's no such thing as a "PHP page"! Why? Let's see if you can figure that out! ;-) Opes, didn't figure it out? Because "PHP" already _stands_ for "__________ _page_ "!
@HelloKittyFanMan.5 жыл бұрын
"Each to their own"? Oops! What did you think that means? The common phrase that's reminiscent of that is actually " _to each_ their own" (or "to each his/her own").
@kamigo4 жыл бұрын
It would have been better if he was a little bit more polite.
@HelloKittyFanMan.5 жыл бұрын
"Respond back"? So you're saying... like... "say something back _back_ "? Oops!
@HelloKittyFanMan.5 жыл бұрын
"No one really cares who the speaker is"? um... do you think you're a mind reader? I have news for you: you're not one!
@butteredtoast86664 жыл бұрын
The speaker is pretty melancholy. He's pretty negative. Depressing. He needs some counseling and encouragement or something.
@sebastians37734 жыл бұрын
He's British. That's racist.
@HelloKittyFanMan.5 жыл бұрын
Guess what: there's and _easier way_ to say names of years like 2013 instead of "two thousand [and] thirteen": Remember from last and previous centuries when you said "NINETEEN-thirteen," etc.? Well, that method works in this century too; it's less syllables just like before! Try it today!
@HelloKittyFanMan.5 жыл бұрын
"TL;DR"? Nope, this is a speech with visuals, so more like... TL;DW! ("Watch"!)
@HelloKittyFanMan.5 жыл бұрын
"I know... nothing." Yeah, like... where to use commas or _not_ use them! Case in point: "The wisest man,"... (oops) ...."is he who knows,"... (oops again) ..."that he knows nothing." Well, not _absolutely_ nothing.
@HelloKittyFanMan.5 жыл бұрын
Oops, there is no such character as "Miss Pac-Man." Why? Because the closest thing we have to that is Ms. Pac-Man ("Ms." refers to either married or single; "Miss" is for single only.) But good attempt at a joke with that, still!
@jwadaow4 жыл бұрын
Hello Kitty Lover Man! Ms. Being a fake artificial article
@HelloKittyFanMan.5 жыл бұрын
OR... why not just scan your sites yourselves and then _fix your vulnerabilities?_