Правда

I know IT people who majored in the arts. Not many, but they are out there. Nothing's stopping you from learning programming on your own or through certification training. The internet is full of good tutorials for every area.

You should learning hacking to get your art out

Go for Codecademy for a programming introduction. Latter on, go for C++ and hammer at emulators and collect some experience, and then go for industrial emulation projects.

x3kesa3 This is true. learning it is free, the certification is all that matters.

Naw, people are stupid. There are hawkers selling tickets at 10x the value only feet from the ticket booths.

A botnet is a group of Internet-connected devices, each of which runs one or more bots. The bots don't have to be across the world on random people's PCs. And this is outside the context of security, it's in the context of online retail.

​@@Galactipodit's not outside of context of security if it was presented at DEFCON. "DEF CON is a hacker convention ...since 1993 and today many attendees at DEF CON include computer security professionals, journalists, ..." Wikipedia According to the number of upvotes, I was not alone wondering.

Actually Ticketmaster can stop scalpers but they would loose money in doing so. So i doubt it's a very prominent topic on their agenda.

ryan pongracz I remember a concert house working with a journalist from the same corporation to bait those bots with an unannounced concert then publicly shaming the scalping site that instabought tickets and put them up for sale before the concert was announced. Didn't make a dent.

Would you EAT a burger from a greasy dirty bot hacker????

What ever brings me closer to a burger now, is reasonable.

Jordan Shackelford k

Hey wait a second........

Jordan Shackelford your profile pic perfectly portrays this plump emoji :(

You think you are a bot?

Fuck the uploader.

It doesn't matter, the video would be auto detected by youtube's copyright claims and all the ad money would go to the copyright owner

Brave browser.

@@patrickkeefer8678 ublock. brave is spyware.

I appreciate you

Thanks for sharing. I often ponder on these trivialities.

How do you look up vehicle VIN numbers?

Good for you for admitting this, assuming you are a "for real Russian hacker."

No you were not. Those were ukrainian wannabes (just like this cowboy right here).

nah dog you're just dumb

jb OHHHHHHHHHHHH

@Joel P The fact that they may or may not have been hackers doesn't seem relevant to me.

I haven't watched it yet, but might as well have thrown the word "quantum" in there for good measure.

Exactly more of a scraper than a hack

It didn't have any Ajax script, so you can't reverse engineer it.

Yeah I don't know how AJAX ended up in that comment. I probably meant HTML forms.

if it's ajax, it was probably hitting an app, just view the request it sends, mock your own with curl, super minimal

BloCKBu5teR why? especially saying "ive got six snipers ready to go at noon, lets see how many kills we get"... i would kind of hope the NSA would pick that one up and investigate it a bit

can I read your emails please?

Illuminaughty sadly there is no mobile adblock for youtube.

+Roliath, Malebranche Of The Abyss There IS - youtube adaway (needs xposed framework and root)

sorry you can only afford to watch KZfaq on mobile. Firefox and adblock plus is the way to go

+Douwe Huysmans he never used the word whining. why use quotes?

Adam S. All phones can't be rooted sadly.

He sold like 20 cars a week, that easy. That's like one every two working hours.

exactly. but it would ruined his lengthy story.

Mybot?

Cease and desists usually come before big lawsuits. Intimidation is cheaper than a lawyer.

Goldenfightinglink 4.01, then after years of stability they jumped to "5, but not telling the number anymore"

@@johnfrancisdoe1563 and they dropped calling it "5" now it's just the "Living Standard"

As he stated repeatedly, this kind of action could lead to people buying cars before the sale time-in which case you get all your accounts deleted and are banned from the service. This is how not to have a Good Day™.

@@ConstantlyDamaged I didn't say it was a good idea, just that it can be done, and therefore someone will do it.

Spasiba.

Spasibo Tebe Bolshoe.

and yeah, I know what NTP is... Obviously, that's not what he's talking about here...

I know this is late, and you might know the answer by now, but when a web server responds to a HTTP(S) request, they include a "Date" field in their reply header which has a lovely date/time value that is usually referenced to GMT. These are accurate to the second, of course, so that's why he repeatedly prods the server to obtain more precision.

+Kevin Klika he talks about that option near the end, and says while it probably would have worked, it wouldn't be the smartest choice for the same reason the VIN numbers were verified before trying to buy the car

*Spoiler Alert??*

Sébastien Lauzon not a spoiler alert, it's exactly NOT a spoiler because it's not what he did...

Bullshit. Watch the video guys.

Just cause u can enable the the buy button client side doesnt mean server side code will accept the request.

was probably kids in secaucus using some open russian iot device running msh

found signs of PAS web shell, immediately attributes russia (for the dense never mind PAS is ukrainian and available here github.com/wordfence/grizzly was until recently available at profexer.name but site changed and i don't speak the language to grok it any more)

Exactly. If you replace "Russian Hacker" with any other racist stereotype you'll see that this is yet another attempt at pole pissing and chest thumping by a bigot.

Nxght yeah sorry, this guy is either full of shit, or he's purposefully misleading people about how forms can be spoofed. Or worse, he didn't even know it himself...

yes. he said EXACTLY that.

Hey buddy if you ever come back to this, here's your answer. You might have been confused by the fact he is using and HTML page as an interface for his bot, he also probably made it with PHP. But that's really just the interface and the programming language that were used, the fact that the GUI is in a browser does not matter, it could have been python, C or whatever else. Now he didn't have to use any kind of cross-site hack to pull this off, all he did was send HTTP requests (probably using PHP curl). One request would get the list of cars, the other one would get his timing information and finally, when his timer kicked in, a request would be sent to buy a car, with the appropriate POST or GET data.

you know too much. this is entertainment only.

Yeah me too, I figured it was about a botnet and russian hackers, but it was actually about a PHP script and people (possibly russian) doing the same trick he's doing

Pleiodes it's called machine trading, and more than 75% of stock trades are done with this method

There’s also a *_huge_* amount of work that goes into currency trading... bots that are scanning currency markets around the world for when currency A is just a fraction off in market B and tho it may be tenths of a percent it can add up quick !!

+ericsbuds Of course, even if you know that the car in on sale at, let's say 2pm, there are still 700-800 people wanting to press the buy button first. If you don't refresh, you won't be the first one to buy as it will not refresh automatically.

Pianolicious i see I see, so you know what time the buy will happen before hand. thanks ;D

+ericsbuds I might be completely wrong, but as far as I understood, the time the offer went live was actually known to everyone. just like an auction, it starts at a specific time.

Yeah see shit like that alot.

@@thatoneguyinthecomments2633 Shit like "alot"?

Joe can you make webpage servers with its own domain with no need to pay for a host?

I used to put them on free hosting servers like angelfire (not sure they even exist anymore) the only problem was the add-on style domain name. From what I remember reading it was possible as long as you have your own server with enough bandwidth?

Vrani2110 hahahaha ahhhh good one

Vrani2110 Not as bad as the bots that commercially messes with our lives out of their California headquarters.

try a different browser firstly, if that doesnt work, check your pc proxy settings or dns server, otherwise check your browser's proxy settings

1998 auction sites mate the past is the past

MegaSuperCritic Its an image from google Street view. Google has it go through their server stacks, the stormtrooper is actually there on street view

if you are a "couple" its your own fault you fell asleep. Take a shower.

What was he saying?

How many captchas do you remember in 2007? Sorry about the necro

rofl, I keep thinking that, his harvesters could be vms

He started to say the persons name so he stopped himself.

@@Xeldafied "Mike would call..."

Probably, but this stuff isn't hard. The point of imacros though, is mechanize doesn't pull down ajax, and it's really easy to detect and block even with spoofed user agents.

what you say is 100% true, trying to get JS to run in mechanize is not something you want to do, all I was saying is for this application where they're just refreshing a page and looking at a button property then it's most certainly overkill

I can't say I have experience with automating processes that actually involve money (really in this context I'm just some script kid), but the validation mechanisms I've seen could be replicated by looking at the websites' code hard enough - is that not feasible for serious applications like this? Would it take too much time?

Yea, I've been on both sides of this problem. That's probably fine if you're just crawling one site, but the problem comes when you're crawling 20 websites, and need specialized code for each site for getting around A/B testing, browser validation, template updates, etc. It's soooo much easier to just throw up some imacros stuff and not even worry about how the site renders, just let it do its thing and then send you back the completed html.

ryan edge I see, so I'm just not thinking big enough :P