No video
Hacking With Discord Just Got Harder
Рет қаралды 78,804
Күн бұрынGo to ground.news/se... to stay fully informed. Subscribe for less than $1/month or get 40% off unlimited access to take advantage of their biggest sale of the year. Sale ends November 30.
0:00 Discord is Cracking Down on Hacking
1:59 Almost an Entire State Hacked
5:22 Rent a Hitman Fail
7:26 Hijacking AirTags
Sources:
www.bleepingco...
news.ycombinat...
www.bleepingco...
www.trellix.co...
ground.news/ar...
www.bleepingco...
www.darkreadin...
www.maine.gov/...
www.justice.go...
regmedia.co.uk...
www.theregiste...
rentahitman.com/
www.bleepingco...
www.heise.de/n...
German keylogger video • Wir haben Apples Wo-Is...
===============================================
My Website: www.seytonic.com/
Follow me on TWTR: / seytonic
Follow me on INSTA: / jhonti
===============================================
@Seytonic 9 ай бұрын
Go to ground.news/seytonic to stay fully informed. Subscribe for less than $1/month or get 40% off unlimited access to take advantage of their biggest sale of the year. Sale ends November 30 :)
@MexieMex 8 ай бұрын
Ground News? Seriously? It's fucking terrible! It totally biased and not at all trust worthy! Just taking them as a sponsor really puts doubt in your due diligence. I didn't unsubscribe, but I came very close.
@PepsiMan42069 9 ай бұрын
I get why discord are doing this, but I’m gonna miss having an empty discord server as my cloud provider 😅
@Aphex51 9 ай бұрын
And I'm sad that I'm too dumb to realise this potential and I've now totally missed the party.
@aegis2907 9 ай бұрын
I mean it sounds like it'll still be possible to do that, just that the links will expire but the file should still be there
@SuperElephant 9 ай бұрын
Files hosted on discord are probably still persistent, just the download link expires. So no more long term direct links but you kinda still be able to use as a file host I guess..
@varsityathlete9927 9 ай бұрын
My 85 TB rare pepe server ....
@KARMA.XD. 9 ай бұрын
ehh I used to do this but I got banned and lost access to like 100+ accounts and emails
@nekrosis4431 9 ай бұрын
Imagine you create a goofy parody site, but you overestimated the intelligence of murderers and now you are on first name basis with the local FBI agents. Comedy Gold.
@BillAnt 7 ай бұрын
Wonder how the site owner didn't get arrested to begin with. Even though it's a parody, the 3-letter-boys don't have a good sense of humor. lol
@kuva 3 ай бұрын
@@BillAnt its not entrapment if its a private citizen doing it! they'd be dumb to arrest the site owner.
@Debianz 9 ай бұрын
SQL injection in 2023 is absolutely ridiculous. This problem has been completely solved on the developers end using ORM or Query Builders.
@queerzard 9 ай бұрын
Imagine having a website prone to SQL Injection in 2023
@zephyfoxy 8 ай бұрын
I don't know how much I buy that this change to Discord is about malware so much as it is about Discord wanting to save on bandwidth by not being treated like a file server.
@SlimeeosGames 9 ай бұрын
Actually, when someone deleted the message that contain a file or media, it disables the link after some time (a few hours or a die). It don't store permanent if the original message was deleted.
@jmr 9 ай бұрын
Every time Hire a hitman catches someone I think "surely this is the last one". We know these people have Google. 😂
@peconi47 9 ай бұрын
the rent a hit man site was made as a bug fixing group for programming, after people actually started requesting hitmen, they changed the site to the one that it is now
@Rerbun 9 ай бұрын
Loved all these topics! The air tag one way communication over Bluetooth story is insane. Potentially better communication method for spies than number radios?
@iWhacko 9 ай бұрын
as long as there are Apple devices around, it's a great way to send encrypted information yes.
@lowwastehighmelanin 9 ай бұрын
Yeah the mesh network is massive. Brilliant idea honestly.
@BillAnt 7 ай бұрын
It's really stealthy since there's no cellular communication going on. It would work best in densely populated ares like large cities with lots of nearly iPhones.
@jayaif 9 ай бұрын
Making an encrypted messaging app that uses Apple's find my network would be a much more interesting use case
@emireri2387 8 ай бұрын
this would be actually kinda similar to hacknet in a way
@170insane 9 ай бұрын
I live in Maine and can verify that the state is DUMB AF regarding this ordeal. Their excuse for not disclosing the breach is so they could contact individuals. They need you to contact a hotline to find out if you're affected. WHY DO I NEED TO CALL IN, IF YOU HAVE MY INFO ALREADY!!!! Hold times are bad but it's a third party doing the customer service 🙄🙄🙄🙄🙄 Overall, I'm not surprised having worked with the state's IT team previously.
@garydeluce464 9 ай бұрын
Not to mention MOVEit was patched in FUCKING JUNE
@kaloyan.doychinov 9 ай бұрын
Sadly, what happened with discord is just another case of bad actors making the user experience worse. Btw, another amazing video
@StopTh3Idiots 9 ай бұрын
It's not about that, Discord loves black supremacists, anti-white racist servers, where they radicalize a lot of kids, they also love hosting pedo content, they just cracked down on hackers because of the war in Insrael.
@atomiapx 9 ай бұрын
I'm trying to watch this and just got done watching an ad and immediately another ad played and as of typing this I'm watching another ad
@trueriver1950 9 ай бұрын
Love the sign in the photo "Welcome to Maine - the way life should be". Perhaps not in this case...😅
@lightbrownwolf 9 ай бұрын
Guilded (a discord alternative) also does direct file links, and they are less file size restrictive.
@StopTh3Idiots 9 ай бұрын
Does it allow black supremacist anti-white servers and pedo servers like discord ?
@user-beerus 9 ай бұрын
Who uses guilded
@trapido0296 9 ай бұрын
@@user-beerus me
@dsobransingh 9 ай бұрын
@@user-beerusyou don't need a guilded account to use the direct download link, so the number of people who use it is completely irrelevant
@vincere_ 9 ай бұрын
It's owned by Roblox however
@Pr0toPoTaT0 9 ай бұрын
I had my first discord server actually stolen from me with a crafty mod who sent me a weird bot link. Discord is actually crazy with just the flexibility it allows
@BriannaTheGod 9 ай бұрын
Another banger of a video! Thanks for sharing & keeping us in the loop Seytonic!
@Deductive 8 ай бұрын
Sollution? Setup a dynamic redirect link and have a Discord Bot or Crawler that simply renews the download source.
@shadamethyst1258 8 ай бұрын
That's a known workaround, but it makes using it as a CDN more difficult, why should be enough to ward off low-effort attacks
@Damariobros 9 ай бұрын
I think you should also mention that the new Discord link system doesn't affect emojis! So, non-Nitro users can be rest assured that their media links they use to insert big emojis will never expire!
@itsawill9268 9 ай бұрын
Using discord is like negative opsec if you are a hacker tho
@WindowsDaily 9 ай бұрын
Realistically, just sign up with a vpn and throwaway email. You're only making a server with one channel anyway.
@cpuuk 9 ай бұрын
Maine Local Gov: Oopsy, were we still using MoveIT.
@DennisFranz 8 ай бұрын
Rent-A-Hitman, can I place a hit on the waiter that keeps giving me a paper straw? I mean, dayum! Leave three. I can't even stir my ice tea and lemonade without the straw bending or disintegrating.
@InSight0r 9 ай бұрын
While on topic of malicious links, recently I saw malicious link masked in a youtube redirect. - m-Link pasted in the description - video posted as private - copy the middle stage of the redirect between youtube and m-Site - redirect is still with youtube header - no detection Stay safe out there.
@HunterHogan 9 ай бұрын
I feel like your writing and video production skills progressed from Good to Polished.
@SuperTort0ise 9 ай бұрын
2:10 fuuuuuuck definitely not in that 0.2% hahah
@mattjax16 9 ай бұрын
I love being a maine resident and you are the first time I have heard of this data breach
@tatherva7387 9 ай бұрын
Aaaaayup. Also I busted out laughing when he said "unlimited resources" regarding the state. Maybe in NY or California but Maine? Nah 😂
@NorthernChimp 9 ай бұрын
In which circumstance can a kid get access to their teacher's keyboard, unattended long enough and with a tool to neatly open and close back it's casing?!
@v4n1ty92 8 ай бұрын
lol you can plug a keylogger into a usb port and then plug the keyboard into the keylogger. would maybe take 5 seconds, and wouldnt require opening up the keyboard at all
@LumiLumiLumiLumiLumiLumiLumiL 9 ай бұрын
*Correction: Files are NOT permanently hosted.* They remain for a set of hours before they turn invalid Just like with messages, if you delete files or attachments they will be deleted from discord aswell, to preserve storage capacity.
@AliveOP 9 ай бұрын
False... Try it out yourself
@nigmane 8 ай бұрын
Correct
@y7o4ka 8 ай бұрын
@@AliveOPfiles are being deleted from media servers instantly once the origin message is deleted. CDNs though can take up to a few days to remove the file from the cache
@GiantAndShaman 8 ай бұрын
Honestly good on the hitman site owner for contacting the fbi instead of laughing off "jasmine". Some random woman out there could be dead by now if jasmine pursued other means.
@Ixspar 9 ай бұрын
This actually happened about 6 months ago. Not sure why there weren't articles about it when people could have actually done something about it. But here we are. (Meanwhile, up at the Maine Capitol: Janet: "Timmy, make sure you get those security chickens set before your Pa gets home." ...s....m....f.....h.
@GimmeZoomies 8 ай бұрын
Files do actually get deleted off discord even if you have the link, maybe not regular files but images do get deleted.
@lowwastehighmelanin 9 ай бұрын
My data was compromised at my doctor's because of MOVEit and so was 844999 other northern Californian's. Exhausting.
@unitazer 8 ай бұрын
Now you can store a message link, that contains a replaceme link, that contains the malware link, you will just have to update 3 links within a day (if changing message actually does that) so discord malware will break within a day without wifi.
@SASTSimon 9 ай бұрын
I wish discord didnt do this. I loved the infinite storage
@tardistrailers 9 ай бұрын
And people abusing Discord as infinite storage space is probably way more of a reason for them to introduce these restrictions than malware distribution. Storage and traffic cost them money after all and they aren't a charity.
@AnesuC 9 ай бұрын
Maybe the use of them seem rare because its soo good that barely anyone has found out. I am mostly joking but this could actually be true. Other usual methods can result in someone noticing weird behaviour on the system or network and thus catching it. But this method is outside the device and the network making it much harder to find out
@stage6fan475 9 ай бұрын
The 'Hitman for hire' parody site made my morning.
@blakexe 9 ай бұрын
The first part of the numbers in discord cdn links is the server / DM “channel” id which is really bad for hackers because discord publicly lets you view info about a server just from having it’s id. On top of that even if the server or the message got deleted discord still logs who made the server and who sent messages in it. They started logging ALL messages ever since their new anti trust policy was implemented back during covid :/
@neey3832 9 ай бұрын
as i've searched, only discord servers with widget enabled allow people to publicly see info about their server
@blakexe 9 ай бұрын
@@neey3832 That is true. Though being snowflakes they can still be somewhat useful in supplying the time the server or channel or message was created
@ScienceLifeChronicles 9 ай бұрын
wow that's amazing.
@al-gv7mq 9 ай бұрын
It seems quite complicated considering they could create a redirect webserver which will automatically update the link and redirect you to the discord download :3
@tardistrailers 9 ай бұрын
You'd lose the benefit of the good URL reputation from Discord though. Also implementing an HMAC requirement to download links isn't really that complicated.
@BriannaTheGod 9 ай бұрын
I love you daddy Seytonic ❤️
@mu11668B 9 ай бұрын
Discord should've done that at least a year ago. For some reasons I have to deal with infection source quite often, and Discord has been on the top of the malware hosting list. I even made a post over a year ago complaining about the issue and how easy it is to them to fix it, only to meet some unpaid muggles trying to defend Discord for funny reasons. Finally they have chose to do the right move.
@YT7mc 9 ай бұрын
What was your easy fix?
@mu11668B 9 ай бұрын
@@YT7mc Add the same authentication check already applied to chatroom messages to CDN entries. Just like the solution they're going to push but simpler.
@YT7mc 9 ай бұрын
@@mu11668B Yep that makes sense; wonder why they aren't doing this.
@ground_news 9 ай бұрын
Thank you, Seytonic! Happy to be supporting your work. For anyone interested, check out the link above and let us know if you have any questions.
@johnchristian7788 8 ай бұрын
Ask him to pin your comment. So, it will be easier for people to connect with you.
@abcdefxyz1239 9 ай бұрын
that sucks ngl
@psapple5858 9 ай бұрын
cant you create a link that when clicks generates a new discord link then redirects you to that , then boom you dont have to worry about the time limit.
@astral6749 9 ай бұрын
I'm not sure if I'm just having deja vu, but I feel like I've heard that exploit (or maybe it was a different exploit) on MOVEit long ago.
@ΖΖΖΖΖΖΖ 9 ай бұрын
This is crazy, wtf.
@tostupidforname 9 ай бұрын
How cool is the airtag thing
@Jcorella 8 ай бұрын
0:24 this is wrong. If you delete the original message with the attachment, it will expire after an indeterminate amount of time.
@x1cOfficial 9 ай бұрын
hello from australia!
@duckydev9427 9 ай бұрын
Inb4 the method is to call a local server that constructs a valid extension on the url
@OhFruits 9 ай бұрын
discord do this mostly to cut cost from people that are hot hosting files on their database
@D.von.N 9 ай бұрын
Must have been living under a rock, never used that platform. Neither Tiktok. And proud of it! LOL
@ryshellso526 9 ай бұрын
Yup, always got the feeling discord was just a place for pedophiles to trade photos.
@theraves 8 ай бұрын
I assure you it won't hinder them that much...I have a bogus discord account that I purchased nitro for once or twice so if it gets stolen I have a payment trail I can use to get it back with....a few of the servers that its in have already discussed this and have ways around this discord as a company is shady and shitty in general their only doing this to try and save their pathetic asses but its not going to help it might slow things down a bit but after what I have seen others discussing this wont be nothing to them.
@redlexapher 9 ай бұрын
Holy hell I only just heard about the Maine hack, note, I live in Maine
@LoyaltyIsEverything91 9 ай бұрын
How about the state's NOT TRUST 3rd party proprietary software!! Closed source code is saying you trust the diligence of that company to do the work of security that open source allows billions of humans to join and help do for free.
@swift_rxz8403 8 ай бұрын
So are my mp3 files I have in discord going to disappear after the new action takes affect? Or Am I not just going to be able to download them again once sent.
@antifalls 9 ай бұрын
wow nice video bro.
@Ric3cir121 9 ай бұрын
Telegram allows you to upload up to 2gb files... But it comes with the exception of non existing direct download links
@n0tzuck 9 ай бұрын
You can actually bypass it using a method (discords cdn thingy)
@neey3832 9 ай бұрын
could you be more specific?
@n0tzuck 9 ай бұрын
@@neey3832 Basically, Discord's API could be used to retrieve a file's attachment link. Someone could then write a script that fetches the document URL every day and updates their scam website with the URL.
@n0tzuck 9 ай бұрын
It's technically not a bypass but rather a work around
@mycelia_ow 9 ай бұрын
@@n0tzuck How is it done?
@honbra 9 ай бұрын
The "memes" zip is just one meme copied over and over. I am disappointed.
@Seytonic 9 ай бұрын
Haha, I knew someone would check it out, I should’ve hidden an Easter egg in there
@tsymeh 8 ай бұрын
what if we strip the link from those parameters
@teckcity5721 9 ай бұрын
A UI is responsible for the hacks
@Atmatan 9 ай бұрын
The rentahitman site is seriously old news, like decades old. Did you only just learn about it?
@gamerr6638 8 ай бұрын
nope 0% security on discord
@themetapodmemes2789 9 ай бұрын
Why does discord directly embed a ttl in the link? Wouldn't that be pretty easy to forge?
@b3njamin602 9 ай бұрын
nice! this should make discord more secure!
@PepsiMaxVanilla 9 ай бұрын
rip
@sujanthapa1506 8 ай бұрын
informative video
@beatsbycf 9 ай бұрын
How did a whole state get hacked
@koghs 9 ай бұрын
Damn, Apple users getting railed by their own devices again.
@whtiequillBj 9 ай бұрын
Are the parameters extended attributes or Alternate Data Streams or forks (Linux, Windows, MacOS respectively)?
@byharix2542 9 ай бұрын
it's just parameters on the url, some POST request data
@tardistrailers 9 ай бұрын
Assuming you're talking about the Discord links, it's just an HMAC with an expiration timestamp. It's also still a GET and not a POST request.
@abhi_iam 9 ай бұрын
Explain about dark side of whatsapp
@arafatmarius331 9 ай бұрын
Nice ...I wanna be like them
@arafatmarius331 9 ай бұрын
Second *troll face *
@vannyvanngogg 9 ай бұрын
in case you didn't know: "CL0P" -- sounds identical to russian word for a Bed Bug ("клоп")... just saying 🤷♂
@zoenagy9458 9 ай бұрын
so which one is a real hitman website?
@Catinkss 9 ай бұрын
Apple is wild, genuinely pro-privacy in one case, claiming 8GB of RAM > 16GB in another, i cant tell if they are competent or not
@v4n1ty92 9 ай бұрын
Let's not get it twisted, apple is absolutely not pro-privacy and is harvesting and selling user data just like every other major tech company. You don't become a trillion dollar company just selling hardware. They sure do love having that outward appearance of being "privacy focused" though
@v4n1ty92 8 ай бұрын
They don't block third party tracking out of the kindness of their hearts, they do it so they can have a monopoly on the data you generate on their hardware. Apple is not privacy focused and you've been duped if you think they are 🤷♂
@lordsussyindustries2021 9 ай бұрын
....
@TechnoL33T 9 ай бұрын
Can they not just use a script to keep the link updated?
@WindowsDaily 9 ай бұрын
Probably, yes. The links themselves would expire, but every time you scroll up to the link it would have a different expiration date.
@tardistrailers 9 ай бұрын
They can, when the link is on a website, but not in an e-mail.
@CrittingOut 9 ай бұрын
These goofy mfs still out here trying to buy hitmen
@sarahjuraan 8 ай бұрын
Hello World 👋
@ReligionAndMaterialismDebunked 9 ай бұрын
Indeed broken grammar. XD
@MeboMichael 9 ай бұрын
We love you @seytonic
@Seytonic 9 ай бұрын
:3
@ioawhdiouwahduwioahwauio 9 ай бұрын
hi
@aymanazad1443 9 ай бұрын
e
@MexieMex 8 ай бұрын
Ground News? Seriously? It's fucking terrible! It totally biased and not at all trust worthy! Just taking them as a sponsor really puts doubt in your due diligence. I didn't unsubscribe, but I came very close.
@razorgaming3.0 9 ай бұрын
42th 1 hour ago
@Chrromeetalk 9 ай бұрын
Who thinks this is a good Discord update? 👇
@lewiskelly14 8 ай бұрын
Misleading title
@immameme 9 ай бұрын
HackNewsAndImma1st
Sergio Outdoors
Рет қаралды 26 МЛН