Telegram Has Been Hacked
Рет қаралды 210,789
Күн бұрынLearn Cybersecurity - Name Your Price Training with John Hammond: nameyourpricetraining.com
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥KZfaq ALGORITHM ➡ Like, Comment, & Subscribe!
@BhilBhil-tc8fy 2 ай бұрын
Yes please. I would love a video that does a deep dive on the *Metaspyclub* project
@milanjamod7469 2 ай бұрын
Metaspyclub anticipation is building to a fever pitch! 😥
@ranjanekka85 2 ай бұрын
Metaspyclub gang in the house! Thanks for the analysis!
@KvapuJanjalia 3 ай бұрын
I'm not afraid of a calculator! Bring it on!
@cringemaki 3 ай бұрын
Everybody gangsta till the calculator app starts to ask permissions for camera, microphone and location 💀
@yukiplaysFr 3 ай бұрын
💀
@TobbeOakleaf 3 ай бұрын
Oh it will be problems! Count on it!
@BillAnt 3 ай бұрын
At 8:14 that evil laughter Muaahhh!! lol
@Raymi20- 3 ай бұрын
@@yukiplaysFr**salutes to the therian** Ma'am how can I help you ma'am
@Spiderfffun 3 ай бұрын
RCE after RCE, I hope kids wont have to learn about the year of the vulnerabilities, 2024, in the future
@SLZeroArrow 3 ай бұрын
Thy Digital Apocalypse is drawing nearer by the day
@atomgutan8064 3 ай бұрын
This is literally cybersecurity history.
@TehPwnerer 3 ай бұрын
No it will be certainly eclipsed by the number of them in 2025
@Ph34rNoB33r 3 ай бұрын
I wonder whether the whole AI hype will make even more RCEs show up. Either by improving exploit code or by reducing code quality in the attacked app because people trust AI code without questioning it.
@that.03gt 3 ай бұрын
@@SLZeroArrow seriously. I dedicated my whole life to computers and now they looking like they wanna kill us (ai). Ai is phuggin everything up. Its kinda scary tbh
@why1851 3 ай бұрын
too much rce exploits bro 💀💀💀💀💀💀💀
@sunbleachedangel 3 ай бұрын
What are others?
@amaankhan8436 3 ай бұрын
Xz utils, rust, palo alto
@sunbleachedangel 3 ай бұрын
@@amaankhan8436 Palo alto?? My company uses that lul
@why1851 3 ай бұрын
@@sunbleachedangel there was a rust rce CVE-2024-24576, aint that effective though
@yureimenkishi4291 3 ай бұрын
Rust already released a patch its java that said they ain't fixing it. Tbf .bat codes running aren't used anywhere so who really cares
@ghoulbuster1 3 ай бұрын
TL;DR The exploit disguises as a fake video that when played executes python code, requires python to be installed for it to work.
@mushroommanny 3 ай бұрын
saved me about 10 mins bro ty
@lucplayed 2 ай бұрын
Me, an it student, got "hacked" like that...🤣
@DoorThief 3 ай бұрын
I just got a SNYK sponsored ad by John Hammond before his own video
@strawberriesandcum 3 ай бұрын
Fr
@h5e 3 ай бұрын
I did too
@alek002 3 ай бұрын
It's rigged!1!1!1!1!1
@thecrew8612 3 ай бұрын
Saaame
@januzi2 3 ай бұрын
Wait ... we can hack those spammers that are sending us the messages to text them?
@AstralArchivists 3 ай бұрын
Bet the three later agencies are punching air rn. All their exploits getting found.
@BillAnt 3 ай бұрын
While reading your comment. lol
@MrCobalt 3 ай бұрын
You think every exploit exists because of "three later agencies"? 😂
@ohmsohmsohms 3 ай бұрын
@@MrCobaltgiven the past of their involvement with 0days, I wouldn’t be surprised if they were aware of maybe 1 of the RCE vulnerabilities discovered this year
@v-y 3 ай бұрын
@@MrCobalt theres no way this was an unintended oversight
@cvl14 3 ай бұрын
This just shows how blacklist are ineffective as a security tool
@ThisIsJustADrillBit 3 ай бұрын
The fuzzing begins ❤
@BillAnt 3 ай бұрын
LPL has entered the chat, fuzzing locks are fun. hehe
@AuxiliaryPanther 3 ай бұрын
@@BillAnt...we're getting an SQL injection on three, oh it's binding. A little malware on four, and we're set. Going back to three, gained root access to run our query, annd now we're in.
@BillAnt 3 ай бұрын
@@AuxiliaryPanther lol that took like 30 seconds.... not a very secure lock. :D
@milanvucetic1292 3 ай бұрын
3:55 Not me watching the John Hammond video and getting an ad with John Hammond in it. Some may say it's a 2 for 1.
@BillAnt 3 ай бұрын
Taking it up the a** without lube. lol
@vladislavkaras491 3 ай бұрын
Thanks for the news!
@acessor9899 3 ай бұрын
This one RCE was indeed fun to use, gotta find more ;)
@mountainsoflavainc 3 ай бұрын
hello vro
@Luzum 3 ай бұрын
im gonna touch u vro ♥
@cyber_space09 3 ай бұрын
Wow good job I want more info ❤
@osiristeam6959 3 ай бұрын
They should have a list of trusted extensions instead of a list of untrusted ones.
@zeteya 3 ай бұрын
Very bad idea
@rafayahmed6259 3 ай бұрын
@@zeteyawhy?
@zeteya 3 ай бұрын
@@rafayahmed6259 Many reasons, one being a good extension can turn bad one day, but an extension that was bad to begin with will never turn good.
@Apple_Beshy Ай бұрын
They have that so they can warn you, and it's much easier to read in the code, because you alreayd have the list of untrusted ext. You will not be confused if you missed some unt ext.
@jabrowski_ 3 ай бұрын
Interesting shiz John. Liked and subbed, stay safe
@yessintaktak9200 3 ай бұрын
Hello john . I am a big fan of your content can you make a roadmaps for us form when need to start 😅❤
@actng 3 ай бұрын
Thanks John you explained that very well
@SchooiYT 3 ай бұрын
Nice Video!
@ToniMorton 3 ай бұрын
calculator opens in my nightmares.
@wiertgo 3 ай бұрын
I got an ad from you on this video
@kbabe3915 3 ай бұрын
The scrum meeting: "Yeah, an approve list is too short, let's write out every single extension that could execute code instead of just choosing some image and video formats that we support."
@user-hp2dr5qc8p 3 ай бұрын
A whitelist can get annoying tbh.
@kbabe3915 3 ай бұрын
@@user-hp2dr5qc8p Ah yeah, you're right, much more annoying than a 0 day. Also a blacklist had to have been annoying from the very start.
@anthonymcevans8191 3 ай бұрын
“It is not by default installed” **laughs in Linux**
@user-fp7fs9xl2t 3 ай бұрын
Great Content ...
@planktonfun1 3 ай бұрын
every vulnerability whether or not its trivial, can and will be leveraged
@TheMAZZTer 3 ай бұрын
Oof, this is why blacklists can be problematic, with a whitelist they would not have had this problem.
@BaggerPRO 3 ай бұрын
Except perhaps for the problem of naming this list as "white" 😁
@joshallen128 3 ай бұрын
@@BaggerPROblock allow lists?
@BaggerPRO 3 ай бұрын
@@joshallen128 , Yeah, it looks like it's fashionable to call these lists that way now :)
@BillAnt 3 ай бұрын
A block list is usually shorter than a white list, but it's just a matter of decision.
@joshallen128 3 ай бұрын
@@BillAnt Deny list because block sounds like black with an accent
@d4ysi404 3 ай бұрын
Amo tus videos
@higurashinerd 3 ай бұрын
Part of whyI never share diagnostic data with devs. It’s so nosey now
@abandoninplace2751 3 ай бұрын
They are identifying files by extension. Nice.
@shadflur874 3 ай бұрын
How do u register for that forum?
@te-wei 3 ай бұрын
I'm glad that I migrated to Debian + KDE two months ago. I still have my Windows on my drive, but never want to boot it anymore. The KDE environment in Linux is just much better than Windows.
@HyBlock 3 ай бұрын
who asked?
@KLR-3 3 ай бұрын
Welcome to the family.🐧
@te-wei 3 ай бұрын
@@HyBlock the implication was that I'm not affected by windows RCE anymore.
@freerice9595 3 ай бұрын
I've tried making Ubuntu and Linux mint my daily driver many times. Can't do it. But for home labbing and running servers it's perfect.
@shiiy5131 3 ай бұрын
it's just so much more superior, once you try it you never go back lol
@PasqualItizzz 3 ай бұрын
Tis the season to find folly, tra la la la la, la la la lol
@oncetwice6366 3 ай бұрын
Who's idea it was to hardcode bunch of files there. They'll just keep updating it every timea new file type that can execute code comes? Sounds like horrible idea.
@johndeaux8815 3 ай бұрын
Hate the red border on the thumbnails, I assume I've already watched and scroll past half the time
@ShadowManceri 3 ай бұрын
I find it very bizarre that you can execute a file in the first place. That seems like a bad idea in many ways.
@user-hp2dr5qc8p 3 ай бұрын
How do you suggest to open a .txt file?
@ShadowManceri 3 ай бұрын
@@user-hp2dr5qc8p .txt file should be read, not executed.
@Bromon655 3 ай бұрын
3:28 lol. They backed themselves into a corner with that statement.
@allxrise 3 ай бұрын
They might have been logging something like "There is no any program to open this file-type/mime-type" perhaps? Or they just RCE'd to everyone... Who knows?
@Bromon655 3 ай бұрын
@@allxrise I’m more inclined to believe they were just fabricating a number as an attempt at damage control
@sevuszeld5015 3 ай бұрын
the title of the video is not that nice because i thought it would be a vulnerability that accurs right now. anyways. Thanks for sharing.
@mrhassell 3 ай бұрын
Requires Python to be installed in the local path as a global environment variable.
@sa1t938 2 ай бұрын
it requires the file extension to be registered to the python interpreter, not anything to do with environment variables
@runedust9875 3 ай бұрын
Having a whitelist instead of a blacklist would prob. be more secure and reliable. Basic security not?
@tablettablete186 3 ай бұрын
I was thinking the same
@xion637 3 ай бұрын
@@tablettablete186 governed by implicit deny. Also agree.
@user-mk3zz8zn9b 3 ай бұрын
nah, its not think again
@rian0xFFF 3 ай бұрын
depends on size
@user-cb2xo9ey8r Ай бұрын
What email do you need to sign up for flare I can’t sign up
@guilherme5094 3 ай бұрын
👍Nice.
@mrfoodarama 3 ай бұрын
Oooff... thank you John... cant believe im one of those 0.01% .. slackin
@kipchickensout 2 ай бұрын
"Google Photos would like to make Phone calls"
@Mat2095 3 ай бұрын
But, isn't pyzw supposed to be a zip-archive? That contains a __main__.py? I'm actually surprised this runs at all.
@kuperrr6776 2 ай бұрын
Hey how can i get an xss is account? i tried and always the same when i create an account "Your account has been declined."
@fokyewtoob8835 3 ай бұрын
Music to my ears
@BreadGuy0 3 ай бұрын
Everybody be acting gangsta until calculator auto launches
@dimike96 3 ай бұрын
Surely some communities would have a very high hit rate for python being installed on a windows machine right?
@crism8868 3 ай бұрын
Yup. All data science and AI nerds.
@Bromon655 3 ай бұрын
Anybody even slightly interested in programming has a decent chance of having it installed on their computer. I refuse to believe less than 0.01% of users were affected.
@paulwesley3862 3 ай бұрын
@@Bromon655a) is the 6th most downloaded app - is your grandma programming? b) die this you must use it on your PC. how many people just have it on their phone?
@paul-olof 3 ай бұрын
Haha so specific but I would've been at risk
@Axodus 3 ай бұрын
Good, they banned my account for no reason.
@sophisticatedserpent1512 3 ай бұрын
The red bars in the thumbnail made me think I already watched this video.
@ernestmugo1765 3 ай бұрын
Right, I thought so too!
@bob_kazamakis 3 ай бұрын
1:48 macOS has it installed by default, last I checked at least
@dom1310df 3 ай бұрын
Does mac have a similar concept of file extension associations as on windows, so a pyzw file will open with python by default?
@chiroyce 3 ай бұрын
Not anymore, used to have Python 2.x
@r35p3ct00 3 ай бұрын
Такое чувство, что на безопасность всем насрать, только ты можешь себя обезопасить, не кликая на всякое говно
@RebziSquad 3 ай бұрын
Если человек наивный, то его никакая защита не спасет) Однажды мой знакомый запустил подозрительный tampermonkey скрипт в дискорде, говорит "2FA стоит же, чего бояться?". В конечном итоге украли его токен и смогли получить доступ к аккаунту.
@kingoftheorient 3 ай бұрын
A lot of noodles will be leaked for sure.
@Javv1721 3 ай бұрын
Me as python developer and windows user💀
@legendarycuber9205 3 ай бұрын
I got a SYNK ad with John right before the video and was confused why there was a skip button 😂
@Pem7 3 ай бұрын
2024 is on fire with RCEs🤞🏾
@manasmahanand732 3 ай бұрын
With a bit of social engineering this could have been pretty terrible
@momentum9319 3 ай бұрын
what is "flair"
@commanderpaladin 3 ай бұрын
I like cats. Btw we can all be farmers. No tech no rce problems 😎
@BU5TER288 3 ай бұрын
oh no.. now i feel so dirty i cant wash it off
@rigsshiver823 3 ай бұрын
tf is going on .. rce 💀
@reijin999 3 ай бұрын
yeah but it updates every hour so it's chill
@FRITTY12348546 3 ай бұрын
But was it a typo :D
@benherbst3620 3 ай бұрын
CRAZY
@aaronguerrero2003 3 ай бұрын
There is always a way in😉
@EnitinEnitin 2 ай бұрын
This is why you should use whitelists instead of blacklists.
@DoingFedTime 3 ай бұрын
Bad stuff for many. One of the reasons I always tell people to NOT use this medium.
@SimplyGamer605 3 ай бұрын
Hey, nice video, but just one thing. Your audio and video dosent seem to be perfectly in sync and its getting on my nerves
@user-mc8xt1iq7c 3 ай бұрын
bro, youtube just showed me your ad, on your own video. theyre wasting your ad money
@luizzeroxis 3 ай бұрын
How is this RCE? It's just running the code that someone sent to you. There's no difference between that and opening an exe.
@furrygem5176 3 ай бұрын
"Certified rce moment" 💀
@jayFairOklama 4 күн бұрын
i better uninstall python on my machineto prevent such kinds, since i have wsl2 i dont need it in win
@maktiki 3 ай бұрын
I think the problem is Windows. It runs everything too fast without permission.
@rodricbr 3 ай бұрын
this is such an interesting rce tho... lol
@couldntgivafuk 3 ай бұрын
I've never liked the idea of "allow" and "deny" list... just deny all and allow the user to specify.
@robotron1236 3 ай бұрын
You should watch Telegrams owners interview with Tucker Carlson. They have like 30 employees and have never spent a dime on advertising. 😂
@entertain8648 3 ай бұрын
Why are you laughing though?
@user-fe5mz9mq5o 3 ай бұрын
i found this exploit 2 years ago... never posted anything about it
@ZaberfangX 3 ай бұрын
Is it safer just makes a user that is not admin user? So if code ran its needs admin user right as default user windows always user are admin?
@Reelix 3 ай бұрын
"Windows that has python installed" you claim is extremely odd. That... Is an extremely odd statement.
@KLR-3 3 ай бұрын
Why do they blacklist file types they believe are unsafe. They should be whitelisting filetypes that are safe. If some new software comes along that belongs in the unsafe catagory they have to know about the related filetype and then add it to the blacklist...
@wafinashwan8242 3 ай бұрын
whitelist would take too long.
@erroroliver 3 ай бұрын
@@wafinashwan8242got any quote from a developer?
@johnsmith34 3 ай бұрын
"Reimplemeent file open confirmations" has a noWarning list, so I think that's done now.
@KLR-3 3 ай бұрын
@@wafinashwan8242how so?
@johndoublew3060 3 ай бұрын
@@wafinashwan8242 how come
@IlIlIIlIlIlIlIlIl 3 ай бұрын
Good thing I run it in a vm on a vps
@Luzum 3 ай бұрын
vm escape + pyzw = your vps gets owned
@JNET_Reloaded 3 ай бұрын
ironic how you mention x as x has same fkin vulns as t look into clicking vid links on x on some accounts it will open up links and do stuff etc!
@Sinstyson 3 ай бұрын
Can you provide examples of that?
@user-qbxjwxumr 3 ай бұрын
Some bots post links that have a picture that looks like a video as the thumbnail of the preview card. It's very hard to explain
@Sinstyson 3 ай бұрын
@@user-qbxjwxumr i mean like, i want a link
@user-qbxjwxumr 3 ай бұрын
@@Sinstyson There's really no documentation for it; you just have to see it for yourself. It's a link preview that tricks you into thinking it's a playable video with a thumbnail designed to deceive. With closer inspection, it displays the site title, link, and description below the thumbnail. It's easy to be fooled by this if you're not tech-savvy or have poor vision. Mainly this is used by adult content bots to lure people to their websites. It's not a security vulnerability, but rather a case of OP being oblivious no offense
@LibraryOFSounds 3 ай бұрын
Yeah uae does not like private messaging.
@rafayahmed6259 3 ай бұрын
😅😅
@LibraryOFSounds 3 ай бұрын
@@rafayahmed6259 Do you know uae connection with then twitter ? Or the documentary about state hackers of usa training uae agents. That documentary is so interesting
@BouleyMusic 3 ай бұрын
wonder if you could just do the same with .bat file that puts itself in the shell:startup folder upon clicking the "video"
@kipchickensout 2 ай бұрын
python on windows, not that unnatural
@impostorsyndrome1350 3 ай бұрын
I have Python installed on Windows computer... It helps with learning Python programming, idk why people are so against it.
@zombi1034 3 ай бұрын
Yea, not sure why he made it seem like something extremely unusual. I think most people that do any kind of programming and use Windows will have python installed.
@Slada1 3 ай бұрын
Why would you learn python if you could not use it? :D
@impostorsyndrome1350 3 ай бұрын
@@Slada1 wdym not use it? You can use it to create various programs.
@jamesciastko8861 3 ай бұрын
What is happening lately? 💀💀
@adenosinetp10 3 ай бұрын
can you stop using the word "stupid" so frequently and often?
@Aghnanster 3 ай бұрын
Ive heard this is on discord also
@Luzum 3 ай бұрын
it is not
@oracuda 3 ай бұрын
how do RCEs still exist in 2024 bro 😭😭😭😭😭
@crlfff 3 ай бұрын
They are found in everything
@ourdazakaria4182 3 ай бұрын
Please sir all my devices is hacked my phone my laptop what can i do for this problem there is someone above me every step i make on my laptop or my phone knock the roof like if there know everything im doing . THANK YOU FOR HELP 🚨🆘
@EinzzCookie 3 ай бұрын
Ohh no
@YouTubeName-hw1uk 3 ай бұрын
Anf i thought wiiu wansthe only thing that has rce 😂
@definitelyno 3 ай бұрын
You can add an extra dot at the end. Windows -> Run -> 'calc.exe.' -> Enter opens calc. Does that work to bypass.
@velo1337 3 ай бұрын
isnt that note more like a trojan horse than a RCE
@DavidFrankland 3 ай бұрын
echo y | format c:
@cleetus1715 3 ай бұрын
This is super sensationalised, I hate this form of clickbait content
@dill6827 3 ай бұрын
gets attention, wasn't even searching for any exploiting related content but got this recommended
@Bromon655 3 ай бұрын
Meh, this channel isn't nearly as guilty of sensationalized clickbait as other channels. I felt the discussion in this video was pretty straightforward and no-nonsense.
@00killerix 3 ай бұрын
Propose a title for this video.
Tucker Carlson
Рет қаралды 3,5 МЛН