Gibbs' Rule #40: If it seems like someone’s out to get you, they are.

@@Black-Swan-007 if you run a company, someone is out to get you

@@kosmikme if you live anywhere other than a third world country someone is out to get you.

Exponential paranoia

Conspiracy Theory, great movie.

Here's some HIV!

That's a perfect analogy!

I work in IT and this analogous comparison fully checks out.

lolol this comment rules

This is literally the best comparison I've seen for this

🤣😂🤣🤣😂🎶

DANG IT

And Never Let you Down

And never gonna make you cry

@@eyebags2860 And never say goodbye

no dont be ridiculous. if people were the danger, then we would get attacked all the time. with mails, and phone calls. heck, you could throw usb drives with malware on the parking lot. there would be a word for that. like people hacking or people engineering, since its not exactly hacking, although, come to think of it maybe its more a social thing then just "people". but ive never heard of people hacking, so, its not happening. also, if it was that easy, stuff would get hacked all the time. which it doesnt. not like a company like, say, adobe, would lose all their customer data, and no one would know... /s

They are the reason why our IT service disabled USB drives usage from our computers. Tbh, if someone were to plug a fake USB stick, it could still do damage. But people are less likely to do it because there is no reason to do it.

@@rix1602 Why is there no reason to do it?

@@Tralin because it wouldn't do anything.

@@rix1602 USB Rubber Ducky is a fast way to totally compromise a computer and gain a persistent foothold in a corporate network...

It's only a Rick Roll if it's a surprise. If you're forewarned, then it's just watching a music video.

I was hoping to see him load the USB in real time so I can hear his reaction but no such luck

i watched the video hoping for a rick roll, love the song

just as with trolling, which is what rickrolling is, if you are aware that a rick is involved, its not rickrolling.

We know the game and we’re gonna play it

Wish my clients could understand that too. Last week, an important shared drive on my network with some hundred gigabytes of data was about to get lost, thanks to replicas, daily backups and powerful Antivirus, I'm still at the place now! (reason was one of my client's computer having a virus that was trying to spread though the mapped share drive)

As an IT administrator myself I find it staggering that other IT "specialists" aren't able to inspect such sticks with a simple old offline throwaway pc. We do this at work since 2005.

@@HansDampf1911 while i agree, this channel is not about computers and technology - And that's a viable excuse for not doing so, in my opinion:-)

@@HansDampf1911 we called ours the ‘bomb disposer’, we would rotate scrap components and usb hubs.

No, you just test it at a internet bar.

This.

"Nah bro u don't get it my PC doesn't use electricity I'm literally immune your rig sucks"

this is the truth

@@gigaatom bro I use a quantum computer from 2040 that runs windows Xp 2. ur rig sucks.

Bro it's just gonna download some more ram for you don't worry

Liar

@@danielthecake8617 if you say so. You don't have to believe me, the guy was going to uni for cyber security, but was also a grey hat hacker who did it for fun

That wasn't really "teaching people not to trust drives from strangers", that's just being annoying IMO. You weren't really strangers, you were classmates. You were asking legitimate question in a context where you should be able to assume that people would be trustworthy enough to give reasonable answer. All that he's teaching is that he is not to be trusted.

Yep. Lesson learned. Siri take a note: "This guy is a dick, stay away from him" Problem solved. Practical jokes are almost always a strong indicator that the "joker" is a dick and best avoided.

Thats a good lad. Not even a dick for putting a virus on your computer

I inserting my ispen in some values

Unmarked? That could stop some people that are smarter than the average bear. If it has a Kodak or Polaroid sticker on it with a vacation amusement park lanyard everyone will try and see what pictures are on there. Gets them every time.

And that is why you glue USB to PS2 converters into 2 ports and manually disconnect all others.

Always be wary of something you are inserting into your high value assets. Words to live by.

reminds me of a cyber security specialist my company hired to teach us older folks why USB attacks are the most insidious and dangerous. guy left USB sticks in the most random of places, with a first name of one of my co-workers or myself on some, stickers on others, vacation lanyards, hell, in one case an outright response code from our firm. any time one was plugged in, it would start blaring the word dumbass paired with a loud siren from the computer it was plugged in to and couldnt be shut off.

Love your vids!

John Warosa thinks he is invulnerable

Hi atomic...ive been searching for you sir to give you a 1000,000,000 inheritance... Just send all those details you should never share😂😂😂😂 great content creator seriously 👍

Hey, when I'm done with college I want to move to England, could you do a video about daily life over there?

I've got a craving for Marmite

Yes, the computer security is on such a high level that all brute attacks are pretty much obsolete. Bypassing security is next to impossible. Still, there are even IT professionals who think "hey, this is a good, 20 characters long random password, I type it in multiple times everyday so I remember it, let's use this on this shady porn site as my password. Oh, and because my wife can check my emails on our home computer, I will use my work email"... Is it still phishing when somebody gives you all details on his free will?

@@simonspacek3670 knee-jerk response was, "People (idiots) still use a single password and permutation?" But, recalled immediately people do. (Myself, I've a range if passwords and a horrifying number permutation for EACH ONE. lmao.)

Kevin Mitnick would agree!

@@simonspacek3670 that’s not exactly true. Brute Force attacks are completely viable against something that doesn’t limit login attempts and even if they do, depending on the configuration of a website a rainbow table can be used to crack passwords. Hacking has always been depended on what exactly you are attacking and then finding the vulnerabilities. Malware on a usb can infect someone’s system if it exploits a vulnerability in their operating system, (of which there are many in every version of every OS). The USB stick is just nice bait.

@@pwegulian Brute force on 22 characters? Estimate time for this with unlimited tries is 2.9*e29 (or infinity and a half or 29 and hell lot of zeroes), just because it takes that long to put in the characters. And yes, I know, my example started with "I", so we will get there in about a third of that, so it is "only" about 10 and a 28 zeroes. It looks like this: 100 000 000 000 000 000 000 000 000 000 years. Even if the technology moves forward a lot and you will be able to put in the passwords million times faster, I still have a lot of zeroes to be safe. Another million times faster? Still 19 zeroes. But I take that there will be a major breakthrough and your computer will be billion times faster in both cases. I still have 13 zeroes. Even bigger breakthrough, trillion times faster input, twice. And I still have 7 zeroes. 100 000 000 years. I don't worry about brute force, I worry about placing strategic people in service desks, that is the easiest way in. One guy in the company to know where to strike, one guy at service desk to know how to strike.

That says a LOT about teachers… but is not surprising.

@@jayhache5609 Lol, so many of them just do it for the paycheck and the few who actually try to go above and beyond to help kids just open themselves up to a bunch of liability, especially male teachers. On the other hand I remember one time one of our female teachers and a student got into the most awkward fight in the middle of class that was obviously over something that they had said or done in private because there was no logical reason for them to be upset with each other. She eventually pulls him out of class so they can talk in the hallway and in the eerie classroom silence that followed without a word everybody was thinking the same thing, "Are those two secretly having sex?"

20-30 years later and nothing has changed. EMail is still the #1 entry for malware.

My mom's a teacher, and she's pretty tech savvy. Of course it helps my dad is an expert. Something my younger brother inherited.

I had a friend that got that while I was sitting in his office. He said "Oops, that's a virus". How do you know? He said "It says I love you, it's from Dave in personell. He doesn't love me he hates me, actually." It got deleted.

And by doing so, he has let LPL down and branched the timeline.

@@crimsonhalo13 d-mail toime yet again

He's never going to give him up, either. Expect many more drives in the coming weeks and months.

haha, I was thinking this same thing. Poor Rick is a fan, sent a lock in for free, and got his music dissed in return. :/

@@crimsonhalo13 great now the TVA have to deal with a variant Rick

+YuBeace....What's worst is you taking the time to ponder those two scenario's instead of just dismissing them both by shining them ON!!

We're no strangers to love You know the rules and so do I A full commitment's what I'm thinking of You wouldn't get this from any other guy I just wanna tell you how I'm feeling Gotta make you understand Never gonna give you up Never gonna let you down Never gonna run around and desert you Never gonna make you cry Never gonna say goodbye Never gonna tell a lie and hurt you We've known each other for so long Your heart's been aching, but You're too shy to say it Inside, we both know what's been going on We know the game and we're gonna play it And if you ask me how I'm feeling Don't tell me you're too blind to see Never gonna give you up Never gonna let you down Never gonna run around and desert you Never gonna make you cry Never gonna say goodbye Never gonna tell a lie and hurt you Never gonna give you up Never gonna let you down Never gonna run around and desert you Never gonna make you cry Never gonna say goodbye Never gonna tell a lie and hurt you (Ooh, give you up) (Ooh, give you up) Never gonna give, never gonna give (Give you up) Never gonna give, never gonna give (Give you up) We've known each other for so long Your heart's been aching, but You're too shy to say it Inside, we both know what's been going on We know the game and we're gonna play it I just wanna tell you how I'm feeling Gotta make you understand Never gonna give you up Never gonna let you down Never gonna run around and desert you Never gonna make you cry Never gonna say goodbye Never gonna tell a lie and hurt you Never gonna give you up Never gonna let you down Never gonna run around and desert you Never gonna make you cry Never gonna say goodbye Never gonna tell a lie and hurt you Never gonna give you up Never gonna let you down Never gonna run around and desert you Never gonna make you cry Never gonna say goodbye Never gonna tell a lie and hurt you

@@doubtful_seer Thank you for not letting us down!

@@doubtful_seer....WOW that's DEEP!!

@@doubtful_seer thx for that was waiting for someone to do that

Killing phisically a computer is not considered a digital threat anymore

digital security is worse arguably. it just takes one person with a quantum computer to destroy most security on the internet.

@@caseyleenb I don't know if you're joking, or just somewhat dense. A quantum computer is not something you buy in a grocery store, nor something you operate like a smartphone with a nice GUI and a touchscreen.

@@YOEL_44 I think you're the dense one here; since I doubt he was implying that any regular person could just go pick up and assemble a quantum computer like a LEGO set, proceeding to then take over the world in a matter of days through the knowledge gained from watching a KZbin tutorial from 2012. What I'm assuming he meant is that if someone (or a team) not only knew how to operate a quantum computer, but owned one, they could probably demolish most security options available on the internet with ease.

YOEL _44 Pretty sure he just meant a powerful/good computer, not specifically a quantum computer.

ransomware

@@MrAkurvaeletbe - it's probably just a very good looking piece of ransomware.

Reminds me of that guy that created a virus that would force you to complete some crazy difficult tohou bullet hell video game in order to get your files back. He made the thing as a joke and then managed to accidentally infect his own computer, and he wasn't good enough to beat the game.

Wow! A degree. You must know what you’re talking about.

Degree in Computer Science and interest in cybersecurity: you are NEVER covered, you can only decide what threat level is acceptable to you, and "i'm curious about what is in this drive" is a very low bar for the threat of killing a computer or USB threats. if you assume you are secure enough to do you are asking for trouble

it's a bad idea in general.. the D.O.D had USB slots on their computers. These were removed dew to people not realizing the risk. Surprising someone that is an highly educated electrical engineer made this mistake. Everyone makes mistakes tho

@@cladbecaha It's hilarious when the uneducated try to highroad those who are.

@@TroIIingThemSoftly I don't have a degree in cybersecurity, but I've been doing computer work since before such degrees became available. In my experience, whether or not you have a degree is largely irrellavent to how well you can do computer security. Experience, common sense, and intelligence count for much more. OTOH, Having a degree certainly makes it much easier to get a job in computer security.

Genius!

Beautiful.

lol :D

I read that in LPL's voice and it is perfect.

🔫😀say good bye i hate the fact that the gun is pointed to the left, its look like im shoting at Myself/myPFP

This is my favorite kind of person!

That's what Will Graham said.

ikr, but a good lesson on malicious drives

Never give your energy to haters, it’s not about the thing it’s about your reaction that they crave.

420 likes nice

I found it really funny: commenters saying “aaah, don’t be a wuss, is your Pc so badly set up?” Thinking the only barrier necessary is disabling auto start, only to get lectured about things they just didn’t know, like usb disguising as trusted peripherals (i didn’t know that either). Dunning Kruger Karma!

I wish it was. It isn't. "Hey, I found this shiny USB drive and it says 5TB on it! That's giant! Fuck this, I am going to keep it. I just stick it into my computer and erase.... Holy F...!!!" With a laser engraver and cheap thumb drives with anodized aluminum bodies a dime a dozen, simply adjust the storage capacity to any ridiculous amount appropriate for the time.

He should've started this video with the rickroll clip tbfh! 😂

and my day is ruined

@@tungdinh4114 you beat me to it

@thanks Dude, stop spamming everyone with that video.

You took the words right out of my mouth

It contains a collection of all his favorite Pixar films, barring one notable exception.

@Thx ❤ You're aren't Rick Astley so I'm not clicking that!

@Thx ❤ Hey, stop that. We are here to see a lock fail miserably, not to he converted to Islam.

Seriously, when has Rick ever let you down? Never.

What is he, some sort of stranger to love?

Same. I also work in IT. We had an attack a few month back and fortunately the backup database was saved, but much of the shared folder got lost. Fortunately, we've had the pleasure to see positive change with the issued warning to ignore link in mail that do not come from a company we work with, from a name we know is from said company. Including from our own. Well, someone tried to pass for our CEO but used Gmail instead of our own mailing service. I must say I'm surprised it did not work, as myself would probably not have been too careful as I work closely with the CEO and I know he's prone to make changes, and send mails with link without warning.

BUT BRO I got the latest norton antivirus so I'm good! Only a real dumb-ass would get their pc hacked by a USB drive, like... just turn on your firewall! I took a typing class at my community center so I'm kind of a computer whiz at this point.

7 years into IT, I can totally see how people can be stupid when it comes to computers although, I'd like to break the stereotype here an say that most problems are not caused by users, they are caused by shitty IT people. I think I detest IT admins more than I detest users.

@@GerblerM Your firewall only defends you from incomming stuff over network but still... Your computer can easily be infected (no matter how good your "security" is) by USB drives like a rubber ducky (keystroke injection), if you plug it in while on an admin account then it can freely execute any powershell command as admin :)

@@Schdcdd oh yes there absolutely are an over abundance of shitty IT people.

I was waiting and waiting and nothing.

@@ryans6265 Don't give up just yet.

This was an anti Rick roll lol

I watched the video and even though I wasn't Rick Rolled, I know that LPL would never let me down... or run around and desert us

@@Dowlphin don’t worry I’m never gonna give up

yep

I sure he has dummy setups solely for that purpose now.

Like a Raspberry Pi 3. $35. Most viruses don't know how to infect a Linux computer.

He did mention in the comments of the original video that there was some dodgecoin on it. He gave the amount in usd and then some to a charity.

@@Scynthius137 Linux is way more spread (all those android devices) and it is a sweet target for criminals since a LOT of people think that you don't need protection if you use Linux. You are helping bad guys by repeating this "Most viruses don't know how to infect a Linux computer" mantra. All you need is 1 virus to lose all your money, passwords, private videos? etc.

I recall a story about the Iranian nuclear program. They had this facility in a small town, supposedly secret. The computers at the site were on a private network, no way to access over the internet. So, they dropped a thumb drive on the sidewalk in town, with a malicious virus on it, and sure enough, someone found it, and took it to work and stuck it into their work station! It took them months to recover their computers, and important data never recovered. Like that old saying, “curiosity killed the cat”.

How did you get approval to base your thesis on the Rickroll?!?

@@alphagt62 As far as I'm aware several were seeded in the immediate environment, but the likelihood is that someone walked one in intentionally, from what I've read about the centrifuge attack at Natanz, and background on Stuxnet generally. The story about seeding drives in the immediate environment is a good cover though.

I bet the sourcing for that thesis was fun!!! (I'm a nerd, I know. Things like this I can read ALL DAY LONG) Hey, if you wanna share, I'd love to read it? If not, I'll understand.

How do we know know our host doesn't work in IT security?

Yeah, I'm sitting here going, "Where can I get these?" LOL

@@susanavenir WE NEED INFORMATION

@@susanavenir SAME

I want this as well, along with that criptex USB ❤ And if you don't trust the original USB, I bet it can removed and changed for a different one too

Oh shit yeah definitely. That would be awesome.

It's more like saying "I won't get sick if I eat random food I find laying around in public" while you probably won't, you just might and also you might eat something that's laced with poison and die.

@@Jermain-cz4bh For the same reason someone with fill a fake USB with capacitors.

No, just good security practice. Tell me, would you brush your teeth with a tooth brush you found on the ground?

Omg you really want to eat a food that's say eat me on the side walk?

@@Jermain-cz4bh have you gotten food poisoning?

@thanks kzbin.info/www/bejne/moLaZapvjMyLmbM

3,000 years from now... on a colony lightyears from earth... people will still be getting Rick-Rolled. By that time he'll be part of the old-Earth mythology right alongside Zeus, Apollo and my cat.

@@MikkoLaulainen kzbin.info/www/bejne/Z5C9ZqRnapd6ibM

There's even a world record for most done in a day, and to make it better when the Guinness committee asked the guy applying for the record what a rick roll was he rick rolled them too.

We’re never gonna give it up and It’s never gonna let us down.

Consolation. Consultation is when you get advice from a professional

@@georgiykireev9678 lol I didn't even catch that (probably as it's the last word).. tbh I did what I normally do and let autocorrect correct my first spelling attempt but didn't notice it being the wrong word all together

I'm curious to what would happen if you plugged it into a phone charger and then the wall. Probably not good things but I'd like to watch the fireworks.

@@nesyboi9421 worse case scenario is it causes the wall charger to catch fire... At the high school I work with, a students wall charger was plugged in next to a couch and caught fire (luckily they were next to kitchen with fire extinguisher and it was put out quickly)... As far as going back into the electrical outlet, it wouldn't do anything to mains I'd imagine... Worse case there is just tripping a breaker but I'd imagine the internal wiring of a house could handle the charge.

@@nesyboi9421 dont phone charger has data lines tied to ground? so nothing?

I dont understand why he says so if opening that lock took more time that opening a master

@@Nachesko Probably because opening it requires no tools of any kind, meaning even if it takes a (short) while to open, anybody could conceivably do so at any time with no preparation.

I mean just looking at them they're pretty obviously just for show, I'm sure there are far better approaches for practical security you could install on the drive, in fact I remember using an encryption software on one once to hide a friend's porn stash for him back in the day haha absolutely no recollection of how it worked tho, like if you needed an app to decrypt it on the computer or not...

Nothing wrong with "not a serious security device" unless it is trying to pretend to be a serious security device. IMO this thing is fine cool looking toy. I like cool looking toys. ;)

@@travcollier Indeed. I wish he'd spent a bit more time on showcasing the device itself, instead of glossing over it like he did.

And we expect nothing less from LPL. He is our security ASMR

@thanks Stop the spam with the toilet sound.

@@dmkfwolf2669 I've gone through and reported all their posts I could find.

It's great. I'm all for this

@thanks please tell me you didnt monetize this

Of course they were. Corporate makes regular, mandatory training for all employees detailing these kind of threats. There's absolutely no excuse for making this kind of mistake.

if you really must investigate the thing, do it properly and be sensible. Do as LPL did and remove it from the housing and inspect it first, then use something like a cheap ass Raspberry Pi that's not connected to anything to plug the drive into so you can take a look at the contents - if it passed inspection and is actually a drive instead of an electrical discharge device.

@@Si74l0rd "On most decent quality motherboards the USB ports are fused, so if you insert a USB killer all it will do is trip the fuse. " Firstly, the data lines aren't fused because they don't carry power. Secondly, fuses operate to protect against excessive current and do nothing against high voltages. Thirdly, The devices described are capable of charging up from the 5V USB power and then stepping the voltage up internally to 50V or more. This voltage is then used as the source for the final step-up stage where the stored voltage is amplified 4-5 times to give a few hundred volts injected onto the data pins.

@@gnuthad This is the correct response. I've not seen a consumer device yet that is able to defeat this type of attack.

@@gnuthad Well, that sounds painful... might give a nasty jolt to a human in contact with the wrong part, too. Wonder if these things have ever started a fire in the PC. Thanks for the info.

Oooooooo! That song is in my head. Your virus comment got me

😄😄😄

HOW DARE YOU

+

go sit in time out

I have been in IT for 20+ years and I have seen it all. You can reiterate all you want, the problem is that people simply dont care and/or learn from their mistakes. You could show this video to 100 people and 1 year from now hand those people a USB drive which you said you found on the ground and every single one of those people will plug it into their computer. Heck, you could do the same experiment with IT professionals and I would still bet that *well* into the upper 90th percentile would plug it into their computers.

yeah like the unknown links two idiots keep posting askeladd amd Fiqih Wanita

@@finkelmana I believe the problem is that people "know better". Don't speed? I know better. I'm a better driver than most, I can handle faster speeds and have perfect reflexes! That rule is for idiots, not me! Don't do drugs? I know better. I've known this dealer since highschool and he got a b+ in chemistry. He's never sold me anything dangerous before. That rule is for idiots, not me! Everyone is an expert in everything, because we compare ourselves with the idiots. And we all ignore the fact that we're the ones acting like idiots every time.

"Any computer" is a stretch. If you prepare a potentially sacrificial computer properly, you can learn interesting things from malicious USB devices.

@@punpundit5590 Although true, Id rather leave that caveat unwritten for the sake of the majority of people

This comment is amazing lol. I'm laughing a lot.

@@yadsewnde You are most welcome.

Lmfao

wow lol fantastic comment

@@DannySullivanMusic thanks.

It's kinda sad tbh but great at the same time

Are you saying he is the goatse of our time?

@@ps.2 possibly worse, given the earworm nature of "Never gonna give you up". You can drink enough to forget goatse.

Never gonna lock you up Never gonna pin you down Never gonna fall in false set and reset you

@thanks begone bot

@@maxshykhov7518 🤜🤛

I just sang that. Amazing :)

There was no binding on 2 & 4 But I felt clicks at 6, 1, 3 & 5

There is no wonder "ignorance is bliss" is a common saying. Apparently, it is. Untill it gives you a gut punch when your life is ruined. Sometimes my mother does not understand why I shred or burn any sensitive information I want to discard. And that is the easy part. IT is a beast of its own.

@@Django45 I found if you take sensitive information, shred it, then use it as fireplace kindling, you can watch the shredded dust fly into the air. It's actually entertaining, I recommend it.

news flash old man there are a countless number of videos about usb killers with millions of views. your special it training from the 90s isnt so special anymore.

@@fezzes428 Who asked tho

@@L44tsmasher735 shred? na mate...dissolve it :p sulfuric acid and a bit of chlorine work wonders on chips etc.

Hi What does PSA mean?

@@Sruggs public service announcement

@@pruke8720 ah that makes sense, thank you :)

I would absolutely love to watch this happen, good shout on sending one in!

if he gets one, particularly if it's a laptop, i imagine he'd need to disassemble it somewhere safe to ensure there's nothing malicious on the hardware side (it's not hard to make a battery explode/catch fire, hence mentioning laptops), and to disable bluetooth/wifi radios in hardware before booting, to ensure it's completely air-gapped before verifying the software side of things. perhaps just replacing the hard drive w/ a blank one and doing an OS install himself would be the safest thing after verifying the hardware and BIOS are fine. or if someone wishes to give him a pc it should be shipped to his PO box directly from a reputable seller and not from the random viewer

That was my thought!

@@ashlyy1341 or if LPL uses a laptop and upgrades he can just use the old one for this purpose and avoid have to do all that in the first place.

It would be rather underwhelming. I assume you're talking about the worst case scenario "you will never use that computer again." Specifically the USB is going to fry the motherboard. Here's what that would look like, assuming you have a monitor on and connected. Monitor goes dark, all the lights on the computer turn off. It doesn't turn back on. You won't hear a pop. It won't catch fire and you won't smell burnt components. It'll just die, like you unplugged it. The graphics card should be fine. The power supply will be fine. The hard drive(s) (including SSDs) should be fine. The optical drive will be fine. The RAM might be fine. The CPU might be fine. The motherboard and USB port will not be fine. Ideally you would be looking at $50+ (typically around $120) to replace the motherboard and $70-500 (typically around $250) to replace the CPU. Another $100 if the RAM is bad. But since everything plugs into the motherboard, it's a lot of work to replace one.

A true englishman, so to speak, isnt he? :D

@@Django45 He was indeed born on a wrong continent.

To check USB drives i have an old pc with no Hard Drive and no internet connection running Puppy Linux. This way i assure that i can scan the Drives or Format them if necessary.

@@agustinmartinez9798 how does it work with no hard drive? or do you mean it has a ssd?

Buncha people now know exactly what it feels like to be a Masterlock.

Same haven't seen one of those in a long time.

we got baited

That's almost like a reverse rick-roll. We came here expecting it and *IT WAS SOMETHING ELSE*

A rigged-roll

hahaha very nice

Indeed, I could totally see a disgruntled employee dropping one of those near their boss's parking space, etc.

I absolutely love that you brought up that the biggest kink in security are the meatsacks walking around, moreover their hubris and lack of fear. Even in physical security, you need to estabish why the parimiter is so critical, if you have people who are bringing in untrusted sources, or devices, it can quickly go from a secure location to a place under constant survaliance just because they did some stupid stuff. People who think, "well i've never been attacked, so everyone else must just be really stupid" are the most terrifying people to deal with as security.

ick, the bane of all hardware.. programmable host controllers! (whoever originally thought this was a good idea, obviously didn't have much forward thinking)

What else would that firmware do?

it's also common to edit the firmware to make the capacity higher then it actually is

@@metaparalysis3441 That would be the firmware of the device controller in the stick, not the firmware (if any) in the host controller in the computer. To the extent some host controllers contain their own CPU and firmware, that would be pretty useless given that the entire protocol and driver stack is designed around less than 10 designs of mostly stupid hardware by Intel, AMD, NEC and ARM. Attacking the device driver seems a more viable route, as a modified device driver will have unlimited access to the entire computer.

There are people out there who think the monitor is actually the PC. There are no limits to human stupidity.

Someone in my high school gave all the teachers USB capacitor drive like he just showed which fried a lot of the computers at school.

Always remember "Half of the people you meet are stupid. And twice the people you don't meet are stupider than that." Either they think they know better, or they believe they've accounted for all situations (Spoilers: They didn't)

@@FozziePrints They're called USB killers

@@janematthews9087 the phrase I like to say is "however stupid you think an average person is, realize that half of them are dumber than that"

@liouy cnny That's a weird bot, looks like it copied one of the top comments, but just a part of it

yeah too bad it's so crappy though LOL

I want it so bad

I hear from a review, some of the Doctor Who pocket watches have plastic in them though.

@@joejoethepigeon2628 - hahaha, thats incredible

in more ways than just computers . . . .

Don't you mean "Not plugging in..." :) sry

@@kellysmith7357 plugged

Like any 'security' device it is another layer of hassle, watching this channel really shows how even a 'pretty good' lock can be beaten by somebody prepared for it in basically no time, at least if they also possess some skill with the tools... And because its so pretty, and not obviously a lockbox folks after your digital secrets might well not look at it twice, thinking its just your inherited pocket watch, compass etc, so I actually quite like it as a security accessory - small enough to keep on you, and looks like something you might choose to keep on you, not obviously what it really is if somebody comes across it at your desk... Soon as they know what it really is its of no use at all, like any security through obscurity it doesn't last once its secret is known, but its damn cool still.

@keep rollin damn i thought it was a rick roll but no its one of those bots...

You can get a cable to protect against voltage attacks

If I could like your comment twice, I would. Made my day.

I think a comparison in this situation would be that putting a random USB stick in is a bit like you opening the lock to your house with the keys and then passing the lock over to someone you think you can trust who goes in with a building crew while you go on holiday and don't look at what they do next... By the time you realise they have robbed your house and changed the locks it's too late.

@@ThatGoth no, it's more like inviting a stranger inside. It _could_ be harmless, or they could pull a weapon on you, call in their buddies, and trash everything

And you have to take turns attacking a master lock

@@jacob8565 You don't need to take turns with a Master Lock, because the 1st amateur to try will get it open.

Yep. When other people are being inconvenienced, it's "security." When it's _Karen_ being inconvenienced, it's "Oh my gawd, I can't believe you're doing this to _me!"_

@@ShadowDragon8685 And from that you found a way to drag Karens into it. Its like Howard always managed to mention he went to space, no matter the original topic.

I have quite a bunch of contacts that had their e-mails compromised sending random spam nowadays, it makes me puzzled that someone would feel it weird to need confirmation of sending files via e-mail.

Wow, you are doing a security best practice and people think it is stupid, wish I could say I was surprised though.

When i leave my home i always wear a mask and most ppl look at me like i'm stupid but i dont care bc i know i'm right. And with the email thing: i just never open suspicious attachments and have all the time a virus scanner/guard running in the background and use vpn, so what. Going outdoor without a mask (when ppl in the near, less than 10m) or computing without a scanner is like having seggs with random ppl without doing it safe. This world is entirely paranormal but it doesnt hold me back from doing things safe. And the other idiots who dont feel the need to protect themself and the other ppl they come close to are potential killers. So guess what i think about ppl nowadays. I wish all good ppl all the best and no, i will not discuss about what i wrote, thanks.

Absolute bastard. Why would he do this?

Your company has a problem with security to rig, gear and possibly anything else back stage.

@@davysmith1934 There was a case in SF where one music rental company - F'ed up the equipment of another one in order to gain emergency business at $$$ by a power device.

@@danielweston9188 MONSTERS. That's not fair ball; you out compete, over-price, but you don't do that!

Also, "Do not insert your dongle into untrusted ports." I live by this rule.

Not without proper insulation;)

Great advice to teenage girls as well.

always wear protection

“pre-computer days”

Interestingly I 'lost' all my microSD cards a while back and actually came across them all again just yesterday. They were in a small clear box on the window sill, just behind my laptop - in plain sight. *D'oh!*

I wouldn't have cause y'know, my house, so must be mine or someone I know

@Holy Knight Hodrick then cover it in gas and blow it up it's a precaution not a end all solution

I hope you re-wrote that section of the manual 😉

My university had a FUCKING MALWARE plague everyone's USBs for a while because some dipshit KEPT pluging an INFECTED ONE on the machines.... the IT guy was really annoyed, but he at least helped purge the crap off anyone that got an infected USB.... and some labs with the better PCs were left unusable for a few weeks for a year BECAUSE he had to go and manually clean everything from those units

When I was a student in university, they told us to make a text file in our usb drive's root directory that had our contact info. The intention was so that anyone following a policy like from your computer lab would be able to return it if lost. At the time, I thought "wow that's a good idea". It was years ago, and I know better now.

We keep a burner laptop at our Help Desk in case someone brings something in on a flash drive. It never touches our network unless it's been wiped and we are re-imaging it.

I actually kept a folder on my school one attached to my keys for years, folder name “owner contact”, and inside was a single txt file with my name, phone number, email, and dorm name (no room number). It saved my butt only once but was worth it for that. Note, it was shaped like a turtle, so it wasn’t obviously a drive to begin with. They ended up asking at the front desk if they knew my room number as they’d found my keys. Saved me 60$ from having to replace the dorm room lock.

I see what you did there lol.

Oi, nerethil, wassup

@@Liokindy Hey, doing good and you?

@@NWolfsson Hai, im fine too.

not to forget a "psychological" attack. a friend and I built several USB sticks that would behave as a regular device but had a microcontroller (I believe we ended up using PIC12s) that played a high pitched cricket like sound through a piezoelectric buzzer. we set it up to wait at least 60 mins and then start playing at random intervals for no longer than 5 seconds. USB stick theft was a thing in my school so we designed these as a way to punish people who stole them.

@@hectorcorona9536 LOL

I know what you mean, I never had a clue that devices like this existed. Going to disable all USB ports on the server now.

@@BenkiAU That will help only if you can disconnect the power supply to the USB ports. Physically unplugging them inside is the best option if you can do that.

oh my

any of my IoT are on a totally different network from the rest of my main system at home just for that reason.

@@dons8122 they aren't IoT then, it's just a single NoT, lol

@@Practicality01 I’m not savvy with cyber security and stuff what is LoT and NoT

@@jennacarter937 internet of things, network of things. just another dorky way of saying computer.

@@jennacarter937 Internet of things is devices that you can control over the internet. A network of things can only be controlled if you are connected to that "totally different network" Don talked about. But calling it a NoT is just a bad geek pun. 😜

*homer simpson voice* mmmmm, burger

It's more like engaging in unprotected sex with a complete stranger you only just met a second ago.

@@0neDoomedSpaceMarine I'm okay with both sex, and a garage burger, but don't fuck with my computer

I know of another classic: Don't stick your winky where you wouldn't put your pinky.

Well if it's a Culver's Butterburger I'll take my chances.

You sound like a smart person

That's when it goes into my clean cheap off-the-network raspberry pi where I can check the contents :)

Reminds me of an episode of NCIS.

You sound like someone, that has a clear and stable mind, im happy that people like you still exist. You've become rare.

I don't understand...

That's not a flaw

he likes rick astley, but not more than he likes having a computer and a secure internet connection

Personally? I don't think the song's bad - it's quite good, really - but I've been subjected to it while trying to watch something else _far_ too many times to associate it with anything but annoyance.

I feel like he really let me down.

@@TheChronova He said it was annoying in the video.

There is no security but physical, and airgap is its protocol.

@Arthur Sounds like a really hackerman of a client

@@WhereWhatHuh even the gap, isnt always save, you might not get direct access, but there is alot of Radio waves and signals being radiatet into the air which you could read out with enough invetment and the right machines

@@WhereWhatHuh if someone wanted to destroy ur device from a mile away, it could be done. Airgap or not

@@WhereWhatHuh Even airgap can be breached by special phreaking side-channel attacks because computers can leak sensitive data through emanating electromagnetic waves.

It's also possible to simply have a malfunctioning device cause damage.

i agree! 100% true!!

yeah that's just meant to fry the device. now for the fun part, the newer usb 3 ports, the ones that are superfast (not to be confused with ysb 2.0 superspeed)... connect to pcie lanes, either through a bridge or directly to the cpu. it could do a lot more than burn out the USB controller, this attack could literally kill your laptop

He's absolutely right about being very careful what you expose your beloved computer to, be it Windows or iMac.

just imagine plugging one into a high end gaming computer lolz

What is that stuff he used to pull the usb out to show the capacitor?? I want to get one in case any usb I purchase will fry my computer

@@LM-qv7cy just pliers. many usbs are two pieces of plastic connected around the usb, though, so you'd want to pry those apart using something flat instead of using pliers for those cases

@@michaelthornes thank!

I too am an IT professional, and I am amazed at the important systems that are connected to the internet! I worked for a large, $4 Billion dollar company in the late 90’s, they got fiber optic internet to the building, and of course all the chiefs wanted to be able to access from home. And all of their passwords were their last names! And after exposing the company to such a giant compromise, almost none of them actually ever logged in from home. But arrogance and self importance made them think their convenience was more important than security. And if we had been hacked, us IT workers would have been blamed. My last day there in 2003 was a happy day!

even if its air gaped , it can still be compromised

There are ways to make things more secure but users will hate you for it. I worked on Netware servers. I trusted them because they were C2 capable.

When my oldest start secondary school 2 years ago they wanted her finger prints for the canteen etc as they cashless, i said no chance are you storing that kind of data on your tin pot computer system, they assured me its 100% safe and so on, so i pointed out if i top her account up on line it stands to reason you will have it automated to top her account up in school that has her prints and date of birth etc stored on, so no, any system is only as strong as the weakest link, in the end i said yes ok but only if you sign this, and handed them a consent slip for to try and retrieve as much data as i can from there system and if i get any details of anyone they pay all concerned £10,000 cash, i promise to do nothing with any data other than put to CD and hand over to you, they refused, i asked why if your system is so secure? what you got to loose?

I would go so far as to say that as long as the system has a human user interface of any kind, it cant truly be secure.

Can you imagine if you work at the bank he uses?

@@pierrecurie What about take out place? "Oh yeah sure buddy you wanted 2 large pies uh huh."

True story. A business partner working for a really big corp. called me and asked me if I could call the Interconti in Belgrade and book him a room for next week. I said: sure, no problem. But I can also give you their number I have it right here. He said: Oh I have the number, but they keep hanging up on me when I tell them my name. His name is James Bond...

Rock Astley is still alive, and I'd be willing to bet he does run into trouble! Haha

What do you mean "had", the guy is still alive an kickin, he had a reddit AMA a few years back, where he himself got rickrolled...

you can brick your hardware even with malicious software and imean physically

It's not about the old man. It's more about idiots who act like they know everything then going around spilling their nonsense.

Block the data pins but allow the power terminals to pass through? That can be quite useful if, for example. your phone has almost no charge and you don't want your company's computer to access your phone while you do an emergency charge off the USB port.

There was one out there with a external drive it stored so much power when it release it set a desk top on fire

Prophylactic... now there is a word that doesn't get tossed around the bedroom very often. I'm surprised that they have them for computers. Though I shouldn't be. We get all the engineering and technological capabilities of building robots that, can serve humanity in great ways... and our first true robots are sex dolls. Which makes me wonder... will they have robotic prophylactics for sex dolls? I mean ... Where would that go, what would that look like? Would it be something to stop her from being penetrated by hackers? Will it stop the Siri and Alexa from introducing her to third-wave feminism? I'm so full of questions now. In the vast plethora of sources and experts on the internet, I should probably consult one of them... I know... Reddit. I'm sure to find some experts on this topic... On Reddit. #research

@@mr.mckinnon5680 the real question then is “do android’s dream of electric sheep?”

There are also ones like USBKill Shield which don't just block data pins but also flash LEDs if they're being attacked in this manner. Still doesn't protect you from malicious software. First plug the untrusted USB into one of those, then try reading it on some dirt cheap chromebook if you've really want to take a look.

Kinda bummed me out ngl

This video will then be flagged and monetized by the company which owns that song. Why would lpl knowingly give up his earnings?

Lol

Well, to be fair: You're forgetting the nuclear silos with their passwords set to 0000. For decades on end.

Wow, I hope they are using a locked down Linux and reboot-to-restore to do that. If not, it's just a great way to propagate zero day attack like Stuxnet did.

@@ouicestbien Like you actually know.

@@ouicestbien It wasn't like it was some way to access the silo. It was an extra lock on the launch sequence that they ended up determining wasted too much time to be worthwhile, so effectively disabled it. You still have to go through a bunch of armed guards and giant steel doors (and, of course, the base's perimeter security) to get to the silo in the first place. And have the launch keys.

@@johnnylavoie Systems like these just run on live CDs, no need to complicate things.

Phones also enable dragnets. There was a civilian dragnet a while back that tracked the route of a Chinese sub using GPS in it's crew's cell phones.

Same :)

Except, it can be done with any rPi0, or rooted android ... Example. A good friend has the Windows install disk in his phone. When a computer needs reformat, he plugs his phone as storage, and restart computer. 15mn later, fresh windows. Also works with linux installer.

@@Benoit-Pierre Of course, this doesn't help in the case of "devices like this" - 0:47

Funny enough, I actually made a python script that would near instantly open a browser window and type in a link to, you guessed it, rick roll someone

There are reliable countermeasures to USB Rubber Ducky, at least if you're willing to modify your kernel's source and recompile it. But that still won't save your machine from being fried by an electrical discharge.

Calm down yoda

wassup checkmark

Ok verified

@@AdamSmith-du6us Very nice, much fancy... ( sorry, that's Dogecoin ) Confused I am.

Bien

just use a cheap arduino to read what device descriptor it reports. your overthinking it xD

He’s probably some god like hacker too

@@neon5162 That's a click out of 1, a click out of 2, a click out of 3 [...] a click out of -, a click out of =, nothing on backspace. So that is the keycap that is damaged. In any case, that's all I have for you today.

Now waiting for someone to send him a small locked box with a firecracker triggered by opening inside. And of course a note saying "It could have been bigger. Opening unidentified packages is a security risk." There's lots of extremely nasty things people can do.

He probably is a god at fallout too

And memelogical threats...

That is the most effective way to teach people alright. 🤣 Would have loved to have seen their faces when showing up to the IT department to explain what happened. 🤣

That could backfire if people start swiping actual vendors' USB sticks to swap for donuts. "Hey, Bill? How many of those trap USBs did you put out?" "Uh... About forty, why?" "Got Bob from Accounting here with an tote bag full expecting baked goods and ballpark guesstimate says he's got at least seventy." _"Fuck._ Okay, you go clean out Wawa and Dunkin' to give Bob his good boi treats - take the company card and for these purposes the speciality stuff and muffins are "donuts," and get me two 24-ounces of Pumpkin Spice while you're at Wawa. I'm gonna _need it_ to unfuck this bag of sticks."

Yeah this thing looks amazing. Would be even better if it had a watch or something embedded into it.

I was thinking the same thing the compass looks great

Who knew that Rick Astley was such a gifted craftsmen!

Anyone know if that lock is for sale anywhere?

There's an easy way to prevent buffer overflows (If the developers are aware of OWASP's secure coding best practices) It goes like this: You know how big your buffer's max size is, so you count bytes being read in and stop when you hit max size and ignore anything that follows.If required throw an 'Invalid buffer contents' message.

@@daviddunmore8415 In this case the developers assumed, that USB devices would report the correct header size and omitted the extra overflow check, which is a pretty easy mistake to make.

@@daviddunmore8415 And despite it being so easy, it keeps popping up again and again ;)

@@alexanderdaum8053 Indeed but presumption is the mother of all screw ups. Presuming all USB devices are standards compliant is idiocy.

But what can you do instead? It´s unreasonable to pull every stick apart and inspect it, trashing it would be unreasonable too. If you had a cheap mini pc setup simply to open files/pictures it could get damaged everytime a new stick comes in and you´d have to format it everytime after I presume.

@@Masterofcreat You don't need to do anything. If you find a USB stick, treat it like any other lost property: hand it to reception. The owner can get it back by asking for it; you don't need to investigate and try to find out who the owner is.

There is one sure-fire way, don't have users... I guess not letting the users have USB ports, or any exposed ports at all even might work too... In the days of almost all data being on the company server do you actually need your users to have anything but screen, and whatever HID devices suit their work at the desk - often wondered why none of the big commercial computer providers don't have locked IO covers, or even no 'user' serviceable IO at all - just have the cables coming out the box needing to open the case to change them (maybe they do, but I've never come across the old decommissioned commercial computer with those features).

The place I work for simply disables all USB ports which are not in use for keyboard/mouse/webcam. Of course that doesn't prevent a USB hub from being connected to one of those ports

@@foldionepapyrus3441 You can't not have USB ports. Unless everyone is using bluetooth keyboards and mice, and have built-in webcams, USB is the only way that those peripherals are attached. Even if you only have exactly the number of USB slots needed, there'll always be someone who unplugs their mouse or webcam so they can plug in the USB stick and try to figure out who lost it.

Great video and song, liked it since the 1980s.

Yep, I've heard that many malware baiters will leave USB sticks in plain sight in places like parking lots, hoping for peeps to plug them in to computers.

one of my friends once ran an AI program without really knowing what they were doing. It didn't turn into skynet, but it was really annoying. The AI would move files around, change OS settings, and be an overall nuisance. At some point it learned to copy its own files, and occasionally it would hide itself on USB sticks that got plugged into the computer. The laptop ended being gifted to somebody else, and last I heard the AI had somehow learned to change the login password. To this day though, she has a box full of USB sticks that she's afraid to touch because she's not sure which ones have the AI on it.

Supposed it was sent back in time from 2347, it could still be a Rick Roll…. Epic long term prank involving a time machine, bending the rules of known physics & of course Rick Asterly ;)

And you can tell by the sounds of horns, that seal one is set. Second Seal is binding. Click out of three.

@@qwintur349 This is just gold :D

@@qwintur349 I'm laughing so hard right now😂😂😂

@@qwintur349 as you just saw, this is not a very effective security measure and I wouldn't use it for my own realm.

Which only protects against known threats and only if you update it religiously. Yep, lots of dinguses posing as experts