way

You’ve sold out man. Letting these dodgy sponsors into the channel…

No way. Big if true

Why don't you use adblock?

An IT guy that gets ads in his browser? WTAF? 👎

Lemme introduce Opera 5, Oracle shittiest app that runs on IE mode.

This is 100% true

I was gonna say.

I can already smell the next big wave of ransomware. 😭

Oracle forms application running as a Java applet in IE is always fun thing to work with..... And the 2nd best thing is having like 2 page manual on intranet how to hack it to work....

So ultimately the end user is safe but isn't because a company that has their personal data is gonna get hacked.

Usually you set this up to only open up certain pages in IE mode and not all pages which makes it much harder to exploit. At least according to my experience

@@benargee And if you know nothing about computers, you are going to copy those settings at home, "because they work"

If configured correctly then Edge will not use IE mode except for specific sites that are put in to a list of sites that require IE mode, such as an intranet site. If not using a centrally managed enterprise list of sites for Edge in IE mode then sites in the browser managed list expire after 30 days. Clicking a random link is somewhat unlikely to send you to Edge in IE mode.

I'd wager a lot of people who have Crowdstrike have Edge in IE mode...

@@Petrichor_h I work for a large enterprise in health care... we have a IE mode entries in our EMSites list. This is very common in enterprise for support of older software or internal websites.

Some of the most widespread SCADA systems feature web servers that can only be accessed with IE

So many tech KZbinrs, especially security focused KZbinrs have this cringe ignorance, it’s a lack of real world experience I think.

@@Petrichor_h Most EMR and EHR (if not most, it’s still a LOT of) only works on IE. Honest to god it destroys my soul every time I have to configure a Device Configuration profile in InTune for a client that opens up and enforces Edge in IE mode, adding all the providers URLs to the trusted sites list… Madness… Edit: rereading my comment, it sounds like I am trying tell you something you don’t already know. So my bad, was just a general statement

My last employer only deprecated that because they HAD to, not because they wanted to. Required an entire backend change.

those use the original IE on Windows XP, and no, I'm not joking, just have a closer look at your local ATM, you will be surprised ...

I could not believe that a bank is still using IE mode for scanning checks for payroll ... its so odd ... I had to support this garbage

Once my mother was using an ATM here in Brazil and when she finished what she was doing the ATM showed a windows xp shutting down screen.

I was so happy when they moved from IE6 -> IE8.

Yeah, an average person has no idea what goes on in their bank, Edge IE mode is pretty modern compared to the 100s of legacy mainframe systems. Also as many people already stated, no way you gonna open a wrong link in IE mode unless something is wrong on org settings level.

"Microsoft, this is seventh time in a row you're showing remote code exploit to the class" - Somebody once told them to do what they're good at, and they took that advice to heart. The problem for us is that they're good at being insecure.

Do those actually run on the wider Internet? Because I know people use IE mode for intranet stuff, but a website designed for IE mode would fail for 95% of users.

Or silverlight…

@@SomeDudeInBaltimore ActiveX, yeah that was too many Exes ago to remember

Had that with infrastructure equipment like switches in really big companies. Their stuff was so ancient that you either had to download a reaaaaaaaaaaaaaaaaaaaaaaaaaaaaaallly old firefox version or use edge in ie mode

same...

The fnсk is the large well-known corporation whose handful of extremely important internal applications REQUIRE IE IN 2024. Clients need to know XD

@@zyplocs is it Delta or Cloudstrike? 😂

If configured correctly then Edge will not use IE mode except for specific sites that are put in to a list of sites that require IE mode, such as an intranet site. If not using a centrally managed enterprise list of sites for Edge in IE mode then sites in the browser managed list expire after 30 days. Clicking a random link is somewhat unlikely to send you to Edge in IE mode.

_For you, the day Microsoft ruined your security was the most important day of your life. But for me, it was Tuesday._

At least it ain't Friday.

What does compiling against mean? Compiling the driver to run on a specific version of windows? Also shouldn't there be tons of Wi-Fi drivers out there from different Wifis manufacturers?

@@ArkenGAMESeach version of windows has its own SDKs (DDKs in the case of drivers)

@@mattmurphy7030 I would have thought that windows has pretty good backwards compatibility and assumed that you don't have to maintain the same driver across multiple windows versions. That must suck. So there is a single global wifi driver pre installed in windows 8.1 that works for all wifi manufacturers and had that bug you were talking about?

There's also the WSAPoll bug and they didn't care until Win10 was released.

​@@ArkenGAMESnah it's that Microsoft broke the dependencies that WiFi device manufacturers use to build the firmware blobs into installable Windows drivers so that when the driver installs regardless of the manufacturer it will break Another reason the driver should be presented at the kernel level and treated sincerely as such, rather than slapping them on willy nilly

@@kissgergo5202 underrated comment

its their new crypto AI skibidi toilet update. it buzzwords your software and such

Turning it off actually doesnt prevent the bug from working just make sure that your windows is up to date

@@howelon3099 7:44 So you interpreted "Systems are not affected if IPv6 is disabled on the target machine." to mean "Systems *are* affected even if IPv6 is disabled on the target machine." or am I missing something...

@@erikb4407 Well when I read the original writeup it said even if ipv6 is disabled the packets bypass the firewall anyways and will execute the said packets/code. Maybe this is referring to something else?

@@howelon3099 If you look at the original writeup on the microsoft website for this specific CVE, it says under *Mitigations* _"Systems are not affected if IPv6 is disabled on the target machine."_

mfw 127.0.0.1 instead of ::1 (the latter is longer and more annoying)

I always remove (with NTLite) or disable everything that's not really useful. One of them being ipv6.

The IRS does.

Fun fact: Another language in the “BOL” tradition - SNOBOL4 and SNOBOL5 (Oregon) has ancient syntax but awesome feature set for text data extraction and parsing, and is very much useful today. It may have COBOL vibes but wowzers is it miles better than trying to use regexes to extract data from non-regular-language input (CrowdStrike cough cough).

@@absurdengineering I just looked up SNOBOL. I knew of its existence but not the nature of the language.

@kensmith5694 there's a couple of banks near me offering damm good money for students to do COBOL, apparently saying their last few programmers are in their 60's and 70's(!), and have returned to work after retiring some years ago. They paid for eye surgery for one lol 😆

Oh yea, if you want a idea how dire their situation is, heck a cold winter could finish off their COBOL team 😬 the local Unis allow them to come it at fresher week and say to the Comp Sci students can you see yourself doing this? There's a paid 'apprenticeship' right this way if you do.... but every week that you learn more about new stuff you get further away from where we need you to be, so come now No other companies get that opportunity

Plenty of things use it in the enterprise space… “we either have to upgrade the LOB system and pay a ton of cash… or set GPO to automatically open these in IE Mode.”

The problem is that the words "reputable" and "router" usually do not belong in the same sentence

@@kneesnap1041 Yeah sure, lets nit-pick about semantics while it is clear i simplified my point so normies can understand it......

@@jagdtigger perhaps my point was missed, I was hoping to point out that users often do not get a choice what router they can use, I sure don't. I have 2 ISPs in my area, and one is DSL and would go out on an hourly basis, and when it did work it had less than 1MBPS download. So, I've realistically got only one option for my ISP. They refuse to service any router which isn't theirs, and their routers are extremely locked down. I don't have an option

@@kneesnap1041 You can always hook up yours after the ISP junk.....

especially someone who is allegedly so computer literate

​@@rowbart3095it's probably on purpose to support creators or websites

@@Vitis-n2v Or rather, it's because Ed is actually in a Windows VM to avoid getting his real fingerprinted get identified so he can protect his privacy.

Could it be that he was running a Windows VM for privacy reasons? *_Resisting_* fingerprinting is its own way to getting fingerprinted, LOL.

I don't either. I'd rather have my data be stolen by microsoft, google, and other large companies than some unknown browser extension. I don't have ANY browser extension at all. I used to have quite a few and a well-known one in them got hacked one day and I believe it stole my credentials from sites. So I had to change my credentials and reset my computer. Chrome extensions can't really be trusted. The Chrome web store, most obviously, doesn't work like the google play store. Nothing is reviewed on there and there are no constraints over what the extension can access, obviously because most extensions need to access site data such as dark mode readers, and ad blockers, for example.

@@Tenetri it is, also take a look at the android security bulletin, yeah, it's udp in general, buuuuut, probably easier to exploit with ipv6, there was an unauthenticated, remote code execution in Android's network stack, too

plot twist: you're not on ipv6, just like most of the planet....

"Crowdstrike: The 'Patch Tuesday' is not even close to 'Stranded Friday.'" - I can't say I agree with that. I would much rather have my computer crash and refuse to boot than have a malicious actor take control of it remotely, especially if they can do so without any user interaction.

in other words: how would these "carefully crafted" malicious ipv6 packets even reach my pc if adsl modem/router has all ports closed? and pc has firewall. in that case i have to click something, somewhere...which is same as openiong suspicious mail attachments.... so....not really 9.8 of 10 vulnerability with all those factors. and...well....i'm not on ipv6 anyway.....i hear half the germans are....hehe.....

@@ivok9846 IMO it's still a 9.8. I don't think CVEs should assume anything about local networks when assessing risks. But for the rest of us, its an important reminder that stateful firewalls are useful, IPv6 does not equal direct internet access and maybe stay away from MS Windows.

That assumes the dinky router in question even bothers to run a firewall on IPv6.

@@techgeeknzl are you on ipv6?

NAT can be punched through if you spoof the packet so that it matches one of the opened connections, both for ipv4 and 6.

Likewise. Other than networking that is invisible to us end users (cellular data), I don't actually know a single person or company that I work with, that is using IPv6. I know that's not how things are everywhere, but like... _both_ times in a couple decades of being in IT that someone has asked for support with IPv6, I've had to go back .. again .. and learn it all .. again .. because I never ever have to use it for anything. Part of me is curious whether the sluggish adoption is inevitable (if you have something that works, why bother?), or if it's just because IPv6 is a convoluted mess of a stack that changed so much more than it needed to, and the lack of uptake is more because no network engineer wants to deal with it if they don't absolutely have to.

Not just Edge, but Edge in IE mode. That means it is really running Internet Explorer with an Edge wrapper.

@@trail.blazer I doubted that would be true and that it would probably just emulate IE like changing the user agent header and a bunch of other compatibility settings but you're actually right it ships with the "Trident MSHTML" browser engine that was first released in 1997, and apparently that means a bunch of new web standards totally wont work. Microsoft is wack. I do not envy anyone who has to maintain software made for IE mode, must be a pain in the ass.

@@BlueBetaPro Is it really Microsoft that is wack? The reason Microsoft is providing it is that there are ancient pieces of software only compatible with it. So it’s the enterprises using such software that are ‘wack’, if anything.

@@abcdqwerty3562 I know it's not wack to provide the backwards compatibility in the first place but it's the way that they went about it from a technical perspective that sounds wack. From a web development perspective it's really incompatible with modern standards despite being in a modern browser, and from a software development perspective it's lazy to include something that I assume is quite a large binary/library into the application just to provide a little bit of backwards compatibility.

The number of users is inflated as Microsoft force edge to launch by overriding default settings Plus Windows 11 silently uses edge to run user-implied search requests

yep, use that too, to check on my own documents. You can read across missing words, but hearing it read aloud you spot all the things the spelling checker misses.

@@Nerd3927 Hmmmmmm... I need to check this out

The Edge tab management is the best. I wish Firefox could do that.

firewalls exists for that. and NAT for IPv4 is a hack and was never meant for security.

@@RoddyDev It was not, but it's a by product of the workaround.

IPv6 also has an implementation of private-enhanced addresses; whereby your OS can use unique, randomly generated addresses for different sessions.

If it were that easy they wouldn't be the CIA

@@originzz one of their access paths likely Waa discovered. Let's not forget that your: CPU Gpu Bios Cables TV Phone Entire life is backdoored. There is no privacy, soon we will see covid & 1940s esque neighbours snitching on neighbours and anyone they can in order to win favour with big brother. Dangerous times ahead

@@AttilaAsztalos ?

@@burtburtist watch from 3:54 onwards

@@SreenikethanI i mean how is someone just using whatever came with their pc patching, the os stopped getting patches, i dont imagine them manually going through the kb catalogue, just disabling update notifications

@@burtburtist Because Windows automatically updates (and forces restarts), and you cannot override this without knowing a decent bit about computers. The only way a Windows 10+ computer wouldn't be updating is if it isn't online. But then it isn't vulnerable.

@@ZipplyZane thanks for the actual answer, i didnt consider it working as intended i guess, the windows 7 failing to update bug seems pretty common, and im pretty sure 7 was no longer getting updates anyway, forgot if the update to 8 then 10 or whatever was truly automatic but its been a hot minute since ive run 7 myself.

Honestly it's really weird how he seemed to imply a lack of firewalling for IPv6 would be the user's fault. Obviously that's a terrible default -- no NAT != no firewall. I'm sure there are some sloppy routers out there that do that, but I should also add my own anecdote of a router whose IPv6 firewalling was so effective you couldn't disable it at all; turning of the firewall only applied to IPv4. Also very annoying, but at least it's secure.

IPv6 Windows Implementation considered harmful more like

No, please. Do not use IPv6 private ranges. They are there for a legacy reason. Your router should use DHCP-PD to ask for a range from your ISP. Then your router will announce that range via SLAAC to the internal networks. IPv6 is designed to not need DHCP server. The concept of public v private is a characteristic of your firewall. Your internal networking being publicly routeable doesn't mean they are publicly accessible.

@@Lue30499 I will never, ever understand this ridiculous notion. "Let's not have private addresses anymore! YAY! Everyone is directly on the Internet!" and it's equally daft companion ... "NAT is not security!" Except _it literally is._ If you're not reachable directly via the Internet, you are not vulnerable to exploits that attack you ... directly ... from the Internet. The route just does not exist. "So use a firewall that blocks incoming traffic." And that's fine. _If you do it._ With IPv4, and the near-ubiquitous usage of NAT imposed by the IP shortage, there was basically no choice. Everyone was behind a one-way filter by a matter of course. With IPv6 ... eh. It's optional. The problem with that, of course, is that.... _it's optional_ ... and therefore, it _will_ be turned off. (Or just never turned on.) More to the point, you won't necessarily know, because it works either way. IPv6 has gazillions of IPs. There's no need to conserve. But that doesn't mean NAT isn't still a really good *layer* to have in the security stack. Removing it from conventional network design was the dumbest freakin thing about IPv6. And there are a lot of dumb things about IPv6.

How can you be an "IPv6 stan" and advocate for IPV6 NAT?

​@@Lue30499what meaningful difference does being publicly routable make if it doesn't allow packets the user may not have expected or prepared for to reach the device?

@@lassipulkkinen273 I'd take everything said by someone who's username contains "troll" with a grain of salt.

Any day now!

2025 will be the year of IPv6!!!

NAT cancel IPv6

Doing a ping-sweep on IPv6 is a little like the SETI mission statement. There's gotta be somebody out there somewhere.... right? I guess bounds-checking code in the IPv6 stack is down there on the priority list, when having malformed packets hurled randomly at your machine from the ether would be an event so novel that it might inspire the plot of a science fiction movie.

@@clashcon11 "NAT cancel IPv6" This. The problem it was designed to solve no longer exists.

Dude I'm shocked. I had no idea IPv6 didn't have any form of NAT. I suspect there's a LOT of other software engineers who didn't know this either. How has this not been plastered everywhere? I just don't understand.

Arch Linux user confirmed.

Plot twist they actually use windows 11 jk

I use Arch, btw.

Does using a Mac count? Nobody asked me either. I'll go back to my over paid walled garden... Sorry.

Surely linux have 0 vulnerabilities

IPv6 doesn't require NAT. It's entirely possible for your computer's network interface to be publicly addressable, even when it's behind a home router. This is the "default security" you get with NAT that he was talking about, which doesn't apply to IPv6.

@@galacticminx yeah I heard him that part, but I was thinking that traffic will still typically go through the router even though it isn't necessary for IPv6. I could definitely be wrong though.