lool

lol

Lol smart

Hopefully they do not use VPN and find that the website is not broken and have professional hackers attacking your website.

@@AskJoeTaylor If you have professional hackers attacking your website you're not really worried about the script kiddies in the first place.

Wonder if I can do that on my ftp server

Throw in the 418 as well :p

401.0000000000001

@@MegaZsolti iit should throw ouy 42069

English Accent. +10 to Speech

nice username

418 was actually joke-proposed for the then-fictional "Coffee pot over IP" protocol. The idea being if you ask your coffee pot to make tea, but it's actually a teapot, it uses 418 to tell you it can't make coffee because it's a teapot.

@@mayube9292 This would be a perfect example of using a joke error code to provide real security. I love it!

Could be possible with a raspberry pi or something just set up to throw 418s and have some controls for the tea cooker :3

@@drumguy1384 "real security"

Really good talk, man. I'm somewhat new to infosec and your presentation was well laid out and made a lot of sense. Keep up the good work

Awesome stuff! Thanks for the entertainment.

Really enjoyed the talk! Funny and informative.

Great Talk!

WARGARBL

Especially in an Enterprise application!

Fun times fun times!

Rly nice idea :'D

ChillerDragon that's almost enough for like 3 chrome tabs nowadays...

8GB was the norm for dev laptops in 2013, or at least in my company, moved to 16GB in 2015, and half of us have shifted to 32GB this year, with next year having the other half swapped out. Mostly to help with caches on result queries when you're just testing small changes on test data. Normal dev machine I'd still stick with 16 nowadays.

I stil have 8 gigs.

@@ukyoize what do you do? If you don't need it, then no point in upgrading/wasting money, can spend it on e.g. a better screen, mouse, keyboard, etc. As I mentioned, for the work I do, it's one of the easiest performance improvements one can do, should be one of the main jobs of your manager to make sure you have the tools you need to be most productive.

A KZbinr my work laptop is supposed to run a browser and office. 8GB is fine. Not a coder though.

I mean, they are beaten paths for a reason. It's to ensure interoperability between services and tools. Malicious scripts are just using this interoperability to their advantage.

Its not script kitty, its script kiddy. Script Kiddy.

minihjalte Now I want a Script Kitty.

Cory Marsh They are quite cheap actually, i think they go for 5 dollars right now.

minihjalte Do I need to buy a special keyboard for the script kitty or can they use a normal mac keyboard? I am assuming they come pre-trained.

Alex do consider that this could have been a joke. Check out AvE, man

I still use opera. on every front they actually innovate. I love it. >50% doesn't work out, yet they still try again and again. commendable.

As an aside to this: Bypassing a browser check like that can result in using a broken web page. Often, if the site has a preferred browser, it's because they use some feature they know to be implemented on that browser that isn't implemented on others, or they use some specific browser extension (activeX, moz, webkit, etc). It's certainly bad programming on their part and an annoyance, but at least they're giving you the message that says "Hey, I know my garbage web page only works properly in Firefox" rather than letting you wonder why the site isn't working properly.

Rue U There's also Goanna that is a complete Gecko fork.

@@kiraPh1234k Mostly it is used to block out old and skimpy browser which don't comply witht he RFC. Of course I can use a ployfill, but honestly I don't want to serve an IE8 in 2021 and people should feel bad for using it.

@@NineSun001 Uh, no. The situation i pointed out of a web developer using features that exist only in specific browsers is much more common than a situation where a web developer is just not supporting very old browsers. These situations will often happen because either the developer wants to utilize a web feature only implemented on one browser, or wants to implement a browser feature as part of their project. So usually these are browser specific extensions like moz, webkit or activeX controls (and even out of those it's mostly activeX and moz...). You will see this go side by side with supporting only Firefox or only Edge (Firefox so they can keep using moz, or Edge for activeX). This is actually why I used Firefox specifically in my first example. Since it's never a leader in implementation of RFC you'd almost never want to support just Firefox which has some of the worst web compliance of any available browser. So to be clear, in most situations and especially in situations where you see "Only works in IE" or "Only works in Firefox" - this is because the developer isn't following web standards/RFC. It's not because they're stopping RFC compliant browsers (Like say, Chrome, Brave or even Edge - all of which implement more of the RFCs for HTML5/CSS3 and such than Firefox. Next time you see a site supporting only Firefox, look at it's source. Most likely you'll see them using moz extensions for things which other browsers use normal HTML for. Edit: Remember, most humans have bad habits - even in their jobs. Programmers or web developers have never been an exception.

Ja, hat sich so angehört.

Daniel Brunner ich bin ein berliner

It’s a common word in some parts of the US

@@talhatariqyuluqatdis you're a hamburger?!

@@mcMineoc Only douches who want to seem cool.

Not everything. Most major functionality stays the same, at least trough the miner releases. The things mentioned here will probably be different every small release. It would be quite hard to keep up and test every new version of the browser. Automating it would be one solution though.

It's a bold assumption that some request will be invalid forever.

THis is wrong. 404 statest that the requested resopurce was never here to begin with. 410 states that an existing resource got deleted. Every 410 should become over time a 404.

ayeeee.

411 that's what she said

The vernacular difference is the same as the one between difference between 'noob' and 'newbie'. Taking scriptcode apart isn't what 'Scriptkiddies'(vernacular) do. They find these programs and use them as blunt instruments of cyberwarfare, without much thought as to how. The 'lout with a brick' of hacking.

Give a man a wifi password and he has internet for a spot Learn a man how to hack a wifi password and he has internet forever

@@JoshSweetvale skript kiddies will beat you with a stick, where a skript noob will learn to sharpen said stick

() parentheses are for group matching, no use there.. res[p|ponse]? matches 3 options: res resp response Which is exactly what he meant to do. Not crazy complex and gets the job done.

Puffo Sciamano No, `res[p|ponse]?` matches: res resp res| reso resn ress rese While `res(p|ponse)?` matches res, resp, response Like he wanted. Or better - `res(p(onse)?)?` Know your regexs.

@@AssemblyWizard oh my.. uops :) I stand corrected, kids dont drink and regex

Could you not have this setup to change the return code rules dynamically depending if you want to use a tool to check the health of your website? Also, could you not whitelist certain bots while still avoiding malicious ones?

Actually, this setup is easy to use with in house interference. When you have access to your own network, it's a different beast than the Internet coming in. The Internet traffic is restricted to whatever you exposed to them, but from inside you could for example, simply use your health checking tool on the server directly, ignoring the proxy that all the internet traffic is coming through, hence getting all the correct response codes into any needed tool. Edit: It likely won't actually impact SEO much either, mainly due to search engines using content and reference to judge rank, not response code. It could impact the spider's ability to crawl the site, but there are solutions to that as well.

Same, and now I can't get "N Gin X" put of my head

Error 420 - the cache is too high

Anyone scanning without your permission might as well be considered potentially checking for weaknesses

Lone Wanderer is 666 a thing?

And so does Chrome Mobile

Internet explorer still isnt decent.

ShroudedWolf51 He only mentions trying "all" IE versions and IE6 being the extra weird one.

Angry addict lol

Found the script kiddy.

blackneos940 what

@@undefined879 I asked exactly that. :)

@@blackneos940 do it pussy

how much net traffic could be saved if fucking edge and mozilla and chrome RESPECTED 410 Gone for crappy speculative requests and STOP ASKING on that domain/whatever

i wish my wishes came true except typing them here as a reply to a random video about http status codes probably isn't going to make it happen :

I was right then and I stand by old me

Wait, what?

He's 13 now

Script kiddies are called that because running scripts is about as far as their computing knowledge goes. They don't have the experience to modify their tools to circumvent these measures yet. If they're interested enough to try, they'll probably develop a more-productive interest and end up writing code for a living or end up becoming security researchers themselves a decade down the line.

@Bobby Fisher i also hate, when someone disrupts my drug usage for talking...

I much prefer when a talk incorporates drug usage. Far more interesting than the alternative.

Man that alcohol is so evil. I wish the devil would burn them down with his fury...shut the fuck up.

For youtube?

Oh, that was you

Rou Lor it's the equivalent of "bless you" in english.

Why would that freak you out?

@@ERIK31351 Because "bless you" at least somewhat makes sense and just saying "health" is weird.

the german set phrase "Gesundheit" has its origin in the idea, that you wish health ("Gesundheit" in german) for yourself when somebody sneezed around you. But nowadays it means you wish "Gesundheit" for the sick person, even if the origin is, that you wish health for yourself :D

Nah, that's too much credit. A hacker actually creates solutions to problems and makes tech do what they want. A script kiddie is generally not a hacker, they have less interest in engineering any solutions and more interest in commiting crime.

maybe even government honeypods and not real childporn so they arrive even faster xD

@@SJWBach ecksdee

@@SJWBach yer

He's British. That's racist.

Hello Kitty Lover Man! Ms. Being a fake artificial article