His ancestors were also pretty straighforward too am sure 😂😂 (think longboats....). Great talk!!

and spelling "w" as "v" :D

And I still have no idea what the presentation was about 😅

It's a miracle that it works at all :)

So that's why it's called TCP.

40 years ago it was band-aids holding together spaghetti from 40+ years before *then*.... that's all it's ever been, or will be, and yet we still manage to do amazing things.

Buddy, I cackled out loud about the crowd strike thing. A true hero!

He got me a few good times

So man foreigns.

To be fair, he has a quite thick accent and also uses "eller" several times. And the way he pronounces "data" is exactly like Danes do.

@@RedSntDK The same with Java. In danish the J is more soft, and will sound like the english "yah" or "yea". So it would be kinda like "Yava".

Definitely!

or just block all ads. thats how I do it. I hate ads.

I tried this but it just buzzes "404 not found" in morse code. Is there a root shell? Because there's always a root shell...

Anyone can intercept HTTPS traffic. Whether or not they can decrypt it is another question

It could be done if someone has access to certain TLS’s private pki information. Then there’s nothing stopping someone.

I'm guessing he's just used to saying Https instead of http.. just a little brain blip

-I think he's redirecting https to a http connection- re-watching the video, at about 10 minutes, he's using the wpad proxy script to ensure that all connections to his proxy server are on port 80 / unencrypted connection

@@cmusgrave only works if he can offer a trusted cert matching the request URL (in which case bigger things are broken)

It is my friend, it is...

It already is? There are dedicated conferences and journals focused on cyber security..

@@MrMatthijsr cool! I probably had a very specific idea in my head ;)

You mean computer science ? To hack something you must understand it.

Dude really? 😂🤯 Adjust your hosts file my friend. And if it's not a personal machine then 1000% tell your IT / networking people.

@@trudyandgeorge he is quoting the presentation... also yeah just tell grandma to adjust her host file... This needs to be fixed on an OS level.

+1. I wanted to know this too. At first I figured it's set at the OS level, maybe in some proxy discover daemon as part of the networking daemon ...but the more I think about it the more I reckon it's at the application-level. It must be the browser runtime reaches out, or the antivirus reaches out, or the Steam client itself reaches out, etc (he does mention to set a rule in /etc/hosts to resolve it locally 127.0.0.1). I wonder if my machine does it too? I'm going to setup a rule in my /etc/hosts then setup an nginx server to capture any requests. I'm on Ubuntu. (This is really blowing my mind. Best talk so far imo)

All Microsoft software, and many third party applications, use the IE/Edge proxy settings and they have WPAD enabled by default.

@@_mr_andersson But then EVERY PC would be connected to this?

@@Sonyboj Not every pc, but many. You have to have automatic proxy discovery enabled, you can't have a DHCP server that sets a custom WPAD address, your FQDN has to be under a top level domain where he controls the wpad domain, and there can't be any higher level wpad domain existing.

@@_mr_andersson They also need the implementation to be wrong; I believe he mentioned the spec said to recursively fetch, but not all the way to the top level domain. (perhaps I am misremembering as I saw this video a week ago)

The definition of "bug" is very loose.

​@@rwz​@rwz Once you talk about closing it you do have opportunity to explain what are you closing and how.

Sadly audio is provided by the venue. Or so I've heard. And the venue audio is usually the worst and the most rundown thing you can have. I'm a bit surprised defcon doesn't just run their own audio at the venue... could be achieved by using digital runs and one flight case worth of stuff nowadays.

Nerds type, radio dj's talk. ;)

@@zwapz this is a talk 👀

@@Algoinde that makes a lot of sense, if they streamed the event the issues would probably solve themselves with the stream implementation and would actually be worthwhile to do.

Unfortunately, A/V nerds are security nerds are rarely the same. What makes it more painful for the someone like myself who is into both is that fact that most of the A/V problems they have could be solved by the audio equivalent of a couple of Raspberry Pis and a bit of creative thinking for almost nothing in either monetary or time investment. (I speak as someone who has decades of experience with the cheapest of clients - charities and churches.)