When you Accidentally leak 100 MILLION Medical Records

  Рет қаралды 94,451

Daniel Boctor

Daniel Boctor

Күн бұрын

Пікірлер: 469
@DanielBoctor
@DanielBoctor 2 күн бұрын
To try everything Brilliant has to offer -free- for a full 30 days, visit 👉 brilliant.org/DanielBoctor/. You'll also get 20% off an annual premium subscription! THANKS FOR WATCHING ❤ JOIN THE DISCORD! 👉 discord.gg/WYqqp7DXbm 👇 Let me know what type of content you would like to see next! 👇 Thank you for all of the support, I love all of you
@YodaWhat
@YodaWhat Күн бұрын
Does BRILLIANT teach all the technical and cognitive methods that programmers MUST USE to stop themselves from making these continual stupid programming errors? If so, then a proper course of BRILLIANT lessons should be REQUIRED as PREREQUISITES for all programmers seeking jobs, as well as those already employed. How's that for progress?
@Matelight_IT
@Matelight_IT 8 сағат бұрын
I don't recommend BRILLIANT, I bought it, but I wasted my money. Brilliant is for idiots that what to feel like their are smart, just basics of basics for every topic. You just read text for 90% of time, there is not even text to speech option. I tested my self on topics that I confident to know well, and well, I had notice that questions are often supper ambiguous, and where all answers are somewhat valid you must select only one?! And if learning platform claim that you will remember everything and don't have some sort of SRS, they just lying.
@AQDuck
@AQDuck 2 күн бұрын
"Why are you so worried about Microsoft and Google having all your personal data?" Me:
@Tannerlegasse
@Tannerlegasse 2 күн бұрын
Well you don't have anything to hide, right? What do you care? 😂 (sarcasm)
@ecMathGeek
@ecMathGeek 2 күн бұрын
Yeah, I see this and I think "And they expect us to believe Recall AI is going to be secure?"
@Tannerlegasse
@Tannerlegasse 2 күн бұрын
@@ecMathGeek yo, they started rolling out recall in beta and I immediately transitioned 100% to Linux. I do not play with Microsoft, and as little as humanly possible with Google (Android).
@amigalemming
@amigalemming 2 күн бұрын
In Germany they started an opt-out solution to putting all private health data into the cloud. They are proud that only few citizens actually opt out.
@Valerius123
@Valerius123 2 күн бұрын
Honestly, this is negligible to the real issue with them having all your personal data. They create psychology profiles on you and force feed you propaganda that aligns with their political interest in order to sway elections.
@tristonhoang3881
@tristonhoang3881 2 күн бұрын
Why on earth would a health application need to execute remote JavaScript from client to server? Most of these bugs wouldn't exist if this feature hadn't been implemented in the first place
@user-ks1oh2wx6o
@user-ks1oh2wx6o 2 күн бұрын
My question exactly. It's literally a health bot (which I presume you ask about health concerns and such), not a programming assistant.
@lucmon98
@lucmon98 2 күн бұрын
🎉 well, I got on the "path traversal" was the most complicated one, really? Exactly this Input would be caught by any proper pentesting/fuzzy program. All exploits are basic (at most) compared to the state of the art. Thus, I have to expect that they deployed a service with access to health data without any proper testing (?) Fix in production mentally 😂🎉
@volkerengels5298
@volkerengels5298 2 күн бұрын
Surprisingly humans make 'errors' now and then. Assembling a complex thing leaves lot of space over time. "American telephone is hacked...." How that?? :))
@Otherfox-be9up
@Otherfox-be9up 2 күн бұрын
ran out of money for hiriny offsecs
@jacklimestone2559
@jacklimestone2559 2 күн бұрын
As an old Medical Software developer, requests to have an ability to execute arbitrary code is pretty common unfortunately. The best we do is to prevent WHO can do that, is to limit it to sysadmins, but ya.
@weshuiz1325
@weshuiz1325 2 күн бұрын
The real question is "who trusted Microsoft with healthcare data"
@Peaches-i2i
@Peaches-i2i 2 күн бұрын
The average person who barely understands the magic box they hold in their hands.
@zehph
@zehph 2 күн бұрын
@@Peaches-i2i Well in this instance this was by more than one health provider, these cloud offerings abstract everything from the clients consuming, they might be forced by management to integrate AI in their offerings and contracted an “enterprise” solution to not have to deal with exactly this kind of bs that is not hard but tedious to setup and maintain.
@cosmotraumatika7474
@cosmotraumatika7474 2 күн бұрын
Pretty much and all HR executives in any corporation if it was offered to reduce costs.
@gschgvt2956
@gschgvt2956 2 күн бұрын
Those last 3 words were unnecessary.
@JeremyAndersonBoise
@JeremyAndersonBoise 2 күн бұрын
Amazon bought the second largest healthcare provider in the US two years ago. Doom.
@Graverman
@Graverman 2 күн бұрын
200k is not a fair price. Even if microsoft stock only fell down 5% after leaking 100 million *medical* data, this would cost them 162 billion. This is equivalent to paying someone a dollar for protecting your millions... after you mess up.
@YT7mc
@YT7mc 2 күн бұрын
such is fair market 🤷‍♂️ it all comes down to capitalism and end of the day this makes them the most money.
@itech40
@itech40 2 күн бұрын
I agree...
@nikkiofthevalley
@nikkiofthevalley 2 күн бұрын
​@@YT7mcThe problem is less capitalism and more that companies are allowed to pay to change the laws. They've slowly, insudiously, obliterated all protections for customers and the public in general.
@hydra4370
@hydra4370 2 күн бұрын
200k is not enough for a bug like this, but a guy who can do this casually, four times in a row, is probably making that a year already
@DeltaNovum
@DeltaNovum 2 күн бұрын
Class... Action... Lawsuit!
@ciscodisco9155
@ciscodisco9155 3 күн бұрын
Should have gotten way more than 200k for something this severe…
@AQDuck
@AQDuck 2 күн бұрын
Personal data is only valuable when databrokers gets their greasy hands on it.
@magfal
@magfal 2 күн бұрын
200M would be fitting given the situation.
@ciscodisco9155
@ciscodisco9155 2 күн бұрын
@ imagine the damages if those records got out, would be in the tens of billions easily
@coletcyre
@coletcyre 2 күн бұрын
Goes to show much value they assign to people's privacy compared to how much they make selling our data
@ciscodisco9155
@ciscodisco9155 2 күн бұрын
@@coletcyre puts the $ in M$
@H33t3Speaks
@H33t3Speaks 2 күн бұрын
Wow, giving user interactive chat robots Root Privileges hasn't worked out well. Who would have thought. Please, let us hold hands in stunned silence.
@RickySupriyadi
@RickySupriyadi 2 күн бұрын
is this azure even Linux?
@DaveEeEeE-hu7gu
@DaveEeEeE-hu7gu 2 күн бұрын
@@RickySupriyadiit’s a hypervisor dude, can run anything
@RickySupriyadi
@RickySupriyadi 2 күн бұрын
@@DaveEeEeE-hu7gu ok thanks
@BoringLoginName
@BoringLoginName 2 күн бұрын
I'm out of stunned silence. Can I use bewildering contempt instead?
@thatnerdyuncle
@thatnerdyuncle 18 сағат бұрын
@@BoringLoginNameI’ve been practicing my shocked look just so I could use it when needed…😱. How’d I do?
@mikeyangyang8816
@mikeyangyang8816 2 күн бұрын
Microsoft CEO even announced last week that they would replace the entire azure product line with only ai "agents" where the bots would be able to create, update and delete all data on your services on azure...
@HideBuz
@HideBuz 2 күн бұрын
Nuclear ROLF!
@lilshippo2799
@lilshippo2799 Күн бұрын
what could go wrong? :3
@TheGunnarRoxen
@TheGunnarRoxen Күн бұрын
AAAAAAAAAAAAAHHHHHH! Screaming ensues.
@ali32bit42
@ali32bit42 Күн бұрын
imagine a car company doing this, " hello customers ! here at lamborgini, we have decided that steering wheels and cup holders and speedometers and breaks are out dated. so in a brave and innovative move all our future cars including the one you already own will be converted to have no steering wheels . to steer your car simply convince our automatic driving assistance to steer for you at every turn. our agent will swiftly connect to our web server to compute your steering amount for you ! "
@enermaxstephens1051
@enermaxstephens1051 Күн бұрын
Anyone else notice that bug bounties often have a habit of not paying? You'll find the bug and they'll say "Oh we already knew about that" then patch it and act like its no big deal.
@matt_milack
@matt_milack 2 күн бұрын
tHErE wiLL Be nO SuCH thINg aS teCH joBS BY 2030!!!
@andybaldman
@andybaldman 2 күн бұрын
There will be no people left by 2030
@coladict
@coladict Күн бұрын
Oh, once they start using AI-generated code it will get a lot worse. A lot, a lot worse. Security? Never heard of it!
@Silarus
@Silarus Күн бұрын
@@coladict Wait until AI security is armed with weapons :p
@Zera-l6x
@Zera-l6x 6 сағат бұрын
​@@Silarus your AI doorbell gonna be fiddling with whether to let the 8ft tall guy with squirrel mask pass your front door or not at 4am
@logananderon9693
@logananderon9693 3 күн бұрын
Leave it to Microsoft to do something so stupid it boggles the mind.
@Ilovecruise
@Ilovecruise 3 күн бұрын
Heck we have a saying in our team, as long as it’s data being managed by vendor, it’s not our responsibility. (Password managed in self hosted open source key manager with compliant encryption and security - not OK, password stored in OneNote in plaintext - not so good but OK)
@battokizu
@battokizu 3 күн бұрын
Well, (chuckles to self), your using microsoft products so of course its unsafe! This includes the entirety of the medical industry so idk. Were all doomed.
@nomore6167
@nomore6167 21 сағат бұрын
@@battokizu "Well, (chuckles to self), your using microsoft products so of course its unsafe!" - It's not like the alternatives are safe. They MAY not be as bad as Microsoft, but that "may" is doing a LOT of heavy lifting.
@lopiklop
@lopiklop 2 күн бұрын
I think a better question is why does Microsoft AI have access to private medical records.
@BlackMatt2k
@BlackMatt2k Күн бұрын
Medical institutions use 3rd-party developers for their apps, and hire vendors to upload or stream data to cloud services for them to load. There are more rules and paperwork than you can imagine to keep things compartmentalized and "safe", theoretically, but current dev culture attitudes and perverse corporate incentives undermine it daily. My anxiety level has dropped substantially since leaving that industry, cuz you either fight your conscience or fight literally everyone on the call over obvious stuff like this, every day.
@Silarus
@Silarus Күн бұрын
So they can sift all the data to sell the info to big pharma to better keep people sick so they can make more sales :P
@nomore6167
@nomore6167 21 сағат бұрын
@@BlackMatt2k "There are more rules and paperwork than you can imagine to keep things compartmentalized and 'safe'..." - The problem is that many of those rules don't apply to third-party vendors/data processors. And also, of course, that fines for violating rules are a drop in the bucket compared to the profit made by violating those rules.
@golvistavarez9946
@golvistavarez9946 2 күн бұрын
Probably was due to AI code being used for the backend! People don’t understand how many security vulnerabilities are to come out from all the AI code being written!
@daveb3910
@daveb3910 2 күн бұрын
Yup! I work in the HIPPA field and it's surprising how many people want to use AI code, luckily in my business we can't, so it's easy for me to say no, as i can't validate a black box, which step by step validation is required for our data since it directs health decisions, but other fields can and it will continue to produce large vulnerabilities. It's honestly scary
@slomnim
@slomnim 2 күн бұрын
And yet google openly says something like 60%+ of its code now is ai generated...
@RoryEckel
@RoryEckel 2 күн бұрын
AI code is fine but it needs an experienced reviewer
@MaakaSakuranbo
@MaakaSakuranbo 2 күн бұрын
@@daveb3910 wdym, validate a blackbox. AI code means code you generated via AI, not using AI to write code live? The generated code isn't a black box
@JasonAtlas
@JasonAtlas 2 күн бұрын
Its just so much faster to do my own coding then try and catch all of the insane things and ai code might do. Like 95% of the time it's fine 4% it's broken and the last 1% it's doing something genuinely insane. I know what mistakes I tend to make and where to look for them. I've spent a long time learning good practise. The ai has every mistake in recorded history at it's finger tips and usually it's the stuff reviewed enough to not immediately be obvious. Ai coding is a big gamble.
@LeetHaxington
@LeetHaxington 2 күн бұрын
I’m surprised the microsoft patch wasnt to just ban his ip and then have bugfixes to add his new ip every time
@aaroncarney7733
@aaroncarney7733 2 күн бұрын
Why the hell was it connected to the medical data in the first place?
@pseudomemes5267
@pseudomemes5267 2 күн бұрын
Selling "insights" about people to ad networks. It's not just knowing what people like anymore. It's knowing all medical conditions to better target them.
@lopiklop
@lopiklop 2 күн бұрын
Thank YOU! Yes. Hello. These are private medical records.
@lopiklop
@lopiklop 2 күн бұрын
@@pseudomemes5267 You say that as if they have the right.
@lopiklop
@lopiklop 2 күн бұрын
@@pseudomemes5267 At which point during my doctor visit did I agree to such a thing? How does it go from a doctor visit to building artificial intelligence? So they're benefiting from my interaction. How much value does MY MEDICAL RECORDS generate for THEIR product?
@ARockRaider
@ARockRaider 2 күн бұрын
​​@@lopiklop it's probably included as part of the Windows EULA, something like "if you have ever used windows for any reason we have the right to gather and sell any information about you" this is obviously a joke, but also not out of the scope of what mega corps think they can get away with through their EULAs (remember that Disney tried to say the EULA for a free trial of their streaming service ment they couldn't be sued for a lethal allergic reaction at one of their parks)
@PanchoPU88
@PanchoPU88 3 күн бұрын
"AI WiLl RePlAcE SoFtWaRe EnGiNeErS!"
@paca3107
@paca3107 2 күн бұрын
the biggest lie of the recent years
@_Billy
@_Billy 2 күн бұрын
YoU aRe veRy ShOrt siGhtEd
@nateh379
@nateh379 2 күн бұрын
At the same time, Alexnet was just 2012. And ChatGPT was just 2022. Imagine what another 10 years will do.
@PanchoPU88
@PanchoPU88 2 күн бұрын
@@nateh379 I'm sorry man but anyone that says that either can't code for sh1t or doesn't realize that if human ingenuity is replaced by AI then all engineers can be replaced by AI, not just the software ones...
@hello19286
@hello19286 2 күн бұрын
​@@nateh379 That's all that you can do, imagine. Extrapolating technological breakthroughs doesn't make sense, they don't follow some linear or exponential timeline, they are breakthroughs.
@arkorat3239
@arkorat3239 2 күн бұрын
as if i wasnt already worried by the whole "copilot takes screenshots of your computer"
@YodaWhat
@YodaWhat Күн бұрын
Say more on this. And WHICH versions and variants of Copilot? Only the web versions? If so, in which browser(s) does these TOTAL BS exploits occur? Does it also affect the Copilot running inside Skype?
@arkorat3239
@arkorat3239 Күн бұрын
​@@YodaWhat Been a while ago, but i think its just ordinary copilot. the same that comes with windows 11. Its not really an exploit, its how microsoft desinged it. And it sparked quite the contreversy when word got out, a few years ago.
@YodaWhat
@YodaWhat Күн бұрын
@@arkorat3239 - Ah, thanks. I don't use Windows 11 or any of that extra crap even in Windows 10. First thing I do with a new Windows machine is turn that $hit off as much as possible.
@Silarus
@Silarus Күн бұрын
@@YodaWhat Microsoft Recall will take a screenshot of your Windows 11 pc every 5 seconds and log every keystroke you make. ITS ALL FOR YOUR BENEFIT SO JUST IGNORE IT. - Bill Gates
@rory_o
@rory_o 2 күн бұрын
AI and nodejs. Name a more iconic duo of security terribleness.
@Richard-gs6oq
@Richard-gs6oq 2 күн бұрын
Sound like a HIPPA violation!
@your_new_sjw_waifu
@your_new_sjw_waifu 2 күн бұрын
Nah doesn't apply if you have enough money
@nekonikku
@nekonikku 2 күн бұрын
Don’t be a hippo, it’s HIPAA.
@yoyoma2831
@yoyoma2831 Күн бұрын
What i was thinking too
@CryptidBuddy
@CryptidBuddy Күн бұрын
They have plenty ways around that even if they do actually hold the information. Microsoft isn’t a healthcare provider so they can do what they want.
@Some1_Some1_Some1_Some1
@Some1_Some1_Some1_Some1 2 күн бұрын
Running arbitrary code on a machine with sensitive data sounds like a recipe for disaster, even when sandboxed... They should definitely give the "running javascript" bit to some other server that only does this. That server can then be isolated from the rest, making any breach somewhat useless.
@snudget
@snudget 3 күн бұрын
It seems like QA and security is irrelevant today. The only thing that matters is getting out a semi-broken thing as fast as possible
@HamidKarzai
@HamidKarzai 3 күн бұрын
if you take the time to do that stuff right then minimum viable product move-fast-and-break-stuff crowd will eat your lunch with their rapid results and problems that don't show up until later down the line. And since you've now sold a product that constantly breaks you can now as a bonus get even more money out of expensive maintenance/support contracts! how's that for a win-win! disruptive capitalist innovation at its finest
@TheGreatNoticing00
@TheGreatNoticing00 3 күн бұрын
MS developers are generally a different flavour today. Same goes for Google. I'd expect less and less from them going forward, as they continue to hire based on "appearance" rather than talent. Maybe I'm a bit salty, but it's true nonetheless.
@happygofishing
@happygofishing 3 күн бұрын
@@TheGreatNoticing00 They are too busy "doing the needful"
@vaakdemandante8772
@vaakdemandante8772 2 күн бұрын
In a way it has always been like that in the business. In the old days of software, there wasn't so much competition on the market, so you could've focused a bit more on quality, but every established market with competition sooner or later reaches a stage, where you can't spend too much money on perfection and need to earn income ASAP. Software has reached this milestone about a decade or two ago.
@entropycat
@entropycat 2 күн бұрын
Microsoft removed all QA teams years ago.
@aajas
@aajas 2 күн бұрын
One of the great things about being American: I ain't been to a doctor in decades, you got nothin on me
@jaysonrees738
@jaysonrees738 2 күн бұрын
Honestly, I wouldn't go that often even if it was free. All they do is try to push pills on me and do a crappy job of finding potential problems. The best medicine is not eating trash, getting some exercise, and enjoying time with friends. That stuff doesn't net piles of money though, so they never bring it up.
@laulaja-7186
@laulaja-7186 Күн бұрын
Couldn’t afford to visit a doctor, same as the rest of us? That can only last so long…
@stevesteve8098
@stevesteve8098 2 күн бұрын
Simple , it's Microsoft.... they write their programs to just do things... security, safety and non-crashing come later... I went to a MS conference once with their programming team... where they outlined their programming development and internal "mantra" when i left I was completly shocked at how lax they were... They basically write software with as few checks and balances as possible, it just matches the spec & that is it.. when they have to modify the systems for other uses.. they just make changes & fix what visibly breaks
@YodaWhat
@YodaWhat Күн бұрын
Are you suggesting that is any different from how ALL big companies write the CRAP they pass off as software?
@CryptidBuddy
@CryptidBuddy Күн бұрын
The Todd Howard mantra I’m guessing
@V3racious3
@V3racious3 2 күн бұрын
I can't wait to cash my $2.49 check after the lawyers suck all the value out of the class action data breach lawsuit.
@yura34054
@yura34054 2 күн бұрын
"Little Bobby Tables we call him"
@Fasteroid
@Fasteroid 2 күн бұрын
My name is "help im stuck in a drivers license factory"
@howardstern9764
@howardstern9764 2 күн бұрын
These Lawsuits need to be far more punitive, there needs to be drastic consequences for exposing and harming so many people!
@Silarus
@Silarus Күн бұрын
Microsoft is more valuable and important than any human.
@SeRoShadow
@SeRoShadow 2 күн бұрын
4:50 - using query code that is not read-only / execute is a security issue
@test-rj2vl
@test-rj2vl 2 күн бұрын
Personally I would never ask AI for any serious health issues, even if they were 100% private and 100% secure because if AI happens to hallucinate then I can easily end up on 10x worse situation than I started with. If there is something I don't know how to deal with I would rather go to doctor and get some real advice than for example trying to heal flu by standing uv light and drinking mercury.
@Winnetou17
@Winnetou17 Күн бұрын
Yup! At least, after the doctor recommends you to stand in UV light and drink mercury, there's a tiiiiny chance it will do some jail. While on the other case, people will just say you didn't put the correct prompt.
@bunnywar
@bunnywar 18 сағат бұрын
It doesn't hallucinate, it's a product not a sentient being. It just uses stolen data based on statistics regardless of accuracy
@amigalemming
@amigalemming 2 күн бұрын
In Germany the Bug Hunter would have been sent to jail because of the Hackerparagraph and the bugs would persist.
@autohmae
@autohmae 6 сағат бұрын
Microsoft has a bug bounty program, my guess is that should keep you safe from that, but I'm not up to date on these specific laws in Germany
@amigalemming
@amigalemming 2 сағат бұрын
@@autohmae No, there is currently a case with the keyword "Modern Solution". A contractor was paid for finding security issues and found unprotected unrelated data. He is officially accused for breaking the law.
@autohmae
@autohmae 2 сағат бұрын
@@amigalemming I guess if the same could happen, Microsoft would need to report the security researcher to the police. Anyway, crazy stuff.
@privateness.network
@privateness.network 2 күн бұрын
"Can't fix stupid" theory confirmed
@cassusgames
@cassusgames 2 күн бұрын
Imagine if a certain legend asked for help removing a specific cylinder…
@commander3494
@commander3494 2 күн бұрын
Amazing reference
@jacobeii
@jacobeii 2 күн бұрын
seems rather imperative that it remains unharmed.
@bitmau5
@bitmau5 2 күн бұрын
So, it's basically like hunting for open folders, in 1997, to dump MP3's on unsecured FTP servers in order to share music. Gotcha.
@QXY01
@QXY01 2 күн бұрын
All doctors that dared to upload personal info were compelled. Who is going to pay for this? I would say all corporations and doctors must pay.
@VelociraptorX
@VelociraptorX 2 күн бұрын
That's why I don't use gadets to monitor my health, our data is incredibly valuable.
@WiseWeeabo
@WiseWeeabo 2 күн бұрын
Whoever worked on this must be borderline non-functional. Was this whole project just 1 dude? How did not a single person on the team call out this insanity? Insane.
@aar0n709
@aar0n709 Күн бұрын
It was made by AI. That’s the thing with AI you can’t sue it or fire it so it just gets away with it.
@laulaja-7186
@laulaja-7186 Күн бұрын
The omniscient AI has certified that the code was secure. Oops that was a hallucination. Okay delete/ fire that AI and try uploading a new one… which is almost identical, and trained on the same data set. It’s just good business.
@mr.rabbit5642
@mr.rabbit5642 Күн бұрын
Oh wait, hold on, Microsoft doesn't know what the fuck they're doing? With AI?? Noo that can't be right. Again?!?
@JeremyAndersonBoise
@JeremyAndersonBoise 2 күн бұрын
People: Why don’t you trust AI tools? Me:
@jsonstea
@jsonstea 2 күн бұрын
while the services of M$ have been becoming broader and more sophisticated, the quality really keeps going down the toilet.
@AK-vx4dy
@AK-vx4dy 2 күн бұрын
But this story is not about AI anyway.... AI bot not leak anything, stupid platform architecture and stuipd developers (who maybe were expert in AI but not not in other areas)
@matt_milack
@matt_milack 2 күн бұрын
Imagine how dumb AI is if leading AI expert developers, engineers and architects are this dumb.
@Winnetou17
@Winnetou17 Күн бұрын
Yeah, good point! While I'm sure AI will introduce same-level-of-terrible bugs and vulnerabilities, on these 4 in particular it was just bad developers.
@GauteAnimationNorway
@GauteAnimationNorway 2 күн бұрын
This makes me just think about co-pilot. Microsoft is getting greedy with their data stealing.
@PunishedFelix
@PunishedFelix 2 күн бұрын
Wow I can't find a job but these clowns can
@michaelweaver4439
@michaelweaver4439 2 күн бұрын
These are super basic level mistakes, that would never pass a security audit. I am more concerned about the info sec standards of the healthcare organisation that they worked with.
@watsonwrote
@watsonwrote Күн бұрын
Healthcare orgs in the US are somewhat notorious for bad info sec, at least compared to the seriousness of the data they own. There have been many instances of them being victims of ransomware attacks and actually needing to pay the ransoms because they had no way to recover the data. IT is often put on the back burner as they don't seem themselves as IT organizations but as communities of health care providers and patients, a brick-and-mortar entity primarily of people interacting with people, which is fair but the technology is moved down the budget hierarchy in ways often disproportionate to its importance in sustaining the organization. At least that was my observation.
@CryptidBuddy
@CryptidBuddy Күн бұрын
I read that something ridiculous like 50% of medical records in existence have already been leaked
@Jeza921
@Jeza921 2 күн бұрын
Data breaches are often the result of errors in system management or configuration, not “automated” AI. More importantly, the responsibility lies with the humans who design, deploy, and monitor the system, not the AI ​​itself.
@Silarus
@Silarus Күн бұрын
No one has to worry about responsibility or consequences anymore. Broken politicians and legal system.
@resekai
@resekai 2 күн бұрын
Total Recall and CopePilot+
@Huey-ec1
@Huey-ec1 2 күн бұрын
What medical records? Most of us can't afford healthcare to begin with.
@DetectiveRackham
@DetectiveRackham 2 күн бұрын
Your birth certificate did not write itself.
@classico42
@classico42 2 күн бұрын
In case you forget, Microsoft will help you Recall this instantly!
@KAZVorpal
@KAZVorpal 3 күн бұрын
Apostrophe fail.
@Zuranthus
@Zuranthus 2 күн бұрын
god these companies are stupid. they want AI to be a thing so bad that consequences be damned
@johnmarianhoffman
@johnmarianhoffman 2 күн бұрын
This is criminally negligent. We, the people, need to hold companies and CEOs (corporations aren't people, but people run corporations) for software negligence. This data literally represents peoples lives, not bargaining chips for business deals.
@johnmarianhoffman
@johnmarianhoffman 2 күн бұрын
Its obvious our government doesn't understand enough to hold them properly responsible
@Amipotsophspond
@Amipotsophspond 2 күн бұрын
hackers are such nice people, that hacker could have made everyone's medical records say they tested positive for aids. it's wonderful we have bug bounties and they are paid, hard work was do to earn that small sum of money and the whole world benefits.
@Itsgone99
@Itsgone99 2 күн бұрын
not at all a huge potential conflict of interest down the line if not already...
@crusher9z9
@crusher9z9 2 күн бұрын
they should've added "tested positive for nothing" to all records
@What_do_I_Think
@What_do_I_Think Күн бұрын
Isn't that also the corporation, which "promises" that making photocopies of your screen all the time does not break privacy?
@thiswillprobhrt
@thiswillprobhrt 2 күн бұрын
Can’t help but think the term “updationing” was part of conversations during development of this.
@UNcommonSenseAUS
@UNcommonSenseAUS 2 күн бұрын
Its not an accident. Wake up fools
@boines
@boines 2 күн бұрын
that wild bc most basic thing for sql is to prevent the moving of going back .. as well as doing a ls of a dir row colm etc. failed huge.
@dreamhollow
@dreamhollow 2 күн бұрын
Microsoft try not to humiliate your entire company with terrible design challenge.
@knarfxd4071
@knarfxd4071 2 күн бұрын
I know little about software engineering n this kind of crap, but god I love your vids explaining it so clearly. Keep up the amazing work m8!
@DanielBoctor
@DanielBoctor 2 күн бұрын
much appreciated, will do
@robyee3325
@robyee3325 2 күн бұрын
Well explained!
@DanielBoctor
@DanielBoctor 2 күн бұрын
Thanks for watching!
@aldproductions2301
@aldproductions2301 2 күн бұрын
Why is the back-end in JS instead of a strongly typed language which would reject input and help require data be properly sanitized? Why is the database input not properly sanitized?
@SBTRIS
@SBTRIS 2 күн бұрын
My take away from this is that nodejs is not secure by default, and needs some careful design and hardening to make it production grade. Compounded with dynamic and super flexible JIT nature of node, it sounds like a nightmare.
@SayfSentinel
@SayfSentinel 19 сағат бұрын
can someone explain exploit 2, specifically the part where the bug hunter modify the underscore module "_.indexOf()", how did he modify it on the azure instance ?
@yoyoma2831
@yoyoma2831 2 күн бұрын
Very interesting. Underrated channel, you earned a new sub!
@talli-studios
@talli-studios 2 күн бұрын
How was the underscore module modified remotely??
@RicoTrevisan
@RicoTrevisan 2 күн бұрын
Brilliant video, thanks!
@mattp7437
@mattp7437 2 күн бұрын
Welcome back!
@DanielBoctor
@DanielBoctor 2 күн бұрын
@iGame3D
@iGame3D 2 күн бұрын
Where do we sign up for the class action suit?
@conceptrat
@conceptrat 2 күн бұрын
@5:55 I think you've either misinterpreted how the query injection works or the exploit you copied from wasn't documented correctly. Unless MS has made a mistake with implementation of building a quert. If this is even actually a reality. I feel like it's not. But first the query needs to be completed by providing an escaped ' and ) and then you can initiate the other escaping to insert the transversal and allow the query to be completed again.
@oportbis
@oportbis 2 күн бұрын
Please make more videos, I'm getting addicted to your explanations
@howardfairbanks8337
@howardfairbanks8337 3 күн бұрын
Excellent video, editing, sound design. You deserve more views (:
@DanielBoctor
@DanielBoctor 2 күн бұрын
glad you liked it!
@michaelh42
@michaelh42 Күн бұрын
Why doesn't NodeJS remove the SlowBuffer class from the Buffer module? It's been deprecated for 8 years and there has been 17 major versions since then. I don't get it.
@qzwxecrv0192837465
@qzwxecrv0192837465 2 күн бұрын
So once again, the super smart programmers of Microsoft allowed direct access to data, rather than buffering it, ensuring encrypted connection between intermediate server & data, as well as not keeping the AI software isolated from important data. Also, adding directory capabilities within a URL, rather than having the server or data server do the searching has been a known exploit/issue for decades. You never allow directory level execution or maneuvering at the URL level AND we have become so dependent on showing URL data, that this type of thing will happen due to sloppiness. as the old adage goes: it isn't the new guy that gets hurt (makes serious errors), it is the experienced person because he becomes so confident in his experience
@aar0n709
@aar0n709 Күн бұрын
It was AI don’t blame the SWEs at MS for this
@issamelarmi
@issamelarmi 2 күн бұрын
Somehow all these big tech companies don't pentest their products... Good for bughunters and black hats
@noThankyou-g5c
@noThankyou-g5c 2 күн бұрын
since ur name is Boctor i thought this would be a medical channel first most that was just covering tech news 😅
@mikaellavoie6811
@mikaellavoie6811 2 күн бұрын
Nothing surprising. Microsoft moto have always been accesibility > security. They want their stuff to work whether it is secure and optimized or not. Another case of shareholder capitalism at work for sure.
@danny12-j9r
@danny12-j9r 6 сағат бұрын
Remember, when you adopt a package/technology, you adopt all it's flaws.
@kygagaming
@kygagaming 2 күн бұрын
Omg the vids are back!!!
@T404-i9w
@T404-i9w 2 күн бұрын
Why haven't I heard about this? No other videos relating to this topic
@lennyface6828
@lennyface6828 2 күн бұрын
This is why I don't use ANY Microsoft products anymore. Including Windows.
@jammyg1779
@jammyg1779 Күн бұрын
what operating system do you use
@watsonwrote
@watsonwrote Күн бұрын
The options are Linux and MacOS. Unless they're on mobile; then the options are Android and iOS. Custom OSs for hardware like Nintendo Switch, Smart TVs, PS5, Kindle, etc. are modified versions/descendants of Linux and/or Android.
@jammyg1779
@jammyg1779 Күн бұрын
@@watsonwrote Haiku OS? Temple OS? You've missed out two of the biggest players
@ContagiousRepublic
@ContagiousRepublic Күн бұрын
If a company with bad intent and a history of monetizing directly or using for AI training purposes data it doesn't own the rights to do that with? "My AI leaked it" and "this third world company used the leak data and provided us with this trained AI and or customer contact and needs data it said was legit and we used it for monopoly purposes". Well played M$!!
@ChampionMobile
@ChampionMobile Күн бұрын
Nothing can go wrong, go wrong, go wrong
@a2bros186
@a2bros186 2 күн бұрын
0:57 what's the background music?
@janeviem7141
@janeviem7141 2 күн бұрын
It sounds to me like Firecracker from LEMMiNO, but I'm not sure. Also, the music used in the video is in the video description
@ImperialRoads
@ImperialRoads 2 күн бұрын
No way the legend is uploading again!!!
@ultimatums1
@ultimatums1 2 күн бұрын
no way people make some unrelated remark about the video.
@DanielBoctor
@DanielBoctor 2 күн бұрын
we back
@primgrb
@primgrb 2 күн бұрын
Node js is a menace, dude
@skyrimax
@skyrimax 2 күн бұрын
Been saying it for years, JavaScript on the server was web development's original sin
@jbird4478
@jbird4478 2 күн бұрын
​@@skyrimax JavaScript was the original sin. Running it on servers was when we said screw it and let the devil take over.
@HarunFarah
@HarunFarah 21 сағат бұрын
video qulaity and explanations are amazing ,
@any1alive
@any1alive 2 күн бұрын
sooo, they wernt sanitisign inputs? still watchign,.t hats A ENTRY LEVEL SECIURITY ISSUE and bug
@tylerkauffman589
@tylerkauffman589 5 сағат бұрын
Internet Computer: solves this problem permanently
@HardbassTV.
@HardbassTV. 2 күн бұрын
Microsoft does dumb shit
@irvingchies1626
@irvingchies1626 2 күн бұрын
The First exploit was already quite easy, it's like going to a final test about history, putting "it al begun in 1942... ... And that's how Nazi Germany fell" and getting an A+
@atxhooligan
@atxhooligan 3 күн бұрын
This must be why my organization sprang new AI rules on us recently regarding using AI with any sensitive medical or org info.
@Nah_Bohdi
@Nah_Bohdi 2 күн бұрын
I wish all of my data was in paper files in my closet, even passwords, because its always getting "found online". Meanwhile Im unable to access websites because I forget my password or questions, hackers have more access than I do...
@alexturnbackthearmy1907
@alexturnbackthearmy1907 Күн бұрын
Hackers? Try said websites not accepting right password just because, had to change a couple over absolutely nothing (the password and name were actually correct, it just refused to accept them).
@Huey-ec1
@Huey-ec1 2 күн бұрын
AI is imprecise. It's not a bad tool for thinking through ideas, but using it to write code is rarely reliable and using it for healthcare should be illegal. Not that we have humane healthcare anyways, so I guess it makes sense they wouldn't care about ethics.
@brentsaner
@brentsaner 2 күн бұрын
That is...certainly a way to pronounce "JavaScript" that I haven't heard before.
@harpyjaeagle
@harpyjaeagle Күн бұрын
Reminder that Microsoft is forcing you to have an AI that records your screen and describes what you're doing.
@mwdiers
@mwdiers Күн бұрын
This is straight up malfeasance. It is not caused by AI, but is a straight up injection attack using APIs that are not engineered, by design, to sanitize inputs and enforce data permissions regardless of how the LLM calls the agent tool. It's like everything they learned about securing data APIs went out the window as soon as they put the API behind a chatbot.
@sown-laughter4351
@sown-laughter4351 2 күн бұрын
sounds like they are doing commands that microsoft does automated meaning microsoft is probably already selling that data
@hannonsb
@hannonsb Күн бұрын
Seems very similar to a modern version of SQL injection
@pointfrogg
@pointfrogg 21 сағат бұрын
This sh*t has just been driving my anxiety through the mfing ROOF.
@dangamez1230
@dangamez1230 Күн бұрын
Personal information needs to be away from any automation. I am not surprised ai messed up.
@klwd5288
@klwd5288 Күн бұрын
Brilliant won't teach you that stuff but get your bag bro
@_varianta007
@_varianta007 2 күн бұрын
If only Microsoft would not always hurry tihings in their try to be the first maybe they would not have so shitty products.
PirateSoftware is right, this needs to stop
15:14
Theo - t3․gg
Рет қаралды 438 М.
IL'HAN - Qalqam | Official Music Video
03:17
Ilhan Ihsanov
Рет қаралды 700 М.
小丑教训坏蛋 #小丑 #天使 #shorts
00:49
好人小丑
Рет қаралды 54 МЛН
This is $87 ??!! TexHoo N100 based MiniPC
20:46
Technically Unsure
Рет қаралды 96
Is a truly secret santa possible?
31:49
Stand-up Maths
Рет қаралды 123 М.
What Happened to the World's Largest Tube TV?
35:46
Shank Mods
Рет қаралды 997 М.
SpaceX's shows new Starship Heat Tiles! And they're red!
19:56
What about it!?
Рет қаралды 32 М.
How to Make a Real Diamond - (Not Clickbait)
8:51
JerryRigEverything
Рет қаралды 2,5 МЛН
i dove down the 7zip rabbit hole (extremely deep)
12:50
Low Level
Рет қаралды 418 М.
The Activision Leaks Came True, Key Creatives Are Quitting
21:52
Bellular News
Рет қаралды 273 М.
MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??
15:20
Daniel Boctor
Рет қаралды 207 М.
Seagate reinvented the hard drive!
9:18
The Friday Checkout
Рет қаралды 343 М.