Like everyone else i am also hoping you will get the chance to create more videos for the Google VRP, LiveOverflow! Best wishes, @wtm_offensi

Google: Sponsors a KZbin video. KZbin, a Google company: Wait, can we demonetize this?

Google is like Italy, it switches sides when you least expect it.

I can't think of anyone better than you for this job! Glad to see you getting rewarded after all these years of effort here on KZbin. Congratulations !

Other companies, pay attention. This is the right way to talk about things like this. The more open we are about bugs and problems, the more secure these companies become. I love this model.

LiveOverflow to be the official bug reporter for Google? you got my vote!

I really enjoy how you also explained his thought process and how he was able to do the legwork to find the vulnerability. I know people in the cyber world that would just say "there was an issue where it would automatically execute gradle" and then call it a day, if I;m lucky, after giving more details about the vulnerability itself. People rarely talk about the thought process required.

I am very happy that this type of sponsorship is happening ! Way to go and best of luck with next productions.

I really appreciate you pausing to remind the viewer that this work is tedious, and takes time. The problem with KZbin educational videos these days, is that unless you remind yourself of this, they can make some people very discouraged... That's because their expectation is that when they sit down to code, or research, it will look similar to the video they watched... And instead of being smooth, and almost effortless, it's the complete opposite - difficult, slow, challenging.

Great video! I would love to see more vulnerability disclosures explained like this in the channel. This also says a lot about what KZbin/Google was saying about demonetize hacking related videos. Even tho this is hacking related, it's clearly more educational than a step by step on how to damage someone by hacking their wifi or creating social engineering sites.

Awesome video! It's always cool to get the story behind a vulnerability. Would love to see more content like this!

Bro this is completely EPIC! Google sponsoring. It could get even nicer though, just imagine google asking you to talk about critical historic bug reports on android, drive, youtube, search engine. IT COULD BE AWESOME!

I really enjoyed the format of this video. I liked getting the explanation from the source as well as LiveOverview’s explanation. I would watch more like this in the future.

This title sounds like clickbait but it's actually not.

Congratulations! I've been watching your videos for some time and it warms my heart to see secure these types of partnerships and grow your channel. Well deserved! And not to mention definitely an interesting video. Kudos for keeping everyone grounded and reminding that videos don't capture everything (on purpose, of course) :)

That glorious man's hair flied away in around 19.00

19:08 magically disapprearing hair? :D Very nice video

You can really see how much work you put into this video compared to your usual videos. It's one of your best videos imo, keep it up!

This is hands down the best security vulnerability related video in general I've ever watched. Talk with a full-time bug hunter and very professionally put together. Hard to believe that this is actually an advertisement, and as I can see, it's an advertisement for Google's bug bounty program. Google is rather unusual company. They propose open-source projects, they are very open about their products, even when it comes into the vulnerability of these products, and they actually care about people's opinions. Kind of like Discord as it seems.

Well done mate! I've been following you for a while now and you totally deserve the sponsorship!! Keep up the good work mate!

Finding hacks is always the result of someone saying "What if...", playing around a bit and then getting an understanding of how things work. A potential question: Would you have invested the time and effort if Google didn't have a bug bounty program, just to learn something?

Love the new format! I think it is great for the largest developers like Google to be able to facilitate knowledge like this. It could mean that some smaller companies or freelance developers dont end up losing clients or getting into legal trouble over something that a company like Google can fix before it is used as an attack vector. Things like these need to be shared, and I am glad that you are the person sharing it with us!

you deserve it! all the sacrifice you've made for learning and working on your skills, keep up the good work!

Schönes Video! Echt cool, dass du solche Kooperationen realisieren kannst. Sehr sympathisch auch der Bounty hunter :)

This is an awesome video. Loved the real life video shots, really made the vid easily digestible

It is amazing that you show the effort this guy had to find this bug. I know people who think success is a one time try-get thing based on someone's "talents". This line of thought can lead to many disappoints in life. Your channel is amazing :)

Great video! I love the interview format.

Wow, thanks for sharing this content and the interview. It was very insightful!

Actually YES! This is the best sponsored video I have ever seen!

nice for making this video, i know that finding bug can be frustrating unless you happen to find it accidentally, but this video showed me how even more frustrating it is. thanks!

Nicely done, both of you! Congrats! And please keep reminding us how tedious work it is - I forget. Very good video!

I appreciated both efforts: describing and explaining. thumbs up.

Great video! Learned a lot from the explanation, especially the docker escape trick.

The captions helped a lot because my speakers got water damage today! Thanks :)

This is such an awesome video. Thank you!! :)

Man I love your videos even as a newb who knows nothing about programming or cybersecurity, you have a way in structuring and presenting and always make them so fascinating! :)

Beautiful idea 💡 thanks to everyone who was involved in this.

Love your content, love the knowledge, love the way you transmit it :)

I love this, please do more of these types of videos.

Hope someday we'll see LiveOverflow talking about bugs on LastPass/Dashlane/NordVPN/PIA/Audible/etc. :3

Nice video! I would love more of this type of content. Let's hope Google sponsors you more often!

Whoa, you've expanded my view on a lot of services I'm using in my professional life. I'm using docker on a daily base and I was not aware you can control the container (moreover, other containers) in such way using the docker socket file. Okay, everything isn't exactly the same with comparing GCP(Google Cloud Platform) vs OCP(Openshift Cloud Platform) but technically it seems pretty similar. Anyway, thanks for the video.

15:03 did i just see the famous merkel raute?

another great video. Great pace, great explanation.

Awesome video ! I had a question though, why would google put host's docker daemon socket in the shell container ? One possible explanation would be, because the shell needs to communicate to the thea IDE, but I'm not sure because if that's the case then why not put thea and the shell in the same container ?

Thank you Live Overflow and Google! Cool look into container technology and how the "bug" can be the result of bringing several technologies together.

If only all ads taught me this much. ps: Google, you should pay more for your bug bounty hunters...

Excellent find, love the concept of this video too.

Love this video! Great work.

Very, very interesting video. You guys are real genius. I wish I had half your talent.

Awesome video I hope one day I can find some bugs I've been working on it really hard :)

"We connect you with Hackers, just make a simple video.. blah blah" -Google Hmm.. does this mean you think i'm a Hacker, Google?!

I am really happy for live overflow geting asked by google themselves to make a regular video with a bug they had. feelsgoodman

You need to do a video on the new iOS bootrom exploit!

Really awesome, interesting and well presented video.I truly appreciate it :)

Love it

Amazing! I want more of that!

Hey there #liveoverflow!! This was an awesome awesome video, loved it thoroughly!

Great video, thanks!

Loved it. Thank you.

That’s awesome! Congrats man 😁

Now I finally know why new JetBrains IDEs asks whether you trust the build system used by a project.

I have a question unrelated to this video but I've been thinking about this so much that I should ask you about it. How much time do you spend playing piano and what model of piano is behind you in this video?

I feel smart 🤣 , you are doing a great job ❤

wow i was like "i can barley understand that" and the subtitle hint comes up. perfect!

Great job LiveOverflow just one question what software do you use to make these cool paintings and writings ?

Awesome. Keep up the great work.

That horse playing guitar, drum and [that blow horn thing] 😅

I really enjoyed this video and would love to watch more videos exactly like it.

One of your best video imo. Thank you

Very exciting. Thanks for explaining :-)

Really great video!

Your contents are on another level.

really interesting, i hope you get to do more videos like this

Which piece is that on the piano i kinda want to know

Congratulations, my friend! You are doing such a great job, I'm so glad Google recognized your work.

Cool video man keep it up!

It looked way to easy. Nice collaboration👍🏻

love how you emphasized how hard it was

I loved the video, thanks for the incredibile content :)

Wow.Michael cera really is knowledgeable in cyber security.

The beginning of Google is the ray. I've already heard about this vulnerability, but your explanations are.

woah.. I kinda lost sight of this channel for some time (shifting interests and such) and now I come back and he has 374k subscribers? When and how did that happen?! I mean congratulations I'm really happy for him but damn ^^

Nice vídeo! Good job

Cool content and research. Thanks for sharing. BTW, I hope you get paid twice because there were 2 commercials in this video also.

Kudos dude. But I mean, with your content quality, it pretty much makes sense!

A video on securing containers and escaping them would be very interesting

$5000 seems little for such awesome and very high skilled work. He could easily get a senior position at Google and get paid much more in cash plus equity.

I had found a bug on KZbin allowing you to delete likes/dislikes one by one using their api. Nothing urgent, nothing fancy, so I contacted their VRP with how to reproduce it. They told me that they couldn't reproduce it, adding that if the bug was indeed live, their systems would have detected it. Less than 2 days after their response, it was fixed and never heard from them again.

Loved it ❤️

19:08 he's having a bad hair day xD

It was probably 20-40 hours of work. But his training and experience is 100's in this area.

Awesome video!

Great video!

Implementation of a wrapper, nice stuff.

This is awesome, @Google should sponsor more videos like this :D

What an eye opener this is... Boy ou boy

You've made it! Congratulations

Only $5k for this? That is way underpay for his skill set

I find the easiest vulnerabilities to work on are client/server web apps with the logic carried out by some script on a server with the client side in Javascript. Found a few bugs in commercial products, the companies involved were happy to receive the bug reports for fixing, but no reward unfortunately (but I did receive a thank you). Only reward was from Facebook for quite a trivial privacy issue ($500 lowest tier bug bounty reward). I find live chat apps are usually the ones with flaws - best was a complete deletion of an app from a web page without admin privilege (with permission of the owners of the site it was hosted on), and a moderation bypass (done on the providers demo page). Another one is trying to insert HTML markup in a page when you shouldn't be able to (not enough user input sanitation that can lead to cross site scripting vulnerabilities), had a laugh on a Facebook game with that one (before letting the game developers know about the bug). While this is probably not legal to do, as long as you don't cause any damage and notify the providers so that the 'bug' can be fixed, I've never had anyone be upset about it - better than someone malicious coming along and causing untold havoc for anyone using whatever service has the bugs.