I move the world with infinite abilities power and eternal force. I earn a big sum and make money endlessly.

無限の能力で世界を動かす。無限に巨額を稼ぐ。

Should spell '=' instead of 'IS' in "select passwd..." sql. 'IS' is used for testing for null values.

Time: 09:54

I increase cyber money endlessly and should be able to put. Because I wrote on the Internet in all over the whole world, and entered and printed, and spread and opened and expanded extended expansion. I can do in freedom in the whole world.

俺ならサイバーマネーを無限に増やしておける筈だ。インターネッ­ト上に全世界中に書き込み入れ印刷し広げ広がり拡大拡張拡充して­来たのだから。全世界中自由自在に出来る。

thank you x x

Facebook Password Hack /watch?v=xnUquVTh_4Y

@vigra83 dude its removed :( did you watch it can u tell me what it said? :/

Great, Thanks for exposing the insecurity in the seemingly secure internet.

@t3hhumsnsovermoney hamsters eat well too

@longfootbuddy you mean hamsters are the ones eating all the wells i bought online?... now i know who to send the coupons to

I can guarentee that more harm came out of this video than safety. He told every listener and viewer loud and clear how to do these criminal activities & chances are people are going to do the negative rather than setting up security measures.

GG.

boring

Long live Russian Criminals and Russian Business Network ! thats what you get for fucking up soviet economy, boris jewsky yeltstin.

hEiSaGrEaTpRoGrAmMeR!

tl;dw

why 25 thumbs down? this contribution is enlightening.

pleas mail me there in YouTube,,not yahoo!!

one easy way to steal money is with stolen credit cards.

ev0000000ee

selling SKIMMED and jacked cards, not generated crap. no minimal order and still price only 1$ a piece in normal orders! i have tons of cards...

EV0000000EE [at] G M A IL[dot] COM

I use all of these security advices. Result is: I have not had ONE SINGLE SQL-injection attemt for THREE YEARS.

Hackers learn very quickly, and they pass along information to one another about what web site is vulnerable. So does evil bots.

I cannot strongly enough encourage to use BOTH whitelisting AND parameter binding. This will take ANY SQL-injection attempt, no exeption.

And it is also good for user friendlyness, that everything on your web site is under full control.

This really helped me understand csrf, so thank you. For preventing csrf, could you (Using the banking example), require a CAPCHA for each transaction?

So fucking long....!

See those guys with the laptops? They are just there to learn how to steal money off of websites. And they are doing it right there.

Sherpa Derp this guy makes it sound all bad lol.

So ALL ADS ON THE NET ARE EVIL?!?

Now a video of how they can suck my fucking dick.

This guy reminds me of Zaboo...

yea whatever the larrymccowen guy said. ;)

I'm work yngeny network solution for satalite installation wireless network, and email solution for busines shost server shell account is not bad becuase RUSSIAN BUSINESS NETWORK this lecture is bullshit

who the fuck is this guy?

Whah? d#_#b

@tricksFor i highly doubt that as why would you broadcast it ... ٩(̾●̮̮̃̾•̃̾)۶

I always wonder if Bill gates had ever fathomed such crimes taking place before windows became a major commodity. 

this is way to fuckin ling

Where can I find the Bobby Tables comic online? I thought that was pretty hilarious

May all cyber criminals be caught and punished with certainty to serve as deterrents. Penalties should be so severe that no one would ever be tempted by the possibilty of any gains.

bought dumps few times and later gsm skimmer. verified sellers well known on russian underground visit their site atm-skimmer (dot) ucoz(.)net

i'll leave comments anytime i want :)

This guy used to work for Google

I hope to god that he actually knows and understands more than he talks about here because this is just a load of shit. He doesn't even explain the real uses of XRSF properly. Such as using XSS javascript to totally emulate user function onto another website.

i guess this is youtube's longest vid.. 55 minutes WTF

google tech talks....  they are all that length....

no its not faggot

Hmm, intresting vidieo. Thanks for uploading.

22 minutes in and I'm sorry, but this is not a very good talk.

If you know a uservalue inserted into a query should contain an integer, convert it to an integer. No regex needed. Then he talks about converting a single quote to a double quote, when really it's 2 single quotes.

Now he's talking about doing everything in mod_security. This only works for in-house apps. If you distribute the app you won't know how the server's configured so you'll have to do security inside the app.

This talk is misnamed. It should have been titled something like "Basic web vulnerabilities - SQL injection, XSRF, XSS, etc." Same ol' same ol'.

I was expecting something about electronic money laundering and was therefore disappointed.

@saizai same here bro..

o_O now i hate my credit cards even more

HOLY CRAP 55:Minutes! to upload wow i dont want to know how long? 10 minutes is my life! wow this might take a year for me to upload!

They are Google, they have the world's fastest computers...

@VFEntertainment123 wtf they dont have the worlds fastest servers

Google RUNS the internet, they DO have the world's fastest servers. The YouTube limit is 10 minutes, this is one hour...That's because they have CONTROL, they OWN YouTube. And if they can upload an hour the same time it takes a 10 minute clip to upload, than they have the fastest servers.

@VFEntertainment123 Dumbass Youtube IS Google. this user is a partner of youtube such as Niga Higa all partners can upload videos that run longer then 10 mins.

@VFEntertainment123

NEVER LEAVE A COMMENT EVER AGAIN.. YOU LOST YOUR RIGHTS AFTER LEAVING A COMMENT THAT STUPID

that guy is talking too f ast

Do I know that nerd?

i wouldent do this for anything in the world stealing all together is wrong i work my ass off to pay for anything and everything i have

i guess they had a good turn out... all the chairs all filled with lots of people :)

haha yeah its so jam packed :)

You Rock! The Awesome Mayor of awesometown, that's who you are. We would like to make you a website, to show our love.

As long as you have DBMS, XSS will be possible

Any type of portable code (for commercial use) will always be hacked.

----Moral of the story----- make your on scripts and Algorithmic Daemons

very bad

thnkz larry for the main points, saved me about 40mins.

u dont... idiot

there are plenty of videos..look up credit card generators..but i do warn u its illegal(DUH!)so if u plan on doin it realize if u get caught its your own fauld it is a federal crime to use credit card generators ect.

No shit.

And stuck in the early 90s I see.

zzz I work in IT - no wonder nerds find it hard to get girls. + this was boring I fell asleep. Reminds me of work meetings. IT sucks & is over glamorised by apparently high paying jobs pfft.

Don't wanna watch the whole thing? List of important points...

# [01:48] Years ago cybercriminals were teenagers writing viruses and worms, today they are organized crime looking for stealing money.

# [03:19] Intermediate goals to stealing money are data theft, extortion and malware distribution.

# [04:02] Russian Business Network (RBN) is an example of organized cybercrime.

# [09:00] Attack #1: SQL Injection.

# [16:30] Preventing SQL injections.

# [17:00] Dont blacklist (filter) characters in queries. Whitelist (allow) well-defined set of safe values for each field.

# [18:30] Take a look at mod_security if you use Apache web server. Mod_security is a Web Application Firewall. It allows you to define a set of rules the web application must follow.

# [19:30] Prepared statements and bind variables help to avoid SQL injections.

# [23:00] Other mitigations strategies include - limiting web application users privileges on the sql server, hardenining database server and host operating system.

# [23:45] Second order SQL injections (link to pdf) abuse data that is already in the database.

# [23:55] Blind SQL injection (link to pdf) is a technique to reverse engineer the structure of the database.

# [24:25] Attack #2: Cross-Site Request Forgery (XSRF).

# [26:00] How XSRF Works.

# [31:30] Drive-By-Pharming (pdf) is an XSRF technique where the attacker changes DNS settings of a users broadband router (fact - 50% of home users do not change default router password).

# [34:00] Preventing XSRF.

Noby Gonna Watch This Video Finnish

informative presentation !

thanx for the post

beautiful,

I didnt know that youtube videos can be this long. whoever watched the entire thing is a nerd and has no life

That might be true, But nerds Got more brains than you can imagine...

So stop insulting those people...

ah yes precisely. the botnets circut the anual cyber trial used for the wire transfer and then the malware alarm constitutes money made through various ransom notes written to established firms. hahaha what the fuck is this dude talking about. i fell asleep before this even started

nice video IF U HAVE AN HOUR TO SPARE

thats illegal!

what the heck!?

nice vid

if u have a spare hour

i got a week to do anything i want ... like wathcing this 182 times

this is one hell of a shitty video and a waste of an hour i watched the first 2minutes and hated the gu and google...lol...rawr!

''stealing money is wrong but fun'' (the words of great eduard de vinchy )

ps thats why no one ever heard of him

ZZZZzzzzzzz

*yawn* zzzzzzzzzzz *falls asleep, falls off chair, wakes up 30 minuits later, realises this guy is still talking, goes back to sleep, wakes up 30 minuits later to see the last few seconds of this video and goes back to sleep*

Boring thousand times written and read stuff without any special stuff except for the catch headline that should better read "BUY MY BOOK! KTHXBYE" or something along those lines. It's 2008 god dammit, everyone that cares knows that stuff or can read it at arround 100.000 free books.

A completly, unwrothy of google, waste of time.

watch?v=-pTJDNQdvsQ ,lol

Interesting stats at the beginning and useful information to know for web developers, and yet it put me to sleep hearing the same vulnerabilities again. SQL injection, XSRF and XSSI yada, yada...zzzz

zzzzZZZZzzzzZZZZZZZzZZZZZZZZzz­zzzzzzzzzz

For Nerds this is extremely entretaining

@logitechoz LOL

$15 for 50 credit card numbers, most RBN-like black-hats hang out on ICQ.

Your info is severely outdated.

they send fake ieds, ips to the owner where they want to get the money from, so they can never be traced and when they steal money from them they tell the company they are the onwer etc its all about backdoors and tricks.

this is true as i have done this before, not a good idea though as ya ip is sycronised with your account

unless you have dsn ip address

then it changes every tym u reboot

unless you have dsn ip address

then it changes every tym u reboot