 So sometimes you see these articles, you know, security flaw found that's 15 years old, you know, the security flaw has been in this program for such and such long. And I always find it funny, it's like, who cares how long it's been there, it's how long have we known about it. Because there's flaws in any type of software that's more complex than a Hello World program. And even then there might be a security flaw. So there's always security flaws in all software, it's just a matter of when we find it. And yeah, we find, you know, there's a difference between malicious software where it's there on purpose and where someone made, you know, a coding accident. And there's a security flaw. It might even be a security flaw, something that nobody even would have thought of. You know, there's obvious things that happen in software that we, that a good programmer should know not to do. And they still happen by accident. But there's sometimes where there's a tax that we don't even think of and then all of a sudden some comes up with it. And of course that's been an issue until someone thought of it. So programs can have security issues for 15 or 20 years and it doesn't make that program or the programmer a bad programmer. But here's the issue. When we know about a security issue, how quickly does it get fixed? You know, and do they push out updates? So it's like, there's some systems out there that have what I would consider security flaws like certain systems that don't salt their hash in their passwords and that you can actually just pass the entire hash to a system to log in instead of sending the password. And these are issues in some systems that we've known about for 15, 20 years. And it's not that they've been around for 15, because they've actually been around for longer than that, but we've known about them for 15 or 20 years and nothing's being done about it. And that's the issue is when you know of a problem, how long does it take for you to fix it? Okay? If you're not fixing it, it just shows that you don't care about the system you're working on. If you don't care, why are people using your system? So I bring this up because recently, as I was saying, I went to a website. There was a website that had some videos and audio stuff for my kids and they had some free trial. I logged in and I went, you know, and I just looked at the developers tools and right away I found that, as I mentioned in the previous video, that when the comments load, not only is it loading the comments and the user name and the user's avatar, but it was loading all their information. It was loading date of birth, first name, last name, email address, and remember this is a site primarily geared towards kids. It would list whether the person was, you know, a parent or a child. And last time they logged in when they created an account, all that stuff was being passed from the server. You weren't seeing it on the web page, but it was being passed from the server to the web browser. I emailed the company just over a week ago. I think it was probably eight, nine days ago. Two days later I got an email back saying it would be passed on to IT, but the person who emailed me told me to log out and log back in, which was just silly, but that was not an IT person. That was just their help center. So they passed it on to their IT department. Lots of times, you know, I contact companies about this and they never do anything about it. And lots of times if they don't do anything about it after a while, I'll do a video on it pointing out this company did this and that, you know, because they don't take care of it in a timely manner at all because they just don't care. It was very important to me that this gets done because, again, this is a website geared towards kids and the server was passing private information and that is a big issue. So again, just over about a week ago, I got the reply email and I was hoping for a follow-up email and I never got one after that, but just a few minutes ago I logged into the website and I checked and they fixed it. So now it's just passing, you know, the username and their avatar and of course their comment. Great, I wish they emailed me to tell me that they did that, you know, but the fact that they fixed it, I don't know when they fixed it because it's probably been close to a week since I checked. I think last time I checked was the last time they emailed me, but to get it fixed in a week and again, it's a simple fix. Now, someone asked in the previous video exactly what the problem was and how to fix it and I say it's a simple fix and I tried to explain it basically, I don't know what type of database you're using because it's server-side stuff you can't see. I can just guess what's going on, but they're passing me information. Basically, they're going to have a database and they're passing me information that it shouldn't be. So when you search a database, you say, I'm looking for this match and from that match in that table on the database, give me this information and it should have only been asking for essential information, username, their avatar and the comment, which would probably come from two different tables, but theirs was passing basically everything. So they were doing asterisk, which means give me everything that has returned. Or they were just saying, give me these fields and they put in too many fields. I don't see that happening by accident unless they were trying to troubleshoot something and then forgot to clear it out. But the fact that they made that mistake was not, that's something that happens. You're designing a website, you're doing stuff. Maybe you enable something for testing and then you forget to disable it. It happens. But the fact that they fixed it in a week or so was great. So awesome kudos to them. It's not an issue anymore. But if you're curious more about exactly what was going wrong with that, again, I can't say exactly what was the issue with the code on their website. But I did create an example of that sort of basically, I created one database with two tables, user information and comments by users. And then I pulled that information, referenced it and put in an HTML output. And I created a video basically going over. I went over two videos actually, I created a video going over in detail, what's happening on the server side, client side, how to see this information. And then I also did a follow up video that's a very short, quick, everybody should be looking at this stuff when they go to websites. It's just a matter of opening up your developer tools in your browser. And just clicking through stuff and seeing if you see anything that's out there that shouldn't be there. And I've already recorded those videos, I already have videos scheduled. So it'll be about a month, those videos will be up, I hope you find those interesting. So yeah, again, anyone who creates software that might have security issues, it's gonna have security issues. It's not an issue of having the security issues, it's a matter of fixing them. I mean, yes, there's some obvious things that people shouldn't do in programming. But sometimes there are people who are put in positions where they need to create software and they're not necessarily developers or they're new to it and they're in this position. And I don't blame anybody for making mistakes, even if it's a mistake that should be obvious that they shouldn't make. It's a, this is an issue, fix it now. Do they fix it, yes or no? And if not, why, it's like, and there have been so many times where I contact people and be like, this is an issue. And they're like, well, that's just the way we do it. Or I get no response. And that's bad, I have no problem calling those people out. So I'm very happy this website fixed the issue, especially since it was an issue with kid content and kids communicating. So yeah, good for them. Keep that in mind when you see an article that says 15 year old security flaw found in whatever program. It's like, it doesn't matter. It's how quick does it get fixed? And there are sometimes where there's security issues that take a while to get fixed and it's like you get into the whole, when do you put things out there? Like the whole thing last year, was it called Specter? I might be getting the wrong security flaw. The one that's, it was in the CPUs of systems. And you had the Linux Foundation and Windows and all these big, big organizations trying to fix a problem that really, you know, is beyond me. It's much lower level, but yeah, but we knew they were working on it and they couldn't release too much information about it because it's a security flaw because it hasn't been fixed yet, but they were trying to fix it. But it's when there's issues that should be fixed, that can be fixed. And there are a lot of times, hey, if there's that big of a security flaw and you don't know how to fix it, you just need to disable that functionality. Even if you have to disable the whole program and say, hey, no one should be using our program. I know that sounds bad, you know, if you're a company, but I'd rather see a company do that and fix the problem than just not do anything about it. So yeah, keep that in mind. It's not that there's security issues because I've also heard someone years ago say, I'm going back quite a while, they said, oh, I switched to Firefox because I heard that it was open source and supposed to be more secure. But I see more security flaws found in it than in an Explorer. Well, yeah, that's the whole point. It's open source so that people can find these problems and we can fix them. There's a lot of issues in other browsers that might be closed source, but you don't know about them. And they might be fixing them, but they probably don't tell you about them. They just fix them or they don't fix them and they're still there. The thing is, whether you can see the code or not, the security flaw is there. But the fact that we can see fixed source code allows us to be able to fix it and more people to fix it. And you can argue, hey, well, that means that the attackers can see the source code and they can find the problems. But yeah, there's more people working on fixing the problems than there are attacking the problems. And I think that's, I'm saying that, but you can look at the history of it. And it's when these security flaws are found, how quick are they fixed? So keep that in mind. It's the quickness of the fixness. Yes, I should get a shirt that says that. The quickness of the fixness. Fix things quick. Thanks for watching and I hope that you have a great day.