Mental Outlaw is the ultimate advocate for the Amish community.

@radomane

2 жыл бұрын

Big doinks

@nedasmozuraitis5818

2 жыл бұрын

Yes sir.

@Dankucci

2 жыл бұрын

Haaaa

@dsa43fsdf

2 жыл бұрын

Amish cybersecurity and opsec is next level

@tawe7498

2 жыл бұрын

Don't need operational security when you don't have an operation at all

the more I I learn about electronics the more I understand why most IT experience people tend to use as least amount of technology in their personal lives

@whats5471

2 жыл бұрын

👆

@voidimperial1179

2 жыл бұрын

There are two types of people into technology: those who install smart appliances everywhere, and those who refuse to touch any smart appliances.

@djsaekrakem3608

2 жыл бұрын

@@voidimperial1179 Its all marketing to the general dumbed down masses. Also trendy to the normies.

@stevefan8283

2 жыл бұрын

um, no?

@fakezpred

2 жыл бұрын

@@stevefan8283 Actually yes. Imagine if someone compromised your smart devices. Guess your thermostat is getting turned way down then.

Important things like this should be provided directly and ideally manufactured in the country using them. It’s silly to think our government and their contractors do stuff like this to save time and money when they could just hire a few more people to audit things as well as work with a local manufacturer

@SieTeppischfresser

2 жыл бұрын

Government laptops already have CAC readers in the laptop.

@VengeanceRMP

2 жыл бұрын

They actually do verify the equipment they use on a grander scale. A lot of office equipment like these are, as others have mentioned, built in & provided where you work. At home on your own system(s) can be a different story.

@silence___

2 жыл бұрын

@Johnny depp I'm starting to think some of these were authentic accounts at one point

@GHOSTTIEF

2 жыл бұрын

@@silence___ probably people who clicked on the phishing emails

@bigblackbadger1

2 жыл бұрын

@Johnny depp finally a spam bot is here

Quite common in Brazil. They swap the reader thing, usually from a gas station, with a hacked one. Then wait for the harvest. Got mine stolen once. 3 purchases at 1am. I was awake at the time, my bank sms me all purchases made over R$50, so I knew immediatelly, called my bank, cancelled the transactions and cancelled the card in like 20 minutes.

@whats5471

2 жыл бұрын

👆👆👆.....

@windowsxseven

2 жыл бұрын

@Rare one got DAMN it's finally here no way

@TiagoTiagoT

2 жыл бұрын

I don't think he's talking about the same thing...

@epicat0r

2 жыл бұрын

Dude. They're both bot accounts 🤣

@TiagoTiagoT

2 жыл бұрын

@@epicat0r I was replying to OP

It's crazy how well social engineering and just standing around with boxes works

@whats5471

2 жыл бұрын

👆👆👆.

@boobgoogler

2 жыл бұрын

@@whats5471 bro why are you trying that scam on a cyber security channel 🗿

@oceanbytez847

2 жыл бұрын

@@boobgoogler They really hit this channel harder than usual. I have no idea why.

@engineeredtruths8935

2 жыл бұрын

@@boobgoogler idiot here, what is the scam? lmao

@joeh858

2 жыл бұрын

@@oceanbytez847 it's kinda self explanatory

speaking of malware, youtube has been serving ads of "free games" websites, witch serves malicious fake installers, double packed MSI installer with a small c++ program (and some accompanying 7z archive with a password i couldn't find any ware) that fucks with your DNS config and bricks your internet connection, reminiscent of most of the malware you'd find on TPB back in the day

@burn_out

2 жыл бұрын

KZread used to advertise drugs selling onion marketplaces in Russia lol

@whats5471

2 жыл бұрын

@@burn_out 👆👆👆..

@randomuseryt5143

2 жыл бұрын

they are all the same installer just downloaded under a different name

@Liamfr34k

2 жыл бұрын

how would you know if you have this?

@DigitalApex

2 жыл бұрын

@@Liamfr34k Your internet wouldn't be working

Great timing. Pulled a fake keypad off my local ATM two days ago. Sneaky bastards

@whats5471

2 жыл бұрын

👆👆👆.

Ah yes, Amazon special Chinesium smartcard reader for DoD CAC authentication. What could possibly go wrong?

@520_metal

2 жыл бұрын

China bad upvotes to the left

@My_Old_YT_Account

2 жыл бұрын

@Johnny depp shut up bot

@konradcedro1316

2 жыл бұрын

I’m dying 😭🤣

@whats5471

2 жыл бұрын

👆👆👆...

@My_Old_YT_Account

2 жыл бұрын

@@whats5471 shut up bot

This reminds me of the Despicable Me meme: "First, identify smart card reader used by military. Second, get access to vendor's website where drivers are hosted. Third, infect it with well-known malware that's being detected by most antivirus software."

@fluffypinkpandas

2 жыл бұрын

Yeah talk about getting a shot at fuckin Smaug's scale gap, and announcing it to him. Thats what he just did. Its patched now. What a waste of a good vulnerability. The dude should have waited, got some dudes together, some funding to make it a very professional stealth rat, or even an evolving botnet. But with stealth. Something that is well worth it considering its a military grade backdoor. But instead they give it a script off the streets and just completely waste it. ...just classless.

@The_Bird_Bird_Harder

2 жыл бұрын

@@fluffypinkpandas I mean, is the point here not to expose the vulnerability? As opposed to like. Become a felon?

@fluffypinkpandas

2 жыл бұрын

@@The_Bird_Bird_Harder from a certain point of view, Anakin

@noanswer1864

2 жыл бұрын

@@The_Bird_Bird_Harder Taking note that a door is left unlocked, but not going through it, is not breaking and entering. It is merely being observant. Doing nothing with this piece of information you just gained, because you might need that information later, is similarly not "Conspiracy to commit." You just know about an unlocked door, and you've got no intention to tell anyone. You can't call it negligence either, it isn't the observer's reasonable responsibility.

@sethadkins546

Жыл бұрын

@@fluffypinkpandas The thing about that is Mental's not a criminal....

An IT employee for a large government contractor bought a smart card reader. This is what happened to his highly sensitive data.

@EricGranata

2 жыл бұрын

☝️Presenting to the emergency room!

@doooofus

2 жыл бұрын

@@EricGranata Presenting to the emer/g/ency room!

@kenshinhimura9387

2 жыл бұрын

@@doooofus that was really cringy

@doooofus

2 жыл бұрын

@@kenshinhimura9387 so was your mom

I cannot believe an IT person who works for a big IT company did not know about file signatures. When I download things like drivers from any vendor, I check the digital signature of the EXE and DLL's before executing the installer. In fact, I check this before buying a piece of hardware that requires driver installation. I visit their websites and download the driver file before buying the hardware, and check if the EXE is signed. If it is not, then I buy from a different company. I also did not expect so-called "smartcards" are just a mere password card, that if someone else read it, it gets compromised. I thought it would send some sort of calculated result so that only the device that has a previously agreed data can verify its authentisitity, like a bank OTP device. If it is just sending the same data whoever the reader is, why is it called "smart" card? It's a dumb card.

@phoneticalballsack

2 жыл бұрын

@@whats5471 number doesnt work

@ainzooalgown9952

2 жыл бұрын

it only needs to be smarter than the employees, not the malicious party

@monkemode8128

2 жыл бұрын

Hey, I get paid more for being friends with the boss than that

@cwill6491

2 жыл бұрын

How do you know what the signature was suppose to be if the company didn't tell you?

@tonnentonie2767

2 жыл бұрын

Could you tell us how you do what you describe in the first paragraph?

Actually government laptops are specced out to have CAC readers in the laptop, so not external reader is required. We also have cac readers within our keyboards, so a government employee should never have to buy a reader.

@VengeanceRMP

2 жыл бұрын

Not to mention that the ones sold at the exchanges are inspected & verified. Still seems like a possible security issue though.

@ProDCloud

2 жыл бұрын

They do if they want to work from home or use multiple cards in one session.

@whats5471

2 жыл бұрын

👆👆👆.

@marcogenovesi8570

2 жыл бұрын

@@ProDCloud can they just multiple keyboards with the card reader? It's not like they have any resale value anyway, nobody would steal that

@ryanchatham9971

2 жыл бұрын

That’s great at work but if you want to access your pay or anything else from home you have to use a CAC reader

RFID can be intercepted from a man in the middle attack! It’s so unsafe

@radomane

2 жыл бұрын

MiTM is not the same as a replay attack

@JustPlayerDE

2 жыл бұрын

@@radomane what if the MiTM does the replay attack tho

@radomane

2 жыл бұрын

@@JustPlayerDE MiTM is a form of replay attack where the original message was intercepted and the squashed, then the attacker sends a modified request to the target. It's difficult to design systems that are resistant to MiTM attacks, look up 2 generals problem. Protecting against replay attacks is fairly simple, if you have an RFID key to your local gym the reader probably has protections against this already.

@JustPlayerDE

2 жыл бұрын

@@radomane im talking about the Man in the middle, not the MiTM attack. i will write the text in another way: what if the man in the middle does the replay attack tho

@radomane

2 жыл бұрын

@@JustPlayerDE Have you invented some new abbreviation where MiTM does not stand for Man-in-the-Middle?

A company I worked for just gave everyone a laptop with a smartcard reader built in. Much finer control for them. We also used RSA keys and a password. I don't think you can get more security for online identification than RSA keys

@xXhotshot55Xx

2 жыл бұрын

Anywher that uses smart cards buys computers with card readers built in

I work for a publicly run employer in the uk that's one of the largest employers in the country (work it out). Our smart cards for accessing the country wide databases uses an active x control in IE . The config file for this still states " do not change any settings as all settings are the same for windows 95 and NT " , smart cards are not secure !

@whats5471

2 жыл бұрын

👆👆👆.

@whynotandy

2 жыл бұрын

I thought Native bridge + Edge took over from this now. Wouldn't be surprised if it was still common elsewhere in the industry as IE is still used for some legacy applications

@andljoy

2 жыл бұрын

@@whynotandy it does , native bridge however is also getting replaced with credential manager , but you have to do a lot of fucking about with IE and group policy for that , go with native bridge and the latest hscic. Native bridge is still supported as of May 22

@whynotandy

2 жыл бұрын

@@andljoy IE officially retires on the 16th, wonder if everything will be ready in time

Thats the CAC (common access card), something that pretty much every US military personal will use, along with everyone who works for the DOD. One thing I find weird here is the "drivers" you need are actually DoD certificates, otherwise CAC enabled sites won't load. (Though I'm pretty sure this is just so your local FBI or NSA agent can watch your activity easier) The one positive thing is the DOD has been issuing out laptops that now use VPNs, and already contain a CAC reader built with the certificates you need, and are continuing to improve their OPSEC mostly due to the fact that having people work from home during COVID instead of a secure office has forced them too.

@whats5471

2 жыл бұрын

👆👆👆

@tissuepaper9962

2 жыл бұрын

I was under the impression that the CAC was already on the way out. Maybe that was bad information.

@capybara9802

2 жыл бұрын

The drivers he’s talking about is of the cac reader itself so it knows how to function. Cac readers do nothing but read the card and send it’s data to your computer. Dod certs are pretty much just for dod website identification, which you can use without downloading the certs, but you would have to accept that the website is using the cert every time because it’s not standard. Downloading it makes it standard to your computer. As far as I know you can’t directly load malware on a cert, but unchecked drivers can cause havoc.

@thelight3112

2 жыл бұрын

You can access DoD websites just fine without importing the root certs, but your browser will throw a certificate error for every page. This is because the DoD is it's own root certificate authority.

@zachbrenner9959

2 жыл бұрын

You need dod root certificates to access CAC enabled sites, but the drivers for the CAC itself are different. Both of them are a pain in the ass to obtain if you don't have can access set up on a computer already

Saicoo Card readers, proceed to place a Yuan symbol on the online payments sign and encourage employees from the DoD to use it. It is obviously a Chinese spy tool, lol.

@PixyEm

2 жыл бұрын

"On-Line purchases" Anyone who speaks English knows it's "online"

You could use a regular Android phone to “copy” and “paste” the balance of a subway card in Moscow. That’s how I got unlimited rides lol.

@whats5471

2 жыл бұрын

👆👆👆

@DeeezNuts

2 жыл бұрын

@Winnie the Flu The balance gets stored in the card instead of an ID linked with a DB, so you buy a card reader/writer and change it. I was gonna do the same for games place(Magic planet in middle east) but noticed u can charge it from their website so it wont work

@CanularRadio

2 жыл бұрын

Care explaining how

@CanularRadio

2 жыл бұрын

@@DeeezNuts how to trick

@libertyprime2013

2 жыл бұрын

Nice

I've been in the military for nearly four years now. I'm happy to see that I've never seen any of these kinds of cac readers for sale, especially at the physical stores and gas stations.

@Hypnotically_Caucasian

2 жыл бұрын

>gas station card reader Less notorious than gas station dock pils

Congrats on 300k. Thanks for spreading the information that actually matters!

What kind of a brain dead govt agency would actually deploy workstations that don't have internal smart card readers? Oh right, quite a lot of them

@whats5471

2 жыл бұрын

👆👆👆.

@marcogenovesi8570

2 жыл бұрын

basically everyone that isn't NSA and MAYBE the FBI

@tissuepaper9962

2 жыл бұрын

@@marcogenovesi8570 that's just false. Most of DoD specs smart card readers directly into laptops and keyboards.

@citratune7830

2 жыл бұрын

@@marcogenovesi8570 Source? Litterally? This is just wrong, my parents aren’t nearly that important and they get cac card readers.

"Security products company with unsecure website", yep, sounds about right.

Properitary drivers be like:

@your-mom-irl

2 жыл бұрын

hey what the fuck

@whats5471

2 жыл бұрын

👆👆👆.

This would not have been a problem if the drivers where open source

@gaming__god

2 жыл бұрын

The problem would have been bigger in that case. People never check if the compiled code is the same as the open source version. I don't think there is a easy way to compare open source code and it's compiled version. Moreover a open source version of driver will be leaked to public which can be easily exploited by hackers.

@mskiptr

2 жыл бұрын

@@gaming__god Yes, that would very much be the case for open source drivers on Windows. However, open source + a proper package management would pretty much solve the problem. (Or you could compile them yourself - assuming the code you got is legit.)

@testacals

2 жыл бұрын

@@gaming__god You can just compile it yourself instead of getting a compiled version. "Moreover a open source version of driver will be leaked to public which can be easily exploited by hackers." There will also be security researchers that will find those exploits and even upload patches.

@Zimx02

2 жыл бұрын

@@testacals I think that the exploit comment is not about the lack of patches, but rather people still getting pre-compiled software.

@hldelta

2 жыл бұрын

You have to sign the drivers with a certificate to install them on Windows iirc.

I used to work for a DOD contractor. We where super strict on card readers and lucky we never had this issue. All of our external readers where provided by a trusted vendor.

What is so hard about using pgp smartcards? Nonce in, signature out, access granted, no way to copy anything.

@whats5471

2 жыл бұрын

👆👆👆..

@yura2110

2 жыл бұрын

I don’t understand your logic

I always thought there's a private key in each of them, and therefore you cannot duplicate a smartcard by listening to the traffic. It's just common sense! RSA has been around since the 70s. Guess I was wrong

@RegrinderAlert

2 жыл бұрын

@@tripplefives1402 Smart cards often do have a CPU and crypto modules on board.

@eitantal726

2 жыл бұрын

@@tripplefives1402 are you sure? MK says otherwise.

@codegeek98

2 жыл бұрын

Different EMV modes - DDA is the only one that works like a true smartcard. SDA and CDA are just complicated badges. I'm unclear why DDA isn't mandatory for chip txns…

@eitantal726

2 жыл бұрын

@@codegeek98 Thanks for the clarification!

In Brazil is very common in sales fairs and at gas stations , they modify they payment machines and insert some msr90 board or something like these on the video , criminals call this type of modified machine as "chupa-cabra" . And they also use jammers for block gps signals from the cars and than steal , they typically call this type of jammer as "capetinha"

@FilipeCruz1337

7 ай бұрын

kkkkkkkkkkkkkk still chupa-cabras working nowadays?

You never cease to surprise me with these interesting vids, keep it up!

When I was attempting to enlist in the army, all their laptops had a card reader built into them.

I love how the credit card companies decided to update their older cards to a much more VULNERABLE card. It’s like they WANT everyone to get their cards compromised. Plus I betcha they do, because they are most likely directly connected to those “credit monitoring” companies and they get more money from them every time a card is compromised.

@satibel

2 жыл бұрын

My father in law has a bug with his card where it doesn't ask for the code.

@Drkbowers1

2 жыл бұрын

I think people should just be more aware of their card activity. Maybe this only applies to credit cards, but I get a notification for every purchase the instant it happens. Even if something I see doesn't make sense, I can just cancel the card and get my money back in less than 24 hours. I don't even cancel the cards I lose because I don't want the hassle of having a new number, I just get "replacement" cards which are meant to be ordered if your card breaks essentially.

I like to think that the hackers have a handful of weird dumps where they have no clue what the card is for, what the data is about or how to use it While in reality, it's stuff like Pokémon print kiosk cards or someone's memory card that holds a script to install the network driver for an industrial computer

@satibel

2 жыл бұрын

Tbh it's probably fairly likely

@1NeoCross1

2 жыл бұрын

They're sold via dark web in large data packages. Then someone else buys a package that may have usable stuff while a ton of it is junk. Same way as how legal companies scrape all our information and then sell bundles of peoples' info to literally a n y o n e.

Man your content is just awesome! I tell everyone to check out your channel

Please make a video on how the internet of things will ultimately destroy the human right to privacy and make us subservient to the surveillance state. I do know you briefly touched on it in your Guide to Escaping the Botnet video, but an in depth video would be really awesome and do us a great public service.

@speedfastman

2 жыл бұрын

You could've just said "do a video on how problematic IoT devices are" and you wouldn't have sounded so conspiratorial.

@1d10tcannotmakeusername

Жыл бұрын

@@speedfastman His username is "Spyro 115", he is likely tuned in to the higher consciousness. Nothing wrong with having a conspiratorial worldview in an exponentially conspiring world.

@maxheadspace6670

Жыл бұрын

@@1d10tcannotmakeusername That's because 114 Spyro-mongers beat him to it. He is delirious anyways.. "Will ultimately destroy???" he must think he is in 1994 with all that "future tense." wake up and smell the google my little purple dragon. That being said, i have to go now... time for my red pill.

@1d10tcannotmakeusername

Жыл бұрын

​@@maxheadspace6670 1. Spyro is a time-traveling hyperdimensional intelligence 2. Only if you're a city slicker, if you go out innawoods and make sure there's no IoTrash in the house you should be fine

Mental outlaw is either the biggest redhat or straight works for feds lmao

@whats5471

2 жыл бұрын

👆👆👆.

When I worked as IT, we had a lot of people doing work from home stuff. We had protections against this and actually survived the Kaseya Ransomware attack because of a tool... which for the life of me I cannot remember the name of. It essentially worked as a DLL and EXE whitelist - we had a contract with the developers to ensure they updated our whitelist with the file signatures of executable files that came from reputable sources such as Microsoft, Adobe, Chrome, etc, that we'd use on a day to day basis. Everything else would be hard blocked, across all our devices. It would most certainly have protected us against smart card readers with modified drivers. Though, one time, we had a whole day of printer issues because microsoft did a silent patch to Edge, which was responsible for ensuring PDF files print correctly from edge, so we had a day of nonstop printer issues, but it was a small issue :/

@Shigbeard

2 жыл бұрын

Ty for whoever liked this comment first, cause I remember the software. It was called Airlock

Excellent video 👌🏻🔥 love the demonstration clips you got, I make videos sometimes and getting footage online like that takes a lot of work😂 keep it up man 💪

Also, RFID/NFC/proxy cards are a different technology than smart cards

Another good example would be the Hak5 usbs. Think Mrwhosetheboss did a video on those, but all someone would need to do swap out a smart card reader that looks similar enough to whatever actual smart card reader you're using, and then they have access to all your credentials.

I don't know about the authenticity of the web site you presented that had that card reader listed as recommended. In addition, any contractor that allowed average users local admin rights to install random drivers for crap wouldn't have their ATO for long and thus wouldn't be contractors for long I can tell you that much. Furthermore, when I contracted Federal IT I know we couldn't just hand out random garbage even for peripherals. There's actually standards in place that prevent even the purchasing of computer equipment from mainland China. Even the cards themselves are single sourced from one company to meet the HSPD-12 requirements.

Nice modern rogue cameo

@whats5471

2 жыл бұрын

👆👆👆

yeah, but if I wanted to break into a building I would rather bribe a janitor to copy their pass vs having my face on camera intercepting their card.

had no idea that people could just buy their own hardware like this for security critical tasks. should at least have a list of hardware that you need to purchase from or something.

@jakegarrett8109

2 жыл бұрын

Problem is this WAS on the DOD suggested list...

@tvk270

2 жыл бұрын

@@jakegarrett8109 well thats unfortunate lol

@__prometheus__

2 жыл бұрын

Yeah we’re told to buy our own CAC readers for our personal computers at home. Half the time they tell you which one is the good one…

The company one of my friends works at provides laptops with built in card readers, they also have cell tower service so they don't have to connect to WiFi while they are not at home

@jakegarrett8109

2 жыл бұрын

Good thing ghost cell towers don't exist...

Great video. So true. This can be a major attack point, especially in Pubic or private institutions.

thanks for the updates as usual outlaw!

@whats5471

2 жыл бұрын

👆👆👆....

so. this video gives me an insight of why my military laptop (Latitude Rugged Extreme 7214) has a reader for those cards, both contactless and slot to insert the card

Modern rogue footage, hell yeah!

I work for a security company where we make security cards. A lot of high security places are moving to cards with an encrypted chip where it stores certifications, your fingerprints, and your photo. Similar to CAC cards. It's fully encrypted and the card is tied to the facility and the readers. The card you showed is a PIV-I card. It's very secure. The government is slowly moving to this. You need a scanner, that isn't just a reader, but one where you insert the card and it reads the chip. It's all tied to the individual. As far as readers go, use an HID reader. Our company has tore apart the drivers and such, and they are secure. For common smart cards and card readers, yeah. It's easy to hack. People are always the issue in security. But there is smarter - smart cards.

@maxheadspace6670

Жыл бұрын

*CAC

And this is why physical security, with human security, will never be outdated.

Grats on the 300k

The first bag you posted is the good one to protect against rfid. They have larger sleeves too on amazon.

I choose to live in a cave at this point.

gratz on 300k

I believe new most Access cards/fobs systems now have 2 steps; meaning not only does the card provide a password to the opener, but the opener also put a signal back to your FOB and if your FOB cannot correctly verify the signal coming from the opener then the gate stays locked even tho the FOB has the correct access code.

My trusty ACR122U is always packed with my laptop when I'm on vacation :D Most of the card readers are just connected to "psychologically" give a false sense of security, nine out of ten times they aren't even securely wired!

Small detail, a large number of Amazon reviews are fake but you’re correct in assuming at least half of those are actual purchases. There’s some sites that will scan listings and tell you the percent of fake reviews

As someone who works for a company that installs card readers in high security places, we only install swipe cards and we demand that we use cables rather than wireless transmission. Our system also nullifies cards every 2-3 days, so you have to get a new one at the reception.

a long while ago people used to use coiled copper rods to extend the reach to their sleeve.

Yeah, I totally believe that a "hacker" compromised their download page. Nudge, nudge, wink, wink. Pull there other one guvnor.

@whats5471

2 жыл бұрын

👆👆

That employee helped their company dodge not just a bullet,but an entire fucking nuke.

I suspect they are doing the same thing with Smart Lamps selling on Amazon that are impossible to beat on price but force you to allow access to your local home network traffic. Might be useful for a researcher to take a look at it, which I can use the time to jump deeper.

wow... Thank you for the video!

The first part is about RFID/NFC tech The 2nd part is about Smart-Card tech

Military contractor here, these types of CAC readers are used but not sensitive information, at most the hackers would be getting some PII. More sensitive information is still only able to be reached at your base with a different type of CAC :-)

I prefer the battering ram method.

@breni1518

2 жыл бұрын

Who needs any fancy electronics when you have a log and pure strength.

@whats5471

2 жыл бұрын

👆👆👆.

things like these need OSS drivers with signed binary releases. Virustotal is not magic, it is rather easy to write undetected viruses, especially if their only job is to upload the smartcard data to a server. That is not even the definition of a virus, that would just be a modified/hacked driver

@satibel

2 жыл бұрын

Polymorphic viruses aren't that hard to make, you basically write a set of tests that define the behavior and have a script fudge the instructions around till you don't get detected. And you can even use out of the box generators that do the job for you.

Love Mental outlaw keep it up 🖤

This is exactly why we need open source drivers period.

Something I leaned is that windows will go out and get drives for some things if the driver is proper signed. My guess is that when they made that drive it was but now it is not and that's why they had to manually install it.

I used to work in an IT department of a hospital and they used card readers in-house and 2fa when working from home, worked better imo.

In Brazil a guy managed to switch his card reader with gas'tation's card reader and recived 3 days of payments before be catch.

Smart cards are not vulnerable to replay attacks. They use the algorithm of challenge-response. They have another set of vulnerabilities but not that one.

Congrats on getting that shout-out from Mutahar yesterday!

@BCDeshiG

2 жыл бұрын

Wait, what video?

@epicn

2 жыл бұрын

@@BCDeshiG the smartphone hacking video he made a few days ago

i feel like I’m watching a DedSec tutorial video

As always, everything is super. Waiting for new cheats from your te

Oof, I was in the Army and never knew about sus drivers... fortunately I bought mine at AAFES and needed no additional drivers but I did need all sorts of security protocols.

This is unbelievable... #stoptheoutsourcing

You'd think most companies/governments would have some sorta deal with a tech trusted tech supplier instead of simply paying staff to buy whatever they want.

Now those cc reader signal blocker sleeves finally have a purpose😆

Thanks for this helpful identity theft guide

The worst part is so many military website are flagged as not secure by browsers so many people just click to continue to unsecure website, because that's the only way to access the website. So it wouldn't surprise me if windows defender would have caught this, it would have been ignored.

@P1T4Bot

2 жыл бұрын

Probably just unofficial certs

@dakotaferris4842

2 жыл бұрын

@@P1T4Bot that is the issue but I think it conditions people to just click okay, even if something is flagged

"curbs on security " 😂🤣😂🤣😂🤣😂🤣😂

The company I worked for had smart cards but they supplied laptops that had the readers already installed. I would have figured the government would have done the same.

I didnt understand why you would need a smart cardreader in home? I got a bit lost. Would appreciate if someone could tell,

@GoodlyPenguin

2 жыл бұрын

DoD military here. You can buy one from like a Navy Exchange/Army Exchange (I think they call them a PX?) for like $10 so you can work from your home. You can use your CAC (government ID smart card) to look at your paystub/government email/what have you from your personal computer.

@mokisan

2 жыл бұрын

@@GoodlyPenguin oh! Thanks for explaining. Its a bit weird that the kind of things arent controlled that well, specially when it can leak some sensetive data

@LuureAmet

2 жыл бұрын

Smart Card readers are ordinary mandatory part of most proper laptops in estonia , and nearly entire population from old to yong have them at least last 10-15 years

I encountered something similar getting drivers for an old fujitsu laptop, I used the (supposedly) official fujitsu support page, but after downloading one installer, even windows defender detected a trojan in the driver.

Badge cards typically must be used in very specific manners the closer they work with government controlled data, such as PII, PHI, or official data. Though if a company isn't having this enforced on them it's pretty typical that they will use whatever. You'd think banks in particular would take more care to protect their cards for example, but it seems that rfid chips in cards are quite compatible with thief scanners.

@pcislocked

2 жыл бұрын

its funny that your average smart ticket card you use to commute is safer than most smart cards against copying lol

I once saw receiver that can read card from like 3m away. They used it on entrance to private community. You can just place card under front window and it will read it no problem

@jakegarrett8109

2 жыл бұрын

Yep, and set that baby to overdrive for movie night drive through popcorn!

Thanks Jayson Tatum 👍

My ThinkPad has a Smartcard reader. And there seems to be some tricks to read out the data anyway I want. Would be great to have this tool with me. I also think there is an RFID reader in that laptop... Which should be able to read some more information.

We’re doing 2 factor authentication with our phones. It’s a little annoying that work requires me to use my personal phone, but it seems reasonable secure.

Or employees might have to scan both their card and fingerprint to enter a door while cameras monitoring the door will raise the alarm if the person’s face is obstructed with something like a mask or if it detects a face other to the face of the employee linked to the card signature and fingerprint provided! :)

I’ve never used a smartcard in the last few years that doesn’t use private key authentication. I’m sure they still exist, maybe Europe has different standards than the US, but once the card uses a private key, there habe to be multiple exchanges between the “reader” and the card for something to unlock, and the traffic is safe from a replay attack AFAIK.

This is sooooo dangerous.... So many people need to know about this..

@RubenNicos

13 күн бұрын

I've been running with STREETSWIPING1 and bake 2000. All my family has been fckn with this Teledude and baking bread ❤️

also having more than one card helps - cross signal protection

Eyy mahn. Can you give me advise or sense of direction, Im trying to setup NAT Network for Windows virtual machine. Using QEMU/Virt Manager on a Debian system. Thanks in advance, I appreciate your videos bro

That malicious agent was probably the government of the nation the products are made and developed in

@whats5471

2 жыл бұрын

👆👆👆.

well, that proves to carders that they should also be careful when buying their MSRs and omnikeys online (that if they aren't working out of the box). i wouldn't be surprised if mental outlaw one day participated in a talk at defcon or blackhat. I was wondering if you can do a video about sim card hacking or corebooting modern desktop hardware (such as: ryzen 5000 based motherboards)?? thanks for your great content.

@jakegarrett8109

2 жыл бұрын

+1 for the sim like cloning (like if you want a GPS tracker on your bicycle, why should you have to double your phone bill just for it to send a text once a day? I guess thieves will just become more rampant). Also would corebooting even work with modern hardware? If one of its features is to replace some of the old junk, would that do much for Ryzen since its probably mostly new UEFI anyways.

What type of signal blocker bag do you recommend

@whats5471

2 жыл бұрын

👆👆👆.

aren't drivers signed on windows? is it possible to modify driver itself to inject malware without freaking windows out at all? the virus was on the installer.exe or something I guess.