The Scariest Week in Minecraft History
Vložit
- čas přidán 17. 12. 2021
- Today we'll discuss The Scariest Week in Minecraft's History and how the log4j vulnerability (log4shell) was weaponized on 2b2t and other Minecraft servers, as well as the entire internet.
This java hack is not going away anytime soon.
My Twitter: FitMC
My Instagram: fitmcsippycup
HOW TO STAY SAFE:
1. Update Java to the most recent version
2. Update Minecraft to the most recent version
3. Re-install 3rd party versions of Minecraft ONLY if you know they are safe.
4. Servers can still be affected, so only join servers you can trust.
More info: www.minecraft.net/en-us/artic...
Music: FFXV
Additional 2b2t Footage/Information/Renders:
Rebane (Footage/Information) - • This chat message hack...
Redstoner (Footage/Information) - • The 2b2t Log4J trollin...
0x22 (Information)
leijurv (Information)
xcc2 (Thumbnail Render)
If you enjoyed learning about The Scariest Week in Minecraft History, I would appreciate if you would consider hitting that like and subscribe button!
Hopefully the damage from the log4j vulnerability (log4shell) will not be too extreme.
2b2t is currently awaiting the 1.18/1.19 Caves & Cliffs Minecraft update. Very exciting times! - Hry
![Minecraft's Deadliest [Illegal] Hacked Client](http://i.ytimg.com/vi/4D-FF2BQE80/mqdefault.jpg)
Hacking someone's computer to patch their game from the vulnerability that gave you access to their computer is on another level.
...but also a good thing in the MC community to know there are good hackers out there.
@@tisjstme5315 thank god there are people who use their coding for good
Some Jim Browning type moves
It's called white hats. Similar thing happened on Ethereum crypto in 2017. They hacked 180million dollars worth of coins since so many wallets were vulnerable and then returned it all later. Malicious hackers did steal 30million worth though...
He deserves a virtual knighthood
Those people who tried to keep others safe are heros
Im worried about my hypixel skyblock now. since im always playing in version 1.8.9
@@Zycrian update
yeah realy
@@TheAmazingRaptor one does not simply update versions while playing hypixel
Ikr
Imagine just getting hacked and your like "oh frick, I'm probably installing a virus now", and then the hacker installs virus protection instead. 0x22 is truly a legend.
I understand nothing about computers so I'd probably of deleted thinking it's got something bad hidden in it
I used the virus to destroy the virus
@@litterbox019 yes
v i r u s
@@hurtjriddle804 (how did you find me axolotl man)
Every time we get these videos I'm just like "How is Redstoner involved this time?"
But this time he committed an actual crime that can get you into prison in a lot of countries.
it was funny how he thought taking their accounts was ok yet anything more is "too far"
@@madkills10 I mean It's all wrong but I do see the difference between stealing someone's minecraft account qnd stealing their credit card information
Bro that guy is the Don Quixote Doflamingo of minecraft
@@theexchipmunk hey man at least all he did was destroy Minecraft shops, still fucked up that he hacked at all but if he really wanted to he could’ve hacked all of our banks and shit
0x22 is a real one.
Hi first reply
I didn't expect such deeds coming out of a cheat client programmer, that's for sure. Pretty good.
yeh man is out saving so good on him
For real, dude could’ve done tons of damage but decided to do good. You can never be too careful though, he might be boosting his reputation for the future…
The definition of a white hat hacker
0x22 may be a Nerds Inc. member and a known hacker, but what he did is legendary. Litterally hacking peoples PC just to install a patch before actually malicious hackers got to them
Damn that’s crazy
That's being a true hero.
He fixed the exploit with the exploit
He deserves a award. He is a literal hero, like, we need more people like him
We never know his true motives but whatever he did is heroic.
As a person that's loner who only plays singleplayer, this went over my radar completely. At least I wasn't hacked I guess
Its not just minecraft though but also steam, spotify and other huge corperations
@@LolliFN lol bedrock Edition not involved
@@LolliFN because bedrock is not programmed as Java it’s programmed to be C++
@@Villager6883 the bedrock players are laughing rn
@@meticakolli1237 yeah
0x22 is the literal definition of "chaotic good" - doing greater good in a totally unorthodox way. Props to them.
Imagine getting hacked, to realise the hacker is helping you. What a legend man!
AAAA- Oh ok
True gigachad
If I became a hacker, I would be a good hacker that would help people
@@redermac5667 yes
And then the hacker getting arrested for hacking anyway
Everyone always talks about how much fit says "the oldest anarchy server in Minecraft" but nobody talks about how much he says "lets get started"
Facts
THE O
Ah, but that’s not HIS catchphrase.
It needs to be… unique.
the longest anarchy server
Lets get started talking about it then
0x22 is really an interesting character. Kind of like an anti-hero.
He is someone that takes part on very interesting hacking elements and actively works for whoever he wishes. But actually has some kind of work ethic and pulls power move to even protect people from genuinely evil people.
To be honest? I think he is the most gifted programmer i ever heard of. He is so passionate of his work and talent that he has developed a new appreciation for the digital world. To the point of having restraint to not do an actual harm to other people.
This guy is the main character
As a cybersecurity guy this was devastating and a little fun to try and discover workarounds before the bad guys so as to patch them.
First Roblox now this, feels sus
Is fortnite safe and I haven’t played Minecraft In 2 months u think I’ll be fine
@@mxstee Why would Fortnite not be safe, only a true failure in life would dream of hacking that
@@SStupendous true i just didnt know if it had java code in it
@@mxstee I think Fortnite should be safe tbh. Though despite everything, I think the company probably already patched regardless.
The other reason 2b2t was shut down was because the exploit ALSO worked server-side. Meaning anyone could backdoor the server with it. Not just the Minecraft server instance, but the actual dedicated box it runs on. They could crash it, delete the world data, and who knows what else. If the backups are on the same server, they could even take it down permanently.
HELP MY!!! My muscles are too big! I am a big tall man and my muscles are even BIGGER! I use them to get views but they HURT so much!!! Because they are heavy. Do you have any advice, dear hay
I wonder if people did that while the workarounds still worked and now there are backdoors we just don't know about... If I understand what you're saying correctly, redstoner could've just as easily broken into the server itself if he tried
@@AxxLAfriku thats the wierdest comment and if it hurts then stop getting ripped get fat a bit or something
For a second i thought i made a comment minutes ago and i forgot it somehow
Yup they can get access to whole thing but i dont think anyone tried to
Fun fact, this was also in some Nasa rovers so technically you could have hacked into a space rover if you got there before nasa did
Lol
actually no. but sounds awesome
@@pittyconor2489 are you sure that's not real?
Wait Fr?
WTF
I thought this title was gonna be clickbait but it’s damn near an understatement
The scariest week in internet history
Massive Respect for ox22 and Rebane for being such a good homie 👌
That man who "hacked" people to save them is a fricking legend, mad respect for that guy
he did all that just to be referred to as "that man" 💀
ah yes, hacking people to save them from hackers is tight
@@Spookamss hacking to unhack.
He used the hacks to destroy the hacks
So... if hack = H, H = -H?
i still can’t get over how easy it was to use this exploit
you're phrasing that like you've used it
@@arcaneTempest1 lmao
@@arcaneTempest1 it's really not that hard, I wrote a simple script to eject your disk tray. Getting past all the various 'patching' people have done is much harder. But the initial exploit really is as easy as "hi :) how about you run this code I am hosting". That is what an RCE is. The fact it can be so easily done is astounding.
@@arcaneTempest1 You dont say.
@@arcaneTempest1 I mean, he's not denying it...
0x22 and Rebane are both legends. Without them, who knows how many more victims there could have been to this hack. They need some sort of recognition or something, because they're noble as hell.
Dude I started watching your videos since 2b2t started blowing up and saw your channel grow. I'm so freaking glad you are doing so well. Haven't had time to watch now, but happy to see you succeed.
When Herobrine becomes less scary than some 2b2t players
-Intense moment-
Now THAT is really scary.
this account has been ratted by popbob
Bedrock players go brrr
That’s terrifying I am gonna go back to fortnight
The scariest part is *this exploit was here for like 10 years*
Anybody could of been using this in secret the whole time before it was discovered, its scary
@@CairoFaustine perhaps some glowies?
This is really scary. A hacker could have found this long ago just by reading the documentation carefully.
@@CairoFaustine Not just that, but who knows how many other exploits there are that hackers might still be using secretly?
@@liamholcroft7212 I know my local police have a habit of illegaly spying on people and from some of the things I've seen I'm pretty sure at least some of it is based on java exploits.
Fit, we need a video about Hausemaster and their history on 2b2t. Who is this mythical figure? Has the identify changed throughout the years? I feel it could be an interesting video.
I am binge watching all of your videos. Redstoner comes up so frequenlty. Unbelievable this guy. :D
I say we all salute 0x22 for his noble intentions. It just goes to show that not everyone is heartless, even hackers. o7
Imagine 0x22 accidently starts a trend where people hack everyone who play minecraft, but then optimizes their computer so everything runs like nasa computers xD
0x22 will go down in history as a minecraft hero
o7
@@wyndmill tbf I kinda want that to happen
o7.
This entire exploit is like a level 10 containment breach.
The fact that script kiddies can just straight up control your PC is horrible.
If level 10 is world ending (the one below reality ending) your correct, anything Log4J touches is exploitable IIRC.
Well you're not wrong, NIST (the organization that assigned it the name CVE-2021-44228) gave it a score of 10.0/10.
POV: you don’t play on pc 😶
@@TreyG425 yes
Coming from someone who has not slept properly for the past 2 weeks due to this exact vulnerability, it absolutely is.
Loved the video @FitMC! Can't wait for the next video man! Mad Respect to Ox22 for at least trying to ensure his fellow Minecrafter's Internet Safety. This might really explain all the Changes Minecraft was making with all of the "Security Issues" with things like Switching from Windows Accounts to Java ones. I hope Redstoner was told to "Pay for Damages" to his competitors, but that's just wishful thinking as its an Anarchy Server we're talking about here.
This reminds of a story from a while back,not MC related but this dude was a pro hacker.
He knew he was breaking the law, but he used to hack into people's personal devices and scan for any malicious or fraudulent programmes, patch them out, and then contact the victim and let them know what he'd done and how to prevent it in the future.
We need more people like that 😅
The problem: Apache Log4j
The solution: A patchy Log4j
Nice.
e
early
lol
Nice one
As someone working in CyberSec, this has become so alarming to us that we had a rough week dealing with this problem and had to wait for fix patch from actual developers of log4j. And I had to uninstall my minecraft and scan for vulnerabilities using the available tools that we had. This is a real deal people, don't take this lightly
Don't forget the fact that the first patch still had other vulnerabilities!
I coudnt play minecraft java even with my laptop because i have no money i have an incosistent internet so im thankfull
(Sorry for the cringe)
I'm confused... didn't log4j patch this back in march with v2.15.0? This affected people with outdated java and log4j libraries, the majority of the corporate fixes for this exploit involved updating software and enforcing firewall policy.
Why the hell did the exploit go public in the first place though?
I wish happy New year to you...Can 🙂I get 10k subscribers at the end of this year ... love ❤
The person who was hacking people in order to protect them from other hackers reminded me of something I saw a while back where someone was going around hacking printers in order to protect them from other hackers.
Never in history of man will you ever see FitMC without his legendary stone slab fireplace
My dad was actually notified and had a emergency meeting when this happened (he works in cyber risk), he told me it was about minecraft, I though that it was pretty weird then, but forgot about it in an instant. Now that I see how dangerous this actually was I feel really dumb.
It was way more widespread then minecraft. The last week, nearly all big cyber based companies had an absolute crazy week scrambling to make sure all abilities to utilize this was patched. Amazon, Google, hell, even nasa and nsa had to take part in their own security checks.
@@CrypticRite Gosh
damn now I feel even more stupid for not caring. I need to be more careful...
@@CrypticRite seriously!? Wow! 🤯
@@CrypticRite his dad might've said don't play minecraft as theres a risk that you may get hacked
My dad works at IT in oracle, who own Java.
As a sysadmin, this week has been rough. I immediately took all servers offline and forced them to check updates, and of course, attempt to patch the exploit. Also, good on Mojang for pulling an all-nighter to fix this exploit.
My main focus was also to get an offline backup of all my servers.
We updated everything but I don't think we were affected since our servers are basically a share, an sql server and a AD server. I know that the part on top (vmware) is affected but this is up to the cloud server company to update
profile pic checks out
what is your pfp dawg
@@staydying lmao it's my waifu
Amaha miu
Hey fancy seeing you here
0x22, what a fricking legend. The hero we didn't know we needed
Imagine you find an exploit to gain full control over everyone’s computer and all you do with it is cancel the ItemShops of your biggest Minecraft enemies.
ikr
@Nerdy Cuber he shouldn't be selling minecraft items for irl money though, it's kinda weird, and doesn't it go against tos?
capitalism
@@generalgeorge9464 yes
@@pooperdooper3576 its an infamous anarchy server, people there dont care about tos lol
I work at a large tech company and every single developer at the company was working late into the night the day this was disclosed, and some over the weekend, to get all of our services and hosts patched. Quite the stressful event.
Log4j: Guess now we're uprising!
Same here brother
You the janitor?
When i find FitMC makes a post, i i have to open the page pause video, and make a cup of coffee, cause its always that good!
I’ve seen this community do some crazy stuff. But this is on another level
0x22 and Rebane should be recognized by Mojang and rewarded by their actions. Because their attempts to warn the community and also 0x22 trying patch the exploit itself is a pretty legendary and bold thing to do. My greatest respect to both and hopefully you’ll get rewarded for this someday
they should make them the ppl who code the game
The are legnds now
True
I wish happy New year to you...Can 🙂I get 10k subscribers at the end of this year ... love ❤
they better get a custom cape
I really love 0x22's whole ethos. It's definitely a 2b2t thing to do to use the exploit to patch the exploit.
Very much like Thanos using the stones to destroy the stones.
Yeah, great comparison.
I cant belive disney copied 0x22
spoilers smh
@@descai10 How am I supposed to know it's spoilers? I haven't seen the movie. ;-)
He is the chosen one
3:55 It appears that according to this page, server admins could patch their servers without updating.
I thank you for helping people stay informed and safe.
Not so fun fact: This is the most dangerous exploit/attack in internet history. It's the first one that's ever been rated 10 out of 10.
Damn, and to think it was on Minecraft
Edit: and to think it started on Minecraft I know it got to other things, I watched the video
@@rover9300 it included Minecraft but also other massive corporations that used the log4 whatever program to make them run smoother Minecraft is just the most used example in this as it’s a Minecraft channel
but you can play doom in minecraft with this exploit
@Rover anything that runs Java, there's a high possibility it's logging with log4j. Bro this wasn't just minecraft. I work at SiriusXM - worked 5 hours overnight to patch my stacks. EVERYONE felt this one. What's worse is that the vulnerability had been in the log4j library for quite some time.
@@velocitygames524 yup
Redstoner is certainly going to have a few targets on his head after this
Indeed, but it doesn't matter much to him, since he knocked out major competition to his business. People could however attempt to tarnish Redstoner's reputation, and turn people away from buying stuff from Redstroner.
@@Turbulation1 That's assuming all he did was pwn some Minecraft accounts. Doing this, doesn't really make him come across as a guy who'd stop at this. He may very well have stole more than just this.
hopefully he didnt do anything illegal with the hack because then hed have more to worry about than his minecraft market
@@pync1 what he did was already illegal.
@@ugapeyton Exactly. That makes me think he more then likely did more. I can't imagine some loser doing Just illegal crap for Minecraft.
I never thought I would actually be scared to play minecraft until now.
its nice to see someone from my country fixing something that important
Let's just take a moment to respect 0x22 and Rebane
They could've easily stolen Discord messages, Minecraft user data, etc
But they didn't, and they even went a step further
True but, who the hell would want to read a random guy's discord messages?
@@fefek1 Truuuu
@@fefek1 probably to see if they did anything, ‘questionable,’ like discord mods and kids sort of stuff or just ammunition to blackmail/canceling.
@@fefek1 blackmail
If the random person shared private info via dms, they could use that data maliciously
Lesson learned. Hackers are genuinely really scary people.
Yes indeed
Its never a joke to take lightly on hackers. They're crafty and once they see a vulnerability, expect hell let lose.
we are not
Untill you find them in person
agreed, but not as scary as you being litterly everywhere
Man you're a really interesting youtuber.. subscribed!
Respect to Rebane who played a crucial role in protecting the server and other people
Only Fit can say “smiley face” and make it sound so ominous
He even can say OwO
:)
XD
He just got that voice man/woman/entity
That is the most terrifying exploit I've seen in a while. And for the first time, I know people irl who were affected.
Nah it was pretty hilarious to watch
@Sentinel uh-oh
I recognize that music! Nice video, man.
I was aware of this at the time but when this happened i was only playing bedrock and didnt have java so i wasnt affected but after hearing what was going on i got a little scared
The only way to be 100% sure that it’s patched is to remove log4j entirely, but too many systems rely on it so that’s unlikely.
That's true
The latest version of log4j has the entire feature disabled so it is safe
Unless you're running either tomcat or a beanfactory module or a VERY specific config, simply updating it to 2.15 should be suffecient. If you're running tomcat take it to 2.16
It is not patched. Me and my friend tried to do this multiple times like a hour ago. And it worked so... :D I have more stuff to abuse :)
@@mesayhello840 have you updated?
I don’t understand how over the last few months I’ve become so emotionally invested in a random Minecraft server that I’ve never played on
yeah well there are millions more like you. literally. theres only like maximum a thousand people who log in to play 2b2t. everyday.
same
This server has the most advanced history in this game
You should try it. I'm currently in queue as 367 and it's my first time
You aren’t the only one…
I feel very fortunate to have started my minecraft journey last year about this time. I dodged a few bullets that affected other minecrafters and 2b2t. That's insane things like that can happen
Bruh I played in those days and knew nothing about this lmao
the scary part is that this exploit has been here all these years....and someone has probably been using it...imagine how much data has been collected..
Cloudflare (which proxies like 80% of the entire internet requests) reported that absolutely no one tried to pass that malicious payload since 2011 (they keep logs of every single request since 2011!!!!)
possibly but nah cus it was only truly found recently so i doubt it
Usually vulnerabilities occur when unsuccessful update attempts happen which makes me lean towards it's not that long since it was even possible not to mention it's announcement of founding
i still dont think those amount of data could beat big guys like zuckerberg
@@WolfrostWasTaken That is actually quite eye opening... To think they have data on EVERY SINGLE request they've had through their servers for the last 10 years.... wow
The log4shell exploit is so devastating to the internet. You’d think that something like this would be spotted and fixed very quickly.
The apache team working on log4j are morons simply put, best to not use log4j at all. They were given ample warning.
Most of the libraries that make up the backbone of the internet's infrastructure are maintained by single individuals and never get real security reviews.
@@Alnarra the problem with this argument is that log4j is not run by an induvidual
Makes me wonder how many gaping holes are in software we use everyday. Everybody gangsta until someone hacks our water treatment plants.
Yeah. Why the hell did the exploit go public in the first place?
I've never played Minecraft in my life yet I love your videos lol
the ffxv ost in the backround is a nice touch
This is like the fourth time Fit has saved me from some kind of exploit.
It's mostly by warning me not to pick Minecraft back up for now, but still.
@@TheBinklemNetwork Thanks for mentioning.
I'll probably end up doing it, but the fact stands that without finding this I might had been in trouble.
Stay safe mate
@@Eugene-pq3gg definitely good that it is a known factor now! Its is always good to show restraint if you yourself aren't fully convinced on somethings safety!
ONG BRO LMAOOOO
@@TheBinklemNetwork is realm’s with friends safe?
Future FitMC video:
"Minecraft is assumed to be a harmless children's game for all ages. But this can't be said on the Oldest Anarchy Server in Minecraft. Here's the story of how a certain 2b2t player was linked to child exploitation and human trafficking."
Duuuuuude...
Scawwwy fr!!!!¡!!¡¡!¡¡!!!!
Wouldn't be surprised lol.
If it does happen, 2b2t would just get shut down by whatever gov't the server rack it is or where hausemaster is
@@toddaustin449 Bold to assume it hasn't already happened and we don't know yet
I wont be surprised if it was real. Actual criminals did play on 2b2t
Thanks you for explaining this so good :)
First real quarantined to our houses now were quarantined out of minecraft. What a crazy few years
Imagine how much issues we could solve and fix if people put the same amount of time and effort they use to break and destroy things.
But breaking things is fun
cope & seethe
@@LazyBuddyBan ur mom
@@noahjordan6761 Sorry but helping others and saving people is WAY MORE FUN.
@@tisjstme5315 now imagine this, what is more fun?
Destroying a Minecraft house or building one?
Ah yes, Log4J, the Java logging framework. Funny thing is I just got a job in Java and they have an intro to logging. Better not be an unpatched log4j haha
Mmmm you got a job in java? Lol
@@liamd969 his job is probably based around making programs with java or java level security at an office job
@@SkyRecruit18 Partially. Software Dev and Testing. No office though haha
@@daizdamien1409 as in a job that requires knowledge in java, he said in not at 😐
@@liamd969 maybe he works at Oracle?
Found FitMC on Facebook Watch! Really grabbed my attention and interest. Keep it up! You gained a Sub today!
As long as they haven't used Intel's backdoor vulnerabilities you are safe after resetting your PC. If they did use this vulnerability, i recommend getting a new motherboard.
I like it how popular 2b2t players render your thumbnails
I tried to warn a server about the exploit. They banned me for spreading false panic. Later the server was shut down because of it lmao
sucks to be them then
LMAO
LOL
"We built this city"
Log4Shell: Allow me to introduce myself
he should really be in the trillion views and counting song
Fit, you should make a vid on 2b2t's admin Hausemaster. I think it will be an interesting story :)
I am very glad my siblings and I were inactive around the time this happened.
Can confirm. Lead Network Engineer at my company, this exploit nuked my week, I busted ass to get about 95% of my customers patched and additional staff trained on what to do if anything happened, I have vacation starting today thru to the end of the year and I wasn't about to let this crap ruin it.
great work I hope you have an excellent vacation
Awesome man hope you have a great time
Humanity doesn't deserve you, but we sure do need you.
The Minecraft community has just gone through one of the scariest weeks in its history... And i was completely unaware :p
Meanwhile, Minecraft is celebrating 1 trillion views on CZcams
same I play on Bedrock tho but still
Same lmao, I've just been trucking in Snowrunner and since I'm subbed to FitMC I decided to check this vid
Minecraft: players hacked, scariest week in history
CZcams: one trillion views :DDD
same
huge respect for 0x22 and rebane
This actually happened on my birthday. What could i've imagined that day that things like this would happend. But for myself I don't play Java, I have it but I play bedrock so i'm save.
But this is scary. Respect to the man who saved it!
Redstoner really is becoming a legend on the server. Seems every couple of months he is involved with something that gets fitmc video-worthy.
he is a demon bro
Sounds to me like Redstoner is a trashcan that does t deserve to breath the same air as the rest of us. If he is doing this on a video game what do you think he is doing to people's personal lives...
@@twosadcows4549 redstoner killed my mother and dog
Sounds like he wants to be arrested. He committed some major felonies.
He’s just the only one that fit listens to. A bunch of other people do cool shit but no one ever hears abt it cause redstoner gets all the attention.
Further proof that 2b2t is a lawless land. Even if it was restricted to griefing attempts, the fact people like Redstoner just don't think twice about abusing a dangerous hack like this really puts into perspective how degenerate and scary anarchy servers really are.
This could happen in any big server which end up with some malicious people. So just play minecraft with your friends if you wanna have a really good chance to stay safe.
redstoner is just working, selling items must be he's income
@@chicotada7078 destroying peoples shops that illegal even in the real world he isn't working
@@epicgizmo5565 it's not really appropriate to say "even in the real world". The point of an anarchy server is to be lawless, more so than the real world(if you consider it reality ofc)
I agree *Mr. Jellyfart*
i just watched your video with a special guest, but now i know the thing about the calculator thx :)
The song in the beginning is - veiled aggression from ffxv
I recall getting a message on my Minecraft server talking about this exploit, and they put forth the effort to stop it almost immediately
Same I play on a server called simply vanilla and it go shut down for two days and is not safe, hopefully.
Whoever those people are. They are heroes.
i can only begin to imagine the damage this did to business programs run on java. it begs the question: why did that code exist in the first place?
Human error. Sometimes, things fall through the cracks.
@@CanadianBaconPwnage today i shall make the worst error ever by adding a few lines of code to enable unimaginable RCE exploits because i am completely stupid.
@@CanadianBaconPwnage sounds like it is due to pure human laziness, actually.
@@ravenwraith1017 well it's moreso a series of assumptions that something won't happen eventually leading to an ACE exploit
You know how sometimes in a card game like MTG you can end up with absolutely broken combos when different effects interact in just the right way before they release an errata or add one of the cards to the ban lists? Log4shell is kinda like that, where different developers added more and better features to different parts of the code until suddenly someone figured out some way to get it to all interact in a way that would give them RCE.
Keep up the great work
Hey nice vid! Also, is that final fantasy 15 music in the back round?
I remember the day this came out. The past week has been absolutely insane
ok
"Oh WoW vERY OrigINAl coMMenT"
Hey I watched a video on you earlier it was about verified commenters and how they *buy* their way to success
Wait that’s crazy me too
Same, amazing to think that it wasn't very major to me when I first learned about it
The disappointing thing is that anyone could do it with the right tools (those tools won’t hard to find or get).
the scariest part is that the tools required is just a normal game client
Indeed
Oh s#£t
Is it really? Or do you just think it should be harder? It's literally something we do our hardest to avoid.
6:30 MY GOD the dungeon music from FFXV... My favourite!!
fit:"In the midst of chaos, there is opportunity."
sounds like sun tzu
Pretty big bruh moment for anyone working IT including myself. You just come to work one day and someone says:
"Our software has a critical security flaw."
"Oh shit, which one?"
"Idk, maybe all of them, also Minecraft, Google, Microsoft and the NSA have the same problem with their software."
Even better:
“We need a list of all of our servers and applications that use log4j, but we dont have proper software/server inventory”
Makes me happy knowing some people used the exploit for good and patched others computers
Yes I agree whole heartedly.
Just imagine this paired with the copenheimer bot, allowing people to access millions of computers from servers people think are personal or computer, even accessing Jebs computer
Minecraft speedrunners, playing single player this whole time:
*this is fine*
0x22 and Rebane was a real one, trying to protect innocent players against the exploit. Mean wile redstoner was just being a disgusting human being.
I wouldn't be surprised if Redstoner got into legal trouble over this
I know it’s an anarchy server but they should ban the f*ck permanently. He’s a literal security risk. He’s willing to break the law, putting users private info at risk just to earn him money IRL. If the anarchy is outside of the sever than punishments have to be given imo
Redstoner: business is booming
@@rosea1505 isnt that actually against TOS?
@@Caio99BR fax another day another dollar
As an owner of a small survival server, when i received a discord ping from a moderator it shook me to my core that my friends could be at risk. I have a fairly active playerbase so i couldnt just shut down the server for days but i found disabling chat worked well.
But, and this is just a theory, but do you think that one could manage to run the exploit on something else that text can be written on, such as a sign
@@sypheur27 well the sign would probably have to be chunk loaded, but then it could be MUCH more harmful if like that
@@sypheur27 It probably wouldn't work, unless you had a plugin or something that logs all sign messages. The text actually has to be passed to the logging library for the exploit to work. Chat is by default, signs are not.
they can also backdoor the server.
@@Johncw87 oh that makes more sense
Redstoner should go to jail for life and have everything taken away from him
the funny thing is i had no internet for all this, so I just learned about this now.