Pulling Back the Curtain on Airport Security: Can a Weapon Get Past TSA?
Vložit
- čas přidán 26. 08. 2024
- By Billy Rios
Every day, millions of people go through airport security. While it is an inconvenience that could take a while, most are willing to follow the necessary procedures if it can guarantee their safety. Modern airport security checkpoints use sophisticated technology to help the security screeners identify potential threats and suspicious baggage. Have you ever wondered how these devices work? Have you ever wondered why an airport security checkpoint was set up in a particular configuration? Join us as we present the details on how a variety of airport security systems actually work, and reveal their weaknesses. We’ll present what we have learned about modern airport security procedures, dive deep into the devices used to detect threats, and we’ll present some the bugs we discovered along the way.
"Our software cannot be hacked or fooled" sounds like something that the North Korean govt would say
and their '' defense system '' would be a literal wooden gate without any fences around
There is no such thing as software without a bug, and there never will be. Even natural selection exists (evolution) to filter out Bugs in a species (excuse the insectoid pun), and so if mother nature's Algorithm of Evolutionary Self-Ultra-Deep-Learning has bugs and susceptibilities in the many species of life it creates, and needs to to evolve and improve, then so do ALL software packages. Nothing on the net is secure, only well hiddden. Speaking of Nature's Algorithm, i believe the Math behind the Steps Taken in the Evolutionary process of Nature, is the same equation we should use to program deep learning algorithms in Data Sciences. Especially with quantum programming (recommend IBM's Quantum Experience). The reason automated deep learning takes over and teaches itself beyond what the programmer themself expected or predicted, is proof that Nature, and even code itself, is subject to this evolutionary algorithm of mutation and self improvement
More like something a first-year CS student would say about their Python code for sorting int arrays.
To be honest, it sounds like what someone running a text/paypal "your phone is hacked" scam would say.
@@AjarnSpencer I remember a good talk (DEFCON 21 or 22) that talked about this specific topic in the context of network defense. Might be interesting when exploring this topic further.
Possibility 3: The TSA knows about the vulnerabilities but has decided that telling people there are no vulnerabilities is sufficient response.
Scary warnings about the consequences of being caught with prohibited items are enough of a deterrent for people who might not be confident about what they're planning to do. Imagine being a suicide bomber who's extremely nervous - you either leave without being arrested, risk getting caught by security and depending on the outcome getting arrested or essentially ending your life (the bomber wouldn't be thinking about the lives of the other passengers here). The fear of being caught may be enough to stop an attack before they even try to breach security. It doesn't matter if the security is competent or not, and the TSA has shown this. No attacks since 9/11 on US aircraft, and in 2017 95% of tests were failed (i.e. a manager got something through they shouldn't have).
that's literally the reason they do all that "security" theatre... to make people feel safer, because they can't possibly stop anyone who puts more than 5 minutes of thought into their attack plan
@Nagolbud agreed
Benjamin Middaugh ☆ Just like NASA ☆ "This has Never Been a Problem Before, therefore it Can't Be a Problem Now.
Besides, we'd have to ask the Russians, nicely if we could hitch a ride home. Plz?
Nagolbud ☆ They sure seem to go thru Glass pretty good tho!
Delivering a Payload of 10k gallons of Kerosene just fine.
Besides, 911 Never Happened.
"Our computers are unhackable." "Enigma ist unzerbrechlich" so said the Nazis. Even when the Allies behaved as if they knew what the orders were, the Nazis still insisted that the Enigma code was 100% secure. But due to a minor error the Enigma WAS breakable. The letter changing devise never substituted a letter with itself. It made breaking Enigma much easier.
Ironically the English adapted the code machines for itself, fixing that design error and used it for years.
Remember, the bad guys are going to place their cleverest people to the problem, and if there is anything you overlooked, they *WILL* find it and exploit it, just as the chaps in Bletchley Park did. Are you smarter than the smartest person the bad guys have?
Saying that the thing you want protected is 100% secure is incredibly foolish. You better have your cleverest people try to breach your security, because if you don't, the bad guys will. And they won't tell you what your weaknesses are, and they sure as hell will try to fuck you up.
In the year 2005 I flew from Amsterdam to Newark with an acquaintance. There was some delay with the baggage so we had to wait a while before we could collect it. He used a 4 inch pocket knife to split a piece of bread between the both of us and I was surprised. He told me he never travelled without his pocket knife and he had travelled the world with it. He simple put it in the tray before going through the metal detector, watch and wallet on top and nobody had ever checked it. So every time on board an air plane he always had his pocket knife in his pocket. It's not just the TSA, all over the world they are mot noticing what is in plain sight.
Ingeborg Svensson in Europe, small pocket knives are allowed on aircraft. You can buy Swiss Army knives in many airports, especially Switzerland.
That's actually BS you can't have small pocket knife onboard but can have let's say stainless steel pen.
TSAnet? They have no sense of humor whatsoever. I would totally have called it SkyNet.
Dustin Dawind guess what the RAF call there recon and attack UCAV drone network here in the UK. LoL. Sky net.
Sky net was a 1970s British military spy satellite system.
Yes, cause SkyNet was known for airport security.
Clap.clap.clap. Missed opportunity there, someone is literally kicking themselves in the ass right now for missing that
Skynet is a family of military communications satellites, now operated by Astrium Services on behalf of the UK Ministry of Defence, which provide strategic communication services to the three branches of the British Armed Forces and to NATO forces engaged on coalition tasks. The satellites were operated by Paradigm Secure Communications until October 2012 when the organisation was rebranded to Astrium Services.
The largest user of the Skynet satellites was the Government Communications Headquarters (GCHQ), who were responsible for more than 80% of the communications traffic that was subsequently returned to the United Kingdom.[2] Despite the enormous communications capability of Skynet, GCHQ still found the capacity provided by Skynet to be inadequate.[3]
en.m.wikipedia.org/wiki/Skynet_(satellite)
"our system cant be hacked" the instant you think that its all over, nothing is perfect
AEtherstream ☆ With Clear Text UID/PW hard coded in the Software, nothing has to be "Hacked". Laying there, spread for you!
exactly. anything can be hacked. It will always be so. The methods change, but the situation of darkness and light being needed to keep each other existing, means that as security measures improve, so will penetration methods also evolve.
The ocean floors are littered with unsinkable ships...
First I wanna say I love your passion for what you work with. Your a strong, efficient teacher, that first comes out as arrogant but very quickly picks up and makes you entertaining and eay to learn from. Now its 2019, so my answer now would : Nothing is 100% safe, maybe 99.999% but that 0.001 will get hit.
... back doors ...
My employer sent me home with a Defender brand CCTV DVR to fix. He got it used but couldn't get into it because the password was unknown (Defender makes changing it mandatory). I took off the cover, hooked up a 3v3 serial to USB adapter to the (already populated) debug header, fired up termite, and was blown away by the fact that the terminal output just printed the username and password for me (among other interesting things, Linux FTW?) You can't change this password either.
...
Let me reiterate, this is also a security specific device (CCTV DVR > "surveillance camera box").
it means the illuminate look at every securitycamera from your home.... !!!
Wow first talk I've seen where he started explaining it in a very basic way, may be boring for the pros but I as a beginner could gain a lot from it 👍
Thats a cool itemizer, but, does it run doom?
But can it run cryisis?
Like allahu akbar?
Wasn't that the pentium device? That's x86, that could run doom easily.
No. Unfortunately. Would make checkpoint days much better if it did.
probably could
I accidentally went from Peru to the US to Australia with a ~ 3 inch blade folding knife right at the bottom of my carry-on. It didn't get picked up...
My laptop bag had a series of cables and key chains surrounding a $25 S&W aluminum bodied 3.5" knife. It was oriented in a way that the machine only saw the knife's side or top, never the broadside. Twice I went through screening unstopped. It's not fool proof; the screening is more of a deterrence and to show the taxpayers "we're doing something!"
Knobsmacker. I by mistake forgot to leave my knife at home once, when going on an overseas trip, and didnt get through the checkpoint when they saw it. They gave me 2 options, leave the airport, or they could take the knife and let me on the plane. I took option no.1. Then I decided to try again, since the time was too short to go back home with the knife, and there was no mailbox in the airport to mail the knife back to my house, and ive owned this knife since i was a kid, so i just really wanted to keep it. So then, i decided i was getting the knife through the checkpoint. How? By filling my pockets full of crap, then when the bins goes through the scanner, and the tech says "oh, possible sharp object here", your instructed to show them your bin, move the stuff back and fourth so they can see all of it, but they won't, as its easy to just move stuff ever so slightly too little as to not expose the 1 item you don't want them to see, at the same time make it look like your really moving the stuff about thoroughly. A smart person at this point would have added 0 and 1 together, no? The tech thought it was strange they didn't see the offending item, especially considering they clearly remembered me from the first time attempting to pass with the knife, but nevertheless, then let me pass. In essence, a backdoor by harnessing the staff's low IQ.
I'll skip how to enter a guarded checkpoint at a military facility with absolutely no clearance or security papers nor even plain ID for this time. But I have done that, by the low IQ backdoor.
@@Santor- I think most flyers and train riders post 9/11 are smart enough today that someone with a knife is only going to get themselves seriously hurt. Hell, even on flight 93 once the passengers knew what was up, they kicked ass.
M Hamma well sure, if something is "up", thats different.
@@Santor- IQ is meaningless. It's simply impossible for the human brain to maintain perfect attention and memory for 8 hours. Have you ever worked customer service? After a while it would take a rainbow LED-lit top hat and hammer pants to make any one stranger distinguishable from another. Look like you're doing something, move the line along, repeat.
I work at the airport
if you think passing through the TSA is the way in, you're wrong.
there's much easier ways to the plane, so yeah.
it's an inconvenience to ordinary people, but not a real problem to the one that wants to get through. and honestly security/law is based of the EA business model, it's all pay to win.
The security used to be so bad at the exits in Belfast Airport anyone could get into the secured area by waiting for a plane load of people to come through after baggage reclaim, once the door opens to the public area walk through the doors backwards and that would fool the cameras that would auto detect people walking in that way unless someone actually happens to be looking through them at the time.
@svampebob007 The real question is if security comes in the DLC, or in the later patches...
Gabriel Badwolf
That's a startling fact. But totally believable.
Yep... TSA screening is theater. I'm not going to say it is useless, but it doesn't actually do what most people think it does. Oh, and the really important screening happens behind closed doors (freight and luggage).
I like that he doesn't call them "security", but what they are: checkpoints. But who checks the checkers? NO ONE!
Hehe. Nice Wargames reference.
Actually there is a checking system for the checkpoints. I've had the opportunity to take part in the tests. During a normal day, they'll bring in people from local military or law enforcement agencies to pose as security threats. For me, they strapped a fake data sheet explosive with metal det cord to my leg and wrapped it with gauze. I acted as though I had just had a surgery on my leg. I went through the scanners, got selected, and then attempted to socially engineer my way out of the situation. It was pretty nuts seeing how they follow procedure very well! Only one dude seemed unsure and brought in his supervisor to make a final decision.
For some reason I'm just seeing this now, but I'm really glad CZcams brought it to me...
Same
same
One year on and same
@@Vandanescobar well hello there :)
@@itisjambo g'day matey
My home router has better security than the devices used by the TSA...
bruh
Nearly all routers have a backdoor for maintenance.
There was a huge outcry on hardcoded backdoors, an older one now is the Cisco switches, read up on that. Home routers have terrible security generally, I've actually made sure to check that every router I have ever bought or recommended to someone has the option of installing OpenWrt, since routers basically get near no patches after being released, even though most routers are used for years (I actually discovered an ancient one from around 2001 when ADSL was rolled out at my grandparent's house, it was from a time where he spent a godawful amount on a 250MB cap (MB is not a typo), it only got replaced in 2018 after we actually used the net there and discovered that this thing still existed. Amazing feat of engineering though that it could keep running without any issue near 20 years in a dusty room that never got entered, surviving lightning strikes on the line as uppermost house on a large hill, etc.).
A CZcamsr “that it could keep running for 20 years” - yeah, with all its security patches applied by the NSA agent assigned to that home...
@@antoy384 thanks for the laugh, that NSA dude must have been pretty bored as net was used for an email once every few months lol.
Wouldn't be susprising to me though if actually did, my grandfather worked quite high up at NASA during the 60-80s.
My god, someone get this man a glass of water. My throat got dry just listening to him clear his throat over and over.
So does this mean you can plug in a USB drive into the itemizer (at the time of this presentation) and have it automatically overwrite the config file to disable explosives/drug detection?
Yeah that's exactly what it means. Especially with XP lol, even the old autorun.bat trick worked back then
Fun fact : sainsburys (where I work) uses Kronos for staff clock ins and clock outs
I once found a crocodile Dundee knife ON the plane (barely fit in the seatback pocket) since I was on the last flight, I took it and have it to this day. Sweet score.
"And that's one of the configuration files for a .32 caliber chaingun...."
"..a keychain gun..."
Two very different scenarios there.
All I know is in a recent flight I got pulled out for having explosive residue on my shoes. I know what it was, it was ash from incense. But it triggered the hell out of their little machine.
His fast talking got him through TSA check
18 charisma and natural 20.
Thought this was Shapiro for a second tbh
I am always surprised by how completely breakable much of the security is in our modern world.
Lol that Kronos time clock looks exactly like the one we use at Kohl's
Hahahahaha. It probably is. So funny....not. What's wrong with this country? As soon as the gov't takes over, everything goes to shit and costs a fortune. Then the coverups occur. Never fails.
That's because it is. Kronos is a company that creates time-keeping software for other companies
@@alext9067 How did you go from 2 institutions using the same time-keeping software to government cover-ups?? Damn dude, chill.
@@Matio25091 Yes, I'm just laughing that an airport is using the same tech as a department store.
@@fakjbf3129 Oh gotcha hahaha yeah, that is a bit silly
I ♡ hardcoded logins
Very good talk. Wish i couldve been there.
The department store I used to work at uses the same punch-clock as the TSA. Weird.
Not at all..
Most places, just like governments..
Always have a bean counter, that will always choose the cheapest option, that best 'seems' to meet their needs..
If the IT & security, supervisors etc. Dont get any input, much less the chance to 'Red Cell' the hell out of it, and truly seek & explore its limits & vulnerabilities first..
Before relying on it.
Most places buy cheap & just 'hope' the hype hyenas won't be laughing at them next..
I don't even need to watch this to answer the question "Can a weapon get past the TSA?" I don't want to explain my own observations and experiences for fear that I might be mis-profiled as a terrorist or something, I will just say that the answer is overwhelmingly a "yes". Security is so bad that it makes me really ponder the idea that the TSA is just there to either make us feel safe or condition us for authoritarian control. I don't believe it serves any significant role in terrorism prevention. It would be nice to be paid to show vulnerabilities in the system but I'm not really convinced that they want to fix these vulnerabilities.
If anyone from the TSA would like to contact me to discuss these vulnerabilities I would be more than happy to do so and do not require payment but I have very little faith that they will ultimately be addressed effectively.
TSA's explicit purpose is for the illusions of safety, all terror attacks will be stopped before they get to the airport. There's lots of literature about it.
Well there you go then. They are doing a great job of making that apparent through their actions.
Homeland security did their own tests to see if the TSA would stop threats. Over 95% of the time they failed. Its not just that they will regularly miss threats - its very rare that they will even catch the threat.
Olivia
Thanx for the back-up. It's actually pretty new to me. The first time I flew under the "security" of the clown gestapo was only about 3 years ago and I was outraged at the whole charade. Once I had to get through just to pick up my son and had a knife I had forgot to leave in the car so, while tempting as it was to test them I din't really like the possibility of an anal probing. Fortunately, someone had placed a USO donations container close by so the knife didn't have to go in the trash. ...dirty cork soakers.
That manual is gonna get even thicker now.
It has been thicker. This was from five years ago now. Did you not notice the date?
Title " Can a Weapon Get Past TSA?" ... answer not given or I missed it somehow.
I have to agree, I was thinking he meant TSA misses false bottom bags or similar modifications in baggage.
The answer is more developed. Inferred rather than overtly claimed.
If a weapon can be substituted INTO a screening event, can't a screening, sniffing, detecting device be overridden to NOT ALERT?? So, from 4:30pm today to 6pm today, at your local airport, no alerts will be given in any threat detection. Is that safe? How about the reciprocal....from 4:30 to 6 pm ALL SCREENING EVENTS WILL SHOW A GUN. Now, after 20 minutes, will TSA trust all those detections? No, they saw a gun, they looked in the bag, its not there, they screened the bag EMPTY, it shows gun, the gun is not there, etc. What would TSA do? Delay thousands of passengers, and flights?? Or, start passing everyone? What do they do if this occurs in the top 20 US airports at the same time?
The presenter is a weapon and he got past TSA
TSA has an 80% failure rate in testing and one of the highest turnover rates of any government LE agency. Yes, you can.
The mic is mightier than the gun... Boy things evolve fast!
It's that weapon Douglas Adams has talked about
Remember: Many padlocks have *unpickable* written on the package, yet people crack them in seconds
much more important question: how do I get my bottle of water in, without paying 4 bucks for a bottle at the duty free store, or filling an empty bottle with water of questionable sanity in the bathroom (we tried the drinking fountain and found bugs in it)
What do you mean by "can it"? The TSA are so sloppy that weapons get past them frequently in pentests.
There’s still the mark 1 human eyeball to get past first also but yup it is certainly a serious flaw in the system, especially that most TSA employees will be seeing thousands of scans a day and probably rely on the automated system to much just down to natural human boredom and tiredness
pro tip: you can bypass the human eyeball by just being white
Was his sudo code describing what the code said AFTER he changed it? Because it looked to me like he appended a or 1=1 at the end to force a true result on the datebase check.
"Trust but verify" is an old Russian saying (google it). He uses IDA developed by a guy from Moscow. Russian hacker confirmed
@HACKERS COMMUNITY Maybe turn 18 before trying to hire a hacker.
Well it's also well known that Ronald Reagan used it. If I refer to a Chinese proverb you wouldn't call me a Chinese hacker because of it.
snarf Why? I know you’re not really being serious but I don’t really think age matters when a good chunk of hackers these days are 16-18 and still stay at their parents house, doing their hacking from their bedroom ✌️
excited box The things we lie to ourselves about...
+excited box
Ah, yes. Being evil with Neopets. Those were the days.
Answer to this question: Yes. Source: me. I accidentally took a 4" folding pocket knife through the TSA checkpoints TWICE in 2017.
youtube didn't give me the full title before I clicked this and now im probably in trouble
Crazy I do a lot of network building at an airport, what interesting lecture
"I was like wow this is really interesting"
Same goes for small embedded devices like your network routers, which is why people suggest and highly-recommend that you flash install OpenWRT do your router device because it carries all the latest security fixes and lets you actually secure your own network device since it has full access to the devices functions.
With all these kind of vulnerabilities in airport security computers and devices, being able to fake x-ray scans and such is all rather interesting stuff, I knew these sort of things were possible, but just how easily could they be done if you got the right equipment to change it. You'd be able to get yourself free access to any airport terminal and get yourself a free flight to anywhere you want without paying and get yourself first class seat, all just by spoofing your ID and tickets as someone else's, claiming their spot, or swapping out their numbers for someone else's.
15:34
I gues they never miss huh
You got a boyfriend I bet he doesn't kiss you 😘
Excelente!
I have a baggie of caffeine powder on me that I accidentally smuggled in and out of the US 4 times without realizing it
Why have caffeine powder in a packie though? Why not just caffeine pills?
@@Karnemelk Powder can be put into any drink.
Be careful with that. People have died from caffeine overdose.
@@Karnemelk Just because it's cheaper. A pound of the stuff costs me $9
@@Jianju69 Thank you, I go easy with it :)
14:25 looks like an sql injection to me, dont know why he doesnt specify it as this
This guy says "right, so" at the end of literally every sentence.
Smart! Tenant vs.owner frequency
Is this how you get on lists?
You were on the list as soon as you started to watch the video.
There's no damn lists, did you see the Muslim airplane mechanic who had ISIS videos on his phone who they let fuck up an airplane the government is worthless
Average Joe: Programmer with electronics knowledge.
I presume he means an average Joe among his target audience.
He means that barrier to entry is lower than nation state security apparatus. CZcams lowers the barrier more to just curious teenager with terminal application.
Daniel P.
Don’t forget he used to be a soldier; had to let everyone know that irrelevant tidbit.
watching in 2019 after majority of IoT devices (interenet of things, fridges with wifi, light bulbs, google assistan, alexa... etc.) discovered to be compromised out of the box...
Just dont buy them
The answer to the title question is yes it can, the TSA tests this themselves a lot and it happens all the time. The TSA is about as effective as a blind, def child.
The light bulb! Look puppies!
I guess I'm on another list now. Great.
What if we put a parachute in each seat?
Great talk
Holy balls, we found a marine that can think.
How did he get to read the source of the USERS CFG file of the scanner?
Are all these devices programmed in embedded C?
The engineer for Morpho passed away not long after this video was made.
Interesting...
Dante Herrera two bullets in the back of the head, ruled suicide?
I once flew to Barcelona and then went through security on a cruise ship just to realize that I had brought half a joint in my bag haha
15:09 I guess they never miss, huh
Had 2 hunting knives in my hand luggage a couple years back. They only found one.
Considering I've legit brought a knife on an airplane by accident before I would go ahead and say yes before even watching this...
Oorah, motivator. Good talk.
We are a "vendor" but not for security or TSA...we are in Germany...point is, we need easy access to the software on site without searching for the one guy who knows the password and who is currently on vacations :-(
So we have a inhouse software that takes the datetime and Software Serialnumber (serialnumber changes with updates and customer) as input and creates a password that will work for 20 minutes.
We call it time password...
It would be pretty save unless someone hacks our company or someone figures out that it's a time password an plays with the clock and replays the password... :-(
The passwords aren't saved outside the company, but they travel through teamviewer(by copy and paste).
Is there a best practices way for trusted access?
The reason backdoors are so common in systems integration is because the people paying systems integrators are never the same people in the field maintaining and supporting the system. The people paying the integrators are the people who are given the admin credentials. If an integrator set a secure password policy, then the next time they need to show up to work on the system, they'd have to get in contact with the suits to do their work, and the suits are never happy with that. The suits will also never give admin credentials to their maintenance crew, they give them slightly restricted maintenance accounts instead. So the integrators have the choice to either put in a backdoor so they can deliver swift service, or make the system secure and make the people who cut the checks unhappy. The choice is easy at that point.
The suits need to be better educated on how/why proper security works, and also be willing to give up control over these admin credentials to the crew that needs it. When this happens, the integrators won't need a back door anymore, since the maintenance crew will have what they need, and maintenance is always on hand.
Thanks
I can’t take onto a plane a 3” pocket knife. But it is OK to take on two 1litre bottles of spirits. What would you rather face, someone with a 3” pocket knife or someone with a broken bottle in one hand a a 1.5 kilogram glass club in the other?
both at once. bring it on
Devil dog saves the day
dude I was going to LA through Dallas, had a Milwaukee flip razor blade knife on my inside jean pocket, mostly aluminium, some steel... made it through 2 TSA checkpoints before I, not TSA, not the sky marshal, not the cops... >> I
Could nobody bring this man a glass of water or a cough drop? Fucking hell.
I know why this is common practice, the end-user is dumb and thus the interface to them also needs to be dumb... aka backdoor.
What's the site he's using to find those open exploitable sites? I'm almost certain I recognise it and have seen it before but can't for the life of me remember its name
Ah I found it quite quickly, it's shodan.io (www.shodan.io/search?query=rompager) although there are some others too, such as censys.io/ipv4?q=rompager
Oh he literally says shodan just after it. FML.
At the same time though, I find it hard to understand his accent, like how he says the word "foreign", and I thought he was saying "fun", or "fawn" ha...
You had trouble understanding a veteran USMC officer ?! WTF? Are you a fawner or something !?#%
also thankyou for telling me about shodan.io, did not know what that was.(no sarcasm, i just dont know shit.)
TSA.gov
Yes it cn
250 MILLION EVERY year for equipment ? They should have Terminators at the TSA and NO PEOPLE and NO WAITING for that price !
Kronos hasn't been updated in over 20 years lul
@William Rumley - This is how systems are easily hacked because people failed to do updates, the most vulnerable ones are network switches which are mostly forgotten to be updated all time, you just make it easier for hackers to break through your network environment.
The problem is in embedded systems like this you can't do updates - or at least not as an end-user. The manufacturer should be shamed, though, for not updating the software they wrote to work with a newer OS and using that. But it's ever so common to see ancient software, not just there but in any government application. The stuff is written to run in a very specific environment and will generally break if you update anything without updating everything else including the custom written software. Then it all has to be validated again. It seems common not to bother and just hope it keeps working.
"that's very important"
Sometimes I wonder why I almost always get the randomized extra screening at airports... I tend to jokingly blame my youtube watch history... Because of videos like these. :P
That is why I don't think this security is very effective, if it is to be effective, they would not use windows or any commercial OS and engineer their own electronic systems from scratch so that they are much harder to software hack. Since there exist the concept of "Malhardware" which is malicious chips that can be added to hack hardware and render software security ineffective, they should have a team inspect hardware at least monthly to make sure that nothing bad has been added to the circuit boards.
Wow, the Itemisers have changed. They don't run Windows anymore, it's some flavour of Linux. They are ridiculously unreliable though, although that might be related to the fact we have to move them around multimple times a day.
Note to FBI, don't put me on a list. Watching because it was in my recommended.
I wonder if they're getting these Pentiums with MMX new or something.
I guess Im on the FBI's watchlist now
Holy shit, the shitty retail store that I worked at used kronos time clocks!
in the off chance i ever get arrested my youtube history is going to be the death of me
It's pretty annoying that the fastest way to get companies to fix their shit is giving a talk at a hacker con. ("Ree Blackhat is business show not hacker con" yada yada, not the point) Yes, I know there are companies out there who take their security more seriously, but specifically with companies like this who supposedly are/work for security agencies it really pisses me off to hear stories like this where they are just like "no problems here, we are unhackable"
27:06 _awwww man!_
😁
I recently flew into lax and had a layover of 11hrs, it sucked. While I was there in the middle of the night when the airport was basically shut down someone set off the alarm on the door going to the tarmac in the terminal I needed to wait in... it was loud as hell and you could hear it 500ft away easily.
15 minutes after it was set off I pointed it out to a couple airport employees who said "not my job", walked back ove and saw a guy with a shirt that said "supervisor" standing outside the terminal, asked him how long until it got silence... he said "someone is coming" and walked off. 30 minutes later two managers came through the door whose alarm was going off, I asked them how much longer that was going to be going off... they look at each other and said "not our job, the sherriff will take care of it". 20 minutes later one of the morning tarmac crew came in punched a code in the keypad by the door, silenced the alarm and went back to work. 3 hrs later when I finally got to leave sheriff still hadn't shown up.
More then 4hrs and nobody bothered checking why this door tona secure area had its alarm going off.
But I had to go through security three times because I went from an international flight to a domestic flight.
They dont care about security at all.
@19:30 that's not what the code on the screen actually does. It's making sure ftpUname is defined. There's nothing shown that says the username and/or password can't be changed.
The reason it can't be changed is it's used in the code you are referring to. They're calling a function that sets the username and password that will be used in the request, and the username and password they use in the code is the same as what is used in the config file (obvs). That's what hard coding means.
"Not In Evidence" If you want to show that it's hard coded, show the section of code that actually _uses_ the fix name/password, not the code that sets it if it's not already set.
To #TSA you really need to update your security
Hello no fly list.
My Local TSA use dog bowls at my airport for bins
Everyone, who ever watched this video is on an FBI watchlist now...
Give that man some water
..And all his stolen Gatorade back too!
Lol, you don’t even have to hack the system to get contraband on planes, I think they have a 89% fail rate... BUT OH BOY, if you bring your shampoo on the plane, you get held up for 20 minutes, and nearly miss your flight. What’s even worse is that this was a group of unaccompanied teens who were flying alone for the first time. I’m not even the only one who was flagged, someone had a bottle of WATER and got stopped. Wouldn’t want to stay hydrated, now would we!
Oops, what's with the random comma between "actually" and "TSA's"?
That is called a typo.
Don't have to watch, already know the answer.
"Just take karate lessons and then you're always armed."
Pliss add subtitle Indonesia
Marc Dacascos older and bigger brother? :D
Little Known Fact ☆ Peanut Butter sets off the Explosive Wipes. But they say they know about it. After 15 years, they still look at the unopened jar of Peanut Butter.
☆☆ Always travel with Peanut Butter! ☆☆