Hacking 101: Frank Heidt at TEDxMidwest
Vložit
- čas přidán 10. 03. 2014
- "Hacking 101"! Frank Heidt, one of the world's foremost authorities on cyber security, gives the audience the gift of "straight talk" regarding how companies and people get hacked every day and how to avoid becoming a victim.
In the spirit of ideas worth spreading, TEDx is a program of local, self-organized events that bring people together to share a TED-like experience. At a TEDx event, TEDTalks video and live speakers combine to spark deep discussion and connection in a small group. These local, self-organized events are branded TEDx, where x = independently organized TED event. The TED Conference provides general guidance for the TEDx program, but individual TEDx events are self-organized.* (*Subject to certain rules and regulations)
Ted: I've watched Terms and Conditions May Apply, and when you made the analogy of frogs in a pot of water, being brought to boiling slowly... comparing to us losing our rights very slowly, so we don't even realize it until we are so far away from the starting point...I've also realized this. Thank you for continuing to speak to the public and helping us to protect ourselves. God bless!
I love how this man teaches and informs. Interactively.
Excellent presentation. Love his attitude.
Excellent lecture, thank you very much for the TED organization for making these available to the world, Ciao L
Great talk. Just wish he repeated what the audience was yelling out.
+Geoffrey Zoref I felt the same! This is the difference between attending a real TED Talk and watching one on CZcams.
+Geoffrey Zoref They shouted "IRS" according to the subtitles - it's a tax joke
Dear TED presenters,
Don't have a conversation with the audience if you're not going to repeat what they said. We can't hear shit, and TED talks are all about the video archive.
DEAD_P1XL as well as audience members on the other side of the room
I think it's only a problem on some videos because on other TED vids you can actually hear the audience
If it’s always up to date, wouldn’t that make it easier for the NSA to monitor people?
Thank you TED for uploads ! Some good advice in this vid.
The Internet is a Rare and precious gift.
I'm from Nigeria, and I know you Frank Heidt. Nice presentation.
Stephen Shialsuk are you a prince?
Your social security number has a wirus
Where's my money that you promised me???
I expect one of everybody’s old age pension cheques.
1:36 “IRS”
1:51 “Phone tapping”
1:58 “Credit cards”
2:07 “Can’t what?”
2:14 and 2:16 “DMV”
10:50 “Phishing scams”
10:52 “Sharing Passwords”
Granted, I had to hack a little bit... I turned the volume up to hear the comment.
Lastly, only a person who truly believes that they’re a powerful person would rock that haircut while giving a TED Talk.
i love you
Thanks for the talk older Cenk Uyger
turks ftw
LolSpecLol q
Awwww Damn He Do Look Like Cink Yugar
I wish this guy would repeat every answer that a member of the audience says...
BasedAJ / Exidose me tbh
Turn on captions
He blows off NSA surveillance like its nothing. And that is disturbing.
+More Cowbell Actually, he hit the nail on the head pretty well with his comments about NSA surveillance.
"+snowmanforl Actually, he hit the head on the nail pretty well with his comments about NSA surveillance."
The phrase is, "nail on the head", for a reason. Dazzle us with more knowledge. I see you edited your mistake
+More Cowbell He took some liberties and paraphrased a little. It doesn't make it any less applicable to their point. So stop stroking your epeen and pointing out trivial semantics.
***** The NSA wasn't set up to spy on every person in the US. Trust me the government doesn't care which Starbucks you think is has the best latte. You people need to get over yourselves, and possibly try and further your education beyond the 10th grade.
Squib is not egotistic.
Squib knows no government gives a shit about what he likes.
Be like Squib.
Don't be a dumbass.
Thank you
Great Talk !!!
I actually went to highschool with the son of a Nigerian prince.
...
He was cool... had a big ass house... invited most of the highschool to his birthday parties every year
Wolf Sleigher did he try to scam you?
I feel like “no one knows a nigerian prince” is the wrong claim to make on the internet.
Weird....me too
Very like and clear is my situation I think about this very helpful.
THANKS FOR THE INFO
Good talk, but they are always too short, I would like to see more, they have such good information. This was a little basic, though it is always a good reminder, I was really hoping for more, as I am sure he is full of great idea's that us regular people don't think of.
AWESOME!
I just love ted talks... it's so informative!!
Great speaker!
Great job
This guy is the Steven Seagal of hacking. You just got popped.
My password for sites I owe money to is Abcd1234. Hoping that Nigerian prince pays my car insurance...
AHAHA I laughed so hard at this! :')
it don't matter if there is 2way authentication.
if someone is going to pay it off for him just check all porn sites
+xXDevonxDudeXx Who needs pron when you have mirrors?
+john roesti If you ever get contacted by a collector, be sure to thank them for paying your debt.
Thanks 👍
Year two-thousand and seventeen. Updating your Windows is one of the worst things you could do to your computer in terms of security.
Do not use same password for different or all for multiple services......DO NOT DO THAT I BEG YOU
Great lecture!!! A little techie cause I'm a noob trying to be a "grey hat/white hat hacker" but great talk. Great simple tips.
I always put a piece of black tape over cameras of my computers and phones. Some think that's weird, but I know why I do this.
+Felix Cornelius Scipio I look down while using the computer and close the lid as soon as I stop or need to move my head out of the way of its view. that is a good piece of advice, though if you need it you should put a cloth over the camera, just a small piece of material to sit over it.
Duct tape, I was talking about duct tape.
+Felix Cornelius Scipio I use fuzzy not so clear tape to keep them guessing :-)
Haha! Man that's cool !! lol
Yes sir I am to be initiating the Aircrack and reconfigure the IP 4 to be looking at you.
2019 and Tedx has over 20m subscribers yet their upload quality continually looks like video from the mid 90s.
I thought i was going to actually learn how to hack.
Google.com is a nice place to start...
Watch my tutorials ;)
IFYM1337 its also a nice way to get caught
David Maglioli
Hacking isn't illegal.
BlenderLager its using or manipulating a system other than its original intention.
well what id do is id use a vpn reroute the ip address through a script adding a couple of packets too keep them guessing then retrieve the TRE and re reroute back to them. Im just joking i dont know what the fuck im talking about
You forgot the md5 hash xD
You got a job in Hollywood. Don't forget to reverse the polarity.
matthewrobs123 you could've fooled me
no no no, what you need to do is quantum entangle your password to another password, then duct tape a battery to your Ethernet cable, then do the hokey pokey and turn around, and thats how you hack into NASA.
I would use that damn cybernuke
Protecting Yourself.Protecting Your Company,Protecting your Country
Hey what did the guy say from the crowd on 1:35 ?
OK at 15:30 when he asked the crowd how many poeple use the same password for multiple services and almost everyone's hands raised I shook my head and LMAO!!!!
i like this guy.
Great talk!
I found the "no one in Nigeria actually knows you" quite offensive but it's a great talk
"you can have a Danish, own a power plat. fun stuff." XD
Gorgeous !!!
anyone know the song that plays at the beginning? Or at least where to find it?
use Shazam on your mobile to find it.
- Woo! Romania was mentioned!
- ...For a bad thing.
- ... but he knows what Romania is!
someone in Romania :))
What does he mean by turn on auto update?
anybody know the intro tune?
what is auto update, auto update of what?
Your computer. That time when you want to get on and it is updating. Don't turn the updates. If you have turn them back on. This protect you from being hacked.
daniel ash auto update is updating apps or your devise automatically instead of asking you to do it
What if you used a part of te URL (for example the first two letters) in your password? You only have to remember one password yet all the unsalted hashes look conpletely diffrent.
3:56 "you can not make this shi..ah stuff up"
He looks like the guy from The Young Turks but with longer hair.
The one thing i'm never gonna do is turn the auto updates on.
Here in my backyaaaaard
It is not always right to auto update.
has he any books or literature and such?
Dafuq Ucare nope
My concern is more, what I do not know.
Could someone explain how a pdf can be dangerous if it only gets opened with pdf reading software?
Breaking out is infinitely easier than breaking in. A small amount of code confuses the reader, malware now controls a program that probably has admin access, and RIP your computer.
Such like every data on your computer, pdf-files got an header and a footer (like signatures). With this header and footer, your computer recognize, that this file is actually an pdf. And between this 'code' you've got your text, images and so on (also coded). Aaaalso, there is a lot of unused space (much zeros). When you put some script inside this 'empty space', youre pdf reader won't recognize the foreign script and also won't show cryptic strings in the window. It's simple as that.
What is auto-updating
How am I supposed to make a different password for every single service I use? There's no way I could remember 25+ passwords....that's ridiculous.
unitedgray Try LastPass. I recommend reading some reviews on it, and watching some videos from independent people, in order to understand how it works. I've try both LastPass and Dashlane; while Dashlane's UI seems much more user friendly, it doesn't seem quite as reliable as LastPass (particularly in the mobile department). Most of LastPass's features are free, however, there is a Premium Membership (for like $12/yr) which unlocks a few extras. Use the following link, and you get an extended month trial of premium membership: lastpass.com/f?11208786
unitedgray While he's indicting people for extending themselves to LinkedIn and other services he's forgetting to mention two factor authentication. Those services, and many others like Google, banks, etc. use device based and other second factor tokens than merely passwords. Of course individuals still have to do the recognition part. Sort of like where he says it "just didn't sound like Bob" when they receive notice that some unknown logins were being attempted from previously unauthorized devices. If you have the same password for multiple services and start to rely on those with these secondary authentication factors to ask you for device authorization codes but then also just allow those without, well, thinking at all, then there's no hope for you. Anyway, very disappointed that he was talking in the 2001-2009ish sense of personal/corporate security if this was a 2014 show. Why not have a few examples of companies/individuals who do things right? Hint, it's not just about using all different passwords for every service because your algorithm/memenomics can be defeated using quotes and social systems you're personally attached to, as he ironically describes.
Ugh, watching the nonsense about the school district software compromised. Idiot. That wasn't the government hacking individuals. The software was not created by the school district anymore than the device and notice when he talks about "someone the ability to survale (it's survey) you" well that's not the government, son, that's some asshole at the school district who is acting on their own, not as part of a government surveillance program. Just really bizarre connections to make himself and his arcane concepts relevant.
Michael Mast Its surveil. As in surveillance. Also how is that not government? You think the government is some intangible object that controls our lives? It's not. It's people. In that case, it was a government worker using the resources of the government to SERVEIL children. It wasn't just some random dude. It was a member of the government, therefore it was the government. If a police office shoots someone, would you say that that is not the police shooting someone?
JRansom02 use me for free give me your password I will not violate your privacy and I'll do it for free. ... this kind of service is nothing more than phishing .... they will use your info to market to you period ....
Most are malicious ..... better to put ask your eggs in one basket and watch that basket. ... one password 32 characters symbols and caps and lowercase is fine ... all password can be cracked but 32 long mixed will slow them down enough that criminals will go for the low hanging fruit. ... that is the best advice you will ever get concerning security .... do not be the easiest target don't be the low hanging fruit..... and do not get socially managed .... your social skills are the easiest way to hack any person .... when you invite the hackers in nothing can be done for you to make you secure
God damn stop writing essays.
LOL; You are the reason we cant have nice things. My hero
What use is having audiences answer when the viewer of the video can’t hear them!
How about using two-step authentication? Is it safe to store passwords in a Google Drive Document?
NO! use a password vault like KeePass or LastPass. There are pros and cons for both. One of the first things hackers do when they pwn your PC is scoop up all the spreadsheets and word/google docs to look for people unwise enough to store unencrypted account information.
2-factor authentication is good, better than plain passwords, but it isn't a guarantee. The only thing I will guarantee you about cybersecurity is that there are no guarantees.
Haidt is right about running updates. Nothing is more important to keeping you secure from hacking than for all of your software and OS to be current. Not just Windows updates, but make sure your browsers (Firefox and Chrome) and all other non-Microsoft software is also current. Running updates will protect you from 99.9% of all attacks, but the bad guys are coming up with new ways to break in daily, which is why you need to continue running updates.
Awesome job Frank well done. It's Tony by the way. lol
I am watching this in 2017 and guess what, now the most secure posture is to use a single strong passphrase with 2FA. Yep, 3 years later and the world has completelly changed :) still his advice is good, just harder to manage.
Petty surveillance, think Samsung Smart TV's , they record your voice and store keywords / conversations...............
All "smart" appliances are capable of it, including fridges/toasters and washing machines.
Any books on hacking need to learn and pay back
The closest I've gotten to hacking is using inspect element to change the words on a school computer
Is it just me or is the Pablo Escobar movie advertisement getting out of hand?
AdBlock.
Haven't tried it on android
+OneMinuteFixed you mean Narcos?
what is this autoupdate he talks about?
BOSS.
What does he mean with Auto update?
F8H
Got the same question. Anyone?
Khanryu Some software pings a server when it is turned on to check if there are any changes in the program and then downloads and installs them without you.
F8H Some software pings a server when it is turned on to check if there are any changes in the program and then downloads and installs them without you.
Bradley Williams Oh okay, I thought he meant something else more complex to avoid being hacked. I did know what auto update is in general aplications. :) Thanks!
F8H Also there is a very common widespread hack that comes as a .pdf attachment to emails. It practically takes control of your computer. So allowing your pdf reader program to auto update will get you the newest version as soon as possible which will possibly have security fixes.
"hacker" - a person who uses unconventional methods, usually with a low quality undertone, to fix a problem.
what a powerful guy
Big advice for everone , DO NOT USE IT. you cant hack what dos not exist.
What was the password?
I wish this guy would explain some of the terms he uses. I am not a professional hacker.
But engys are sperglords.
exactly
like what?
PM me on hangouts if you have any specific questions about certain terms. im willing to pop in some free time to answer some questions
+Nacho Studios or he could use google
I wonder who were they who hacked me but, I don't really care, I went along for fun.
Microsoft stopped updating my computer so I switched to Linux.
You make my life meaningless when you do that.
Why I don't open emails I'm not expecting, even from friends.
You can open email from anyone and read it, just don't easily click on the link or download the attachment.
Freeman Overwhelmed that depends if its a HTML based email such as store offers. They can have malicious scripts embedded in the email.
Michael Gannon scripts cannot be ran from an email
Even if HTML based? In which case how do people get infected by "opening" emails, or is it necessary for them to click on links in the email?
Michael Gannon almost all email clients block scripts from being run. If your client does run JavaScript uninstall it immediately and get a more trustworthy one like outlook or Mozilla's thunderbird(or whatever it's called)
I think the most important thing about "Real" hacking is, Social Engineering.
social engineering toolkit ;)
Well not the software/script SET, but the real Social Engineering. Hackers can talk their way into some systems. That is what real Social Engineering is about. Kevin Mitnick talked a lot about real life Social Engineering in a few of his speeches.
How can I be a good shepherd?
Doesn't turning on auto-update expose you to dangers as well? Its better than the alternative but there can still be security flaws in new releases. Just go LAN on your company machines lol.
bloatware bogs your computer down so that lay people go buy new ones
Is it just me or is that Marsha May at 6:37?
Marsha's sister, maybe. Wondering how many here actually know who Marsha May is LOL
What America does best
Wait... Are you saying The Simpsons Movie was NOT a documentary detailing to tremendous accuracy what the NSA does?
I only use Linux and I let it update daily or whenever any are available and I use it's built in firewall and an exterior firewall, I had 1001 passwords as of 01-14 / 2019 stil and it's still far from 100% safe. ( However I have not had a single instance of malware in over 11 years of using Linux. I only us Windows® for proprietary programs like Pro Tools that hasn't been ported to Linux yet, and I only get it online to update it.
jay leno with glasses
Laughed so hard I had to pause the video
What did the guy yell out as his answer? I couldn't hear him... Ahhh...
My school created 100's of accounts with the student's email as the username and the password Password1, I changed my friends password for fun and told them just to show that I could have leaked 1000's of pounds worth of accounts, changed their passwords and then they gone.
P.S. STOP using the same password for everything people! I used to do it. That's the new definition for moron! Listen to this guy and all the comments that agree! They know what they're talking about.
Is it just me or this guy looks like George Fisher?
This guys "best in the world" group apparently hasn't seen what china is capable of today. Even china doesn't want the world to know just how deep their reach into the tech world goes.
Bono pastore = Good shepherd.
Otherwise, it'll be that lead singer from U2 becoming a pastor in the pastures _having finally found what he's looking for._ 🧑🏻🎤😎
Oh my Cenk Uygur when'd you grow a ponytail
You try not testing patches for a multi-billion dollar company and see how long you last. No, you do not "turn on auto-update" in a business.
How do you remember 10+ passwords easily, any advice is great.
Change a few characters depending on the website.
do what everybody says you SHOULDN'T do.
Write them down, with their appropriate uses.
Put that list, somewhere secure.
Like a safe. Or tuck it in a book on a shelf in your house. Be creative.
Do it. Nobody is going to break into your house to find your password list.
Unless, you have a crazy ex who HAS to. In which case you're on your own.
Set the passwords to math/ physics equations. Example E=mC^2, Pv=NrT
BlenderLager wow, you blew my mind thank you
37 lines to explain an easy method to remember passwords.
Got it.
sigh.
did u see cam pan the audience on the same pw for multiple accts? lazy idiots
frank quote " be a good shepard " good guy or not ..i liked his messages
Automated bots huh.......recaptcha. I'm coming for you
why do ppl do things like that.