The Circle of Unfixable Security Issues

2023-10-17

[public] 41.6K views, 4.98K likes, dislikes audio only

Not every security issues can be fixed. There exist (what I call) "unfixable" bugs, where you can always argue and shift the goal posts. The idea is to only report these kind of issues to create an endless stream of bug bounty money!

Buy my terrible font (ad): https://shop.liveoverflow.com

Learn hacking (ad): https://hextree.io

What is a vulnerability? /youtube/video/866olNIzbrk

hackerone reports:

https://hackerone.com/reports/812754

https://hackerone.com/reports/6883

https://hackerone.com/reports/223337

https://hackerone.com/reports/819930

https://hackerone.com/reports/224460

https://hackerone.com/reports/160109

https://hackerone.com/reports/557154

OWASP: https://owasp.org/www-community/controls/Blocking_Brute_Force_Attacks

Chapters:

00:00 - Intro

00:30 - Denial of Service with loooong passwords

03:18 - Invalid vs. Valid DoS Reports

05:11 - Deployment Differences

06:54 - Denial of Service vs. Bruteforce Protection

09:27 - IP Rate-Limiting "fix"

12:06 - Locking User Accounts?

13:59 - The Circle of Unfixable Security Issues

15:25 - Vulnerability vs. Weakness

16:49 - The Cybersecurity Industry

19:03 - Conclusion: Cybersecurity vs. Hacking

21:34 - Outro

=[ ❤️ Support ]=

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

2nd Channel: https://www.youtube.com/LiveUnderflow

=[ 🐕 Social ]=

→ Twitter: https://twitter.com/LiveOverflow/

→ Streaming: https://twitch.tvLiveOverflow/

→ TikTok: https://www.tiktok.com/@liveoverflow_

→ Instagram: https://instagram.com/LiveOverflow/

→ Blog: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/