Placeholder Image

字幕表 動画を再生する

  • What's up, guys?

  • Just two cents here.

  • We're gonna talk about stuff that's making news headlines today.

  • But boo boo Pretty pretty, Pretty, pretty pretty.

  • I want you to add one of those globes.

  • D'oh!

  • So I know a lot of you guys are probably like, Jay.

  • I've gotten tons of e mails and tweets, obviously, as of waking up this morning, Going J Do you hear about this?

  • Hey, J.

  • J.

  • Because we've clearly been, like, apparently, how Linus was with Tunnel Bear like we've been with nor VPN.

  • It's just a service that we use that we really like.

  • So we're gonna talk about the future of our sponsorship with north VPN towards the end of this video.

  • But I feel like you need to understand the problems and the way it was handled.

  • So you can understand our decisions on why we're doing what we're doing.

  • So back in March of 2018 and am using know to use this stuff, I wanna make sure I don't miss.

  • So back in March 2018 a data center in Finland was right.

  • A server in Finland was accessed without authorization D and exploit the remote management software that was left in place by the data center on the server was active for about a month with this thing vulnerability.

  • So in the data center, what happens is nor VPN isn't own all the servers.

  • They rent them in various data centers around the world.

  • That's how they can get up and running with new servers so quickly.

  • And with this connected agent we live in now, it's not hard to find a data center and just about every corner of the world.

  • But apparently what happened is this data center left a remote management utility in place where you don't leave those in place.

  • They're they're just like keys hanging out of the door.

  • If you if you can get access to that, then you have access to the server.

  • So what happened is unauthorized access via, um, someone somewhere got access to the server in the encryption key.

  • Now, to understand why the key is important, you have to understand how VPN works were into a stupor.

  • Lehman explanation here.

  • But basically a VPN or a virtual private network is a point to point connection between you, whatever device that you're on and the data center or the virtual private network.

  • What happens is your your information gets pack.

  • It'd into this encrypted packet and then you have a tunnel to the VPN.

  • So the SP is trying to get in there and they can't get This tunnel is encrypted.

  • And here's your data and you basically just taking years ago.

  • You pack, it goes into the tunnel, and then no, really, it only takes one blow to get into the server.

  • But the encryption key on the other end says, Oh, this is unauthorized server, right?

  • So the key authorizes the server with, Nor VPN that that's a that's a proper server.

  • It will then take the data, the packet decrypt it because it's encrypted in that tunnel and then send it off to the Internet and then same thing going the other way.

  • Data from the Internet is re encrypted, sent to you in the decrypted on urine.

  • Well, that encryption key was stolen during that that month of access that was unauthorized.

  • So this is nor the peons exact statement regarding this.

  • The server itself did not contain any user activity logs.

  • None of our application send user created credentials for authentication.

  • So user names and passwords couldn't have been intercepted either, said the spokesperson.

  • And by the way, I'm referencing a crunched article about the link down below.

  • They're the ones who really did all the investigative research on this and got nor to respond.

  • So please read the entire article down below.

  • But the quote goes on to say on the same note, the only possible way to abuse the Web traffic was by performing a personalized and complicated men in the middle attack to intercept a single connection that tried to access nor V p.

  • M.

  • Okay, so that single access again being this because with that encryption key, what they can do is they can fake the server.

  • So basically, with the encryption key being stolen and could be used somewhere else is they could just re point that tunnel.

  • Hey, I'm a Nord server.

  • Wyman Nord server to wink, wink.

  • What?

  • Now you're connecting to them.

  • So what they're saying is the only way that this traffic could be abused is if you are connecting to a unauthorized server.

  • How does that happen?

  • Have you ever seen those e mails were like, Hey, I'm a widow in in Nigeria and I have $50 million all.

  • I need the husband click here.

  • Well, it's those clicks.

  • Here's the spoof emails, those e mails that are pretending to be someone in this case they could have been pretending to be north VPN in Finland.

  • Advertising a new server to connect to us.

  • These are hypotheticals doesn't mean it's happened, but this is how you would gain access to an unauthorized server using the encryption key.

  • So what happens is, although there are no logs and North is correct about that.

  • They don't stored logs on their servers.

  • Who needs a log when you have the data itself?

  • So that's problem number one, and that's kind of cop out.

  • Answer number one In terms of North, that's like, Hey, Nord, we hear you painted your house Red B H Away doesn't allow red Well, Red is a color that started back in blah, blah, blah, blah, blah.

  • I'd like your response has nothing to do with the actual problems being discussed here, So the issue and I was really bad analogy.

  • But the point is like it's when you asked the question and they respond something entirely different.

  • That sounds like you're answering the question, but it's not spin doctoring.

  • It's It's what spokespeople do.

  • That's what they're paid to do.

  • And so what's happened here is that they're completely underplaying what could have potentially happened with that encryption keys.

  • Now, the other issue here is that the white hat hacking group that discovered all these vulnerabilities with this particular server went on to say that they don't know what other network access that encryption key and that point of access to the VPN network could have exposed for other server.

  • So there could be other servers that are compromised right now that no one knows about.

  • Now this kind of goes on to say, Well, why did it take Nord so long to respond by so long?

  • Remember, this happened back in March of 2018 in the encryption key that was exposed and expire until October of 2018.

  • We're talking a massive seven months, right month, 32 months, 10 that seven.

  • I didn't mats, and so seven months of this encryption key still technically being active with a month access to that server before it was identified, and then apparently the data center was fired and all that sort of stuff because North blaming the data center for this, um, you know, management number 10 our management 101 your employees mistake is your mistake.

  • And as a manager, you take responsibility for that.

  • You don't really needed the heat.

  • No, we don't play that game we played around here.

  • You don't play in life as far as I'm concerned.

  • Nord says it found out about the breach a few months ago, But the spokesperson said the breach was not disclosed until today, being the day the article went live, or at least the comment, because the company wanted to be 100% sure that each component within our infrastructure was secure.

  • That's an open ended excuse to say we needed time to talk about this, and that probably would have never been disclosed until they were asked about it publicly, which is what happened here.

  • The TechCrunch article brought this to the public limelight and nor had no choice but to respond.

  • So the researcher went on to say in my research, I mean, the white hat hacking group went on to say While this is unconfirmed and we await further forensic evidence.

  • This is an indication of a full remote compromise of the provider systems.

  • The security researcher said that should be deeply concerning to anyone who uses or promotes.

  • That's us.

  • These particular service is my issue here is not with the hack.

  • And my official statement with this is I'm not concerned that there was a breach If I had to be.

  • If I had to boycott or stop using any service that ever had any sort of breach, I wouldn't be able to connect to the Internet.

  • Period.

  • Every single I S P has had some sort of breach.

  • Netflix, YouTube, Google PS n Xbox, Microsoft.

  • Yes, I know this is the same, but two different surfaces.

  • If we had to say, Oh, my God, you've been hacked.

  • We're never using you again.

  • Then none of you would be able to connect to anything, including the exact site you're watching this on right now.

  • Twitter, Facebook, Instagram.

  • They've all been hacked.

  • Hacking.

  • Is this a way of life today?

  • That is the world we live in.

  • But the problem is the way companies handle these things, and that is when you rise or rise and shine or you look like, well untrustworthy entity, which is unfortunately what my personal opinion is right now regarding North, I feel like they've broken trust not only with myself as an influencer and promoter of their brand, but also as an end user because so much time elapsed.

  • This is very similar to kind of like the experion thing where apparently Experian and all your credit and your Social Security numbers in the U.

  • S were leaked by the millions and it wasn't mentioned or anything until it was exposed.

  • And it's like, Oh, yeah, we had a breach.

  • Yeah, Here's your personal information, including how to get credit was probably leaked.

  • That a big deal, though.

  • We're gonna give you credit monitoring.

  • You couldn't even monitor your own damn websites.

  • T know that this sort of thing was happening.

  • And so you're gonna offer a fixed by giving us more monitoring.

  • I guess that's a little rant besides the point, but that's kind of what this is here.

  • This is the same sort of thing.

  • This was potentially serious and the way you handled it and your silence, says gobs about your dedication to your end user and their potential privacy and security virtual private network.

  • It's in the name so letting this go for so long and only speaking up about it when somebody finally came knocking on your door and then trying to spin doctor it into being not that big of a deal is where you lost my trust.

  • So the research group also went on to say, And this is paraphrasing here.

  • You can actually read the quote down in the article that it appears that nor VPN has spent millions on advertising but very little on their defensive measures.

  • The future of this channel will not be promoting nor VPN not until I at least have faith restored in the company.

  • And the way that's gonna happen is by seeing how they move forward from this.

  • If they continue to take these sweeping under the rug approach, don't talk about it.

  • It will blow over.

  • Well, you know what?

  • That's not how you handle these sort of things.

  • Transparency and being well, even though this is a corporate but being human, admitting your faults and showing people what you're doing to protect them, that's how you rear and trust.

  • We're also not going to be just jumping on board to some other VPN, either because we don't follow the dollars in this company.

  • We follow the brands we believe in and we trust and that we feel as end users ourselves would use.

  • That's exactly how my brands of always worked on this channel.

  • I turned down at opportunities all the time because it's something I simply don't care about don't believe in or wouldn't use personally.

  • So I'm not gonna peddle that to you guys if I feel that way.

  • So I use myself this sort of a litmus test on what I would have wouldn't promote based on the end user and how I feel like they would receive that.

  • Because the other problem here is that the researcher also went on to state that, um, other VP ends were also compromised in that same time frame, including, um, tour guard and Viking VPN.

  • All of those are not necessarily the big guys out there, like Ghost VPN or P A or any of that stuff.

  • The bottom line is everyone's hackable.

  • Who knows now what those other ones have been compromised.

  • So rather than move on to some other brand and just start promoting it.

  • Just know that I still believe a VPN is a necessary thing to have in today's day and age.

  • But how do you pick that brand when you could be vulnerable this entire time and not know it now?

  • Yes, this is a very isolated thing and that it was this server in Finland that was spoofed and potentially cloned and you could've been connecting to that one.

  • But we don't know now.

  • You know why?

  • We don't know.

  • Because Nord was not up front and transparent about this.

  • So we don't know the scope of this on.

  • Based on the responses here, I feel like there was enough spin doctoring to where it's downplayed to where there could be a bigger potential issue here.

  • But now you're in protecting your bottom line in your investors and all that sort of stuff, not the end user.

  • So that's why I wrote the E mail this morning to the brand, saying that our contract at this point is suspended.

  • We will not be moving forward with ads on north VPN, and I wanted to communicate that to you guys because as a promoter of theirs, I feel also partially responsible for this.

  • Because during that 17 months time frame, we were promoting Nord every single month.

  • And now at this point, I feel like I was duped as well.

  • So I'm pissed.

  • And if you can't tell by this video, I am pissed.

  • And at that point, uh, I'm sorry for that.

  • Unfortunate.

  • We had no way of knowing that I'm not passing blame.

  • Because at the end of the day, like I said, I'm responsible for what goes on to this channel.

  • Just like a managers responsible.

  • Their employees do so with that, I'm gonna be taking down the links.

  • And we will not be promoting nor VPN anymore until we see how this plays out.

  • And I believe that they truly rectified the problem and made it right.

  • So anyway, thanks for watching guys just want to put this out.

  • There was an important piece.

  • Not when I plan on putting life today at a much better video going life using this thing.

  • That's a That's a test, bitch.

  • So that was much better video than this one, but this one was more important.

  • All right, guys, Thanks for watching.

What's up, guys?

字幕と単語

ワンタップで英和辞典検索 単語をクリックすると、意味が表示されます

B1 中級

NordVPNがハッキングされました。 (NordVPN was hacked... here is what we are doing about it)

  • 4 0
    林宜悉 に公開 2021 年 01 月 14 日
動画の中の単語