The Circle of Unfixable Security Issues

Channel:
United States LiveOverflow
Subscribers:
921,000
Published on ● Video Link: https://www.youtube.com/watch?v=lr1KuL8OmJY


Duration: 22:12
120,719 views
5,393

Not every security issues can be fixed. There exist (what I call) "unfixable" bugs, where you can always argue and shift the goal posts. The idea is to only report these kind of issues to create an endless stream of bug bounty money!

Buy my terrible font (ad): https://shop.liveoverflow.com
Learn hacking (ad): https://hextree.io

What is a vulnerability? https://www.youtube.com/watch?v=866olNIzbrk

hackerone reports:
https://hackerone.com/reports/812754
https://hackerone.com/reports/6883
https://hackerone.com/reports/223337
https://hackerone.com/reports/819930
https://hackerone.com/reports/224460
https://hackerone.com/reports/160109
https://hackerone.com/reports/557154

OWASP: https://owasp.org/www-community/controls/Blocking_Brute_Force_Attacks

Chapters:
00:00 - Intro
00:30 - Denial of Service with loooong passwords
03:18 - Invalid vs. Valid DoS Reports
05:11 - Deployment Differences
06:54 - Denial of Service vs. Bruteforce Protection
09:27 - IP Rate-Limiting "fix"
12:06 - Locking User Accounts?
13:59 - The Circle of Unfixable Security Issues
15:25 - Vulnerability vs. Weakness
16:49 - The Cybersecurity Industry
19:03 - Conclusion: Cybersecurity vs. Hacking
21:34 - Outro

=[ ❤️ Support ]=

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

2nd Channel: https://www.youtube.com/LiveUnderflow

=[ 🐕 Social ]=

→ Twitter: https://twitter.com/LiveOverflow/
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: https://www.tiktok.com/@liveoverflow_
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/



Other Videos By LiveOverflow


2025-03-14The German Hacking Championship
2025-02-28Do you know this common Go vulnerability?
2024-10-16Google's Mobile VRP Behind the Scenes with Kristoffer Blasiak (Hextree Podcast Ep.1)
2024-09-30My theory on how the webp 0day was discovered #short
2024-09-29My theory on how the webp 0day was discovered (BLASTPASS)
2024-09-03Learn Android Hacking! - University Nevada, Las Vegas (2024)
2024-08-20My Trip to DEF CON & Black Hat
2024-01-22Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)
2023-12-21A Vulnerability to Hack The World - CVE-2023-4863
2023-11-20Reinventing Web Security
2023-10-17The Circle of Unfixable Security Issues
2023-10-05Binary Exploitation vs. Web Security
2023-09-19Hacker Tweets Explained
2023-08-29Zenbleed (CVE-2023-20593)
2023-08-18The Discovery of Zenbleed ft. Tavis Ormandy
2023-08-01Asking Android Developers About Security at Droidcon Berlin
2023-07-22Local Root Exploit in HospitalRun Software
2023-07-13Android App Bug Bounty Secrets
2023-07-03Generic HTML Sanitizer Bypass Investigation
2023-06-22Hacking Google Cloud?
2023-06-11Trying to Find a Bug in WordPress


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
unfixable bugs
rich bug bounty
bug bounty millionaire
bugbounty
hackerone
bug bounty reports
rate-limiting
IP rate limit
bruteforce protection
password length
denial of service
dos
dos reports
dossing issues
prevent DDoS
cybersecurity
CIA triad
availability issues
sre
site reliability engineers
out of scope
invalid report