Anon found infinite moneyšāšæ
Posted by WARMONGERING_WIZARD@reddit | greentext | View on Reddit | 73 comments
Posted by WARMONGERING_WIZARD@reddit | greentext | View on Reddit | 73 comments
NorthKoreanKnuckles@reddit
There was a guy who got rich by sending invoices to google. And google simply paid it.
So yes. It could work.
bro0t@reddit
He got caught bc he flew too close to the sun and started billing them more and more right?
Xardnas69@reddit
What ended up happening with that guy? Cause technically that's not fraud or anything, it's perfectly legal to just send someone an invoice
Hyper669@reddit
Human greed is such a fascinating thing...
SuperSocialMan@reddit
I think so, yeah.
maicii@reddit
I was always curious, for educationally purpose, how do you even send a company an invoice like that?
AmbitionOfPhilipJFry@reddit
Social engineering.Ā
Find out the company's financial person.
Figure out the email combo for the first last name.Ā
Send them an invoice that looks official.Ā
?
Profit.
maicii@reddit
You think so (? I assume he send them at the company email or something directly? Anyways this might be a stupid question. Iāve never had a company, but do they really just get random invoices on email and someone clicks them and pays them? Aināt no way itās actually that stupid no?
Craftybalance2@reddit
I sometimes bill companies that do over 50 mil per year, and i just use the mail on the site. Although once you get to companies who do more than that ive always had to use a dedicated mail that was given to me.
plaguelivesmatter@reddit
Uh, yeah, it is, sometimes. Lol
Dragonbut@reddit
I work in IT and I've seen this happen lol. One of my dad's coworkers also processed a nothing invoice for like $10,000 once, no confirmation of what it was for or anything. I get so many emails asking me if invoice emails are legitimate and I'm glad that they're at least checking instead of clicking the first link they see and just filling out whatever form is on it like they're an assembly line with no thoughts, but I still think it's funny that they think I can somehow tell if the invoice is actually for a real service their company paid for. I've also had times where I told someone specifically to call their contact at the company that the invoice is from using a number that they already had, not the one from the email, only to have the person call the number that was in the email and say "they said it was real so I paid it", though luckily that one was actually real
NorthKoreanKnuckles@reddit
"It's real sir, do not redeem."
nowuxx@reddit
And then you get sued
thr33beggars@reddit
Then you call the lawyers office and offer to try to hack their systems to see if there are any holes, and if you find any you offer to plug them so no bad hackers can get in. But then you delete your name from their database and poof, youāre like a ghost
Icefox119@reddit
( Ķ”Ā° ĶŹ Ķ”Ā°)
konohasaiyajin@reddit
> have hole
> people pay to plug it
the real infinite money glitch
Xardnas69@reddit
Literally the oldest infinite money glitch in human history, actually predates money. Still not patched
JuxtaThePozer@reddit
you're assuming OP can "hack" to begin with
YoungDiscord@reddit
"Your honour, OP is misleading the client, here's the evid-"
https://i.redd.it/hhd7d9aisazg1.gif
Treesn@reddit
Metalocalypse š¤
YoungDiscord@reddit
nothiiiiiiiiiiiiinnnnnnngggggg
SecretImaginaryMan@reddit
newnewdrugsaccount@reddit
I hope you're hungry. For nothing.
SymDoesReddit@reddit
Electr0bear@reddit
Exactly. If you provide sich services you are liable for possible future incidents. Sort of the same thing when technicians provide some maintenance and then label / seal critical components with the info of who has done the maintenance.
Rubmynippleplease@reddit
Not really? Youāre not liable for future incidents if you provide this service unless your contract is dog water. Any contract is going to have clauses covering their ass. No security company will ever guarantee that their services cover any future event. A cyber security company can provide a flawless service and some engineer can get phished the next day for instance.
You arenāt going to get successfully sued because they got hacked, youāre going to get sued when you give the client a report of a bunch of shit you didnāt do. You have to sue someone and prove they were negligent.
The equivalent to this is not a technician servicing an A/C unit. The equivalent is someone auditing the AC system for the entire building and making recommendations for ongoing maintenance. If one of them breaks you canāt sue the guy. If his contract states he spot checked 5 machines and reviewed the last 5 years of maintenance records but there isnāt a single record of the guy ever entering your building to do his job then you can sue him.
wedditmod@reddit
Not true I got my company pentested in 1985 and last year some ai kid hacked my shit and took all of my company's sensitive user data. I sued the guy 40 years later and made 100 bajillion rupees which is ~$3.50.
maicii@reddit
Are you do? My guess would be these companies make a contract in which you are not allowed to do sue then afterwards.
spicypsudo@reddit
Put in section 69 paragraph 420 of the TOS that you legally have to pay and cannot sue if you don't find an exploit.
Boba0514@reddit
and that you aren't liable for any unfound vulnerabilitiesĀ
koolmon10@reddit
Yeah this seems like the obvious out here. Even if you did the best pentest ever seen, you can't stop zero-days. You're not guaranteeing the company is unhackable/unreachable, just helping to improve their security.
europeanputin@reddit
That's why any decent company offering such services also provides a pdf which explains which vulnerabilities were tested and what were the results.
Alex014@reddit
Can't sue a LLC with no funds. File for bankruptcy rinse and repeat.
Lord-Chickie@reddit
I mean I didnāt say Iām a very good hacker and that I know how to test those well, did I?
hobohun7er@reddit
Having worked with a 3rd party security team (Spider Labs), they literally showed a risk that the servers were on the network. So no you can't sue them because you'll agree have to agree with their findings and accept some risks. Such a waste of $50,000 and 2 weeks, but the the corpo overlords loved the service!
HansWolken@reddit
That's not how it works, you get paid by found vulnerability.
TeraBaito@reddit
Looking Into This.
QFB-procrastinator@reddit
Mom said itās MY turn to repost this!
Lukebekz@reddit
...I hate that this would work for a while
Nox_Stripes@reddit
Reminds me when an app of a high profile political party had HUGE security flaws in it, and a german hacker group let them know privately, just for that party to basically try to throw the book at them for daring to do that.
Naturally, after that the hacker group went public with the entire affair (not what the actual flaw was) and made the political party a laughingstock.
Smexy_Zarow@reddit
Im pretty sure that is not how white hat freelance works.
They get permission, find vulnerabilities, then get paid if they find any.
DILDOexe@reddit
Only greentext that actually made me laugh in a while š
IudexJudy@reddit
I love posts like this because the very obvious joke is met with Redditors erhm actuallying them lmfao
khjuu12@reddit
Reddit is second only to Bluesky in the great internet not understanding jokes competition
QuitWhinging@reddit
Reddit is the only place I regularly visit on the internet where a majority of vocal users will demand that you use "sarcasm tags" to indicate that you were being sarcastic, even when your post was already absolutely dripping with sarcasm. I know a sarcastic tone doesn't always translate well through text and sometimes it can be hard to tell, yada yada yada, but for Christ's sake it's like being forced to say "that was a joke by the way" every time you tell someone a joke. It's socially oppressive and kills the entire vibe of telling a joke.
blippie@reddit
It's almost required in r/politics, because no matter how stupid and outlandish a statement is, there will be someone who wholeheartedly believes that and actually stands by that. Poes law in effect.
kp3000k@reddit
you cant understand what you dont know.
/trigger warning sarcasm fr fr
Select_Angle516@reddit
anytime a joke post uses an invalid IP address met with a thousand entry level programmers saying š¤ āļø
Marci_1992@reddit
I'm behind 20 proxies you'll never find my real IP address of 192.168.1.5 š
Grakch@reddit
Is it 192.168.1.5?
B4rr0th@reddit
Me
LilXansStan@reddit
Greentexts are only funny if you pretend anon is being 100% serious and genuine
chubbycanine@reddit
It's all the dipshits that think they know something crawling out from under their rock looking for a bit of validation on how smart they are.
Maiq_the_liar_23@reddit
Erhm actually the thread is clearly a joke. I am a mod and am reviewing your post history right now. You can expect a ban for 3 days incoming when I find something (I will). I take this role (job) very seriously. I weigh 160kg and haven't seen my penis in 20 years
SluggySloo@reddit
I hope you find and kill the wizard that made your penis invisible
Johnscorp@reddit
Please ban me mod-san UwU
thr33beggars@reddit
I could not help but read anonās quotes in an Indian accent
Cerenas@reddit
Funny thing, because they do something similar. I received an email a couple years back that my website has serious vulnerabilities, he said he will give me the details if I pay. Then I did some research and apparently, it's a thing that they use those general scanning tools to find 'security issues' and then spam people about it asking for money without doing any actual work.
Sohcahtoa82@reddit
And then they blow everything out of proportion.
Like, they'll claim that not having an
X-XSS-Protectionheader will lead to RCE on my web server.ItsHighSpoon@reddit
Anon thinks people will believe him because he said so and will not investigate on their own
Adjective-Noun-6969@reddit
I made a lot of money in the late 90s by "preparing their windows" for Y2K.
At best i cleaned the case with compressed air.
redditurus_est@reddit
Surely they won't check their network logs.
THAErAsEr@reddit
Or ask for literally any evidence
Rohen420@reddit
repost subhuman
delet_yourself@reddit
Then they ask for a detailed log
FredTilson@reddit
Sounds like the perfect task for an LLM. Generating a real looking network testing log
jrh_101@reddit
As if the company won't ask for the full audit and proof of the work you've done.
MrPizzaPenguin@reddit
Fake: No company would them do this Gay: Anon tried to hack the backdoor
samzplourde@reddit
This is why bounties are a thing
Limmmao@reddit
Aha... and what tests did you perform?
pinkwar@reddit
You don't have to be so lazy. Add a cron job asking Claude to hack it a website, produce a report and send the email with the report only half visible.
Customer pays 50usd to reveal the document and that's when you rick roll them and you both have a big laugh and move on with your life.
Infinite money until someone reports you.
Maiq_the_liar_23@reddit
HACK THE PLANET!
stuyboi888@reddit
OP lives in his mom's basement and can't thinkĀ