Youtube's ban on "hacking techniques" threatens to shut down all of infosec Youtube

Once upon a time, companies were able to insist -- with a straight face -- that the real problem with the security defects in their products was the researchers who went public with them, warning customers and users that the products they were trusting were not trustworthy.

Then came the modern infosec movement, in which hactivists and researchers started to give companies a little grace period before going public, while still rejecting the whole idea of "security through obscurity." If your security depends on no one else independently rediscovering the defects you've identified, you're going to be very disappointed -- just ask all those American cities that are paying out to ransomware creeps who got hold of a defect that the NSA kept secret so they could use it against "bad guys."

Infosec's watchword is "sunlight is the best disinfectant." If you want to prove that a product is genuinely defective, it's not enough to make the claim: you have to back it up with demos that anyone else can replicate -- otherwise the companies will straight up call you a liar and assure their customers that there's nothing to worry about.

Yesterday, Youtube froze Kody Kinzie's longrunning Cyber Weapons Lab channel, citing a policy that bans "Instructional hacking and phishing: Showing users how to bypass secure computer systems." He now has a "strike," which prevents him from uploading any new videos.

This may sound like a commonsense measure, but consider: the "bad guys" can figure this stuff out on their own. Read the rest