PRNG? CSPRNG? Do these acronyms mean anything to you? What's the difference? Why does it matter? After all, your app's password reset tokens are definitely generated with a CSPRNG, right? This talk covers the exploitation of unsafe random number generation across a number of languages. Just how practical is it? In this talk we'll discuss a bit of background, what insecure random number generation looks like, and some practical examples of real-world exploitation. We'll then look at options that are available to developers to avoid these issues in their own applications.