this new Linux feature makes hacking IMPOSSIBLE

แชร์
ฝัง
  • เผยแพร่เมื่อ 20 พ.ย. 2024

ความคิดเห็น • 1.1K

  • @LowLevelTV
    @LowLevelTV  21 วันที่ผ่านมา +206

    go get a yubikey! yubi.co/lowlevellearning-2024
    Edit: I may have caused some confusion about the derived Private Key. When you generate the private key using 'ssh-keygen -K', you're not actually downloading the key itself. You're create a key that stores the credential ID of the Yubikey. You never have access to the private key within the Yubikey. Sorry for the mixup!

    • @l0gic23
      @l0gic23 21 วันที่ผ่านมา +15

      Best Yubikey ad yet

    • @RexHanson-c7h
      @RexHanson-c7h 21 วันที่ผ่านมา +1

      what's your source, I want to read the blog myself

    • @eveldun
      @eveldun 21 วันที่ผ่านมา +5

      I have one and I actually love them for gpg

    • @alexpasko1126
      @alexpasko1126 21 วันที่ผ่านมา +14

      Please do a longer video where you show the many applications of yubikeys! That's the kind of add that I would LOVE!

    • @jamesdupuis3249
      @jamesdupuis3249 21 วันที่ผ่านมา

      Now we're learning about pen caps? How low we going? I'm going to start a Limbo code channel. It'll just be a reaction channel. :) Have a great day!

  • @Danglutas
    @Danglutas 21 วันที่ผ่านมา +2083

    Firefox: Excuse me? 🤨

    • @MelroyvandenBerg
      @MelroyvandenBerg 21 วันที่ผ่านมา +215

      Yea that chromium statement is not nice

    • @ContemplativeCat
      @ContemplativeCat 21 วันที่ผ่านมา +87

      I'm using Firefox based Zen Browser and loving it. 😃

    • @pu239
      @pu239 21 วันที่ผ่านมา +27

      @@ContemplativeCat same lol, its pretty nice

    • @no_name4796
      @no_name4796 21 วันที่ผ่านมา +45

      But realistically though, firefox has a smaller share of browser users then linux has of desktop OS users

    • @Bunny99s
      @Bunny99s 21 วันที่ผ่านมา

      Right, me and most of my family is using Firefox for over 20 years now. Well my family essentially had not really a choice as I have setup most of their PCs :) Though it's not like they care or know anything about what a browser actually is. It's "the internet". The only cases where I use chrome was on my old Nexus tablet and my smartphone. Though I do have FF on them as well. But chrome runs a bit faster on those weak devices :P Though whenever I need actual customization, I switch to FF. My FF in my phone also has an altered User-Agent to pretend to be a PC and not a mobile device. Can be really handy in many cases. Websites nowaday are really great in messing up themselfs in an attempt to "adjust" to your device.

  • @rob5300
    @rob5300 21 วันที่ผ่านมา +1723

    If chromium was the only browser engine left the web would be TOAST

    • @monad_tcp
      @monad_tcp 21 วันที่ผ่านมา +130

      its 90% there

    • @echoptic775
      @echoptic775 21 วันที่ผ่านมา +100

      Yeah, good thing we also have Microsoft edge, opera, brave, Vivaldi...

    • @Pipe0481
      @Pipe0481 21 วันที่ผ่านมา

      @@echoptic775 Firefox?

    • @darukutsu
      @darukutsu 21 วันที่ผ่านมา +293

      ​@@echoptic775this is joke right?

    • @theairaccumulator7144
      @theairaccumulator7144 21 วันที่ผ่านมา +18

      yeah the insane competition of 3 browser engines

  • @ecdhe
    @ecdhe 21 วันที่ผ่านมา +751

    The title is a real clickbait. This feature would make hacking harder but certainly not impossible

    • @Xevion
      @Xevion 21 วันที่ผ่านมา +162

      Starting to realize this dude is just clickbait. Him and Prime are rocking Programmer TH-cam with the clickbait, hard.

    • @apestogetherstrong341
      @apestogetherstrong341 21 วันที่ผ่านมา +7

      Duh

    • @深夜-l9f
      @深夜-l9f 21 วันที่ผ่านมา +101

      youtubers who don't clickbait are all dead. it's natural selection of social media

    • @anandsharma7430
      @anandsharma7430 20 วันที่ผ่านมา +31

      I propose naming this time period, starting from say 2010 to whenever this shit ends, the Age of Clickbait.

    • @bmanpura
      @bmanpura 20 วันที่ผ่านมา +26

      Between the name "mseal makes linux hella safer" and "this new update makes Linux impossible to hack", yeah, this one is a clickbait.
      Would you click on the first one tho.

  • @hatacoyama1246
    @hatacoyama1246 21 วันที่ผ่านมา +908

    does this mean he never made an expo marker sword?

    • @PermanentExile
      @PermanentExile 21 วันที่ผ่านมา +58

      @@hatacoyama1246 Inconceivable!

    • @guilherme5094
      @guilherme5094 21 วันที่ผ่านมา +17

      Nooooooo!!!!

    • @LowLevelTV
      @LowLevelTV  21 วันที่ผ่านมา +218

      what is that

    • @bearwolffish
      @bearwolffish 21 วันที่ผ่านมา +61

      he never had tried to balance a pen tower on the palm of his hand, having to dodge the projectiles on their in evitable way down.

    • @jamesdupuis3249
      @jamesdupuis3249 21 วันที่ผ่านมา +13

      Not everyone has twenty of these. Now we have two, and one is dead.

  • @KillianTwew
    @KillianTwew 21 วันที่ผ่านมา +322

    0:10 Elementary school. Thats how long ago I learned that. I'm 30.

    • @robnobert
      @robnobert 20 วันที่ผ่านมา +5

      Reported. Dude. Not okay.

    • @vstrxl
      @vstrxl 20 วันที่ผ่านมา +26

      @@robnobert ??????????

    • @Nik-rx9rj
      @Nik-rx9rj 19 วันที่ผ่านมา +2

      @@robnobertlmaooooo

    • @VeryEnGeorged
      @VeryEnGeorged 17 วันที่ผ่านมา

      I don’t know what happened to you that early in life, but I’m sorry bruh.

    • @Bread_Lock
      @Bread_Lock 15 วันที่ผ่านมา

      What's with these replies? There's nothing wrong with OP's comment.

  • @shanoian
    @shanoian 21 วันที่ผ่านมา +529

    too busy hacking your preschools web server to pick up the marker cap beta? insane

    • @blankexpression2u
      @blankexpression2u 20 วันที่ผ่านมา +4

      for you to call someone a beta is funny AF. Nice stache sweetie

    • @voltairesarmy6702
      @voltairesarmy6702 20 วันที่ผ่านมา +17

      I think the beta was referring to software versions. Like the beta version of the marker cap technology 😂

    • @shanoian
      @shanoian 20 วันที่ผ่านมา

      @@blankexpression2u @voltairesarmy6702 more so 'beta' used in climbing terminology to mean techniques used. also thanks, i grew it myself

    • @shanoian
      @shanoian 20 วันที่ผ่านมา +16

      @@blankexpression2u lol dude, beta as in the climbing term which means technique or instructions. also thanks i grew it myself

    • @Acetyl53
      @Acetyl53 19 วันที่ผ่านมา +1

      @@shanoian It's probably a bot.

  • @DecadantHandshake
    @DecadantHandshake 21 วันที่ผ่านมา +328

    This man unlocked early game marker tech at level 50.
    Edit : This just made me realize he has never known the joy of making a sword out of many markers, and then whacking a classmate with it

    • @henxdl
      @henxdl 21 วันที่ผ่านมา +1

      fr 😭

    • @Stratelier
      @Stratelier 21 วันที่ผ่านมา +2

      Doesn't this also vary by specific type of marker? For example, his is the type where the cap has a "peg" that inserts into the top of the barrel, which allows you to chain several markers together, but I've also seen markers where the cap stores the other way around, and does not chain? Visual example below.
      Marker with nesting caps: (barrel -> cap)
      ===>- |>| capped
      |>|===>- uncapped
      Marker with non-nesting caps:
      ===>- |>| capped
      |- uncapped

    • @fionnbracken
      @fionnbracken 20 วันที่ผ่านมา +5

      ​@@smitchertech nerds rejoice in superfluous diagrams on niche topics

    • @rl33t74
      @rl33t74 20 วันที่ผ่านมา

      @@smitcher you should do some research on the big boy words you're trying to use there, buddypal
      (hint: look up the words "we", "nerd" and if you're feeling super brave with your homework: "mansplain")

    • @austinsharpe8157
      @austinsharpe8157 7 วันที่ผ่านมา

      I'm not convinced this guy has ever used a marker ever

  • @Ejioplex
    @Ejioplex 21 วันที่ผ่านมา +173

    A summary of what this function does is pretty much:
    See this memory? never ever ever EVER let me edit the permissions of this memory EVER again!

    • @LaserFur
      @LaserFur 21 วันที่ผ่านมา +5

      I could imagine ways to use this even if the spawned child process seals all it's allocations and then runs out of memory. The child process would just fail and the main process would create a new one with more memory. Given how file reading code for old formats also lack much attention this could be useful for more than just browsers.

    • @jfbeam
      @jfbeam 21 วันที่ผ่านมา +15

      At least _in userspace_ ... (hint: the kernel can screw with those flags all it wants.)

    • @not_kode_kun
      @not_kode_kun 21 วันที่ผ่านมา +9

      @@jfbeam but when the userspace is so tightly locked down, it makes it much harder for an attacker to get kernel level privilege. once he has that, there's really not much you can do. at least not with software

    • @kevinchadwick8993
      @kevinchadwick8993 20 วันที่ผ่านมา +2

      @@not_kode_kun Writing the kernel in Ada would make it very hard. Harder than on a CHERI system. Though I guess the point of CHERI is meant to be that it is easier to port Linux to CHERI than to re-write it. Though I'm not sure if it completely supports OS functionality or not. I think CHERI does.

  • @MissMyMusicAddiction
    @MissMyMusicAddiction 21 วันที่ผ่านมา +302

    i usually just seal the marker by putting it back in my nose.

    • @AL-eu4ey
      @AL-eu4ey 21 วันที่ผ่านมา +15

      @@MissMyMusicAddiction or somewhere else 😏😏

    • @weenerhutjr
      @weenerhutjr 21 วันที่ผ่านมา

      @@AL-eu4ey yee i usually put it in mi butt when im done

    • @henxdl
      @henxdl 21 วันที่ผ่านมา +2

      lmao

    • @al6r725
      @al6r725 20 วันที่ผ่านมา +1

      @@AL-eu4ey Sharpie

    • @robnobert
      @robnobert 20 วันที่ผ่านมา +1

      Reported.

  • @malus314
    @malus314 21 วันที่ผ่านมา +83

    Boo for clickbait title but solid video that’s super interesting as always.

    • @devviz
      @devviz 7 วันที่ผ่านมา

      how is that title clickbait?

    • @malus314
      @malus314 7 วันที่ผ่านมา +2

      @ It’s a very editorialized title, there’s nothing that makes hacking impossible and any security researcher worth their salt will tell you that. The title is nonspecific and leads you to click on it via the draw of grandiose claims. It’s not a BuzzFeed headline but I don’t think it has to be that bad to be clickbait

  • @ThisPageIntentionallyLeftBlank
    @ThisPageIntentionallyLeftBlank 21 วันที่ผ่านมา +212

    I would say give it a couple months, someone will figure out how to disable it, work around it, or use it to their advantage. 1337s gonna 1337

    • @PoseidonDiver
      @PoseidonDiver 21 วันที่ผ่านมา +50

      yup... there was some dude(s) who would go through intel architecture for fun and......... spectre.

    • @premiumvibes961
      @premiumvibes961 21 วันที่ผ่านมา +11

      @@PoseidonDiver God Bless Them.

    • @rtzgf67games7
      @rtzgf67games7 21 วันที่ผ่านมา +1

      What

    • @petervancaeseele9832
      @petervancaeseele9832 21 วันที่ผ่านมา +11

      Its like trying to make an unpickable lock.

    • @foobarf8766
      @foobarf8766 21 วันที่ผ่านมา +16

      OpenBSD uses methods like this and no major CVE since 2006

  • @MartinBarker
    @MartinBarker 21 วันที่ผ่านมา +65

    While mseal provides robust security by preventing any modifications to sealed memory, it comes with significant downsides. Long-running services cannot effectively use this syscall because they would retain all sealed memory until the process terminates, leading to increased memory usage over time. This could eventually exhaust available memory, forcing the kernel to kill the process to free up resources. Therefore, using mseal in long-running applications is not practical due to the risk of memory retention and potential system instability. Additionally, the most common exploits target long-running services because they need to be persistently running. This makes mseal ineffective for protecting these services, as they cannot afford to retain memory indefinitely. So, what exactly is this protecting?

    • @framegrace1
      @framegrace1 21 วันที่ผ่านมา +15

      The main purpose of this is to be used by the kernel itself, to protect the stack and other shared areas. Not sure if there's of any use on userland (Or even if it can be used there)

    • @acters124
      @acters124 21 วันที่ผ่านมา +10

      the person who sponsored this change works with the V8 engine. Will I see the chromium browsers eat more memory on Linux now and require periodic restarts for simple garbage collection? worrying, but also, restarts are how updates are done so, idk if it is a problem for that specific use.

    • @acters124
      @acters124 21 วันที่ผ่านมา +2

      @@framegrace1 I was under the impression the V8 engine will use this new feature to strengthen the chromium browser security

    • @Darkyx94
      @Darkyx94 21 วันที่ผ่านมา +3

      In the case of V8, the user heap is already sandboxed in order to limit the ability to exploit the software via memory corruption. However, if someone manages to escape the sandbox, nothing prevents it from remapping it executable, then jumping to the payload stored there (since the heap is, by design under user control and relatively big, we must consider it tainted).
      The stack size being relatively limited and already partially protected via canaries, it's way harder to store a full payload on it, so protecting the sandboxed heap against being remapped already does a lot

    • @foobarf8766
      @foobarf8766 21 วันที่ผ่านมา +9

      Used on OpenBSD for over a decade without ballooning issues AFAIK but probably does require a slower/more secure free() implementation to complement it. Which the Linux kernel has also had for years.

  • @wolfschaf
    @wolfschaf 21 วันที่ผ่านมา +78

    "Shadow stack" is also something that prevents these kinds of attacks, by having a separate stack for return addresses

    • @_lslvr
      @_lslvr 21 วันที่ผ่านมา

      Like Forth?

    • @treyquattro
      @treyquattro 21 วันที่ผ่านมา +7

      I was thinking the same, but of course that won't protect against someone flipping the NX bit on the stack via mprotect (or any other rw memory pages)

    • @vk3fbab
      @vk3fbab 21 วันที่ผ่านมา +2

      Or a hardware implemented shadow stack. Of course that's gonna put hard limits on the level of recursion supported and how's that work with with each process needing its own stack. You might need a way to read the hardware stack for debuggers but there should be no need to modify it. I haven't seen any modern architectures use this but I think some older architectures did it.

    • @diobrando7642
      @diobrando7642 21 วันที่ผ่านมา

      ​@@vk3fbab shadow stack is a hardware level protection by definition

    • @diobrando7642
      @diobrando7642 21 วันที่ผ่านมา

      ​@@treyquattro but trying to return to the stack would make the program crash, because the address on top of the stack wouldn't match with the one on top of the shadow stack.

  • @tommyandersen4004
    @tommyandersen4004 21 วันที่ผ่านมา +52

    "... makes hacking IMPOSSIBLE" ... famous last words.

    • @smitcher
      @smitcher 20 วันที่ผ่านมา +7

      Clickbait, given the ultimate meaning of hacking...

  • @djsmeguk
    @djsmeguk 21 วันที่ผ่านมา +45

    Man, I used to make giant rods full of markers by putting them end to end like that. The Sword fights in the offices were EPIC.

    • @distortions
      @distortions 21 วันที่ผ่านมา +2

      brings me back to school.

    • @ShipShippingShip
      @ShipShippingShip 21 วันที่ผ่านมา +2

      Sounds like an epic place to work in

    • @AndrasBuzas1908
      @AndrasBuzas1908 21 วันที่ผ่านมา

      Cringe

  • @b33thr33kay
    @b33thr33kay 21 วันที่ผ่านมา +96

    Could you not be so clickbaity? Could you put at least the name of the feature in the title or in the thumbnail, please?

    • @asdfghyter
      @asdfghyter 17 วันที่ผ่านมา

      DeArrow is a great extension for exactly this reason! it’s by the same guy who made sponsorblock. it even works in mobile safari

    • @vfryhn2
      @vfryhn2 15 วันที่ผ่านมา +3

      No

    • @kellymoses8566
      @kellymoses8566 15 วันที่ผ่านมา +3

      Sorry but vague titles are proven to get more clicks. TH-cam lets you do A\B testing with different titles and thumbnails

    • @alfadorfox
      @alfadorfox 12 วันที่ผ่านมา +2

      Welcome to TH-cam.

    • @emilianomolinagonzalez2665
      @emilianomolinagonzalez2665 9 วันที่ผ่านมา +1

      @@b33thr33kay he started explaining the method before the first minute of video my man

  • @TheAlexgoodlife
    @TheAlexgoodlife 21 วันที่ผ่านมา +24

    It would be cool if you made a video walking through the actual steps of the example you showed, writing "malicious" code, overflowing the stack and setting the return address to the malicious code for example

    • @smitcher
      @smitcher 21 วันที่ผ่านมา

      Numerous examples on TH-cam if you search. FT did a good DNS RCE where they pretty much explain the steps they took to overflow the buffer and the stack return address and then built a ROP chain to execute the code that they sent th-cam.com/video/YCOoc1U7kPA/w-d-xo.htmlsi=XE6DQFjG94BZJ7G5&t=430

    • @moamber1
      @moamber1 20 วันที่ผ่านมา +2

      That would require skill.

    • @smitcher
      @smitcher 20 วันที่ผ่านมา

      @@moamber1 not really... finding the vulnerability vector is the most difficult part

  • @IngwiePhoenix_nb
    @IngwiePhoenix_nb 21 วันที่ผ่านมา +96

    Chromium "The only browser engine"
    Firefox: Screaming on a market place inbetween banners of ads.
    Servo: Scouring bins and baskets trying to find support.
    Ditto: _shrug_
    IE: WHY ARE YOU RUNNING

    • @RandomGeometryDashStuff
      @RandomGeometryDashStuff 21 วันที่ผ่านมา +3

      wine gecko:

    • @autohmae
      @autohmae 21 วันที่ผ่านมา +6

      Well, IE is a deadend, but Safari and others are running Webkit, not Blink (Chromium)

    • @Beryesa.
      @Beryesa. 21 วันที่ผ่านมา +4

      WebKit dusting in the corner

    • @LazarNaskov
      @LazarNaskov 21 วันที่ผ่านมา +4

      Ladybird: vibing in the corner

    • @cantfindme-x4u
      @cantfindme-x4u 21 วันที่ผ่านมา

      netscape navigator: rotting away

  • @haveboard
    @haveboard 21 วันที่ผ่านมา +55

    all this knowledge and smarts, but you just learned the marker cap thing? There is hope for me, yet!
    just pulling your leg, love your channel, I always learn something new... but not this marker thing, I knew that already.

  • @hacked2123
    @hacked2123 21 วันที่ผ่านมา +12

    The marker thing is probably an indicator of someone who grew up with a cellphone, versus someone who did not...and was bored...and tried all the things including how many markers you can stick together before it collapses under its own weight as a bridge.

    • @deltamir_
      @deltamir_ 20 วันที่ผ่านมา

      no it isnt lol

    • @hacked2123
      @hacked2123 19 วันที่ผ่านมา +2

      @@deltamir_ it was partially a joke, but there certainly a strong correlation, though not mutually exclusive either.

  • @Zelousfear
    @Zelousfear 21 วันที่ผ่านมา +5

    Of all the system that I've broken into, I've never used memory corruption, just people corruption.

  • @sebastianlastname5977
    @sebastianlastname5977 21 วันที่ผ่านมา +5

    Another fun fact about those markers, it's the same ink as in a sharpie. It just has a different solvent that prevents it from drying out rapidly. You can use an expo marker and go over a sharpie mark on a whiteboard, then wipe it off, and after a few cycles it'll get cleared off.

    • @xxportalxx.
      @xxportalxx. 21 วันที่ผ่านมา +1

      Oh that's nest, I suppose that's why if you leave expo on for too long it becomes permanent lol

  • @miguelmontero4133
    @miguelmontero4133 21 วันที่ผ่านมา +20

    Someone clearly never made marker swords when they were a kid.

    • @patrick_test123
      @patrick_test123 5 วันที่ผ่านมา

      Only as kids, right @djsmeguk?

  • @maurizio_italy
    @maurizio_italy 20 วันที่ผ่านมา +16

    not hackable sounds very like unsinkable

  • @theunseen010
    @theunseen010 21 วันที่ผ่านมา +5

    if you've never had a 'lightsaber' fight with about 7 expo markers stuck together, you haven't lived brother

  • @suchiman123
    @suchiman123 21 วันที่ผ่านมา +22

    Quite the clickbait headline. Does not seem all that useful, Intel CET is a much more effective mitigation without the downsides of mseal.

    • @diobrando7642
      @diobrando7642 21 วันที่ผ่านมา

      I perfectly agree, the only advantage to this is that it doesn't need hardware support, but you can achieve this kind of protection with seccomp rules

    • @AdityaBasu92
      @AdityaBasu92 19 วันที่ผ่านมา

      Very true.

    • @WeisenbergTKMrWhite
      @WeisenbergTKMrWhite 18 วันที่ผ่านมา

      Does AMD have an equivalent?

    • @diobrando7642
      @diobrando7642 18 วันที่ผ่านมา

      @@WeisenbergTKMrWhite Yes! All Zen3 processors have shadow stack protection

  • @Jenny_Digital
    @Jenny_Digital 21 วันที่ผ่านมา +8

    For thousands of years… Ladders were high tech ways to break in.

    • @Evan490BC
      @Evan490BC 12 วันที่ผ่านมา +1

      They still are.

  • @AntranigVartanian
    @AntranigVartanian 21 วันที่ผ่านมา +49

    Good to see Linux catching up with OpenBSD on the security side and FreeBSD on the performance side.

    • @foobarf8766
      @foobarf8766 21 วันที่ผ่านมา +15

      Yep I came here just to say 'but OpenBSD has done this for like two decades'

    • @ManuFortis
      @ManuFortis 21 วันที่ผ่านมา

      Curious, but why no mention of NetBSD? Just installed it on a side rig to tinker with, so am curious why it's not mentioned.

    • @ManuFortis
      @ManuFortis 21 วันที่ผ่านมา

      ​@@yukkuriwa Important aspects in which way? Feel free to explain at length if you feel you must to get the jist of things across. I'll read it.

    • @AntranigVartanian
      @AntranigVartanian 21 วันที่ผ่านมา

      @@ManuFortis I don’t know much about NetBSD so I didn’t wanna comment, but hey, looking at the charts now, I guess one day Linux can catch up with NetBSD, when it comes to portability, aye? :D

    • @ManuFortis
      @ManuFortis 21 วันที่ผ่านมา

      @@AntranigVartanian Fair enough. I'm mostly interested in it for its ability to be put onto basically anything. Which I think is going to come in really handy for my intended use.
      Also, some of the most successful companies use BSD for their systems, and it seems NetBSD is probably the original basis or is closest to the original basis for most if not all of them. Nintendo uses their own version of BSD as I understand, as has Sony many times, especially for the PS3. Apple, well, MacOS is based on Darwin, which is an offshoot of yet another BSD OS.
      Sometimes the best way to copy success, is to copy the methods, right?
      Making my own game, and I'm thinking at this point my own console too to support a proper gaming platform that respects the right to own property properly; well those are going to need an OS that has a proven track record already.
      So BSD it is, I guess. I decided to start with NetBSD, because why not, since it has the best compatbility with whatever I end up making my proof of concept/prototype rig hosting whatever fork of NetBSD I end up creating in due time. (Probably going to be a nanoBSD version of NetBSD altered to favor gaming and communications. Nothing too fancy, just enough to do the job.)
      That portability you mention is where that comes in. The smaller the OS can be made, the more resources are left over for the actual game being played.
      Can do that with Linux, but there is too much chaos in the Linux community as of late for my liking. And certainly doesn't make sense to do it with Windows.
      I did ponder the possibility of using an offshoot of MikeOS, the assembly based OS; but it's 32 bit only. So BareMetalOS would be the next to look at for that. But that's still a work in progress really. Kind of too early to be used for something that requires dedicated stable reliability as I see it. As in it will do exactly what you expect every time bar only the more extreme circumstances which it cannot be expected to withstand, etc.
      Side note: I personally think gaming and computing needs to have a return to its roots in some regards, and not just in the playing retro games side of things either. Consoles have become computers in their own right, which is great in some ways, but terrible due to others. IMHO, game consoles should do one thing mostly, really well, with whatever else added on being made to exemplify the main function; not degrade it. That one thing being their main function. Everything else, can take a second seat at the very least, or not be included at all if it can't meet those standards.
      We have tablets, laptops and desktops for the things consoles don't need to be doing. And likewise, consoles should be doing the things that the others don't really make sense to include for. Like physical media for instance, with games. Nintendo does this right, even if they aren't everyones favourite right now. They include physical media in a day and age when it would probably make more sense economically for them to stop doing that.
      Meanwhile the others are trying to do away with it, all because digital licensing offers bigger profit margins. I can't begrudge them of that too much, since they do need to make a profit. I just wish they would be smarter about it in a way that isn't anti-consumerist.
      What era of graphics would this target?
      I'm thinking something in the realm of PS1 era graphics in regards to the RPG's aesthetics of the day, but upgraded as much as the console can handle to allow for larger games while not reducing graphical aesthetic quality more than necessary.
      I figure this should give plenty of indie devs a stable starting point for their own games, where they don't want to have to compete with AAA's pretending to be Indies on places like Steam.
      Anyways. This is getting longer than necessary, so I'll end it there for now.

  • @blenderpanzi
    @blenderpanzi 21 วันที่ผ่านมา +12

    Note: Chromium isn't the only browser engine on the internet.

    • @s4yto
      @s4yto 21 วันที่ผ่านมา

      no one said that it was, chromium is just the world's most popular engine

    • @blenderpanzi
      @blenderpanzi 20 วันที่ผ่านมา +1

      ​@@s4ytoHe literally does at 0:57. I don't think you can use the "like" as an excuse, given how that word is used these days, just as a filler word.

    • @木原篤郎-b4m
      @木原篤郎-b4m 20 วันที่ผ่านมา

      ​@@blenderpanzi but that is precisely the meaning of "like" as an adverb in such a sentence structure. Taken from Merriam Webster: "Nearly, approximately; used interjectionally in informal speech with expressions of measurement". So not only it is a valid excuse, it is the most likely meaning of the sentence.

  • @LukasCarrein
    @LukasCarrein 20 วันที่ผ่านมา +4

    0:59 he just insulted firefox like that

  • @peterbergvall7752
    @peterbergvall7752 20 วันที่ผ่านมา +3

    Impossible, you say? .....And that is the sound of "challenge accepted" around the world.

  • @Muhammet-Kuruoglu
    @Muhammet-Kuruoglu 21 วันที่ผ่านมา +4

    I didn't understand most of the technicality's in the video, but I feel intellectually superior to Low Level, since he just figured out the marker cap trick.

  • @MK73DS
    @MK73DS 21 วันที่ผ่านมา +5

    0:32 All the hackers from thousands of years ago were using this method too, so you were correct.

  • @anon_y_mousse
    @anon_y_mousse 21 วันที่ผ่านมา +22

    This is an interesting idea, but I'll say it again, the actual biggest source of errors is not checking user input. If you use gets() or if you use scanf() in that way, you are not checking user input at all. That is the real error. The memory corruption is merely a side effect of what you've already done wrong.

    • @chainingsolid
      @chainingsolid 21 วันที่ผ่านมา +2

      Honestly the 2 things I'll levy at whoever is in charge of C's specification at this point is why do header files exist in 2024, and a hard deprecation of use of pointers as arrays never happened. An array should be pointer + length. Then bounds checks can be done.

    • @steffennilsen2132
      @steffennilsen2132 21 วันที่ผ่านมา +2

      ​@@chainingsolid Dramatically changing the C spec is essentially not going to happen, it has to retain legacy computability. That said, newer languages obviously dont need headers anymore and some (like Rust and Zig) implement slices that are as you say pointers + length

    • @futuza
      @futuza 21 วันที่ผ่านมา +1

      ​@@chainingsolidwhat's wrong with header files?

    • @chainingsolid
      @chainingsolid 21 วันที่ผ่านมา +1

      @@futuza Typing stuff twice. And being forced to predeclare anything before you can use it. They have a great use in supplying an API, but normally are just duplicate information.

    • @chainingsolid
      @chainingsolid 21 วันที่ผ่านมา

      @@steffennilsen2132 I agree backwards compact is super important. I'm not implying they should stop compiling old code. They should be making an easy to use replacement for pointers pretending to be arrays that can be used for future code.

  • @civiled6059
    @civiled6059 21 วันที่ผ่านมา +6

    I fail to see how this makes hacking “impossible”. With the nature of the stack, it makes it impossible to make it immutable.
    This doesn’t inherently stop ROP or make it any harder either. I’d argue if you had a ROP primitive and the gadgets to be able to call mprotect on the stack or another memory region to make it executable, you’d have the gadgets to escalate a limited ROP primitive into something more useable (I.e increasing allowed ROP chain size, where it’s placed, or pivot to another primitive entirely).
    This definitely can be an obstacle in some attack vectors, but I don’t think it’s going to nearly have the same security impact that stuff like stack canaries, ASLR, seccomp, etc presented.
    Sandboxing or permissioning will never make memory corruption “impossible”. If that were the case, we would’ve seen binary exploitation die long ago.

    • @diobrando7642
      @diobrando7642 21 วันที่ผ่านมา +4

      That's what I said! If you can call mprotect you could probably call mmap and create a new page entirely

  • @guilhermesoares7857
    @guilhermesoares7857 21 วันที่ผ่านมา +5

    LowLevel : Linus is very passionate
    Linus on this patch discussion: Stop this. I do not want to hear your excuses for garbage any more.
    We're done. If I hear any more arguments for this sh*t, I will
    literally put you in my ignore file, and will auto-NAK any future
    patches.

  • @harlycorner
    @harlycorner 21 วันที่ผ่านมา +3

    It's funny that a week ago, I hadn't even heard of Yubikey. Then, 3 days ago I got a new laptop from my employer with a USB Yubikey plugged in, and now, all of the sudden, we also have video featuring a Yubikey 😁

  • @ragtop63
    @ragtop63 5 วันที่ผ่านมา +1

    Nvidia - Feb 2021: "Our crypto hash rate limiter is unhackable!"
    Hackers - Mar 2021: "I just hacked it..."
    Moral of the story: If it's software, it's hackable.

  • @Insaniaq
    @Insaniaq 21 วันที่ผ่านมา +19

    I thought this comment section was about mseal(), but it's all about markers. I don't get the reference, did I just end up in the wrong comment section? Some TH-cam memory leak somewhere? Please, help!🙏

    • @apIthletIcc
      @apIthletIcc 21 วันที่ผ่านมา +2

      Idk if you legit don't understand the marker command but it's hilarious six people liked the comment without replying with an explanation
      Edit: mark that seven

    • @acters124
      @acters124 21 วันที่ผ่านมา

      no, what you found is proof of the average IQ of the average social media comment section. Not many know what the mseal will do, but many more know what a marker sword is. which one do you think people will be able to talk about? the one with least resistance and confidently know enough to post about as if there are not other 100s of comments letting the youtuber and other viewers know about the markers they know so well. I on the other hand can't deny that I will miss the days I use mprotect to gain code execution. V8 is already strong in protections and require so much to get close to a working POC. most of the time relying on old versions of chromium to have fun with as the more recent ones are too complex to enjoy that quick satisfaction that one gets from solving a challenge. Even CVEs dont offer enough info, which is fine as I doubt many want their systems to be easily broken into. I sometimes do miss the days before AMD64 for which in a x86 environment would allow you to just load all the ROPs and the needed arguments in the stack instead of worrying about having to find gadgets to ROP the arguments into the registers. sometimes I am lazy, and want to find enjoyment in something that is getting progressively harder in the modern age. RIP
      tbh, if anyone did care about ROP security, we would be using shadow stacks that are separate from our modifiable variables to hold the return addresses. its been a solved problem for a long time, but its definitely slowing down execution a little. I wonder if mseal is truly going to solve it without the loss of performance.

    • @sirseven3
      @sirseven3 21 วันที่ผ่านมา +3

      Not a memory leak, go back to the beginning of the video. You read the comments while the audio is background noise and missed the part where he didn't know how that you can put the cap on the marker in the back of the marker and that's why people are talking about marker swords

    • @luipaardprint
      @luipaardprint 21 วันที่ผ่านมา +2

      You really weren’t paying attention to this amazing presentation about markers?

    • @Insaniaq
      @Insaniaq 20 วันที่ผ่านมา

      Dudes chill, I was joking. I got the marker reference and was as equally surprised as everyone else that he didn't know that OP feature. I just saw a perfect opportunity to make the joke ;)

  • @tommybronze3451
    @tommybronze3451 21 วันที่ผ่านมา +2

    Embedded boy here. Have you ever heard about writing past the canary ? Alto this is a nice feature that will decrease the attack vector we're not out of the woods yet.
    On of the biggest problems is mixing data with program.

  • @null-0x
    @null-0x 21 วันที่ผ่านมา +14

    @0:33 you could say thousands of years, starting in the second millennium(1990s) and still continuing into the third millennium(2020s)

  • @miscbits
    @miscbits 21 วันที่ผ่านมา +12

    This sponsored segment contains one of the only products shilled by a youtuber I actually want to buy

    • @treyquattro
      @treyquattro 21 วันที่ผ่านมา +3

      yeah, I liked the way it was incorporated into the rest of the content with examples too!

    • @dhillaz
      @dhillaz 19 วันที่ผ่านมา

      And for those who already have them, I learned a new feature!

  • @amandasandell3351
    @amandasandell3351 21 วันที่ผ่านมา +3

    3:53 please go super deep into the details in another video, if you haven't already

  • @JATmatic
    @JATmatic 20 วันที่ผ่านมา +1

    If CPUs just had an separate stack hardneded to oblivion..
    - Push a return address, the address vanishes into a black hole and can't be later modified or inspected by user-space. The pushed address could be checked that is it in a r-x page or you would get a segfault.
    - Pop-and-jump: get a return address, the address is pulled from a magical CPU register.

  • @Ziryu2
    @Ziryu2 21 วันที่ผ่านมา +16

    Im sorry if this is a stupid question, but whats the difference between a yubi key and storing the ssh key encrypted on a normal usb drive?

    • @monad_tcp
      @monad_tcp 21 วันที่ผ่านมา +14

      the yubikey has cryptography hardware to encrypt your ssh key and do the authentication of the public key with the key never leaving the yubi key itself. A normal USB drive would have to copy the private key to the computer's RAM, thus exposing it.

    • @godofpotatos4691
      @godofpotatos4691 21 วันที่ผ่านมา +8

      ​@@monad_tcp but he says that it downloads the ssh key locally

    • @VNActivityProjectRem
      @VNActivityProjectRem 21 วันที่ผ่านมา +5

      @@godofpotatos4691 yes, but only if you want to download it locally (i.e. if you manually execute that command from the video). Normally you don't do that, since it's considered insecure.
      You want to let the Yubi key do its own thing

    • @LowLevelTV
      @LowLevelTV  21 วันที่ผ่านมา +4

      I misspoke here, you don't actually get the key, you get a derived Private Key that associates to the credential in the Yubikey.

    • @Jeff-ss6qt
      @Jeff-ss6qt 21 วันที่ผ่านมา

      His implementation is even worse than storing the key temporarily in RAM. He's storing it to disk each time he wants to use it, nullifying the reason to even have a Yubikey or smart-card in the first place.
      At the very least, if a security program, service, or framework supported the Yubikey/smart-card, it could store the key in protected RAM and securely communicate with the Yubikey/smart-card in a way that doesn't require the program programmers or user that needs it to be an expert in cryptography, in order to prevent side-channel attacks. But, the way he does it is terrible.

  • @Liberty4Ever
    @Liberty4Ever วันที่ผ่านมา +1

    That's nothing. Starting with Windows 10, Microsoft made hacking completely obsolete by integrating spyware directly into the operating system rather than forcing black hat hackers from adding it later.

  • @10e999
    @10e999 21 วันที่ผ่านมา +15

    "Memory corruption has been responsible for 70% of hacks in the last 20 years"
    Do you have a source for that? Are you talking about the google and Microsoft study of 2017 (I think?)?

    • @Pointless-Point
      @Pointless-Point 21 วันที่ผ่านมา +5

      I'm sceptical as well. I want to know the definition of 'Hacks' being used.

    • @user-fje4ztx46no86
      @user-fje4ztx46no86 21 วันที่ผ่านมา +5

      I was told the nr. 1 vulnerability was always social engineering related.

    • @sirseven3
      @sirseven3 21 วันที่ผ่านมา

      Well drivers are the primary way to get a rootkit functioning with these complex A/V system. The main way to enable this is attach to a firmware level driver and overflow and break the services associated then move on from there.

    • @diobrando7642
      @diobrando7642 21 วันที่ผ่านมา

      It's not that 70% of hacks are caused by memory corruption, but 70% of CVEs are a consequence of it.

  • @GreatLich
    @GreatLich 21 วันที่ผ่านมา +2

    Someone has clearly never made an Expo marker sword...

  • @zephyfoxy
    @zephyfoxy 21 วันที่ผ่านมา +15

    Haven't we learned by now that calling something unhackable is just begging someone out there to crack something just to prove you wrong lmao
    Also I think it's very debatable that memory corruption is the "#1 cause" when so many prominent hacks lately have been due to social engineering.
    Yes I know memory corruption is still common and abused a lot, I just don't think it's fair to say it's #1

    • @maxave7448
      @maxave7448 21 วันที่ผ่านมา +8

      Its not unhackable, but if i understood the feature correctly, then it will be a pain in the ass for hackers to get around if it becomes widely used. Also the thing is, we cant really fight against social engineering. People will always keep clicking on links and will always post everything they can about their life online, so we cant do much about that. I would guess aside from social engineering, memory corruption has got to be one of the top 3 at least

    • @SergeantExtreme
      @SergeantExtreme 21 วันที่ผ่านมา

      If most hacks are done with social engineering, then wouldn't that make Windows just as secure as Linux?

    • @yjlom
      @yjlom 21 วันที่ผ่านมา +4

      ​@@SergeantExtremeno for a few reasons
      - microsoft goes out of its way to make its users tech-illiterate
      - windows loves showing dialogs all the time that people will learn to click away without reading (nothing to do with linux vs dos, but the de and the culture should be considered too)
      - windows encourages running as admin, which most linux distros don't
      - windows comes with lots of juicy telemetry data ready for the successful attacker (recall is a particularly egregious example), which most linux distros don't collect

    • @sirseven3
      @sirseven3 21 วันที่ผ่านมา +1

      Linux is just as easy to leave a port open, windows automatically handles a lot of measures automatically whereas with Linux you have the sole responsibility of securing and ensuring good security practices

    • @SergeantExtreme
      @SergeantExtreme 21 วันที่ผ่านมา +1

      @@yjlom 1. I could argue the same about Linux. A great example is the push to force users to download and install software only from "stores". When I complained about this in the distro forums, I was told that installing software from outside of stores was a "power user" move, and it's something a regular person shouldn't be doing. You can't get more tech illiterate than that.
      2. Windows doesn't encourage running as admin with the exception of highly specialized software such as anti-virus, data recovery software, and driver software.
      3. I don't necessarily agree that Windows shows a lot of dialogs. For the most part, pop ups only occur if something goes wrong. This is especially true in this day and age.
      4. Although, I do agree with your point on telemetry.

  • @merlinraymond1014
    @merlinraymond1014 21 วันที่ผ่านมา +2

    Firefox: *exists*
    LowLevel: I'm about to end this man's whole career

  • @tony-does-stuff
    @tony-does-stuff 21 วันที่ผ่านมา +4

    @2:50 I just have to ask, I'm not certain I follow with Yubikey. What happens if someone gets ahold of my yubikey? Wouldn't that present a security risk?

    • @matthewspence766
      @matthewspence766 15 วันที่ผ่านมา +3

      @@tony-does-stuff technically yes but generally that’s a lower risk than sending ssh keys other ways. Any attacker that has physical access to steal your yubikey can just use a good ol’ fashioned crowbar attack and get whatever they want from you anyway.

    • @SlavaThereshin
      @SlavaThereshin 8 วันที่ผ่านมา +2

      @@tony-does-stuff
      If I recall correctly, you set a password during onboarding, and only after verification a key may be extracted.

  • @AndrewMilesMurphy
    @AndrewMilesMurphy 21 วันที่ผ่านมา +1

    Nice! You caused me to have an epiphany - That moment where the overflow refuses to crash and gives control to a hacker's program. That makes so much sense to me :) thanks

    • @acters124
      @acters124 21 วันที่ผ่านมา

      crashing is bad, it should only occur when something impossible for the computer to do or continue doing. low level control allows you to do almost anything with memory. Security is tricky because the computer can't guess what you expect to happen. that is why you setup the rules yourself when dealing with low level code. otherwise use something like rust for the attempts at automating the rules for you as most use cases don't need to be that free with how to handle memory.

  • @jonathaningram8157
    @jonathaningram8157 21 วันที่ผ่านมา +3

    That keyboard sound is pure eargasm. It's rare when not on a specialized keyboard channel.

    • @Terajoel
      @Terajoel 15 วันที่ผ่านมา

      @@jonathaningram8157 came to the comments to find out which keyboard it is, no luck though. Does anyone know?

  • @megan_alnico
    @megan_alnico 21 วันที่ผ่านมา +2

    There was a time when computing resources were so scarce that memory that was both writable and executable was a feature. "Self-Modifying code" as it was called back then was always black magic, but it could do amazing things. It's obvious though that in the modern world we live in security is way more important than this level of code optimization and I'm glad to see it finally fall by the wayside.

    • @stultuses
      @stultuses 20 วันที่ผ่านมา +3

      Yes, self modifying code was also used by some programs as an elaborate anti-copying technique
      I seem to remember something called 'Magic Pencil' but it was a long time ago and my memory is probably wrong

    • @jakubrogacz6829
      @jakubrogacz6829 19 วันที่ผ่านมา +1

      We shouldn't protect ourselves so as to disable some ways of coding. Self modifying code could be a good idea too sometimes. Issue is actually having functions that are not checked for external input - otherwise you would not be able to exploit this out of the program.

  • @MelroyvandenBerg
    @MelroyvandenBerg 21 วันที่ผ่านมา +85

    no way, saying that Chromium browser is the basis of all browsers on the internet is not only wrong. But also delusional.

    • @theairaccumulator7144
      @theairaccumulator7144 21 วันที่ผ่านมา +53

      It's the basis of all browsers that people actually use

    • @ContemplativeCat
      @ContemplativeCat 21 วันที่ผ่านมา +1

      I've used Chromium browsers for years but have grown tired of poor integration with my desktop. I recently discovered Zen Browser, and I'm actually quite enjoying it. I'm also watching the development of Ladybird browser with great interest. We need more diversity and competition back in the browser market.

    • @KevinJDildonik
      @KevinJDildonik 21 วันที่ผ่านมา +21

      Nerds don't realize that an astonishing percent of people use whatever is default. 90+% of all Android traffic is through stock browser aka chromium. As in, 90+% of Android users never install any other browser. At all. Ever.

    • @ArchLars
      @ArchLars 21 วันที่ผ่านมา +8

      It's most, I think the second non-Chromium based browser is Safari.

    • @deoxal7947
      @deoxal7947 21 วันที่ผ่านมา +2

      Can't trust this video based on that alone. Been looking through the comments for the tldr but can't find it

  • @SkyNick
    @SkyNick 15 วันที่ผ่านมา

    OMG your marker trick made my day, glad I had a marker nearby I could try it with or would be convinced it was pure old VFX.

  • @ZenbyBosatsu
    @ZenbyBosatsu 21 วันที่ผ่านมา +3

    Love your stuff man!

  • @nempk1817
    @nempk1817 21 วันที่ผ่านมา +2

    Here is a curious challenge i don't see people commenting on, try making a "vulnerable C program" that compiles using security features of Clang or GCC.
    OpenBSD users rise 🍷🗿

  • @ItsRaelx
    @ItsRaelx 21 วันที่ผ่านมา +10

    2:35 this sounds a lot like cheap usb drive 😂 (I know you can do a lot more with yubikey, this is just a bad example)

    • @xionarxfl
      @xionarxfl 21 วันที่ผ่านมา

      @@ItsRaelx yeah right whats stopping me from just storing it on a normal USB drive

    • @pratheekrebala
      @pratheekrebala 20 วันที่ผ่านมา +2

      The private key still lives on the Yubikey. You can never “extract” the private key from the Yubikey.
      He mis-spoke there. The command he ran just tells your SSH Client that it needs to ask the Yubikey for the secret. You still need to physically have the key (+ pin/touch optionally) every single time you try to authenticate.
      This is exactly how “Passkeys” work but in theory is more secure because it’s a hardware token.

    • @ItsRaelx
      @ItsRaelx 13 วันที่ผ่านมา

      @@pratheekrebala well setting pass phrase on ssh key would do the same thing and you can store it on cheap usb drive

  • @deusexaethera
    @deusexaethera 7 วันที่ผ่านมา +1

    If GETS is so vulnerable, why isn't that command disabled by default, so only people running ancient code that requires GETS will have it enabled by manual user intervention in the kernel settings?

  • @TheRealStevenPolley
    @TheRealStevenPolley 21 วันที่ผ่านมา +10

    0:59 - Firefox RIP in peace

    • @alfadorfox
      @alfadorfox 12 วันที่ผ่านมา +1

      pepperoni

  • @GK-rl5du
    @GK-rl5du 21 วันที่ผ่านมา

    Such an interesting history, please consider doing a deep dive on memory vulnerabilities. Learnt a lot 🙂

  • @reatcas
    @reatcas 21 วันที่ผ่านมา +3

    What about the physical NSA backdoors implanted in the silicon chips?

  • @joelpww
    @joelpww 21 วันที่ผ่านมา +1

    Don't so loosely say that chromium is the basis for all browsers. We shouldn't even joke about lack of variety

  • @RussellBeattie
    @RussellBeattie 21 วันที่ผ่านมา +7

    Wow, that title is some serious grade-A click bait!! Nice job!

  • @FentFanta
    @FentFanta 20 วันที่ผ่านมา

    I love sponsorblock telling me that I don't need 7 minutes of this 10 minute video. Thanks for saving me 7 minutes of my life.

  • @_prothegee
    @_prothegee 21 วันที่ผ่านมา +12

    The V8 Engine...

    • @monad_tcp
      @monad_tcp 21 วันที่ผ่านมา

      why does the V8 need so much sandboxing ? why can't them fix their JIT compiler not to generate insecure code like the JVM does ?

    • @theairaccumulator7144
      @theairaccumulator7144 21 วันที่ผ่านมา +1

      @@monad_tcp probably because no one runs actively malicious code on the jvm? v8 needs to be protected against everything

    • @CrazyWinner357
      @CrazyWinner357 21 วันที่ผ่านมา

      ​​@@monad_tcpJVM is not secure at all. Remember log4j? It is not used as much as V8 not even close.

    • @DaPaBe1999
      @DaPaBe1999 21 วันที่ผ่านมา

      Early web days of arbitrary code injection and execuction from pc to pc is the reason

    • @foobarf8766
      @foobarf8766 21 วันที่ผ่านมา

      lol gotta make sure those XmlHttpRequests you arbitrarily let any domain make are secure

  • @isbestlizard
    @isbestlizard 9 วันที่ผ่านมา +2

    Why would I ever want to turn the X bit back on a memory region I've declared NX? Like, what's the use case here? Honestly it might just be easier to run a hardened kernel that just disallows that by default.

  • @nowave7
    @nowave7 21 วันที่ผ่านมา +5

    1:01 No, Chromium is *NOT* the basis for all the browsers on the internet. For most, sadly, it is, but not all. Firefox and Safari still have their own rendering engine.

  • @aarong9378
    @aarong9378 21 วันที่ผ่านมา +2

    I enjoyed writing self-modifying machine code back in the days.

  • @ijames-bond007
    @ijames-bond007 21 วันที่ผ่านมา +5

    I think it done, it better to learn a new field other than cyber security.

    • @cybertrojan
      @cybertrojan 21 วันที่ผ่านมา +4

      I think you need to learn more about cyber security and Penetration testing

    • @RenyaCarasuma
      @RenyaCarasuma 21 วันที่ผ่านมา

      @@ijames-bond007 lol

    • @Zeromus92-y2e
      @Zeromus92-y2e 21 วันที่ผ่านมา +1

      @cybertrojan especially considering that his mother knows a lot about penetration testing already.

  • @pk_xiv2856
    @pk_xiv2856 21 วันที่ผ่านมา +2

    This title sounds more like a challenge than a statement

  • @knappesouls8150
    @knappesouls8150 21 วันที่ผ่านมา +4

    Finally a youtube ad for a genuine good product.

  • @robmckennie4203
    @robmckennie4203 12 วันที่ผ่านมา

    In fact one of my oldest memories is an older kid showing me how you could make a mega pen by joining several smaller pens together

  • @NoHandleToSpeakOf
    @NoHandleToSpeakOf 21 วันที่ผ่านมา +6

    Is it like... memory safety for C? Nooo....

  • @parthingsdotcom
    @parthingsdotcom 7 วันที่ผ่านมา

    I have a Yubikey or two already. This is the first time i EVER scrolled BACK to the ad portion

  • @goodnightmr5892
    @goodnightmr5892 21 วันที่ผ่านมา +3

    Linus is right. This is going to cause major unnecessary issues.

  • @muhammetmelikkolgesiz9252
    @muhammetmelikkolgesiz9252 21 วันที่ผ่านมา +2

    @LowLevelTV whick keyboard you use? It's sounds so thocky !

    • @aeebeecee3737
      @aeebeecee3737 8 วันที่ผ่านมา

      Not a mechanical keyboard

  • @polinskitom2277
    @polinskitom2277 21 วันที่ผ่านมา +13

    Oh, linux caught up to what openBSD has had for 14 years now. Cool. but it being on linux means it's a trash security feature that's going to be forgotten about in 3 years

    • @framegrace1
      @framegrace1 21 วันที่ผ่านมา +9

      BSD had a first version this from 2022. Linux made its own version in 2023 with some extra features. After a year, changes on both systems end up being very similar solutions.
      (THat's not 14 years)

    • @foobarf8766
      @foobarf8766 21 วันที่ผ่านมา

      @@framegrace1 OpenBSD introduced write-or-execute (W^X) about 2002. procmap -a will show what flags a process has on what regions.

    • @foobarf8766
      @foobarf8766 21 วันที่ผ่านมา +2

      It's not *exactly* what has been in OpenBSD for yonks, but I'd bet the idea comes from OpenBSD's work, it was implemented there first. What is really galling is the Power architecture has stuff like access ordering (PROT_SAO) since kernel 2.6 that Intel/AMD world still without AFAIK.

  • @LukasRotermund
    @LukasRotermund 21 วันที่ผ่านมา +1

    More ads like this please! Maybe an ad-only video about the yubi key(s)?

  • @enterusername7746
    @enterusername7746 21 วันที่ผ่านมา +1

    What keyboard/switches do you use? It sounds very smooth.

  • @SF-eg3fq
    @SF-eg3fq 11 วันที่ผ่านมา +1

    I have a note, half of the video is taken for explaining the basic idea of binary exploitation not a lot of time was taken in explaining the mseal syscall more in depth, plus the clear clickbait “make hacking impossible”.

  • @JosephSaintClair
    @JosephSaintClair 21 วันที่ผ่านมา

    Great info. I teach things like PIE/NX/ASLR overrides (and more) to masters students. So seeing the base overflow concepts iterated here is gold

  • @delusionalaar4031
    @delusionalaar4031 21 วันที่ผ่านมา

    I’m learning low level programming from a guy who just figured out expo caps click on the end. You never stacked expos in school?
    Love your content by the way, it’s some of the best.

  • @autarchprinceps
    @autarchprinceps 17 วันที่ผ่านมา +1

    Aren’t the most common IT security issues leaked reused passwords, phishing, social engineering and DDoS?

  • @Hellbending
    @Hellbending 21 วันที่ผ่านมา +1

    Man unlocks gigabrain pen swords in realtime- shown live as a master baiter

  • @jammin023
    @jammin023 16 วันที่ผ่านมา

    0:39 I suspect "the number one way that hackers get into your computer" has not been through memory corruption bugs for many years. Nowadays exploiting users is much easier and probably far more common: phishing, installing from dubious sources, social engineering...

  • @jrynkiew
    @jrynkiew 21 วันที่ผ่านมา +1

    Jeff Xu can't fix shared buffers in Chromium, but he can't prevent buffer overflows? Yeah, right...

  • @TrinitronX
    @TrinitronX 15 วันที่ผ่านมา +1

    Nice feature to have, yet of course it needs adoption in software.
    Would be nice to see a video on Seccomp, which has been around in Linux longer (introduced in Linux 2.6.12 back in 2005) and does have good adoption.

  • @Nylspider
    @Nylspider 21 วันที่ผ่านมา

    when I was in gradeschool, I'd connect a bunch of those markers together by using the cap connection thing that you mentioned in the video and make a "sword."
    obviously when I hit something, it all shattered, but it was very fun :3

  • @billyguthrie3176
    @billyguthrie3176 21 วันที่ผ่านมา +2

    Now watch right after he said it makes it unhackable linux will get hacked. probably within the next month.

  • @MarcoAntoniotti
    @MarcoAntoniotti 21 วันที่ผ่านมา +1

    “return oriented programming “? So the INTERCAL designer *did* know stuff we did not imagine: they did put the COME FROM instruction in the language.

    • @ashuggtube
      @ashuggtube 20 วันที่ผ่านมา

      INTERCAL is the work of genius

  • @timc3600
    @timc3600 21 วันที่ผ่านมา +2

    So, everything that is intended for good things can be twisted to make it do bad things.
    How long until some bad guy somewhere decides to use this to protect their malware and it makes it harder to detect and remove ???
    How will antivirus / anti-malware cope with this ?

    • @effsixteenblock50
      @effsixteenblock50 18 วันที่ผ่านมา

      mseal doesn't do either of those things.

  • @treelibrarian7618
    @treelibrarian7618 15 ชั่วโมงที่ผ่านมา

    Just a thought: it might be possible to make stack-smashing attacks impossible by a simple ABI change.
    The stack is already handled with 2 registers: RSP and RBP (stack pointer and base pointer) which frame the memory used for a function calls local variables with register saves and call return addresses. They could be used a little differently: use the stack pointer in the usual way for storing call return addresses and saving registers, but have the base pointer point at an entirely separate memory area, a second stack used only for functions local variables. Use RSP in the usual way with push/pop call/ret, and manage RBP by subtracting the required memory for the function, then adding it back before return (or alternatively push/popping it with the other callee-saved registers).
    There may still be other memory corruption attack vectors possible, but overwriting a return address to get arbitrary code execution isn't one of them.
    A global implementation would require the OS to provide the 2 extensible stack areas, and debuggers would need to be rewritten to handle the different method of call-stack unwinding, but all in all not a huge change. And it wouldn't even be required to have a compliant OS: a software creator could implement the different ABI within their own program, by just allocating an alternate stack space and using it as described: it would just need a compiler option to use the alternate stacking method.

  • @MrI8igmac
    @MrI8igmac 19 วันที่ผ่านมา

    Very nice video, I.
    Wish I had seen this ten years ago. Your explanation on buffer overflogs is incredible..

  • @flippert0
    @flippert0 21 วันที่ผ่านมา

    For reasons I can't really explain, the "trick" about putting the marker cap on the back made me laugh hard. It evokes this image of a whole cohorte of young people not knowing about things like phones with rotary dials, modems and cassette tape recorders anymore. Yes, there are amazing things in the real, physical world out there! Like stackable markers.

  • @dab42bridges80
    @dab42bridges80 11 วันที่ผ่านมา

    I can imagine hackers reacting to that title with "hold my beer"...

  • @Zepi2509
    @Zepi2509 21 วันที่ผ่านมา +1

    Cool Video!!
    What Font is it that you use?

  • @fr5229
    @fr5229 20 วันที่ผ่านมา

    If I had to make a bold prediction for the future, it will introduce more unexpected vulnerabilities than it fixes expected ones