It would be really cool if you did a video showing the "hacker's perspective". Set up an unsecured system, then try to break into it and trash it the way the hackers do. The fact that an unsecure connection literally lets someone else move files onto a PC and execute them still blows my mind. Is it really as easy as these videos make it seem?
It is not. Most of his videos rely on SMB vulnerabilities. This is essentially protocol that allows sharing of resources (including files) over network . If you disable it, hackers are left high and dry .
This kind of thing would realistically not happen if you connected your own 14 year old system to the internet. Firewalls exist on basically every router sold these days, and there's almost no reason to connect a PC directly to a modem anymore, which is how this happens.
You wanna find out, try redacted or redacted or some other ctf where you can pwn a box. It can be pretty freaking hard, but that's usually a matter of finding the vulnerabilities (by hand, usually) Redacted 1 is: Words that sound like "hakkk zee box" Redacted 2 is: worst that sound like "tryyyyy hakkkkk meeee" I am literally not allowed to type the names of the sites or the comment gets pwned.
When I was getting into Linux a bit with a Raspberri Pi handheld I had an ssh appliaction for convenience since it had no keyboard and I forgot to change the login credentials and in like a few hours I got malware that was as in your face as a 90's virus, it gave a big red flashing screen for an infection or something, and I was _freaking the heck out_ because this was on a tiny Gameboy 640x480 screen! Thankfully I kept nothing important on it and just was using it as an emulation system but wow
@@EricParker I don't remember this was like 3 or 4 years ago but ssh was the one thing I could think of that caused it so I guess? I couldn't find any videos on malware like that though, I wouldn't be surprised if it was someone's scareware designed to let people know to change their password xD but yeah my Pi was connected to the internet at the very least because I wanted to run PokeMMO on it and also RetroAchievmeents on Retropi
@@EricParker My comment got auto deleted by YT but yeah, I wanted to run PokeMMO and RetroAchievements so it was connected to the internet, not sure if SSH was configured for WAN though I just had default settings I think. Also not 100% sure it was ssh it could've been some other remote desktop thing I don't remember, it was like 3 or 4 years ago
@@susstevedev Eric has already shown a windows XP video, watch it and you'll see. In that video he connects it to the internet, and immediately gets rats, spyware & adware.
There's a lot of really old Linux kernel versions circulating the wild, particularly in the gambling sector. And, they connect to the internet. Kinda nuts.
@@system128 I saw a centos system on a cash register that was running not being used stuck on the login panel and it was lightdm, and it had the same 19 inch lg monitor i had at home
@@Alethila Not really, Windows can get compromised with just an internet connection, as it was a major attack vector in the past because the user base wasn't the most knowledgeable at securing their system and the defaults were in favor of making using the computer easier. This is why everyone complained when Vista was released, it made running privileged software a little more secure, but flaws in release versions of Windows will not have the patches that would keep you safe for very long when connected to the internet.
@@jfftck "Windows". You say that like it's one version. This creator made a video in the same style about windows 95, and he had to go out of his way to make it insecure. Turning off the firewall and so on. Truth is, Linux has many of the same problems and weaknesses. It's only less apparent because Linux has a much lower userbase. Stop looking at tech as a fanboy, instead take objective looks. You'll grow both in a professional and personal manner.
@@kristoffer8609 Windows 95 didn't come with a firewall, so if it had one, that isn't a base installation. My first computer was a DOS system, then my family upgraded to a Windows 95 computer. I can also provide proof that I work in one of the big tech companies, so I think I know what I am talking about. I have a problem with these videos because of the non-standard setup. Furthermore, I was using Linux as a teenager and having to manually set up everything, not like this version that was shown in this video. I don't recommend using any OS that is out of date, but the cool thing about Linux is it has a live session -- which is a version running in memory and doesn't write anything to your drive, so you can browse the web without worries of being hacked as it will wipe everything if you restart. This live session can also install a newer version, so until Windows or macOS support this feature, it will always have a way to install from older versions.
Probably the only versions of Windows that are going to be compromised out of the box are XP pre-SP2, Windows 2000, and maybe NT 4. Everything else has either sane defaults of firewall and closed services or are too old and primitive to be targets. And this assumes you're going out of your way to connect it directly to the internet, which hasn't been a thing for about two decades.
@@JoraGamer hi! I ran a CIS benchmark to patch up the most basic things. I would like to try Lynis auditing, but it didn't come to mind then 😁. Thanks, I will have something to do now
Why don't ISP's block such IP's that send the same hacking packets to multiple hosts. It probably is obvious. Also, if we move to IPv6 will the hackers be able to find commputers that easily?
@@typingcat The answers are no and no: First no because somehow the ISP needs to know that someone is hacking, and that needs a packet scanner, which usually only works with unencrypted connection, that also needs to scan a packet through thousands of scanners, so the ISP knows for sure that it is indeed a hacker, and even if they know then they can block normal clients who have just been hacked/downloaded some malware, and if the ISP blocks them then they also block normal communication... not worth it. Second, no, because luckily IPv6 is so hudge, so if everyone has (almost) random IP then finding a target is harder... not impossible, but harder.
@@Maramowicz none of that matters because: the ISP needs to care. Hackers use ISPs that don't care. In fact, there's a whole class of attacks (such as DNS amplification attacks) that rely on sending packets over the internet from an IP address that isn't actually yours, which shouldn't be possible, but that some ISPs just don't prevent
As he mentioned, it's the services running on the machine that make it vulnerable. If there are no listening ports exposed to the internet, there is no toe-hold for an attacker to latch on to. You have to be able to get a response from the machine in order to make it do anything.
When you enable ssh with username "root" and password "root" a ransomeware will encrypt your data -don't ask me how I know Also if you leave mysql or mongodb open without any password it will enentually be encrypted
You should expose something on the internet (really anything) and then advertise it on some hacking subreddits and your TH-cam Community tab. It would be interesting to see how much damage could be done in an hour.
So there are people using nmap to search through millions of ip addresses? I know old stuff is vulnerable on the internet but I didn't think someone would find you that quickly?
It would take a while for 1 attacker to find you. With 2 attackers it would take half as much time for someone to find you. Now imagine how many intentional bad actors there are online. Then add in all the compromised systems acting as part of a botnet. If there are 1 million hosts each trying a completely random IPv4 address once a second it will take (on average) less than an hour for one of them to find you.
You can mirror a virtual switch port to another switch port sending it to wireshark. Thus looking at all the connections from the outside without the server beeing supported by wireshark
I'd probably have installed Tomcat as well (more code execution vulnerabilities in the last years than Apache) maybe with some Struts webapps (most insecure JSP framework) as well as some CGI scripts that use Bash (to attract ShellShock aka CVE-2014-6271) to Apache. And PHP and a 14-year old Wordpress. Not sure how ubiquitous scans for those things are nowadays, though. Also, get a Lets Encrypt Certificate or any other TLS certificate that is listed on Certificate Transparency a few minutes after you exposed it to the Internet under a (sub)domain that never had a TLS certificate. That is an invitation to many black hats to have a close look at the server quickly (maybe not updated yet?)
You don't necessarily have to run Wireshark on the client. If you put a managed switch between the client and the internet, you can set up port mirroring on the switch and capture the traffic on your workstation.
You can also buy a little hardware tap that you just put in the middle of the ethernet link to the modem/router/internet and then you have two other RJ45 plugs which deliver incoming and outgoing traffic. However, he's using a VM so his networking is probably not amenable to either of these methods. But it's all getting pretty complicated at that point; probably too much so for a TH-cam video.
And if you're running this in Proxmox/KVM, you can solve the problem with simple networking. The vulnerable VM will have a net adapter attached to say, vmbr1 on the hypervisor. Simply create another virtual bridge (vmbr2), attach them BOTH to a new linux VM for Wireshark, then create a virtual bridge inside of it, and enable packet forwarding. All traffic will be filtered through the Wireshark VM, and can be safely recorded.
That's not even a tiny hurdle. I used to run SSH on port 443 so I could get into my systems from work. Watching the traffic hit that was amazing; I'd sit there watching it in real time and work out where they were hitting me from and it was fun but a bit too much after a while. Of course I didn't use a password; it was locked down with SSH key authentication and rate limiting firewall rules.
nah you won't unless you install shady apks on your android device. On iphone i don't think you can get infected by just simply connecting to the internet the only way to get a virus on an iphone is by jailbreaking it and even then you won't be infected since ios is not very easy to hack.
How to learn cybersecurity skills like you ? Please i don't need read this cert like advice . A practical one like what concepts i need to cover. Internet data is confusing i don't know if i want defensive or offensive?
I once installed samba on my main linux for a school project, i had to reinstall it after, some microsoft package broke my dependencies. Also theres a lot of vulns in that. Just think about school pcs :D
Barebones = "More secure." You add more crap, you introduce more holes, security does actually get worse. There is a direct link. It's the principle OpenBSD is based on, and it has a fitting security record.
Interesting experiment, man the internet of servers looks like a scary place. Just a bunch of bots trying to hit exposed ports and what not to see what sticks. Mad respect to all the cybersecurity experts out there.
It was a few years ago now (maybe 8, time flies, lol), but the university I studied at had an entire internet room filled with XP machines. We used them for computer labs. I had to talk someone out of doing something banking related on it.
seems to be safe and legit, people dont really report security issues with it, I've been using it myself for over a year, but you never can know if in the future the author doesn't change his mind and ships an update with malware
MacOS doesn't need to worry about it. Not the win you thought it was really. Like that UEFI hack that MacOS is the only OS unthreatened by it, while Windows AND Linux are completely unable to do anything about it.
@@The_Prizessin_der_Verurteilung Apple Silicon has a flaw that can't be fixed with software, and you can run Linux on hardware that doesn't have flaws. There are many platforms that Linux supports that it can run on anything. Also, the flaw for UEFI, which does have a software patch, requires the software to be run in privileged level, but Apple's exploit could expose your security credentials remotely. Stop trying to act like Apple is flawless in execution, besides running 14-year-old software will most likely be on old hardware without UEFI boot image flaw.
I remembered when I accidently ran a socks proxy without a password on my server. It took someone 2 minutes until they found the service. After 20 minutes, the vps was already slowing down due to the huge amount of traffic that was routed through the server. Always read the instructions before launching an internet exposed service, lol.
Man you should use that older version of Linux on a VPS SERVER, because mos of these scanners are having long list of host services IP addresses, they don't waste their time scanning the entire of internet as you may expect, you can try Digital Ocean, or Amazon AWS as test. You can do the same, on your home PC (a VM), by mapping an external IP to it, e.g. as insecure Proxy or maybe VPN where it won't filter any traffic, you will be surprise how fast it will get h1cked.
Windows: Install me, nothing else, just install and I get hacked... Linux: Even if you install me I will not get hacked, you have to install some vurneable software first, then configure it and then maybe if you are lucky I will get hacked.
I thought that said "what happens when you expose 14-year-olds to the internet" and was legit hoping to see a Drake cameo
e
BBL drizzy
Same lol
😂
@@ReferredRhyme82BBL drizzaaayyy
It would be really cool if you did a video showing the "hacker's perspective". Set up an unsecured system, then try to break into it and trash it the way the hackers do. The fact that an unsecure connection literally lets someone else move files onto a PC and execute them still blows my mind. Is it really as easy as these videos make it seem?
I like this idea
@@spacecat3198 Me to, I'm just concerned TH-cam would take issue since it could be interpreted as "teaching how to hack".
It is not. Most of his videos rely on SMB vulnerabilities. This is essentially protocol that allows sharing of resources (including files) over network . If you disable it, hackers are left high and dry .
This kind of thing would realistically not happen if you connected your own 14 year old system to the internet. Firewalls exist on basically every router sold these days, and there's almost no reason to connect a PC directly to a modem anymore, which is how this happens.
You wanna find out, try redacted or redacted or some other ctf where you can pwn a box. It can be pretty freaking hard, but that's usually a matter of finding the vulnerabilities (by hand, usually)
Redacted 1 is: Words that sound like "hakkk zee box"
Redacted 2 is: worst that sound like "tryyyyy hakkkkk meeee"
I am literally not allowed to type the names of the sites or the comment gets pwned.
When I was getting into Linux a bit with a Raspberri Pi handheld I had an ssh appliaction for convenience since it had no keyboard and I forgot to change the login credentials and in like a few hours I got malware that was as in your face as a 90's virus, it gave a big red flashing screen for an infection or something, and I was _freaking the heck out_ because this was on a tiny Gameboy 640x480 screen! Thankfully I kept nothing important on it and just was using it as an emulation system but wow
How was it connected? I would doubt that would be exposed to the internet.
@@EricParker I don't remember this was like 3 or 4 years ago but ssh was the one thing I could think of that caused it so I guess? I couldn't find any videos on malware like that though, I wouldn't be surprised if it was someone's scareware designed to let people know to change their password xD but yeah my Pi was connected to the internet at the very least because I wanted to run PokeMMO on it and also RetroAchievmeents on Retropi
@@EricParker My comment got auto deleted by YT but yeah, I wanted to run PokeMMO and RetroAchievements so it was connected to the internet, not sure if SSH was configured for WAN though I just had default settings I think. Also not 100% sure it was ssh it could've been some other remote desktop thing I don't remember, it was like 3 or 4 years ago
I'm jealous! I wish my linux install was hacked one day like that
@@ETORERIGO I wish I recorded it but I didn't think to in my panic lol.
Moral of the story: keep your stuff updated.
@@susstevedev windows xp is vulnerable as fuck
@@susstevedev Eric has already shown a windows XP video, watch it and you'll see. In that video he connects it to the internet, and immediately gets rats, spyware & adware.
@@susstevedev Have fun with all the malware you can get from those unsupported Windows.
If the update didn't cause any problems with other users.
@@truestbluu SP3 while using a router firewall is plenty good enough.
There's a lot of really old Linux kernel versions circulating the wild, particularly in the gambling sector. And, they connect to the internet. Kinda nuts.
I saw one when I was on vacation once! It was running CentOS or something with kernel 2.4
@@system128 I saw a centos system on a cash register that was running not being used stuck on the login panel and it was lightdm, and it had the same 19 inch lg monitor i had at home
Of course it's in the gambling sector...😂
TLDR: nothing happens until you go specifically out of your way to make it insecure
This is true for all operating systems, even Windows.
@@Alethila Not really, Windows can get compromised with just an internet connection, as it was a major attack vector in the past because the user base wasn't the most knowledgeable at securing their system and the defaults were in favor of making using the computer easier. This is why everyone complained when Vista was released, it made running privileged software a little more secure, but flaws in release versions of Windows will not have the patches that would keep you safe for very long when connected to the internet.
@@jfftck "Windows". You say that like it's one version. This creator made a video in the same style about windows 95, and he had to go out of his way to make it insecure. Turning off the firewall and so on. Truth is, Linux has many of the same problems and weaknesses. It's only less apparent because Linux has a much lower userbase. Stop looking at tech as a fanboy, instead take objective looks. You'll grow both in a professional and personal manner.
@@kristoffer8609 Windows 95 didn't come with a firewall, so if it had one, that isn't a base installation. My first computer was a DOS system, then my family upgraded to a Windows 95 computer. I can also provide proof that I work in one of the big tech companies, so I think I know what I am talking about. I have a problem with these videos because of the non-standard setup.
Furthermore, I was using Linux as a teenager and having to manually set up everything, not like this version that was shown in this video. I don't recommend using any OS that is out of date, but the cool thing about Linux is it has a live session -- which is a version running in memory and doesn't write anything to your drive, so you can browse the web without worries of being hacked as it will wipe everything if you restart. This live session can also install a newer version, so until Windows or macOS support this feature, it will always have a way to install from older versions.
Probably the only versions of Windows that are going to be compromised out of the box are XP pre-SP2, Windows 2000, and maybe NT 4. Everything else has either sane defaults of firewall and closed services or are too old and primitive to be targets. And this assumes you're going out of your way to connect it directly to the internet, which hasn't been a thing for about two decades.
Stupid question: is it possible to make a honeypot out of old system and then abuse-report the attacker?
Yep.
that's a common method, and also is what a bunch of those websites which train you to hack intentionally do.
just block them with various block lists. I used to work for a hosting provider. Trust me, if your idea worked it would be used. It doesn't work.
@@BangBangBang. Wasn't an idea, just a curious question
Wow, that little bongo drum sound effect is almost as nostalgic for me as the Windows XP startup noise.
I tried this with a Ubuntu 22.04 base install without updating. It took 5 days until I found a Mirai C2 server communicating with it
Might actually work better
just curious, did you used Lynis compliance checker to harden this ubuntu or just used it with default settings?
@@JoraGamer hi! I ran a CIS benchmark to patch up the most basic things. I would like to try Lynis auditing, but it didn't come to mind then 😁. Thanks, I will have something to do now
WHAT??
Wait, how did that happen? Can you share some more details about the attack?
Wordpress scanning bots will find your next project in less than 5 minutes. There are SOOOO many WP vuln bots.
Why don't ISP's block such IP's that send the same hacking packets to multiple hosts. It probably is obvious. Also, if we move to IPv6 will the hackers be able to find commputers that easily?
This was definitely the case with Drupal, too, at least some years ago.
@@typingcat The answers are no and no:
First no because somehow the ISP needs to know that someone is hacking, and that needs a packet scanner, which usually only works with unencrypted connection, that also needs to scan a packet through thousands of scanners, so the ISP knows for sure that it is indeed a hacker, and even if they know then they can block normal clients who have just been hacked/downloaded some malware, and if the ISP blocks them then they also block normal communication... not worth it.
Second, no, because luckily IPv6 is so hudge, so if everyone has (almost) random IP then finding a target is harder... not impossible, but harder.
@@Maramowicz none of that matters because: the ISP needs to care. Hackers use ISPs that don't care. In fact, there's a whole class of attacks (such as DNS amplification attacks) that rely on sending packets over the internet from an IP address that isn't actually yours, which shouldn't be possible, but that some ISPs just don't prevent
@@LoganDark4357
ISP when someone setups bots to attack people: 😊
ISP when they see you're torrenting a movie: 😈
bruh i thought it said "what happens if you expose a 14 year old"
So... nothing would happen to the average user
As he mentioned, it's the services running on the machine that make it vulnerable. If there are no listening ports exposed to the internet, there is no toe-hold for an attacker to latch on to. You have to be able to get a response from the machine in order to make it do anything.
But what if we used an Amiga, or a BeOS machine?
When you enable ssh with username "root" and password "root" a ransomeware will encrypt your data -don't ask me how I know
Also if you leave mysql or mongodb open without any password it will enentually be encrypted
Obviously you should have used the password "toor", which is so much better because everyone knows hackers can't read backwards.
@@the-answer-is-42 Haha
That's the default configuration for "damn vunlerable linux".
yeah it was actually redis which was encrypted, I remember now - pretty common if iptables isn't installed
You should expose something on the internet (really anything) and then advertise it on some hacking subreddits and your TH-cam Community tab. It would be interesting to see how much damage could be done in an hour.
but what would happen if you expose a 14 year old to the internet?
drake intensifies
Nothing because at that age they were already exposed to the internet at least for a decade 😓
Gen Alpha memes
you get me
So there are people using nmap to search through millions of ip addresses? I know old stuff is vulnerable on the internet but I didn't think someone would find you that quickly?
It would take a while for 1 attacker to find you. With 2 attackers it would take half as much time for someone to find you. Now imagine how many intentional bad actors there are online. Then add in all the compromised systems acting as part of a botnet. If there are 1 million hosts each trying a completely random IPv4 address once a second it will take (on average) less than an hour for one of them to find you.
Can you investigate if AliciaGame is a virus or not? It was an old game I used play but now it seems to be detected as virus
You can mirror a virtual switch port to another switch port sending it to wireshark. Thus looking at all the connections from the outside without the server beeing supported by wireshark
Is this directly connected to the internet? Not behind a NAT?
Dirtectly.
If it was NAT probes would only see a router.
I'd probably have installed Tomcat as well (more code execution vulnerabilities in the last years than Apache) maybe with some Struts webapps (most insecure JSP framework) as well as some CGI scripts that use Bash (to attract ShellShock aka CVE-2014-6271) to Apache. And PHP and a 14-year old Wordpress. Not sure how ubiquitous scans for those things are nowadays, though. Also, get a Lets Encrypt Certificate or any other TLS certificate that is listed on Certificate Transparency a few minutes after you exposed it to the Internet under a (sub)domain that never had a TLS certificate. That is an invitation to many black hats to have a close look at the server quickly (maybe not updated yet?)
I have internet only when I do hotspot from my phone. Is this safe for linux?
Curious to know how u got into cyber security and if you went to college to study for it
Next: What if you expose sun solaris to the internet
You don't necessarily have to run Wireshark on the client.
If you put a managed switch between the client and the internet, you can set up port mirroring on the switch and capture the traffic on your workstation.
You can also buy a little hardware tap that you just put in the middle of the ethernet link to the modem/router/internet and then you have two other RJ45 plugs which deliver incoming and outgoing traffic. However, he's using a VM so his networking is probably not amenable to either of these methods. But it's all getting pretty complicated at that point; probably too much so for a TH-cam video.
And if you're running this in Proxmox/KVM, you can solve the problem with simple networking. The vulnerable VM will have a net adapter attached to say, vmbr1 on the hypervisor. Simply create another virtual bridge (vmbr2), attach them BOTH to a new linux VM for Wireshark, then create a virtual bridge inside of it, and enable packet forwarding. All traffic will be filtered through the Wireshark VM, and can be safely recorded.
My first distro 🥺
Leurak??!!!! Creator Of Memz VIRUS!
Leurak??!!!!
@@ツッヾヅ no way
@@ツッヾヅabsolutely insane
You can totally run wireshark in a MITM configuration. Just create a Linux VM with 2 ethernet adapters bridged to each other.
What version is this? Since people are starting to come out and “expose” you, I would advise you to be as transparent with the details as possible.
Who is exactly exposing them?
@@princess7jasmine couldn’t find it though it was a small youtuber
@@tezcanaslan2877 So, you're making a baseless claim?
It is Ubuntu Lucid. So 10.04.4
You should try setting up a regular Linux box except with open SSH and a weak password
That's not even a tiny hurdle. I used to run SSH on port 443 so I could get into my systems from work. Watching the traffic hit that was amazing; I'd sit there watching it in real time and work out where they were hitting me from and it was fun but a bit too much after a while. Of course I didn't use a password; it was locked down with SSH key authentication and rate limiting firewall rules.
@@dingokidneys It'd still be interesting to see what malware gets dropped when one of those guys gets in
Would you get hacked if you used a very old and outdated phone? If so, how could you test that? w/ iPhone and android
nah you won't unless you install shady apks on your android device. On iphone i don't think you can get infected by just simply connecting to the internet the only way to get a virus on an iphone is by jailbreaking it and even then you won't be infected since ios is not very easy to hack.
@@frans3090 makes sense. Was just wondering if there could be any attacks since outdated versions of phones have vulnerabilities and flaws yk
you should make a video with old OS exposed to internet but with software firewall keept enabled
How to learn cybersecurity skills like you ? Please i don't need read this cert like advice . A practical one like what concepts i need to cover. Internet data is confusing i don't know if i want defensive or offensive?
I once installed samba on my main linux for a school project, i had to reinstall it after, some microsoft package broke my dependencies. Also theres a lot of vulns in that. Just think about school pcs :D
Hello Eric could you test Horion mod for Minecraft bedrock. I use it and it would be cool if you made a closer look on this cheat software.
It’s safe
Barebones = "More secure." You add more crap, you introduce more holes, security does actually get worse. There is a direct link.
It's the principle OpenBSD is based on, and it has a fitting security record.
Interesting experiment, man the internet of servers looks like a scary place. Just a bunch of bots trying to hit exposed ports and what not to see what sticks. Mad respect to all the cybersecurity experts out there.
Is adfly if click allow will annoying notification?
Yes.
My university runs an old CentOS 7 server running kernel 3.10 for the computer science students to use. I don't touch that thing with a 40 foot pole
It was a few years ago now (maybe 8, time flies, lol), but the university I studied at had an entire internet room filled with XP machines. We used them for computer labs. I had to talk someone out of doing something banking related on it.
@@the-answer-is-42 Were they connected to outside world with external IPs or through a router with 192.168 ips?
@@kirill9064 Through a router I think, but they were public computers everyone was using.
@@the-answer-is-42 Were they without immutablility software that would reset system on restart?
@@kirill9064 yeah, it was just normal XP machines. Nothing fancy about them.
Can you check if Ghost Spectre ISO is safe?
seems to be safe and legit, people dont really report security issues with it, I've been using it myself for over a year, but you never can know if in the future the author doesn't change his mind and ships an update with malware
Yeah it is safe. I've used Ghost Spectre for nearly 2 years now. I am very satisfied :D
I wouldn't trust it, AtlasOS and ReviOS are both open source.
There is LTSC which is less optimized for gaming, but is developed by Microsoft
@@mixskillter4785 Yeah but that's also with almost any software you download
@@ttkftykyfts Yeah i'm using it for 2 years already and had no issues, but yeah I don't know if it's good not keeping up with some Windows Updates
What I heard, it is possible to upgrade Linux before getting hacked, not something that Windows or macOS can say.
MacOS doesn't need to worry about it. Not the win you thought it was really.
Like that UEFI hack that MacOS is the only OS unthreatened by it, while Windows AND Linux are completely unable to do anything about it.
@@The_Prizessin_der_Verurteilung Apple Silicon has a flaw that can't be fixed with software, and you can run Linux on hardware that doesn't have flaws. There are many platforms that Linux supports that it can run on anything. Also, the flaw for UEFI, which does have a software patch, requires the software to be run in privileged level, but Apple's exploit could expose your security credentials remotely.
Stop trying to act like Apple is flawless in execution, besides running 14-year-old software will most likely be on old hardware without UEFI boot image flaw.
Crazy how similar old linux looks like compared to new linux
why are you installing stuff here and didn't install anything on the Windows 98 one tho
Because stock Linux doesn’t ship with any open ports. Nothing happened regardless, but I was trying to give it a chance
Can you make one about old firewalls ?
I remembered when I accidently ran a socks proxy without a password on my server. It took someone 2 minutes until they found the service. After 20 minutes, the vps was already slowing down due to the huge amount of traffic that was routed through the server. Always read the instructions before launching an internet exposed service, lol.
Will you try exposing Windows NT 3.1 to the Internet?
Can you do macOS next?
that would be interesting, also ios or android
@@lPlanetarizado Mac os 9.0.4?
you should try exposing a mongodb instance with no password. (I already tried accidentally and I wasn't happy)
No exposed ssh ?
common apache L
NGINX gang
I triple booted on my drive... (macos / hackintosh, windows 11, & ubuntu)
propfind is webdav proto
I have no idea what this accent is
Man you should use that older version of Linux on a VPS SERVER, because mos of these scanners are having long list of host services IP addresses, they don't waste their time scanning the entire of internet as you may expect, you can try Digital Ocean, or Amazon AWS as test.
You can do the same, on your home PC (a VM), by mapping an external IP to it, e.g. as insecure Proxy or maybe VPN where it won't filter any traffic, you will be surprise how fast it will get h1cked.
did nobody get "the wired is starting to talk to us"
Windows: Install me, nothing else, just install and I get hacked...
Linux: Even if you install me I will not get hacked, you have to install some vurneable software first, then configure it and then maybe if you are lucky I will get hacked.
I only understand like a fourth of what’s even happening but I love your videos
What happens if you expose 17 year old Linux (2007) to the Internet?
0:02 My prediction:
Immediately joins a botnet 😂
Sooo, it's basically a metasploitable machine now.
Great vid! i have somehow watched a 10m vid in 2m
Unrelated but Ubuntu has always made some good looking themes.
I miss Unity 7's design too.
Yep, I'm still using MATE, a fork of GNOME 2, though with a more "modern" theme. But that interface is irreplaceable.
Don't forget SSH!
I thought you were gonna expose a 14 year old kid's linux 😭
"GuYs HE iS A FAKEEEEee He tURnED Off tHE fIREWALL"
Ew ubuntu the best linux is LFS
Sshnuke moment
ayo bro chaseroony gave you a shout out
I saw :)
Murrine vibes.
hi eric!
Here before this vid blows up
YAS THIS IS WHAT I LOVE
drake
i love your videos
hi thanks for the vid
woah early? also cool virus thingys
Bump
64th comment
We all know mac os is the safest os around 🙏
proprietary
@@ThatBKsecurity through obscurity
Especially if it is Mac OS 9.