Having a link that was legitimate before become compromised and screw me over when clicking it is a huge nightmare scenario for me. Thankfully it's never happened and I've been online since the mid 90s.
It's called a watering hole attack. Not super common though, because it would be discovered quickly on a well trafficked site, usually, so they design it in a way only to target specific ips when they visit a particular site
If you browse facebook, they promote ads that have scammers and all kinds crap like fake sites which is very common. before CORS/CSP was mature these link hijacking types of attacks were far more common
I love all the news agencies that say scanning a qr code is a clickless fully automated no action no awareness hack that also immediately does identity theft. And they say literally nothing about the geocities page that just asks them to manually type their info in for no reason and hit submit.
Yeah I think they say this to keep people on their toes, to avoid getting scammed. I see news in my country: CLICKING THIS LINK WILL STEAL YOUR DATA AND MONEY. Turns out they had to download and run an exe file, just visiting it does nothing
5:55 that edge virtualisation thing is still there. You just need to enable it in a few places. It works like it used to, except it now uses the chromium based edge
@@epic_journey. "turn windows features on or off, microsoft defender application guard, also enable hyper v and the vm stuff. Open windows security, app and browser control, isolated browsing, install. When it's installed, change application guard settings, enable advanced graphics. Open edge, press the 3 dots, you'll now see "new tab, "new window" "new InPrivate window" and finally, "new application guard window", hit the last one, wait for it to load, done
Why is it disabled in the first place... Alas they force useless AI crap that wont definitely not be abused, and file encryption which also won't definitely not be abuse but the most common "trickery" is affective with ignorance so why not make file extensions still hidden by default. that "docuemnt.xlxs.exe" document certainly has what I'm looking for.
@@balsalmalberto8086 The average user won't have a clue what a vm is, never mind know when to use one and what they can do. The actual purpose of the virtualised browser is for enterprise. You install a chrome extension that checks what websites you visit, if you visit an unknown website, the website is blocked and instead loaded in the vm browser. All the vm stuff in windows is disabled by default. Partially due to the fact it's a power user thing, partially due to it needing virtualisation to be enabled in the motherboard and partially because virtualisation can be unstable on some systems. Eg, if I enable edge virtualisation on my laptop, I bluescreen boot loop till I disable it in safe mode. Your parents and granny will just use the edge like normal, it's only a very small section of the userbase that would actually know what it does and use it
@@epic_journey. I wrote a reply but it seems to have gone into the ether. So here's the short version. Enable the vm stuff in "turn windows features on or off", "microsoft defender application guard" is the option that actually enables the browser vm. Then open windows security, go to app and browser control, on "isolated browsing" hit enable. Fiddle with the settings, then you'll see a fourth option when you hit the 3 dots in edge
Its crazy to me people still act in 2024 as if clicking a link will install a virus on your computer without you doing anything. As long as you don't actually open the file you accidentally download because of the malicious link, you should be fine. Its always so funny to me seeing the shocked face of my coworkers when i tell them i don't use an anti-virus, because my anti-virus is common sense and actually knowing what i'm doing. As to this day, i have never had a virus on my computer.
@TheMinkaGod nope. Waste of money. (For me) Don't download sketchy stuff and ESPECIALLY don't run it. I've been using windows my whole life, I know exactly what I'm doing
I accidentally clicked a link from someone messaging me on Steam once, and they got access to my account just from me opening a seemingly blank web page for a second, then immediately closing the page and browser, and restarting my computer. Never entered anything, downloaded anything, or told anyone account details.
If you really are worried about this, a DNS blocker like pihole can also block malicious dns', meaning your request never gets to their servers in the first place since pihole shoots it down.
I remember xss exploits back in the day getting abused on vbulletin boards, allowing exactly for what you've described in the video - to take over the logged in session on the board. Those were fun days...
I thought the point of the Mullvad browser was supposed to protect against fingerprinting though? The fingerprint being unique means it's failing at that purpose.
Another thing that I might have overheard at ~ 10:00 : If you don't want to, or maybe even can't install NoScript, you can also deactivate JS by default in any common browser. Then, you have to also allow list the site, when you are opening it to run it. An Icon might be viewable in the browser address bar or go via the Site Settings on the left of the address bar
As a web application developer, the answer is yes, you can get hacked by a link, but not in the way you might think. Hackers can access your cookies if they are not secured, but only for the page they hijack. For example, if you visit an unsecured website and create an account or enter any credit card details, they can be stolen. In the middle of the communication between the website and its server, the data can be intercepted and transferred to the hacker's server. A hacker can inject code into the website through a malicious link. However, most modern websites use SSL (HTTPS) encryption and huge operations often have firewalls and many other security measures in place.
In theory yes, in practice it's extremely underdeveloped. You can get decent security with profiles on apparmor, but very distros want to package all of it. This may start to change if the market share grows high enough.
@@EricParkerThat's why it's recommended to use Flatpak versions if available, as the packages are itself sandboxed from the OS. Browsers such as Brave, Firefox, Librewolf, Ungoogled Chromium, and even ones like Zen and Floorp, are now available as native Flatpak package officially, I believe Browser companies should be focusing more on working towards their flatpacks. Btw what package do you use your main system Eric? I know you are on Linux..
O yeah that would be great Btw in case Eric is seeing this : I would strongly advise you to watch TheMisterEpic’s 2 videos on the subject, he tells a lot about TLauncher
TLauncher is potentially unsafe because it was stolen from original creators. OG creators made TLegacy or something. I’m not sure if it’s safe, so check that info anyway
2:34 PCs are more easily to get fingerprinted, regarding mobile devices, there are less unique information, so it is a little harder to do so. For example, latest and previous iPhone can generate high amount of the hit, and there is a really high chance, you will have more than 1 device under same fingerprints.
Smartphones and tablets are more traceable, therefore more unique in terms of personally identifiable information especially if you don't degoogle or eat the apple. In terms of secure environments, for malware, phones have a large attack surface, but because they sandbox applications they're more secure in that manner and maybe less exploitable. When it comes to fingerprints, phones are way more giving of information unless you are able to root the device and control it.
There is a way to have a binary be downloaded and ran on your system by just opening a link. It's an actual feature on Microsoft Edge and Internet Explorer.
Haven't watched yet but a good idea is to enable 'ask browser where to save file' setting in whatever browser you're using because some links can make you auto download a file, however if you have that enabled it will ask where you want to save it every time, instead of just auto downloading to the default place
I'm curious how much damage a virus can do if it gets downloaded but you don't manually execute it? My browser changed this setting and I changed it back cause I like the option to choose the location or cancel, didn't even connect how it can also improve security as opposed to not notifying you of downloads, yikes and thanks! I'll be sure to be mindful of this setting on my family's computers.
@@alfamari7675 I think generally speaking most viruses wont cause you any problems unless you execute them but there’s more advanced ones that do. This is just from memory though
@@alfamari7675nothing - if the application isn’t run it never does anything. You can park a car in your garage but it won’t just turn on by itself, you gotta do it.
@@alfamari7675 Zero. What CAN do damage is if your browser has a zero-day and it's exploited, but then they would have to be really stupid to leave traces (the downloaded file) behind them...
Dumb question about linux, is that why it's always recommended you never give root access to users? Also wouldn't that basically stop any attack (unless you're extremely unlucky and just used a sudo command before getting attacked)?
Not really, the main reason not to give root access to users is so that commands run as the user cannot damage the system (either due to user error or malware/bugs). However if the js in the browser gets access to do anything your user can do the could for example upload all your private documents somewhere as most people are not going to have those in a root-access folder. Likewise it would be possible to delete those documents. In short, root is about protecting the system but will not do anything to stop programs from accessing your private data. If you need data protection, your options are to use a separate user for accessing that data (note: anyone with root access can still get to it), encrypt the data and only decrypt when needed (note: storing the encryption password in a plaintext file is like storing your house key under the doormat so be careful where you keep it), or avoid storing the data on the system at all for example by putting it on a (potentially encrypted) flash drive or something. If at a certain point in time you can read some data, that means that any program run by you can in theory read it too.
Actually, on Linux you technically don't have any user other than root with root access, contrary to the Administrator accounts on Windows; instead, you have a group (let's say "sudoers") and a program (let's say "sudo") that runs as root no matter who starts it via the "setuid bit" in its executable's permissions, and checks sudoers to see if you are in that group before exec-ing the other program you told it to as root, hence implementing something like admin accounts. The key part of sudo's operation is the setuid bit, and the fact that it's owned by root (setuid means always run as the owner); other things that also have setuid on include networking facilities, in fact, hence it's a matter of whether those have a security vulnerability that can be triggered by the browser, given that the browser itself allows it to go through. However, in practice this isn't as feasible as it sounds.
hey Eric, i remember there was a website that once you went on it it would log you out everything you were logged in ur browser but if you run it in a private window nothing happens, remember which website it was?
6:30 I don't really think this would be an issue when using a flatpak? Since those are sandboxed. And if you don't give them more permissions/file access then you need they can't really do that much.
Depends on their default permissions would be my guess. If they allow read and maybe write access to the home directory, that might be all that's needed to get hacked.
Flatpaks don’t really help when the Linux kernel has as many holes as Swiss cheese (when you’re talking about the kind of 0day attacks mentioned in this video) if someone can afford/build a chrome chain, they’ll have a Linux kernel PE too
@@Daniel-hz6pt LOL imagine talking about Linux holes, when Windows literally lets anything run beside the kernel (hence Crowdstrike, hence anti-cheat scandals, hence buggy drivers bringing the whole system down, etc.) 😂 Linux being monolithic is actually a plus.
@@erikkonstas That's not how it works, drivers have to be validly signed and you can tweak your code integrity options to enforce only specific signers or WQHL certified drivers which go through automated fuzz testing
There was a vulnerability in Safari's WebKit back in iOS 10 which allowed for arbitrary kernel-level code execution, which allowed for jailbreaks like TNS (Totally not Spyware), which you could use with a simple flick of a slider in its webpage.
I've noticed that many times a button to download stuff can be disguised as a link. Thankfully till date it just downloads stuff and that pops up, so i can instantly cancel and bin it. Also technically Pegasus and other super advanced no click methods exist, but idk if those are for mobiles or laptops
@@Bhoppings Being old IS actually a correct reason, but it's not just them thinking stuff can happen, it's because many of them have cognitive decline and stuff, and it's much easier to tell them "don't download without me" rather than "see this thing you just downloaded, please remember to run a scan on it before double-clicking it" ("remember" being the key word here)...
For us Linux users, how would the snap and flatpak versions of browsers (Firefox, Chrome, etc) fare in case of a 0-day vulnerability that could allow browser sandbox escape? Also, I'm transitioning into using VMs for when I'm going to an untrusted site, is there anything you need to know when setting them up? Like what network configurations are safer and so on.
I'd like to see you test the code execution on Linux theory, both with distros that use AppArmor/SELinux (which are most of them), and the very few distros that don't, like Arch.
NoScript sound like a very good solution, but the use of it seems quite complicated. I know you dont really do the "tutorial" kind of stuff, but i think it would be interesting to do a NoScript vid since you're the tech man!
Noscript relies on origin whitelisting which is quite a weak way of doing it, you just find an XSS on a white listed origin and you can deploy your payload
What I'm about to say will be completely off-topic, but kinda not at the same time...I hope replying to scam emails is safe. I always reply to them with some not so nice things.. I typically will forward the email to the real company as well, in hopes they'll be able to do something about it.
About configuring selinux on linux, some distros ship with that already set up, like Fedora. How does ex Fedora's default selinux profile compare to the security of Mac and Windows?
from what I recall fedora mainly uses the targeted policy rather than the strict one where targeted only applies to certain high-profile processes related to for example web servers (apache) while the strict policy applies to every process (and thus is way more tedious to use on a desktop machine since there are more labels to deal with the permissions of) idk if firefox is/was included in the fedora targeted policy though and it has been a while since I tried using a strict policy on a day to day system so my memory is flaky do not know enough to compare a policy that applies to firefox to how windows/mac handles it
@@YumekuiNeru Apparently, the "strict" policy was merged into the "targeted" policy in Fedora 9. I'm still not very knowledgeable about it all, though lol
I was wondering this due to the new age ads that can open new tabs, or open the page you want in a new tab while opening an ad in the previous tab. Thanks for the video :)
You should take a look at when people would send these fake Roblox links that would steal the cookies of the person who clicked them. I think it would be interesting dissecting those links.
what about drive-by downloads? there was one that had to do with a malware called 'azure stealer'. IIRC generally those work by injecting shellcode into memory
The most typical hack most would get from visiting sketchy websites would be cookie sniffing/stuffing where they would take your browser sessions and cookies from accessing the site Its similar to how LMG got their credentials stolen
Had a guy claim he could take over someones pc just by having them open a link so like any normal person I clicked his link and tried to investigate this potential 0-day he had on his hands I was severely dissapointed to learn that he was just a brain damaged script kiddie trying to act smart because he thought I was IT illiterate 😭
It is actually possible without using any exploit. There is a feature within microsoft edge and internet explorer that WILL download anything AND run it on your system, without user interaction.
Im want to ask? When i browsing some sit force me directly to other links with some fishy trick, like making button invisible or covel whole web invisible barier. Just click what ever in screen force you to browsing other site. How can i stop this direct method? I currently use brave browser with feature anti force direct. But still many site finds hole to jump my shield block. I found they use javascript for smoothly force me to other links. So turn off javascript is wise choose, but many site are broken without java now
Chrome on Linux is also using sandboxing. Not sure how effective it is, but Linux had the ability to restrict syscalls and drop privileges way before Windows did. Don't quote me on this, but I'm pretty sure unless you're doing something stupid like disabling the sandbox or running it as root (that effectively disables the sandbox) then it should be comparable to what's being done on Windows.
why are LTS (long term support) versions of web browsers not used more often? Firefox and Chrome has LTS versions. The only difference is Chrome has backdoors while Firefox doesn't.
@erikkonstas i know that nothing is bugfree, but that's not a reason to use software that was made just now and tested for only a few minutes. LTS means it doesn't get new features anymore but only receives bugfixes. Before something gets proclaimed LTS it first has to get tested for months and months, and even after that it still receives bugfixes.
@@adiadic4722 I never said that, although the versions we usually use are the stable versions, not the nightly ones anyway. The part I was referring to was "The only difference is Chrome has backdoors while Firefox doesn't."
Inconito mode wont disable XSS Exploits its wrong it just prevents tracking , but still can inject Javascript code in the browser from the server. So the browser doesnt have any privileges but can still trick user in a few ways.
I saw a video where Mcaffee said just by clicking on a link, it could execute javascript (and frequently apparently, like any adult nsfw site) to root your mobile phone to install a keylogger. I am very skeptical. Im also curious about what if you download a virus but don't execute it? Do they need to be downloaded AND executed to do damage?
Not too sure about mobile & javascript, that sounds like some exploit that brakes out of the mobile browser's sandbox (which is possible, but unlikely). Although, on microsoft edge it is totally possible to simply open a link and have a binary be downloaded AND executed on your system without any further interaction.
@@kyand920 "Although, on microsoft edge it is totally possible to simply open a link and have a binary be downloaded AND executed on your system without any further interaction." Source?
He answered the question in under a minute, the answer is no, but they can still harvest a lot of information about you because you visited their website.
@StefanReich excellent question, but no, as the video says, browsers haven't supported arbitrary code execution from a web page in decades. There are things you just can't do from a web page because of language restrictions and api support. Also most of the time scam websites you go to are for social engineering and not actually malicious. Thinking scammers might actually hack you is giving them too much credit, they're just about all script kitties.
Said question has many interpretations to be fair, if you mean "should I be deathly afraid of clicking a link?" the answer is no, but if you mean "is it teeeeeeechnically, through some possibly as of yet undiscovered zero-day, possible?" then the answer is yes.
based off this video, it kind of depends on what you mean. the link in of itself hacking you? no. where the link points to? what code the website the link goes to has? 100% yes, that link will load whatever that website has basically instantly. just dont click (ph)fishy links!
Well, on Ubuntu Linux, by default, Firefox and Chromium are snap packages, which means they are sandboxed. Which means zero access to important resources.
@@schwingedeshaehers When you visit a website, it captures a snapshot of your browser size, operating system, keyboard format, and the browser being used to render the page. If your browser window remains the same size each time you visit, the site can use this information to fingerprint your traffic. Once you log in to that website-say, Facebook-the site can identify you based on your login information. A VPN can help maintain anonymity only if you never log in and use a new VPN connection for each website you visit. Simply changing your screen size won’t improve privacy; it may only indicate an unusual screen size, which isn’t standard. A more effective solution would be to spoof the system details and screen size completely. However, the moment you log in to any website, tracking becomes possible.
Furthermore, like me, I block VPN services because 90% of the time that somebody is coming onto my website using a VPN is trying to do something nefarious. So its not beneficial for me to allow VPN services accessing my servers.
@@erikkonstas I block VPN IPs on my hosting servers because 99% of them are bots attacking my websites. VPNs were originally designed for businesses to securely connect remote computers to their internal networks, simulating local network access over different ISPs. Today, VPNs often mislead users by claiming complete protection, which only works if used correctly. Most users fail to do so. To maintain privacy, each VPN location requires a unique identity. Logging into the same accounts across multiple VPN locations or devices allows tracking. While VPNs prevent man-in-the-middle attacks, they don't hide activity from services like Facebook, which can still track users. VPNs may even invite targeted attacks like social engineering. True anonymity requires using one device, connection, VPN, and account, with no overlap or shared activity across platforms.
Ok, why Linux doesn't do something like openbsd does with only 'Downloads" folder allowed to view from the browser? Is there any step-by-step guide to do a profile like that?
What do you mean by "to view from the browser"? Because "file://" can also be described as that, but this doesn't mean some random website can see your entire filesystem.
@@erikkonstas Imagine me as some script kiddie, and I'm going to copy and paste some viral scripts from my bad actor friend to my web browser... Some script can do a listing of my files, copy ssh keys, my photos, when I can view them - they can too... And they can do more then I'm comfortable with... maybe website can't.. but why I'm able to do this in web browser - I don't need to - so I want to harden it... ok?
@@seedney Uh... maybe just don't paste random untrusted stuff in the console then? No kind of sandbox can save you from a cookie-stealing script that promises "free virtual currency" that you've copied and ran yourself...
If I ever want to go to a link or download something I'm a bit sus on I just open up Vmware Workstation Pro fire up one of my VMs then use the VM to do it, if anything goes wrong just shutdown the VM and restore it back to the last snapshot that I took of it.
No, it's the same risk as opening the downloaded PDF actually, if it's one of those "smart" PDFs with JavaScript in them (e.g. where you can type in fields and click on checkboxes).
Hi, can anybody answer this? Got supposedly "hacked" once through clicking a link. It was one of those steam chat "poll for my team in this website" type of thing. I don't really remember the details of it but whoever did it got ahold of access of my steam chat and was sending chats to one of my steam friends. Nothing happened tho, got the password changed and everything but i'm just curious on how it happened. Did it happen through these methods or is it different? Appreciate the replies. Thx!
if they "got access" to your steam chat or anything like that, it 99% of the time means they found a way to steal your cookies(which allows others to authenticate as you without any password or anything like that). Now the question is how? By clicking a link, that is only possible through a zero-day exploit, which is very unlikely that u ran into one of those, so you probably messed up in another way that you don't remember.
@@upsxace yeah maybe i did put my login to the site when i tried to recall it again. It's a long ago and all i remember was just clicking the link and went into this website and clicking some more until a pop up came out and just closed right away. idr much tbh but that's a reply i'm looking for, thanks!
"Java" or "JavaScript"? Because Java applets were quite the malware festival back when they were a thing, but were in fact not exactly "within" the browser...
I've wondered about the virtual machine thing. It feels much safer to run a browser in a sandbox or virtual machine. But apparently that's not a thing anymore? I'm on Windows btw.
VMs will never "not be a thing"... every CPU that should be considered appropriate for a PC in 2024 has special virtualization instructions, actually (Intel calls it VT-x).
I was thinking of exploiting another app using thier custom uri scheme. Although the exploit will not occur in the browser, it will be still just a link that a victim would need to click.
Always do right-click on the file then open with the photos app. And if you want to be hundred percent safe (like remember there was a vulnerability within WebP format?) better just upload the Google Drive which is not your real account and open it in from drive online,
@@wixlogo i want to understand you talking about the webp format that i download from the browser directly like right-click and save it or downloading webp compressed in rar or zip.
Regarding arbitrary code execution: how does this change with the rise of web assembly? I've seen complete C programs compiled to web assembly and run inside the browser, including full video games. I feel like this makes it a lot easier to run malicious code on browser page load, right?
In theory: if the image viewer is coded in a spectacularly moronic manner anything is possible. In practice: Probably not. ALthough there was an exploit with webp fairly recently.
Yes, not in all cases, it's rare anymore. Hackers can embed malicious code within an image file, and if you open it using a vulnerable image viewer, the code can be executed. I've seen it work decades ago, but with all the patches and security fixes, not anymore.
@@EricParkerYou should dive into steganography some time. The most basic way to pull it off is with the "cat" command. Sort of. I'd more so call this a pseudo form of it, but cat can be used to spoof RAR archives as images that will load in an image viewer. Not sure if it's possible to do this with something like an SFX, but I'm sure something could be cobbled together.
@@EricParkerI think it’s dumb to say “moronic way” the people that wrote libwebp weren’t morons, C/C++ is just very hard bordering on impossible to write without undefined behaviour
Short answer: No.
Short answer : Yes. It's called XSS, CSRF, Spoofing, etc etc
@@Chrizzy_Officialfluent in a programming language ❌fluent in yappanese ✅
beef-xss and browser spoofing and csrf lol its kinda ez to
@@Skailed Whatever you say Mr Anime Bedwars TH-camr
@@Skailed Also what I said isn't programming, its just vulnerability pentesting, but sure
Having a link that was legitimate before become compromised and screw me over when clicking it is a huge nightmare scenario for me. Thankfully it's never happened and I've been online since the mid 90s.
holy shit u joined 19 years ago... respect
It's called a watering hole attack. Not super common though, because it would be discovered quickly on a well trafficked site, usually, so they design it in a way only to target specific ips when they visit a particular site
If you browse facebook, they promote ads that have scammers and all kinds crap like fake sites which is very common. before CORS/CSP was mature these link hijacking types of attacks were far more common
@@cremapastelera00lmao
happened to me 16 years ago from ads on some website u could play games on
I love all the news agencies that say scanning a qr code is a clickless fully automated no action no awareness hack that also immediately does identity theft. And they say literally nothing about the geocities page that just asks them to manually type their info in for no reason and hit submit.
Yeah I think they say this to keep people on their toes, to avoid getting scammed. I see news in my country: CLICKING THIS LINK WILL STEAL YOUR DATA AND MONEY. Turns out they had to download and run an exe file, just visiting it does nothing
5:55 that edge virtualisation thing is still there. You just need to enable it in a few places. It works like it used to, except it now uses the chromium based edge
how to enable it?
@@epic_journey. "turn windows features on or off, microsoft defender application guard, also enable hyper v and the vm stuff. Open windows security, app and browser control, isolated browsing, install. When it's installed, change application guard settings, enable advanced graphics. Open edge, press the 3 dots, you'll now see "new tab, "new window" "new InPrivate window" and finally, "new application guard window", hit the last one, wait for it to load, done
Why is it disabled in the first place... Alas they force useless AI crap that wont definitely not be abused, and file encryption which also won't definitely not be abuse but the most common "trickery" is affective with ignorance so why not make file extensions still hidden by default. that "docuemnt.xlxs.exe" document certainly has what I'm looking for.
@@balsalmalberto8086 The average user won't have a clue what a vm is, never mind know when to use one and what they can do. The actual purpose of the virtualised browser is for enterprise. You install a chrome extension that checks what websites you visit, if you visit an unknown website, the website is blocked and instead loaded in the vm browser. All the vm stuff in windows is disabled by default. Partially due to the fact it's a power user thing, partially due to it needing virtualisation to be enabled in the motherboard and partially because virtualisation can be unstable on some systems. Eg, if I enable edge virtualisation on my laptop, I bluescreen boot loop till I disable it in safe mode. Your parents and granny will just use the edge like normal, it's only a very small section of the userbase that would actually know what it does and use it
@@epic_journey. I wrote a reply but it seems to have gone into the ether. So here's the short version. Enable the vm stuff in "turn windows features on or off", "microsoft defender application guard" is the option that actually enables the browser vm. Then open windows security, go to app and browser control, on "isolated browsing" hit enable. Fiddle with the settings, then you'll see a fourth option when you hit the 3 dots in edge
Its crazy to me people still act in 2024 as if clicking a link will install a virus on your computer without you doing anything.
As long as you don't actually open the file you accidentally download because of the malicious link, you should be fine.
Its always so funny to me seeing the shocked face of my coworkers when i tell them i don't use an anti-virus, because my anti-virus is common sense and actually knowing what i'm doing.
As to this day, i have never had a virus on my computer.
Anti virus is like lawyer, even if you know you are innocent and have proof it's still better to get one since it doesnt cost anything
@TheMinkaGod nope. Waste of money. (For me)
Don't download sketchy stuff and ESPECIALLY don't run it.
I've been using windows my whole life, I know exactly what I'm doing
I accidentally clicked a link from someone messaging me on Steam once, and they got access to my account just from me opening a seemingly blank web page for a second, then immediately closing the page and browser, and restarting my computer. Never entered anything, downloaded anything, or told anyone account details.
@@TheMinkaGodwindows defender is free and is the only thing worth using yeah may as well have it
@@MetroAndroid maybe a vulnerability in steam?
If you really are worried about this, a DNS blocker like pihole can also block malicious dns', meaning your request never gets to their servers in the first place since pihole shoots it down.
I remember xss exploits back in the day getting abused on vbulletin boards, allowing exactly for what you've described in the video - to take over the logged in session on the board. Those were fun days...
B33f
@@4pThorpyPork. 😂😂but I know what you meant dawg
babe wake up Eric Parker just uploaded
I’ve literally kept up with his videos for some time now. He never misses! 🎯
Same
real
the reason that the mullvad fingerprint is unique is because the canvas render is fucked up on purpose
I thought the point of the Mullvad browser was supposed to protect against fingerprinting though? The fingerprint being unique means it's failing at that purpose.
@Daniel15au This is wrong, it’s random, so you will never have the same fingerprint twice.
@@Capiosus oh! Well that's interesting! Thanks for the info/correction.
Answer : 8:28
Another thing that I might have overheard at ~ 10:00 : If you don't want to, or maybe even can't install NoScript, you can also deactivate JS by default in any common browser. Then, you have to also allow list the site, when you are opening it to run it. An Icon might be viewable in the browser address bar or go via the Site Settings on the left of the address bar
As a web application developer, the answer is yes, you can get hacked by a link, but not in the way you might think. Hackers can access your cookies if they are not secured, but only for the page they hijack. For example, if you visit an unsecured website and create an account or enter any credit card details, they can be stolen. In the middle of the communication between the website and its server, the data can be intercepted and transferred to the hacker's server. A hacker can inject code into the website through a malicious link. However, most modern websites use SSL (HTTPS) encryption and huge operations often have firewalls and many other security measures in place.
The vulnerability is called Cross-Site Scripting (XSS), if you want to read about it to secure your website.
About your linux security remark, it seems that the Linux kernel is adding more built in security features like mprotect, but they seem to be opt in
In theory yes, in practice it's extremely underdeveloped. You can get decent security with profiles on apparmor, but very distros want to package all of it.
This may start to change if the market share grows high enough.
@@EricParker Do flatpaks and appimages protect like you said Windows and MacOS does?
@@EricParkerThat's why it's recommended to use Flatpak versions if available, as the packages are itself sandboxed from the OS. Browsers such as Brave, Firefox, Librewolf, Ungoogled Chromium, and even ones like Zen and Floorp, are now available as native Flatpak package officially, I believe Browser companies should be focusing more on working towards their flatpacks. Btw what package do you use your main system Eric? I know you are on Linux..
@samuel87723 I’m not familiar with macOS but flatpaks seem similar as they sandbox apps and offer granular control over permissions.
@@samuel87723flatpaks, if configured correctly, put you on a similar level to MacOS.
But why is everyone in the comments acting like zero-click exploits do not exist? Exceedingly uncommon in the wild but absolutely possible
Hey eric, Can you make A vid abt TLauncher (the cracked launcher)? its kinda weird of ppl saying its a malware
O yeah that would be great
Btw in case Eric is seeing this : I would strongly advise you to watch TheMisterEpic’s 2 videos on the subject, he tells a lot about TLauncher
TLauncher is potentially unsafe because it was stolen from original creators.
OG creators made TLegacy or something. I’m not sure if it’s safe, so check that info anyway
@@mysticstylezz9557 It used to be called TLauncher Legacy, now it's called Legacy Launcher
2:34 PCs are more easily to get fingerprinted, regarding mobile devices, there are less unique information, so it is a little harder to do so. For example, latest and previous iPhone can generate high amount of the hit, and there is a really high chance, you will have more than 1 device under same fingerprints.
Smartphones and tablets are more traceable, therefore more unique in terms of personally identifiable information especially if you don't degoogle or eat the apple. In terms of secure environments, for malware, phones have a large attack surface, but because they sandbox applications they're more secure in that manner and maybe less exploitable. When it comes to fingerprints, phones are way more giving of information unless you are able to root the device and control it.
Thanks you for doing that because I was really wondering about that!
Same here, also with clicking anywhere on a website and a strange pop-up comes up, loads for a few seconds, then self-exits.
There is a way to have a binary be downloaded and ran on your system by just opening a link. It's an actual feature on Microsoft Edge and Internet Explorer.
Haven't watched yet but a good idea is to enable 'ask browser where to save file' setting in whatever browser you're using because some links can make you auto download a file, however if you have that enabled it will ask where you want to save it every time, instead of just auto downloading to the default place
I'm curious how much damage a virus can do if it gets downloaded but you don't manually execute it?
My browser changed this setting and I changed it back cause I like the option to choose the location or cancel, didn't even connect how it can also improve security as opposed to not notifying you of downloads, yikes and thanks! I'll be sure to be mindful of this setting on my family's computers.
@@alfamari7675None
@@alfamari7675 I think generally speaking most viruses wont cause you any problems unless you execute them but there’s more advanced ones that do. This is just from memory though
@@alfamari7675nothing - if the application isn’t run it never does anything. You can park a car in your garage but it won’t just turn on by itself, you gotta do it.
@@alfamari7675 Zero. What CAN do damage is if your browser has a zero-day and it's exploited, but then they would have to be really stupid to leave traces (the downloaded file) behind them...
Dumb question about linux, is that why it's always recommended you never give root access to users? Also wouldn't that basically stop any attack (unless you're extremely unlucky and just used a sudo command before getting attacked)?
Not really, the main reason not to give root access to users is so that commands run as the user cannot damage the system (either due to user error or malware/bugs). However if the js in the browser gets access to do anything your user can do the could for example upload all your private documents somewhere as most people are not going to have those in a root-access folder. Likewise it would be possible to delete those documents.
In short, root is about protecting the system but will not do anything to stop programs from accessing your private data. If you need data protection, your options are to use a separate user for accessing that data (note: anyone with root access can still get to it), encrypt the data and only decrypt when needed (note: storing the encryption password in a plaintext file is like storing your house key under the doormat so be careful where you keep it), or avoid storing the data on the system at all for example by putting it on a (potentially encrypted) flash drive or something. If at a certain point in time you can read some data, that means that any program run by you can in theory read it too.
Actually, on Linux you technically don't have any user other than root with root access, contrary to the Administrator accounts on Windows; instead, you have a group (let's say "sudoers") and a program (let's say "sudo") that runs as root no matter who starts it via the "setuid bit" in its executable's permissions, and checks sudoers to see if you are in that group before exec-ing the other program you told it to as root, hence implementing something like admin accounts. The key part of sudo's operation is the setuid bit, and the fact that it's owned by root (setuid means always run as the owner); other things that also have setuid on include networking facilities, in fact, hence it's a matter of whether those have a security vulnerability that can be triggered by the browser, given that the browser itself allows it to go through. However, in practice this isn't as feasible as it sounds.
Haven't watched yet, spectre was explotable from js right
It is in theory. JIT escapes have also happened.
What if my browser on Linux is installed as a flatpak?
hey Eric, i remember there was a website that once you went on it it would log you out everything you were logged in ur browser but if you run it in a private window nothing happens, remember which website it was?
Don't know the site, but I'm curious now
@@imaginepercentage-th4ki unfortunately i forgot about the url of it :/
Happened to me once on 4chan 10 years ago. Someone posted a link to a fake reddit page.
It was a JavaScript exploit
@@basic1279 thats crazy
holy shit, your vpn was set like 25 minutes away from where i live, that scared me for a second for some reason
Request for a video on Portmaster (recommended settings, use cases, demystifying features, etc). Cheers!
6:30 I don't really think this would be an issue when using a flatpak? Since those are sandboxed. And if you don't give them more permissions/file access then you need they can't really do that much.
Depends on their default permissions would be my guess. If they allow read and maybe write access to the home directory, that might be all that's needed to get hacked.
Flatpaks don’t really help when the Linux kernel has as many holes as Swiss cheese (when you’re talking about the kind of 0day attacks mentioned in this video) if someone can afford/build a chrome chain, they’ll have a Linux kernel PE too
@@Daniel-hz6pt LOL imagine talking about Linux holes, when Windows literally lets anything run beside the kernel (hence Crowdstrike, hence anti-cheat scandals, hence buggy drivers bringing the whole system down, etc.) 😂 Linux being monolithic is actually a plus.
@@erikkonstas That's not how it works, drivers have to be validly signed and you can tweak your code integrity options to enforce only specific signers or WQHL certified drivers which go through automated fuzz testing
There was a vulnerability in Safari's WebKit back in iOS 10 which allowed for arbitrary kernel-level code execution, which allowed for jailbreaks like TNS (Totally not Spyware), which you could use with a simple flick of a slider in its webpage.
I've been wondering about this topic for a while now, thank you.
I've noticed that many times a button to download stuff can be disguised as a link. Thankfully till date it just downloads stuff and that pops up, so i can instantly cancel and bin it.
Also technically Pegasus and other super advanced no click methods exist, but idk if those are for mobiles or laptops
downloaded files wont do anything unless executed. this isnt 1999
@@Bhoppings Yes, i understood that. Thats why i'm so confused why everyone is still harping on about don't download anything from sketchy websites.
@@normalchannel2185 cause people are old af and still think shi like that can happen in the big 24
@@Bhoppings Being old IS actually a correct reason, but it's not just them thinking stuff can happen, it's because many of them have cognitive decline and stuff, and it's much easier to tell them "don't download without me" rather than "see this thing you just downloaded, please remember to run a scan on it before double-clicking it" ("remember" being the key word here)...
Thanks Eric for the explanation, that was very interesting
new upload = happy
Ps vita jailbreak is best demonstration of this. Going to link not only does code execution but also at kernel level.
For us Linux users, how would the snap and flatpak versions of browsers (Firefox, Chrome, etc) fare in case of a 0-day vulnerability that could allow browser sandbox escape?
Also, I'm transitioning into using VMs for when I'm going to an untrusted site, is there anything you need to know when setting them up? Like what network configurations are safer and so on.
There’s always browser sandboxing but that isn’t fool proof
If you use a browser sandbox, it blocks the fool on the other end but not the fool who uses it.
@@SpaceCadet4JesusMost browsers such as chrome have them enabled by default
The browser is a sandbox
mic check needed at 7:06
I'd like to see you test the code execution on Linux theory, both with distros that use AppArmor/SELinux (which are most of them), and the very few distros that don't, like Arch.
NoScript sound like a very good solution, but the use of it seems quite complicated. I know you dont really do the "tutorial" kind of stuff, but i think it would be interesting to do a NoScript vid since you're the tech man!
Noscript relies on origin whitelisting which is quite a weak way of doing it, you just find an XSS on a white listed origin and you can deploy your payload
What I'm about to say will be completely off-topic, but kinda not at the same time...I hope replying to scam emails is safe. I always reply to them with some not so nice things.. I typically will forward the email to the real company as well, in hopes they'll be able to do something about it.
It should be safe in itself but shows them the email is real and in use so it could make it a bigger Target
It is safe yes, but it will also signal to them that behind your email address is a human, i.e. the frequency of scams in there can increase.
@@erikkonstas its honestly cute how hard they try to scam me. It'll never happen :)
@@erikkonstas I just love wasting scammers time. Wish there was a funnier way for me to do it.
Very interesting I always wondered about this thanks for this video!❤
About configuring selinux on linux, some distros ship with that already set up, like Fedora. How does ex Fedora's default selinux profile compare to the security of Mac and Windows?
from what I recall fedora mainly uses the targeted policy rather than the strict one where targeted only applies to certain high-profile processes related to for example web servers (apache) while the strict policy applies to every process (and thus is way more tedious to use on a desktop machine since there are more labels to deal with the permissions of)
idk if firefox is/was included in the fedora targeted policy though and it has been a while since I tried using a strict policy on a day to day system so my memory is flaky
do not know enough to compare a policy that applies to firefox to how windows/mac handles it
@@YumekuiNeru Apparently, the "strict" policy was merged into the "targeted" policy in Fedora 9. I'm still not very knowledgeable about it all, though lol
I was wondering this due to the new age ads that can open new tabs, or open the page you want in a new tab while opening an ad in the previous tab.
Thanks for the video :)
"new age"...? 😂 I remember these from years and years ago, mainly where we watch movies that's completely legal...
downloaded mullvad and had 0.00% on canvas aswell (not on a vm), why?
Ok
Would flatpaks and appimages protect linux like you said Windows and MacOS does?
Not sure about flatpaks, but appimages by themselves wouldn't since they aren't sandboxed.
How do you sound british and canadian at the same time
You should take a look at when people would send these fake Roblox links that would steal the cookies of the person who clicked them. I think it would be interesting dissecting those links.
makes sense now why I’m subbed to random accounts I’ve never heard of
Uh... it's most likely not your browser being taken over 😂 TH-cam channels renaming suddenly isn't exactly rare.
Is Linux less secure if the browser is installed using snap, flatpak or appimage instead of baremetal? They're containerized after all...
Does brave browser stop fingerprinting as effectively as mulvad?
what about drive-by downloads? there was one that had to do with a malware called 'azure stealer'. IIRC generally those work by injecting shellcode into memory
That's what "zero-day in the browser" means, any kind of "shellcode" working means the browser has a gaping security hole waiting to be exploited.
The most typical hack most would get from visiting sketchy websites would be cookie sniffing/stuffing where they would take your browser sessions and cookies from accessing the site
Its similar to how LMG got their credentials stolen
Had a guy claim he could take over someones pc just by having them open a link so like any normal person I clicked his link and tried to investigate this potential 0-day he had on his hands
I was severely dissapointed to learn that he was just a brain damaged script kiddie trying to act smart because he thought I was IT illiterate 😭
It is actually possible without using any exploit. There is a feature within microsoft edge and internet explorer that WILL download anything AND run it on your system, without user interaction.
@@kyand920 Even if it downloads it, it will never run it. Also who tf uses internet explorer?
Im want to ask?
When i browsing some sit force me directly to other links with some fishy trick, like making button invisible or covel whole web invisible barier. Just click what ever in screen force you to browsing other site.
How can i stop this direct method? I currently use brave browser with feature anti force direct. But still many site finds hole to jump my shield block.
I found they use javascript for smoothly force me to other links. So turn off javascript is wise choose, but many site are broken without java now
Chrome on Linux is also using sandboxing. Not sure how effective it is, but Linux had the ability to restrict syscalls and drop privileges way before Windows did. Don't quote me on this, but I'm pretty sure unless you're doing something stupid like disabling the sandbox or running it as root (that effectively disables the sandbox) then it should be comparable to what's being done on Windows.
why are LTS (long term support) versions of web browsers not used more often? Firefox and Chrome has LTS versions. The only difference is Chrome has backdoors while Firefox doesn't.
To claim that anything is "bug-less" so confidently is quite the bold move, just saying...
@erikkonstas i know that nothing is bugfree, but that's not a reason to use software that was made just now and tested for only a few minutes. LTS means it doesn't get new features anymore but only receives bugfixes. Before something gets proclaimed LTS it first has to get tested for months and months, and even after that it still receives bugfixes.
@@adiadic4722 I never said that, although the versions we usually use are the stable versions, not the nightly ones anyway. The part I was referring to was "The only difference is Chrome has backdoors while Firefox doesn't."
Inconito mode wont disable XSS Exploits its wrong it just prevents tracking , but still can inject Javascript code in the browser from the server. So the browser doesnt have any privileges but can still trick user in a few ways.
yes but its very rare you would need a vulnerability
I saw a video where Mcaffee said just by clicking on a link, it could execute javascript (and frequently apparently, like any adult nsfw site) to root your mobile phone to install a keylogger. I am very skeptical.
Im also curious about what if you download a virus but don't execute it? Do they need to be downloaded AND executed to do damage?
Not too sure about mobile & javascript, that sounds like some exploit that brakes out of the mobile browser's sandbox (which is possible, but unlikely). Although, on microsoft edge it is totally possible to simply open a link and have a binary be downloaded AND executed on your system without any further interaction.
@@kyand920 Thanks for answering. :)
@@kyand920 "Although, on microsoft edge it is totally possible to simply open a link and have a binary be downloaded AND executed on your system without any further interaction."
Source?
@@jde12 Google ClickOnce msdn and you'll see the official documentation
"McAfee" 😂😂😂 you should've stopped reading right then and there, any claim of theirs is to be treated as noise...
You use virtual machines? if yes, what software do you use to run the vm's?
It's great to watch a whole video on a question just to not get that question answered
He answered the question in under a minute, the answer is no, but they can still harvest a lot of information about you because you visited their website.
@@14ajencks Well, shouldn't the answer be, sometimes yes? There are zero-day exploits at times
@StefanReich excellent question, but no, as the video says, browsers haven't supported arbitrary code execution from a web page in decades. There are things you just can't do from a web page because of language restrictions and api support.
Also most of the time scam websites you go to are for social engineering and not actually malicious. Thinking scammers might actually hack you is giving them too much credit, they're just about all script kitties.
Said question has many interpretations to be fair, if you mean "should I be deathly afraid of clicking a link?" the answer is no, but if you mean "is it teeeeeeechnically, through some possibly as of yet undiscovered zero-day, possible?" then the answer is yes.
@erikkonstas well said
based off this video, it kind of depends on what you mean. the link in of itself hacking you? no. where the link points to? what code the website the link goes to has? 100% yes, that link will load whatever that website has basically instantly. just dont click (ph)fishy links!
Proof that Windows 11 is just 10 with new Graphics ... it doesn't even have its agent
Well, on Ubuntu Linux, by default, Firefox and Chromium are snap packages, which means they are sandboxed. Which means zero access to important resources.
just got my dinner and u posted
You got an entire diner? lol
@@LyritZian ?
@@Bhoppings he edited the comment
that strange size window can still be tracked!
how? many mullvad browser users have it
@@schwingedeshaehers When you visit a website, it captures a snapshot of your browser size, operating system, keyboard format, and the browser being used to render the page. If your browser window remains the same size each time you visit, the site can use this information to fingerprint your traffic. Once you log in to that website-say, Facebook-the site can identify you based on your login information.
A VPN can help maintain anonymity only if you never log in and use a new VPN connection for each website you visit. Simply changing your screen size won’t improve privacy; it may only indicate an unusual screen size, which isn’t standard. A more effective solution would be to spoof the system details and screen size completely. However, the moment you log in to any website, tracking becomes possible.
Furthermore, like me, I block VPN services because 90% of the time that somebody is coming onto my website using a VPN is trying to do something nefarious. So its not beneficial for me to allow VPN services accessing my servers.
@@BradleySmith1985 TBF I can actually stand behind that, if you have empirically determined that, in your specific case, VPN IPs mostly cause trouble.
@@erikkonstas I block VPN IPs on my hosting servers because 99% of them are bots attacking my websites. VPNs were originally designed for businesses to securely connect remote computers to their internal networks, simulating local network access over different ISPs. Today, VPNs often mislead users by claiming complete protection, which only works if used correctly. Most users fail to do so. To maintain privacy, each VPN location requires a unique identity. Logging into the same accounts across multiple VPN locations or devices allows tracking. While VPNs prevent man-in-the-middle attacks, they don't hide activity from services like Facebook, which can still track users. VPNs may even invite targeted attacks like social engineering. True anonymity requires using one device, connection, VPN, and account, with no overlap or shared activity across platforms.
Ok, why Linux doesn't do something like openbsd does with only 'Downloads" folder allowed to view from the browser? Is there any step-by-step guide to do a profile like that?
What do you mean by "to view from the browser"? Because "file://" can also be described as that, but this doesn't mean some random website can see your entire filesystem.
@@erikkonstas that means that some scripting can?
@@seedney ?
@@erikkonstas Imagine me as some script kiddie, and I'm going to copy and paste some viral scripts from my bad actor friend to my web browser... Some script can do a listing of my files, copy ssh keys, my photos, when I can view them - they can too... And they can do more then I'm comfortable with... maybe website can't.. but why I'm able to do this in web browser - I don't need to - so I want to harden it... ok?
@@seedney Uh... maybe just don't paste random untrusted stuff in the console then? No kind of sandbox can save you from a cookie-stealing script that promises "free virtual currency" that you've copied and ran yourself...
if you dont have a vpn than get a proxy with in and out firwall. a proxy and a vpn is overkill
3:22 I'm right there 😀
creep js is pretty awesome for testing fingerprint resistance
5:33 and low integrity is good because why?
If I ever want to go to a link or download something I'm a bit sus on I just open up Vmware Workstation Pro fire up one of my VMs then use the VM to do it, if anything goes wrong just shutdown the VM and restore it back to the last snapshot that I took of it.
is it worse clicking a link in a downloaded pdf?
No, it's the same risk as opening the downloaded PDF actually, if it's one of those "smart" PDFs with JavaScript in them (e.g. where you can type in fields and click on checkboxes).
what do you think about librewolf?
It's roughly equivalent to firefox with the telemetry manually disabled. I guess the benefit is it doesn't execute once.
Hi, can anybody answer this?
Got supposedly "hacked" once through clicking a link. It was one of those steam chat "poll for my team in this website" type of thing. I don't really remember the details of it but whoever did it got ahold of access of my steam chat and was sending chats to one of my steam friends.
Nothing happened tho, got the password changed and everything but i'm just curious on how it happened. Did it happen through these methods or is it different?
Appreciate the replies. Thx!
Tbh you didnt got hacked by clicking the link, you must have opened an malicious executable or smth earlier
Did you enter your steam login on the site?
@@jde12 i didn't iirc
if they "got access" to your steam chat or anything like that, it 99% of the time means they found a way to steal your cookies(which allows others to authenticate as you without any password or anything like that). Now the question is how?
By clicking a link, that is only possible through a zero-day exploit, which is very unlikely that u ran into one of those, so you probably messed up in another way that you don't remember.
@@upsxace yeah maybe i did put my login to the site when i tried to recall it again. It's a long ago and all i remember was just clicking the link and went into this website and clicking some more until a pop up came out and just closed right away. idr much tbh but that's a reply i'm looking for, thanks!
Depends on what you got installed. Used to java drive-by pre-eoc rs with a simple link
"Java" or "JavaScript"? Because Java applets were quite the malware festival back when they were a thing, but were in fact not exactly "within" the browser...
Legend content, keep it up my good sir
Short answer: yes
long answer: its complicated (very very very rare)
I've wondered about the virtual machine thing. It feels much safer to run a browser in a sandbox or virtual machine. But apparently that's not a thing anymore?
I'm on Windows btw.
VMs will never "not be a thing"... every CPU that should be considered appropriate for a PC in 2024 has special virtualization instructions, actually (Intel calls it VT-x).
Why are you using edge?? 😭😭
Guess some people just like edging 🙄
Isn't JavaScript have unlimited access to browser data ? , I mean the site can grab the saved passwords in your browser
Normally no it shouldn't, there's stuff like SOP that prevents that.
nop. only certain types of data. there is stuff that is encrypted, and there is stuff that can only be accessed in specific ways
2:50 how is it infamous in a good way lol. Wouldn't you just been correct in saying famous or popular?
Very educational video overall. Thank you for your content. Just thought that moment was funny lol.
Now this, this is cinema
I was thinking of exploiting another app using thier custom uri scheme. Although the exploit will not occur in the browser, it will be still just a link that a victim would need to click.
And that's why the browser asks you before opening the program... hence no gotcha.
what about librewolf? is it better than mullvad browser?
are you spying on me? i googled that like an day or two ago and couldnt find anything useful, really hehe
Is cyberflow your channel? Because he stole almost everything you talked about even the words he just changed the edit
It has happened to me on internet explorer. I got a screen locker and couldn't power off or use my keyboard.
If not even Ctrl + Alt + Del (the one keystroke Windows shouldn't allow to be overridden) works, use the physical switch on the back of the PC...
@ It was a laptop. I didn't know how to remove the battery back then.
theres no user agent for 11. i knew that microsoft themselves hated what they've created. people should give awards for worst os of the year
Happy to find this channel sad that it's to late
Too late in what regard, that your browser was exploited...?
Accurate and free information for everyone. Thank you.
is downloading not executable files like jpg or mp4 dangerous
yes, it can contain js that can execute via terminal hidden.
Depends if it's really a jpg or mp4. There's a method with unicodes to create a fake extension.
Always do right-click on the file then open with the photos app. And if you want to be hundred percent safe (like remember there was a vulnerability within WebP format?) better just upload the Google Drive which is not your real account and open it in from drive online,
@@wixlogo i want to understand you talking about the webp format that i download from the browser directly like right-click and save it or downloading webp compressed in rar or zip.
@@EricParker and it appears in the extension .mp4/.jpg ? and open the image normally?
Regarding arbitrary code execution: how does this change with the rise of web assembly? I've seen complete C programs compiled to web assembly and run inside the browser, including full video games. I feel like this makes it a lot easier to run malicious code on browser page load, right?
What about beEF/Browser Exploitation Framework? I mean it could be another possibility too, righ?
Why? What happened?
Click the link in the description and find out!
Can you get hacked by opening an image? In theory and in practice.
In theory: if the image viewer is coded in a spectacularly moronic manner anything is possible.
In practice: Probably not. ALthough there was an exploit with webp fairly recently.
Yes, not in all cases, it's rare anymore. Hackers can embed malicious code within an image file, and if you open it using a vulnerable image viewer, the code can be executed. I've seen it work decades ago, but with all the patches and security fixes, not anymore.
no.
@@EricParkerYou should dive into steganography some time. The most basic way to pull it off is with the "cat" command. Sort of. I'd more so call this a pseudo form of it, but cat can be used to spoof RAR archives as images that will load in an image viewer. Not sure if it's possible to do this with something like an SFX, but I'm sure something could be cobbled together.
@@EricParkerI think it’s dumb to say “moronic way” the people that wrote libwebp weren’t morons, C/C++ is just very hard bordering on impossible to write without undefined behaviour
best browser to use?
Webkit exploit can get a RCE
I literally download the free stuff you recommend cause the info you provide is easily comprehensible and accurate to what i saw in the internet
get ur popcorn ready eric just posted!
Make sure it's a small bowl because it's only a short video.