this post was submitted on 29 Jun 2023
45 points (92.5% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54500 readers
614 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

As in title. What's your experience with it? If something isn't executable, then it has to exploit vulnerability in order to run anything malicious. But does it happen often with mp4, mkv and other files like mp3 or epub?

I assume that if I use updated linux, then I'm mostly safe?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 1 year ago (2 children)

It’s not about a media player ‘attempting to execute random code’ - an exploit is found which lets it run a command that it shouldn’t. You used to be able to jailbreak phones by loading a .pdf file that used an exploit to gain root privileges and execute code. It wasn’t a feature of the PDF reader. It was a bug that could be exploited when a specific string of characters was entered to effectively crash the pdf reader and let it run its own code instead.

A txt could easily contain malware - any file could.

[–] [email protected] 4 points 1 year ago (1 children)

PDF is a complicated format, and the hacking vectors are often thanks to embedded javascript, or vulnerabilities in the parsing libraries.

'avi' is technically a container format, kind of like 'zip', it can contain more than video/audio.

That said, I've been pirating movies since the mid 1990's and haven't gotten hacked through a .avi/.mkv/etc. The 'bad stuff' was always in a obvious .exe/.bat or some sort of executable, but sometimes named to exploit people, eg 'foomovie.avi.exe'.

If in doubt, run your videos using mplayer on Linux and not on Windows, most of that stuff tends to target the easier to exploit and more commonly deployed systems, eg Windows.

[–] [email protected] 2 points 1 year ago

Yesh - the huge majority of malware in relation to piracy is from people deliberately running 'setup.exe' from some untrusted source, ignoring or overriding AV warnings and then wondering what went wrong. Its not from movie files and it certainly not from movie files on Linux.

[–] [email protected] 3 points 1 year ago

True. This is something to worry when securing the network of a large corporation & governments. Not for the average pirate