this new Linux feature makes hacking IMPOSSIBLE

Поділитися
Вставка
  • Опубліковано 30 жов 2024

КОМЕНТАРІ • 625

  • @LowLevelTV
    @LowLevelTV  17 годин тому +88

    go get a yubikey! yubi.co/lowlevellearning-2024
    Edit: I may have caused some confusion about the derived Private Key. When you generate the private key using 'ssh-keygen -K', you're not actually downloading the key itself. You're create a key that stores the credential ID of the Yubikey. You never have access to the private key within the Yubikey. Sorry for the mixup!

    • @l0gic23
      @l0gic23 17 годин тому +7

      Best Yubikey ad yet

    • @RexHanson-c7h
      @RexHanson-c7h 17 годин тому +1

      what's your source, I want to read the blog myself

    • @eveldun
      @eveldun 17 годин тому +1

      I have one and I actually love them for gpg

    • @alexpasko1126
      @alexpasko1126 16 годин тому +6

      Please do a longer video where you show the many applications of yubikeys! That's the kind of add that I would LOVE!

    • @jamesdupuis3249
      @jamesdupuis3249 16 годин тому

      Now we're learning about pen caps? How low we going? I'm going to start a Limbo code channel. It'll just be a reaction channel. :) Have a great day!

  • @anantmishra-h3m
    @anantmishra-h3m 17 годин тому +1243

    How did you just realise the marker thing

    • @Niqo58
      @Niqo58 17 годин тому +12

      @@anantmishra-h3m wtf

    • @masterchief5603
      @masterchief5603 17 годин тому +172

      He definitely got the source code of the marker to know that bug.

    • @KingKrouch
      @KingKrouch 17 годин тому +114

      When I was in school, I used to stack them on top of each other to make a giant marker sword.

    • @ashing838
      @ashing838 17 годин тому +61

      I'm sorry, I made it 15 seconds into the video and had to pause to find this comment because seriously.

    • @l0gic23
      @l0gic23 17 годин тому +11

      He's being sarcastic ... He could have said, in other news, water is wet...

  • @Danglutas
    @Danglutas 17 годин тому +842

    Firefox: Excuse me? 🤨

    • @MelroyvandenBerg
      @MelroyvandenBerg 16 годин тому +66

      Yea that chromium statement is not nice

    • @ContemplativeCat
      @ContemplativeCat 16 годин тому +36

      I'm using Firefox based Zen Browser and loving it. 😃

    • @pu239
      @pu239 16 годин тому +16

      @@ContemplativeCat same lol, its pretty nice

    • @no_name4796
      @no_name4796 15 годин тому +19

      But realistically though, firefox has a smaller share of browser users then linux has of desktop OS users

    • @Bunny99s
      @Bunny99s 15 годин тому

      Right, me and most of my family is using Firefox for over 20 years now. Well my family essentially had not really a choice as I have setup most of their PCs :) Though it's not like they care or know anything about what a browser actually is. It's "the internet". The only cases where I use chrome was on my old Nexus tablet and my smartphone. Though I do have FF on them as well. But chrome runs a bit faster on those weak devices :P Though whenever I need actual customization, I switch to FF. My FF in my phone also has an altered User-Agent to pretend to be a PC and not a mobile device. Can be really handy in many cases. Websites nowaday are really great in messing up themselfs in an attempt to "adjust" to your device.

  • @shanoian
    @shanoian 16 годин тому +243

    too busy hacking your preschools web server to pick up the marker cap beta? insane

  • @rob5300
    @rob5300 17 годин тому +833

    If chromium was the only browser engine left the web would be TOAST

    • @monad_tcp
      @monad_tcp 17 годин тому +75

      its 90% there

    • @echoptic775
      @echoptic775 17 годин тому +66

      Yeah, good thing we also have Microsoft edge, opera, brave, Vivaldi...

    • @Pipe0481
      @Pipe0481 17 годин тому

      @@echoptic775 Firefox?

    • @darukutsu
      @darukutsu 17 годин тому +165

      ​@@echoptic775this is joke right?

    • @theairaccumulator7144
      @theairaccumulator7144 16 годин тому +4

      yeah the insane competition of 3 browser engines

  • @hatacoyama1246
    @hatacoyama1246 17 годин тому +465

    does this mean he never made an expo marker sword?

    • @PermanentExile
      @PermanentExile 17 годин тому +27

      @@hatacoyama1246 Inconceivable!

    • @guilherme5094
      @guilherme5094 17 годин тому +2

      Nooooooo!!!!

    • @LowLevelTV
      @LowLevelTV  17 годин тому +122

      what is that

    • @bearwolffish
      @bearwolffish 16 годин тому +35

      he never had tried to balance a pen tower on the palm of his hand, having to dodge the projectiles on their in evitable way down.

    • @jamesdupuis3249
      @jamesdupuis3249 16 годин тому +7

      Not everyone has twenty of these. Now we have two, and one is dead.

  • @DecadantHandshake
    @DecadantHandshake 16 годин тому +166

    This man unlocked early game marker tech at level 50.
    Edit : This just made me realize he has never known the joy of making a sword out of many markers, and then whacking a classmate with it

    • @henxdl
      @henxdl 9 годин тому

      fr 😭

    • @Stratelier
      @Stratelier 5 годин тому

      Doesn't this also vary by specific type of marker? For example, his is the type where the cap has a "peg" that inserts into the top of the barrel, which allows you to chain several markers together, but I've also seen markers where the cap stores the other way around, and does not chain? Visual example below.
      Marker with nesting caps: (barrel -> cap)
      ===>- |>| capped
      |>|===>- uncapped
      Marker with non-nesting caps:
      ===>- |>| capped
      |- uncapped

    • @smitcher
      @smitcher 14 хвилин тому

      @@Stratelier Bro, we are all tech nerds... we understand "the other way around" without the need for you to mansplain with visual examples. But feel free to share the PPT you are working on once it is ready...

  • @ecdhe
    @ecdhe 5 годин тому +31

    The title is a real clickbait. This feature would make hacking harder but certainly not impossible

    • @Xevion
      @Xevion 2 години тому +5

      Starting to realize this dude is just clickbait. Him and Prime are rocking Programmer UA-cam with the clickbait, hard.

    • @apestogetherstrong341
      @apestogetherstrong341 2 години тому

      Duh

    • @深夜-l9f
      @深夜-l9f 22 хвилини тому +1

      youtubers who don't clickbait are all dead. it's natural selection of social media

  • @KillianTwew
    @KillianTwew 12 годин тому +90

    0:10 Elementary school. Thats how long ago I learned that. I'm 30.

  • @MissMyMusicAddiction
    @MissMyMusicAddiction 17 годин тому +172

    i usually just seal the marker by putting it back in my nose.

    • @AL-eu4ey
      @AL-eu4ey 14 годин тому +8

      @@MissMyMusicAddiction or somewhere else 😏😏

    • @weenerhutjr
      @weenerhutjr 9 годин тому

      @@AL-eu4ey yee i usually put it in mi butt when im done

    • @henxdl
      @henxdl 9 годин тому +1

      lmao

  • @Ejioplex
    @Ejioplex 14 годин тому +58

    A summary of what this function does is pretty much:
    See this memory? never ever ever EVER let me edit the permissions of this memory EVER again!

    • @LaserFur
      @LaserFur 10 годин тому +2

      I could imagine ways to use this even if the spawned child process seals all it's allocations and then runs out of memory. The child process would just fail and the main process would create a new one with more memory. Given how file reading code for old formats also lack much attention this could be useful for more than just browsers.

    • @jfbeam
      @jfbeam 7 годин тому +3

      At least _in userspace_ ... (hint: the kernel can screw with those flags all it wants.)

    • @not_kode_kun
      @not_kode_kun 3 години тому +3

      @@jfbeam but when the userspace is so tightly locked down, it makes it much harder for an attacker to get kernel level privilege. once he has that, there's really not much you can do. at least not with software

  • @ThisPageIntentionallyLeftBlank
    @ThisPageIntentionallyLeftBlank 17 годин тому +125

    I would say give it a couple months, someone will figure out how to disable it, work around it, or use it to their advantage. 1337s gonna 1337

    • @PoseidonDiver
      @PoseidonDiver 17 годин тому +29

      yup... there was some dude(s) who would go through intel architecture for fun and......... spectre.

    • @premiumvibes961
      @premiumvibes961 15 годин тому +4

      @@PoseidonDiver God Bless Them.

    • @rtzgf67games7
      @rtzgf67games7 13 годин тому

      What

    • @petervancaeseele9832
      @petervancaeseele9832 12 годин тому +4

      Its like trying to make an unpickable lock.

    • @foobarf8766
      @foobarf8766 12 годин тому +8

      OpenBSD uses methods like this and no major CVE since 2006

  • @wolfschaf
    @wolfschaf 16 годин тому +41

    "Shadow stack" is also something that prevents these kinds of attacks, by having a separate stack for return addresses

    • @_lslvr
      @_lslvr 14 годин тому

      Like Forth?

    • @treyquattro
      @treyquattro 13 годин тому +5

      I was thinking the same, but of course that won't protect against someone flipping the NX bit on the stack via mprotect (or any other rw memory pages)

    • @vk3fbab
      @vk3fbab Годину тому

      Or a hardware implemented shadow stack. Of course that's gonna put hard limits on the level of recursion supported and how's that work with with each process needing its own stack. You might need a way to read the hardware stack for debuggers but there should be no need to modify it. I haven't seen any modern architectures use this but I think some older architectures did it.

    • @diobrando7642
      @diobrando7642 50 хвилин тому

      ​@@vk3fbab shadow stack is a hardware level protection by definition

    • @diobrando7642
      @diobrando7642 48 хвилин тому

      ​@@treyquattro but trying to return to the stack would make the program crash, because the address on top of the stack wouldn't match with the one on top of the shadow stack.

  • @haveboard
    @haveboard 17 годин тому +44

    all this knowledge and smarts, but you just learned the marker cap thing? There is hope for me, yet!
    just pulling your leg, love your channel, I always learn something new... but not this marker thing, I knew that already.

  • @djsmeguk
    @djsmeguk 16 годин тому +33

    Man, I used to make giant rods full of markers by putting them end to end like that. The Sword fights in the offices were EPIC.

  • @MartinBarker
    @MartinBarker 15 годин тому +24

    While mseal provides robust security by preventing any modifications to sealed memory, it comes with significant downsides. Long-running services cannot effectively use this syscall because they would retain all sealed memory until the process terminates, leading to increased memory usage over time. This could eventually exhaust available memory, forcing the kernel to kill the process to free up resources. Therefore, using mseal in long-running applications is not practical due to the risk of memory retention and potential system instability. Additionally, the most common exploits target long-running services because they need to be persistently running. This makes mseal ineffective for protecting these services, as they cannot afford to retain memory indefinitely. So, what exactly is this protecting?

    • @framegrace1
      @framegrace1 14 годин тому +7

      The main purpose of this is to be used by the kernel itself, to protect the stack and other shared areas. Not sure if there's of any use on userland (Or even if it can be used there)

    • @acters124
      @acters124 12 годин тому +6

      the person who sponsored this change works with the V8 engine. Will I see the chromium browsers eat more memory on Linux now and require periodic restarts for simple garbage collection? worrying, but also, restarts are how updates are done so, idk if it is a problem for that specific use.

    • @acters124
      @acters124 12 годин тому +2

      @@framegrace1 I was under the impression the V8 engine will use this new feature to strengthen the chromium browser security

    • @Darkyx94
      @Darkyx94 12 годин тому +1

      In the case of V8, the user heap is already sandboxed in order to limit the ability to exploit the software via memory corruption. However, if someone manages to escape the sandbox, nothing prevents it from remapping it executable, then jumping to the payload stored there (since the heap is, by design under user control and relatively big, we must consider it tainted).
      The stack size being relatively limited and already partially protected via canaries, it's way harder to store a full payload on it, so protecting the sandboxed heap against being remapped already does a lot

    • @foobarf8766
      @foobarf8766 12 годин тому +4

      Used on OpenBSD for over a decade without ballooning issues AFAIK but probably does require a slower/more secure free() implementation to complement it. Which the Linux kernel has also had for years.

  • @hacked2123
    @hacked2123 8 годин тому +4

    The marker thing is probably an indicator of someone who grew up with a cellphone, versus someone who did not...and was bored...and tried all the things including how many markers you can stick together before it collapses under its own weight as a bridge.

  • @IngwiePhoenix
    @IngwiePhoenix 16 годин тому +64

    Chromium "The only browser engine"
    Firefox: Screaming on a market place inbetween banners of ads.
    Servo: Scouring bins and baskets trying to find support.
    Ditto: _shrug_
    IE: WHY ARE YOU RUNNING

    • @RandomGeometryDashStuff
      @RandomGeometryDashStuff 14 годин тому +2

      wine gecko:

    • @autohmae
      @autohmae 14 годин тому +4

      Well, IE is a deadend, but Safari and others are running Webkit, not Blink (Chromium)

    • @Beryesa.
      @Beryesa. 12 годин тому +3

      WebKit dusting in the corner

    • @LazarNaskov
      @LazarNaskov 12 годин тому +3

      Ladybird: vibing in the corner

    • @cantfindme-x4u
      @cantfindme-x4u 11 годин тому

      netscape navigator: rotting away

  • @null-0x
    @null-0x 16 годин тому +13

    @0:33 you could say thousands of years, starting in the second millennium(1990s) and still continuing into the third millennium(2020s)

  • @miguelmontero4133
    @miguelmontero4133 17 годин тому +15

    Someone clearly never made marker swords when they were a kid.

  • @TheAlexgoodlife
    @TheAlexgoodlife 15 годин тому +13

    It would be cool if you made a video walking through the actual steps of the example you showed, writing "malicious" code, overflowing the stack and setting the return address to the malicious code for example

    • @smitcher
      @smitcher Хвилина тому

      Numerous examples on UA-cam if you search. FT did a good DNS RCE where they pretty much explain the steps they took to overflow the buffer and the stack return address and then built a ROP chain to execute the code that they sent ua-cam.com/video/YCOoc1U7kPA/v-deo.htmlsi=XE6DQFjG94BZJ7G5&t=430

  • @AntranigVartanian
    @AntranigVartanian 15 годин тому +46

    Good to see Linux catching up with OpenBSD on the security side and FreeBSD on the performance side.

    • @foobarf8766
      @foobarf8766 12 годин тому +15

      Yep I came here just to say 'but OpenBSD has done this for like two decades'

    • @ManuFortis
      @ManuFortis 10 годин тому

      Curious, but why no mention of NetBSD? Just installed it on a side rig to tinker with, so am curious why it's not mentioned.

    • @gøckłøłe
      @gøckłøłe 10 годин тому +1

      @@ManuFortis One of NetBSD's main features is its portability and support for the most obscure hardware. It doesn't stand really stand out in other way since both FreeBSD and OpenBSD have more important aspects than just trying to run it.

    • @ManuFortis
      @ManuFortis 6 годин тому

      ​@@gøckłøłe Important aspects in which way? Feel free to explain at length if you feel you must to get the jist of things across. I'll read it.

    • @AntranigVartanian
      @AntranigVartanian 5 годин тому

      @@ManuFortis I don’t know much about NetBSD so I didn’t wanna comment, but hey, looking at the charts now, I guess one day Linux can catch up with NetBSD, when it comes to portability, aye? :D

  • @Muhammet-Kuruoglu
    @Muhammet-Kuruoglu 13 годин тому +4

    I didn't understand most of the technicality's in the video, but I feel intellectually superior to Low Level, since he just figured out the marker cap trick.

  • @blenderpanzi
    @blenderpanzi 11 годин тому +5

    Note: Chromium isn't the only browser engine on the internet.

    • @s4yto
      @s4yto Годину тому

      no one said that it was, chromium is just the world's most popular engine

  • @sebastianlastname5977
    @sebastianlastname5977 12 годин тому +3

    Another fun fact about those markers, it's the same ink as in a sharpie. It just has a different solvent that prevents it from drying out rapidly. You can use an expo marker and go over a sharpie mark on a whiteboard, then wipe it off, and after a few cycles it'll get cleared off.

    • @xxportalxx.
      @xxportalxx. 9 годин тому +1

      Oh that's nest, I suppose that's why if you leave expo on for too long it becomes permanent lol

  • @jonathaningram8157
    @jonathaningram8157 10 годин тому +2

    That keyboard sound is pure eargasm. It's rare when not on a specialized keyboard channel.

  • @Insaniaq
    @Insaniaq 16 годин тому +19

    I thought this comment section was about mseal(), but it's all about markers. I don't get the reference, did I just end up in the wrong comment section? Some UA-cam memory leak somewhere? Please, help!🙏

    • @apIthletIcc
      @apIthletIcc 13 годин тому +2

      Idk if you legit don't understand the marker command but it's hilarious six people liked the comment without replying with an explanation
      Edit: mark that seven

    • @acters124
      @acters124 12 годин тому

      no, what you found is proof of the average IQ of the average social media comment section. Not many know what the mseal will do, but many more know what a marker sword is. which one do you think people will be able to talk about? the one with least resistance and confidently know enough to post about as if there are not other 100s of comments letting the youtuber and other viewers know about the markers they know so well. I on the other hand can't deny that I will miss the days I use mprotect to gain code execution. V8 is already strong in protections and require so much to get close to a working POC. most of the time relying on old versions of chromium to have fun with as the more recent ones are too complex to enjoy that quick satisfaction that one gets from solving a challenge. Even CVEs dont offer enough info, which is fine as I doubt many want their systems to be easily broken into. I sometimes do miss the days before AMD64 for which in a x86 environment would allow you to just load all the ROPs and the needed arguments in the stack instead of worrying about having to find gadgets to ROP the arguments into the registers. sometimes I am lazy, and want to find enjoyment in something that is getting progressively harder in the modern age. RIP
      tbh, if anyone did care about ROP security, we would be using shadow stacks that are separate from our modifiable variables to hold the return addresses. its been a solved problem for a long time, but its definitely slowing down execution a little. I wonder if mseal is truly going to solve it without the loss of performance.

    • @sirseven3
      @sirseven3 12 годин тому +3

      Not a memory leak, go back to the beginning of the video. You read the comments while the audio is background noise and missed the part where he didn't know how that you can put the cap on the marker in the back of the marker and that's why people are talking about marker swords

    • @luipaardprint
      @luipaardprint 8 годин тому +2

      You really weren’t paying attention to this amazing presentation about markers?

  • @anon_y_mousse
    @anon_y_mousse 15 годин тому +12

    This is an interesting idea, but I'll say it again, the actual biggest source of errors is not checking user input. If you use gets() or if you use scanf() in that way, you are not checking user input at all. That is the real error. The memory corruption is merely a side effect of what you've already done wrong.

    • @chainingsolid
      @chainingsolid 10 годин тому +2

      Honestly the 2 things I'll levy at whoever is in charge of C's specification at this point is why do header files exist in 2024, and a hard deprecation of use of pointers as arrays never happened. An array should be pointer + length. Then bounds checks can be done.

    • @steffennilsen2132
      @steffennilsen2132 8 годин тому +2

      ​@@chainingsolid Dramatically changing the C spec is essentially not going to happen, it has to retain legacy computability. That said, newer languages obviously dont need headers anymore and some (like Rust and Zig) implement slices that are as you say pointers + length

    • @futuza
      @futuza 8 годин тому

      ​@@chainingsolidwhat's wrong with header files?

    • @chainingsolid
      @chainingsolid 8 годин тому

      @@futuza Typing stuff twice. And being forced to predeclare anything before you can use it. They have a great use in supplying an API, but normally are just duplicate information.

    • @chainingsolid
      @chainingsolid 8 годин тому

      @@steffennilsen2132 I agree backwards compact is super important. I'm not implying they should stop compiling old code. They should be making an easy to use replacement for pointers pretending to be arrays that can be used for future code.

  • @civiled6059
    @civiled6059 Годину тому +2

    I fail to see how this makes hacking “impossible”. With the nature of the stack, it makes it impossible to make it immutable.
    This doesn’t inherently stop ROP or make it any harder either. I’d argue if you had a ROP primitive and the gadgets to be able to call mprotect on the stack or another memory region to make it executable, you’d have the gadgets to escalate a limited ROP primitive into something more useable (I.e increasing allowed ROP chain size, where it’s placed, or pivot to another primitive entirely).
    This definitely can be an obstacle in some attack vectors, but I don’t think it’s going to nearly have the same security impact that stuff like stack canaries, ASLR, seccomp, etc presented.
    Sandboxing or permissioning will never make memory corruption “impossible”. If that were the case, we would’ve seen binary exploitation die long ago.

    • @diobrando7642
      @diobrando7642 44 хвилини тому +1

      That's what I said! If you can call mprotect you could probably call mmap and create a new page entirely

  • @theunseen010
    @theunseen010 12 годин тому +2

    if you've never had a 'lightsaber' fight with about 7 expo markers stuck together, you haven't lived brother

  • @malus314
    @malus314 15 годин тому +6

    Boo for clickbait title but solid video that’s super interesting as always.

  • @TheRealStevenPolley
    @TheRealStevenPolley 14 годин тому +4

    0:59 - Firefox RIP in peace

  • @harlycorner
    @harlycorner 16 годин тому +3

    It's funny that a week ago, I hadn't even heard of Yubikey. Then, 3 days ago I got a new laptop from my employer with a USB Yubikey plugged in, and now, all of the sudden, we also have video featuring a Yubikey 😁

  • @Zelousfear
    @Zelousfear 10 годин тому +1

    Of all the system that I've broken into, I've never used memory corruption, just people corruption.

  • @nowave7
    @nowave7 11 годин тому +5

    1:01 No, Chromium is *NOT* the basis for all the browsers on the internet. For most, sadly, it is, but not all. Firefox and Safari still have their own rendering engine.

  • @tommybronze3451
    @tommybronze3451 8 годин тому +1

    Embedded boy here. Have you ever heard about writing past the canary ? Alto this is a nice feature that will decrease the attack vector we're not out of the woods yet.
    On of the biggest problems is mixing data with program.

  • @merlinraymond1014
    @merlinraymond1014 12 годин тому +2

    Firefox: *exists*
    LowLevel: I'm about to end this man's whole career

  • @tommyandersen4004
    @tommyandersen4004 10 годин тому +1

    "... makes hacking IMPOSSIBLE" ... famous last words.

  • @carrion1234
    @carrion1234 14 годин тому +2

    awesome primer on memory corruption! ❤

  • @GK-rl5du
    @GK-rl5du 6 годин тому

    Such an interesting history, please consider doing a deep dive on memory vulnerabilities. Learnt a lot 🙂

  • @pk_xiv2856
    @pk_xiv2856 15 годин тому +2

    This title sounds more like a challenge than a statement

  • @joelpww
    @joelpww 14 годин тому +1

    Don't so loosely say that chromium is the basis for all browsers. We shouldn't even joke about lack of variety

  • @miscbits
    @miscbits 16 годин тому +10

    This sponsored segment contains one of the only products shilled by a youtuber I actually want to buy

    • @treyquattro
      @treyquattro 13 годин тому +2

      yeah, I liked the way it was incorporated into the rest of the content with examples too!

  • @suchiman123
    @suchiman123 13 годин тому +3

    Quite the clickbait headline. Does not seem all that useful, Intel CET is a much more effective mitigation without the downsides of mseal.

    • @diobrando7642
      @diobrando7642 43 хвилини тому

      I perfectly agree, the only advantage to this is that it doesn't need hardware support, but you can achieve this kind of protection with seccomp rules

  • @NoHandleToSpeakOf
    @NoHandleToSpeakOf 16 годин тому +5

    Is it like... memory safety for C? Nooo....

  • @AndrewMilesMurphy
    @AndrewMilesMurphy 15 годин тому +1

    Nice! You caused me to have an epiphany - That moment where the overflow refuses to crash and gives control to a hacker's program. That makes so much sense to me :) thanks

    • @acters124
      @acters124 12 годин тому

      crashing is bad, it should only occur when something impossible for the computer to do or continue doing. low level control allows you to do almost anything with memory. Security is tricky because the computer can't guess what you expect to happen. that is why you setup the rules yourself when dealing with low level code. otherwise use something like rust for the attempts at automating the rules for you as most use cases don't need to be that free with how to handle memory.

  • @JosephSaintClair
    @JosephSaintClair 9 годин тому

    Great info. I teach things like PIE/NX/ASLR overrides (and more) to masters students. So seeing the base overflow concepts iterated here is gold

  • @jrynkiew
    @jrynkiew 11 годин тому +1

    Jeff Xu can't fix shared buffers in Chromium, but he can't prevent buffer overflows? Yeah, right...

  • @bowwarrior4511
    @bowwarrior4511 9 годин тому +1

    Bro. Where were you in elementary school????????

  • @MelroyvandenBerg
    @MelroyvandenBerg 16 годин тому +76

    no way, saying that Chromium browser is the basis of all browsers on the internet is not only wrong. But also delusional.

    • @theairaccumulator7144
      @theairaccumulator7144 16 годин тому +47

      It's the basis of all browsers that people actually use

    • @ContemplativeCat
      @ContemplativeCat 16 годин тому +1

      I've used Chromium browsers for years but have grown tired of poor integration with my desktop. I recently discovered Zen Browser, and I'm actually quite enjoying it. I'm also watching the development of Ladybird browser with great interest. We need more diversity and competition back in the browser market.

    • @KevinJDildonik
      @KevinJDildonik 16 годин тому +18

      Nerds don't realize that an astonishing percent of people use whatever is default. 90+% of all Android traffic is through stock browser aka chromium. As in, 90+% of Android users never install any other browser. At all. Ever.

    • @ArchLars
      @ArchLars 16 годин тому +6

      It's most, I think the second non-Chromium based browser is Safari.

    • @deoxal7947
      @deoxal7947 15 годин тому

      Can't trust this video based on that alone. Been looking through the comments for the tldr but can't find it

  • @MK73DS
    @MK73DS 14 годин тому +1

    0:32 All the hackers from thousands of years ago were using this method too, so you were correct.

  • @10e999
    @10e999 16 годин тому +15

    "Memory corruption has been responsible for 70% of hacks in the last 20 years"
    Do you have a source for that? Are you talking about the google and Microsoft study of 2017 (I think?)?

    • @Pointless-Point
      @Pointless-Point 15 годин тому +5

      I'm sceptical as well. I want to know the definition of 'Hacks' being used.

    • @user-fje4ztx46no86
      @user-fje4ztx46no86 14 годин тому +4

      I was told the nr. 1 vulnerability was always social engineering related.

    • @sirseven3
      @sirseven3 12 годин тому

      Well drivers are the primary way to get a rootkit functioning with these complex A/V system. The main way to enable this is attach to a firmware level driver and overflow and break the services associated then move on from there.

    • @diobrando7642
      @diobrando7642 41 хвилина тому

      It's not that 70% of hacks are caused by memory corruption, but 70% of CVEs are a consequence of it.

  • @RussellBeattie
    @RussellBeattie 16 годин тому +5

    Wow, that title is some serious grade-A click bait!! Nice job!

  • @Ziryu2
    @Ziryu2 17 годин тому +15

    Im sorry if this is a stupid question, but whats the difference between a yubi key and storing the ssh key encrypted on a normal usb drive?

    • @monad_tcp
      @monad_tcp 17 годин тому +13

      the yubikey has cryptography hardware to encrypt your ssh key and do the authentication of the public key with the key never leaving the yubi key itself. A normal USB drive would have to copy the private key to the computer's RAM, thus exposing it.

    • @godofpotatos4691
      @godofpotatos4691 17 годин тому +8

      ​@@monad_tcp but he says that it downloads the ssh key locally

    • @VNActivityProjectRem
      @VNActivityProjectRem 16 годин тому +5

      @@godofpotatos4691 yes, but only if you want to download it locally (i.e. if you manually execute that command from the video). Normally you don't do that, since it's considered insecure.
      You want to let the Yubi key do its own thing

    • @LowLevelTV
      @LowLevelTV  15 годин тому +4

      I misspoke here, you don't actually get the key, you get a derived Private Key that associates to the credential in the Yubikey.

    • @Jeff-ss6qt
      @Jeff-ss6qt 15 годин тому

      His implementation is even worse than storing the key temporarily in RAM. He's storing it to disk each time he wants to use it, nullifying the reason to even have a Yubikey or smart-card in the first place.
      At the very least, if a security program, service, or framework supported the Yubikey/smart-card, it could store the key in protected RAM and securely communicate with the Yubikey/smart-card in a way that doesn't require the program programmers or user that needs it to be an expert in cryptography, in order to prevent side-channel attacks. But, the way he does it is terrible.

  • @zephyfoxy
    @zephyfoxy 16 годин тому +13

    Haven't we learned by now that calling something unhackable is just begging someone out there to crack something just to prove you wrong lmao
    Also I think it's very debatable that memory corruption is the "#1 cause" when so many prominent hacks lately have been due to social engineering.
    Yes I know memory corruption is still common and abused a lot, I just don't think it's fair to say it's #1

    • @maxave7448
      @maxave7448 16 годин тому +6

      Its not unhackable, but if i understood the feature correctly, then it will be a pain in the ass for hackers to get around if it becomes widely used. Also the thing is, we cant really fight against social engineering. People will always keep clicking on links and will always post everything they can about their life online, so we cant do much about that. I would guess aside from social engineering, memory corruption has got to be one of the top 3 at least

    • @SergeantExtreme
      @SergeantExtreme 14 годин тому

      If most hacks are done with social engineering, then wouldn't that make Windows just as secure as Linux?

    • @yjlom
      @yjlom 14 годин тому +4

      ​@@SergeantExtremeno for a few reasons
      - microsoft goes out of its way to make its users tech-illiterate
      - windows loves showing dialogs all the time that people will learn to click away without reading (nothing to do with linux vs dos, but the de and the culture should be considered too)
      - windows encourages running as admin, which most linux distros don't
      - windows comes with lots of juicy telemetry data ready for the successful attacker (recall is a particularly egregious example), which most linux distros don't collect

    • @sirseven3
      @sirseven3 12 годин тому +1

      Linux is just as easy to leave a port open, windows automatically handles a lot of measures automatically whereas with Linux you have the sole responsibility of securing and ensuring good security practices

    • @SergeantExtreme
      @SergeantExtreme 10 годин тому

      @@yjlom 1. I could argue the same about Linux. A great example is the push to force users to download and install software only from "stores". When I complained about this in the distro forums, I was told that installing software from outside of stores was a "power user" move, and it's something a regular person shouldn't be doing. You can't get more tech illiterate than that.
      2. Windows doesn't encourage running as admin with the exception of highly specialized software such as anti-virus, data recovery software, and driver software.
      3. I don't necessarily agree that Windows shows a lot of dialogs. For the most part, pop ups only occur if something goes wrong. This is especially true in this day and age.
      4. Although, I do agree with your point on telemetry.

  • @ZenbyBosatsu
    @ZenbyBosatsu 17 годин тому +3

    Love your stuff man!

  • @delusionalaar4031
    @delusionalaar4031 11 годин тому

    I’m learning low level programming from a guy who just figured out expo caps click on the end. You never stacked expos in school?
    Love your content by the way, it’s some of the best.

  • @polinskitom2277
    @polinskitom2277 16 годин тому +13

    Oh, linux caught up to what openBSD has had for 14 years now. Cool. but it being on linux means it's a trash security feature that's going to be forgotten about in 3 years

    • @framegrace1
      @framegrace1 14 годин тому +8

      BSD had a first version this from 2022. Linux made its own version in 2023 with some extra features. After a year, changes on both systems end up being very similar solutions.
      (THat's not 14 years)

    • @foobarf8766
      @foobarf8766 11 годин тому

      @@framegrace1 OpenBSD introduced write-or-execute (W^X) about 2002. procmap -a will show what flags a process has on what regions.

    • @foobarf8766
      @foobarf8766 11 годин тому +2

      It's not *exactly* what has been in OpenBSD for yonks, but I'd bet the idea comes from OpenBSD's work, it was implemented there first. What is really galling is the Power architecture has stuff like access ordering (PROT_SAO) since kernel 2.6 that Intel/AMD world still without AFAIK.

  • @megan_alnico
    @megan_alnico Годину тому

    There was a time when computing resources were so scarce that memory that was both writable and executable was a feature. "Self-Modifying code" as it was called back then was always black magic, but it could do amazing things. It's obvious though that in the modern world we live in security is way more important than this level of code optimization and I'm glad to see it finally fall by the wayside.

  • @flippert0
    @flippert0 7 годин тому

    For reasons I can't really explain, the "trick" about putting the marker cap on the back made me laugh hard. It evokes this image of a whole cohorte of young people not knowing about things like phones with rotary dials, modems and cassette tape recorders anymore. Yes, there are amazing things in the real, physical world out there! Like stackable markers.

  • @theghost9362
    @theghost9362 12 годин тому +1

    aah this is a case , where protection will need protection XD

  • @kellymoses8566
    @kellymoses8566 6 годин тому

    Linus has already had to yell at kernel devs that they can't just ignore this.

  • @LukasRotermund
    @LukasRotermund 16 годин тому +1

    More ads like this please! Maybe an ad-only video about the yubi key(s)?

  • @sakamocat
    @sakamocat 11 годин тому +1

    bro is looking afraid at tux on the thumbnail because he knows he cant commit war crimes on our computers anymore

    • @foobarf8766
      @foobarf8766 10 годин тому

      Memory corruption on hospital computer: war-crime
      Peeking memory for cheats: even bigger war-crime

  • @Endelin
    @Endelin 16 годин тому

    In school we would make swords out of a bunch of dry erase markers. When your sword broke you lost.

  • @gerkon1424
    @gerkon1424 17 годин тому +1

    Thank God that's not an irony about another piece of news about the kernel

  • @aarong9378
    @aarong9378 16 годин тому +1

    I enjoyed writing self-modifying machine code back in the days.

  • @Scoopta
    @Scoopta 7 годин тому

    "A bunch of different flags"...the flags: "reserved for future use"

  • @williamdrum9899
    @williamdrum9899 10 годин тому

    Let's see how well this title ages. I'll wait.

  • @Nylspider
    @Nylspider 11 годин тому

    when I was in gradeschool, I'd connect a bunch of those markers together by using the cap connection thing that you mentioned in the video and make a "sword."
    obviously when I hit something, it all shattered, but it was very fun :3

  • @billyguthrie3176
    @billyguthrie3176 10 годин тому +1

    Now watch right after he said it makes it unhackable linux will get hacked. probably within the next month.

  • @ahnilatedahnilated7703
    @ahnilatedahnilated7703 8 годин тому +1

    My question is, why don't they fix the programs that are buggy instead of a bandaid to get around that buggy software/code? This would be FAR more efficient.

  • @Lulzsecadmin
    @Lulzsecadmin 16 годин тому +1

    His videos making me to love low level programming

  • @mariandecker3942
    @mariandecker3942 17 хвилин тому

    If there is one thing to be aware about, its the attacker will be more creative everytime.

  • @bearwolffish
    @bearwolffish 17 годин тому +1

    Out to everyone who learned about the cap trick in kindergarten, we got one.

  • @NobbsAndVagene
    @NobbsAndVagene 16 годин тому

    Holy sh!t. That works for my whiteboard marker. You have blown my mind already, sir.

  • @frederiquerijsdijk
    @frederiquerijsdijk 15 годин тому

    "If you don't know assembly, don't worry, I'll explain exactly what's going on here"
    Me: .......

  • @Hellbending
    @Hellbending 12 годин тому

    Man unlocks gigabrain pen swords in realtime- shown live as a master baiter

  • @Zepi2509
    @Zepi2509 16 годин тому +1

    Cool Video!!
    What Font is it that you use?

  • @_prothegee
    @_prothegee 17 годин тому +12

    The V8 Engine...

    • @monad_tcp
      @monad_tcp 17 годин тому

      why does the V8 need so much sandboxing ? why can't them fix their JIT compiler not to generate insecure code like the JVM does ?

    • @theairaccumulator7144
      @theairaccumulator7144 16 годин тому +1

      @@monad_tcp probably because no one runs actively malicious code on the jvm? v8 needs to be protected against everything

    • @CrazyWinner357
      @CrazyWinner357 16 годин тому

      ​​@@monad_tcpJVM is not secure at all. Remember log4j? It is not used as much as V8 not even close.

    • @DaPaBe1999
      @DaPaBe1999 15 годин тому

      Early web days of arbitrary code injection and execuction from pc to pc is the reason

    • @foobarf8766
      @foobarf8766 11 годин тому

      lol gotta make sure those XmlHttpRequests you arbitrarily let any domain make are secure

  • @seedmole
    @seedmole 13 годин тому

    Seems like a logical inclusion. It's analogous to a topic from the legal world, regarding Trusts. Revocable Trusts always are vulnerable to being changed, much like a program with memory vulnerability can be altered so as to do something beyond what its designers or users intend. So there exist Irrevocable Trusts, which sacrifice the ability to make on-the-fly changes to the Trust (which might serve to legitimately advance its goals) in exchange for the increased certainty that its terms and holdings will remain unmodified. It honestly seems a little weird that there hasn't been such a feature until now, as that whole schema depends on having access both sides of that tradeoff.

  • @soniablanche5672
    @soniablanche5672 6 годин тому

    not only you can put the buffer size with scanf via the string formatter, the compiler is smart enough to detect if the size provided to scanf is too big

  • @nempk1817
    @nempk1817 6 годин тому

    Here is a curious challenge i don't see people commenting on, try making a "vulnerable C program" that compiles using security features of Clang or GCC.
    OpenBSD users rise 🍷🗿

  • @distortions
    @distortions 14 годин тому

    LowLevel explaining a Bufferoverflow challenge

  • @MarcoAntoniotti
    @MarcoAntoniotti 3 години тому

    “return oriented programming “? So the INTERCAL designer *did* know stuff we did not imagine: they did put the COME FROM instruction in the language.

  • @gljames24
    @gljames24 17 годин тому +2

    Markers are literally designed to do that.

  • @adamk.7177
    @adamk.7177 16 годин тому

    Wait until he finds out you can create a marker lightsaber out of like 5 of those bad boys

  • @cybernit3
    @cybernit3 6 годин тому +1

    So for that scanf("%32s, &buffer); // that would prevent buffer overflow right? use %32s

  • @sstkitm
    @sstkitm 7 годин тому

    The only way to make the title happen is to remove you, the user.
    Goodbye, Mr. Anderson.

  • @Jenny_Digital
    @Jenny_Digital 21 хвилина тому

    For thousands of years… Ladders were high tech ways to break in.

  • @equin07x
    @equin07x 16 годин тому

    I had to look up and confirm that firefox wasn't built on top of chromium real quick

  • @GreatLich
    @GreatLich 10 годин тому

    Someone has clearly never made an Expo marker sword...

  • @Stratelier
    @Stratelier 5 годин тому

    Hot take: If the stack architecture was itself split into two distinct regions -- one to hold all your typical stack variables, and the other to separately hold the return addressed needed by the cpu for proper call/returns (maybe even hold the latter in a cpu register/cache) -- then memory corruption with code execution hacks would ALREADY be (almost) impossible.

    • @diobrando7642
      @diobrando7642 20 хвилин тому

      It wouldn't completely stop the problem and would not prevent heap corruption

  • @the_yugandharr
    @the_yugandharr 16 годин тому +1

    Great content man keep it up! I don't know how many PPL are suckers for this content but I sure am

  • @autohmae
    @autohmae 14 годин тому

    preaching to the choir, I already have 2 Yubikeys

  • @willpritchard3377
    @willpritchard3377 8 годин тому

    wait until he finds out you can stack the markers

  • @b33thr33kay
    @b33thr33kay 4 години тому +1

    Could you not be so clickbaity? Could you put at least the name of the feature in the title or in the thumbnail, please?

  • @JFrancoe
    @JFrancoe 9 годин тому

    wow I feel so clickbaited. I clicked the video specifically to see that red and black cardigan sweater you had on in the thumbnail 😥

  • @guilhermesoares7857
    @guilhermesoares7857 9 годин тому

    LowLevel : Linus is very passionate
    Linus on this patch discussion: Stop this. I do not want to hear your excuses for garbage any more.
    We're done. If I hear any more arguments for this sh*t, I will
    literally put you in my ignore file, and will auto-NAK any future
    patches.

  • @pariahzero
    @pariahzero 9 годин тому

    Here's something else to learn today: Putting the cap on the back of a writing instrument (marker, pen) is called *posting.* (Really)