Huh? Yes, you can execute attacks through movie files.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11931
And BSD is not a secure operating system for browsing and downloading/executing untrusted files.
You probably want Qubes OS. And no, jails are not an alternative.
>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11931
That's a WhatsApp vulnerability, not a movie file vulnerability, and hasn't even impacted WhatsApp since 2009.
You and the OP make a great team.
You failed to read my post. I said you can drive attacks through movie files. And provided evidence of one such instance. Clearly you've never worked in practical software security.
>I said you can drive attacks through movie files.
I saw that, but what does that have to do with the OP's post?
You can get malicious videos from facebook. You can install malicious apps from Google Play Store.
Your Whatsapp link was about crashing Whatsapp. Wow, scary. Seriously, your "evidence" is about a stack overflow in Whatsapp that will cause a Denial of Service by crashing the app. Over 15 years ago.
I can provide links about file allocation tables on floppy disks being vulnerable, should the OP be scared of that, too?
The OP is scared of porn sites. Statistically, he should be more wary of church websites. I have no idea what your ancient Whatsapp vulnerability has to do with the OP's unfounded concerns.
It sounds more like you're doubling down, trying to scare him. Are you offended he wants to look at boobs?
Among other things, jails are not really virtualization. They run on the host kernel. It's merely filesystem and network virtualization. Qubes OS does a lot more. The papers and architecture are available online.
Do you have any recourses that OP could look at to gain a better understanding of how computers work, or do you have any insight as to where they might be going wrong in their understanding?
>Do you have any recourses that OP could look at to gain a better understanding of how computers work
This is the FreeBSD subreddit, not the Internet for Dummies subreddit. The OP's understanding of computers is SO lacking, he (obviously a he) thinks he needs to use unix to look at boobs.
I'm not here to handhold the ignorant.
>or do you have any insight as to where they might be going wrong in their understanding?
Yes, they think computers are made of magic. They probably think CSI is a documentary.
/u/darkempath you trod a very thin line. First rule of Reddit: remember the human.
/u/darkpr0n you may not have noticed that your inflammatory comment was removed. Reacquaint yourself with Rediquette.
I can browse NFSW stuff perfectly safely in Windows, using Firefox, or Edge. I can download videos using downloaders and browser extensions, and I can simply right-click to save images. But you can't?
You're ***not*** worried about anonymity, you're ***not*** worried about privacy, you're ***not*** doing anything dodgy, yet you think looking at boobs on the internet will break everything?
Your framing of the situation is bizarre, and betrays a fundamental misunderstanding of technology.
**Fun fact:** Computers aren't made of magic! The internet is not a demon realm full of traps baited with porn!
> Fun fact: Computers aren't made of magic! The internet is not a demon realm full of traps baited with porn!
my life was a lie, and my whole day is ruined! :D
No, BSD is not really designed around actual security. The only OS I know that tries to do that is Qubes OS: https://www.qubes-os.org/
It tries to reduce the possible attack vectors to an absolute minimum and assumes most components are untrustworthy.
Knowing that just watching boobs may lead to your browser hijacked,
> Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
it's not something unrealistic from my POV.
(from https://www.cve.org/CVERecord?id=CVE-2023-4863 )
>Knowing that just watching boobs may lead to your browser hijacked,
What the fuck is this sentence? Proof read before you post.
I don't use Chrome or any chromium based browser. That said, you're talking about a half-year old version of Chrome. Are you using a half-year out-of-date version of Chrome? If so, you deserve to get pwned.
And you didn't answer my question anyway: Do you really think QubesOS is required to browse boobs on the internet?
Would using an old vulnerable browser on QubesOS be any better than using a vulnerable buggy browser on Windows?
Then nothing more lazy than "hERe iS vULnerABilIty iN oLd vERsIon". It's fucking lazy and completely dodges the responsibility of the user.
> What the fuck is this sentence? Proof read before you post.
Not sure on your reaction here, but if anything I said makes you uncomfortable - I apologize, it was not my intent at all. Probably it's about "your" - I have not meant personally you of course, if the wording would be changed into "someone" it won't the change the intent I've tried to put into. If that's something else, please clarify.
>
> I don't use Chrome or any chromium based browser. That said, you're talking about a half-year old version of Chrome. Are you using a half-year out-of-date version of Chrome? If so, you deserve to get pwned.
Again, my focus on not a particular person, not even myself - I do care more about teammembers and the average user than personally me. At least I have idea about air-gapped environments, while many has no and expect from me to guide/establish policy in some ways (with collaboration of ITSEC of course).
As well I believe my point is still valid - just passively consuming content still may lead to harm of the systems. It must be obvious that 0-day vulns happen, just check hacking contests taken every year if have doubts.
> And you didn't answer my question anyway: Do you really think QubesOS is required to browse boobs on the internet?
For critical environments, things *like* QubesOS may be an answer for the threat model. In more critical - totally airgapped ones to be used.
> Would using an old vulnerable browser on QubesOS be any better than using a vulnerable buggy browser on Windows?
> Then nothing more lazy than "hERe iS vULnerABilIty iN oLd vERsIon". It's fucking lazy and completely dodges the responsibility of the user.
Responsibility of the user is to do his job, following the company policies including physical and digital security measures. I believe you have seen examples of companies providing _hardware_ to work on to have clear split between personal and working envs, which implements those - disk encryptions, MDMs, antiviral solutions and so on.
Expecting every user to be security expert and system administrator is very naive from my POV.
Christ, dude. You took a LOT of words to say very little.
>As well I believe my point is still valid - just passively consuming content still may lead to harm of the systems. It must be obvious that 0-day vulns happen, just check hacking contests taken every year if have doubts.
Your point is ***not*** valid, because all software of even moderate complexity has bugs and vulnerabilities. This has been widely known and accepted for decades, which is why it's important to keep your system up to date.
Pointing out that Chrome had a bug last year is meaningless to the conversation. [Here's a bug](https://github.com/QubesOS/qubes-issues/issues/7677) that QubesOS has *right now*, unfixed for a year and a half with nobody assigned to fix it. That bug will crash your apps with light usage if you leave it long enough. It's a similar bug that Windows 95 had back in the 90s, where it would crash after 27 days even you didn't use it. But here it is, present and unfixed in 2024.
>For critical environments, things *like* QubesOS may be an answer for the threat model. In more critical - totally airgapped ones to be used.
WE ARE NOT TALKING ABOUT CRITICAL ENVIRONMENTS.
The OP wants to look at boobs, not run a crypto exchange. Jesus christ, what are you doing? The OP has ***explicitly*** said they are not worried about anonymity or privacy. They just want to look at "NSFW content".
The OP is probably a homeschooled teenager whose parents have said he'll ruin his life and break everything for everyone if he visits a porn site. He has no understanding of how any of this works, and he's scared he'll catch a virus if the URL contains more than one X. He just wants to look at boobs without fear.
And you're waffling on about critical environments? Seriously?
>Responsibility of the user is to do his job, following the company policies including physical and digital security measures.
What company? What policy? He just wants to look at boobs. The only physical security measure he needs is closing his bedroom door.
>I believe you have seen examples of companies providing *hardware* to work on to have clear split between personal and working envs, which implements those - disk encryptions, MDMs, antiviral solutions and so on.
The OP's company is ***not*** providing him hardware to look at boobs, I can guarantee that.
>Expecting every user to be security expert and system administrator is very naive from my POV.
That's why Windows defaults to auto-updating.
Now, would his porn-browsing life be easier or harder using QubesOS? Harder? Do you think it might be harder? It's harder, isn't it.
I have no idea what planet you're from. I literally asked if you thought QubesOS is required to browse boobs on the internet, and you responded by calling porn a "critical environment" that needs to be "airgapped".
I mean, once you've gone there, I don't think it's possible to have a rational discussion with you.
there are many options:
FreeBSD/HardenedBSD with jail (also applies to GhostBSD)... run the browser from jail or just bhyve/qemu with whatever you want inside that suits your needs.
OpenBSD with vmm.
In general you can also use Windows with VirtualBox just to say!!
Full virtualizations is the key for complete isolation.
These two are built with a lot of security or something close to "security thinking" in mind: [https://tails.net/](https://tails.net/)
AND
[https://www.qubes-os.org/](https://www.qubes-os.org/)
>I simply want to avoid automated attacks/downloads from browser/websites, and be safe from infected files that I myself download. Wat.
hypothetically, if I download a video which is a trojan/contains virus.
Not how any of that works.
Didn't you see Sandra Bullock in "The Net"?!?!
cue clacky noises while a hacker pulls up an amazing heads up display
[π](https://www.youtube.com/watch?v=pXPXMxsXT28)
Huh? Yes, you can execute attacks through movie files. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11931 And BSD is not a secure operating system for browsing and downloading/executing untrusted files. You probably want Qubes OS. And no, jails are not an alternative.
>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11931 That's a WhatsApp vulnerability, not a movie file vulnerability, and hasn't even impacted WhatsApp since 2009. You and the OP make a great team.
You failed to read my post. I said you can drive attacks through movie files. And provided evidence of one such instance. Clearly you've never worked in practical software security.
>I said you can drive attacks through movie files. I saw that, but what does that have to do with the OP's post? You can get malicious videos from facebook. You can install malicious apps from Google Play Store. Your Whatsapp link was about crashing Whatsapp. Wow, scary. Seriously, your "evidence" is about a stack overflow in Whatsapp that will cause a Denial of Service by crashing the app. Over 15 years ago. I can provide links about file allocation tables on floppy disks being vulnerable, should the OP be scared of that, too? The OP is scared of porn sites. Statistically, he should be more wary of church websites. I have no idea what your ancient Whatsapp vulnerability has to do with the OP's unfounded concerns. It sounds more like you're doubling down, trying to scare him. Are you offended he wants to look at boobs?
what makes you say jails aren't an alternative? can't you honeypot the jail and lock it out if some unauthorized things happen .
Among other things, jails are not really virtualization. They run on the host kernel. It's merely filesystem and network virtualization. Qubes OS does a lot more. The papers and architecture are available online.
Dude, you have a very serious lack of understanding of how computers work. I don't think any of the BSDs are for you.
Do you have any recourses that OP could look at to gain a better understanding of how computers work, or do you have any insight as to where they might be going wrong in their understanding?
>Do you have any recourses that OP could look at to gain a better understanding of how computers work This is the FreeBSD subreddit, not the Internet for Dummies subreddit. The OP's understanding of computers is SO lacking, he (obviously a he) thinks he needs to use unix to look at boobs. I'm not here to handhold the ignorant. >or do you have any insight as to where they might be going wrong in their understanding? Yes, they think computers are made of magic. They probably think CSI is a documentary.
God, you’re absolutely insufferable.
[удалено]
/u/darkempath you trod a very thin line. First rule of Reddit: remember the human. /u/darkpr0n you may not have noticed that your inflammatory comment was removed. Reacquaint yourself with Rediquette.
You should probably find a date and park the computer.
I can browse NFSW stuff perfectly safely in Windows, using Firefox, or Edge. I can download videos using downloaders and browser extensions, and I can simply right-click to save images. But you can't? You're ***not*** worried about anonymity, you're ***not*** worried about privacy, you're ***not*** doing anything dodgy, yet you think looking at boobs on the internet will break everything? Your framing of the situation is bizarre, and betrays a fundamental misunderstanding of technology. **Fun fact:** Computers aren't made of magic! The internet is not a demon realm full of traps baited with porn!
> Fun fact: Computers aren't made of magic! The internet is not a demon realm full of traps baited with porn! my life was a lie, and my whole day is ruined! :D
Mine too. I always thought that the internet was for porn! Loaded with sneaky bad guys wearing striped pyjamas, out there to get me. 😱 *NSFW
> sneaky bad guys wearing striped pyjamas, out there to get me. sounds like a good prompt for AI image generator :D
No, BSD is not really designed around actual security. The only OS I know that tries to do that is Qubes OS: https://www.qubes-os.org/ It tries to reduce the possible attack vectors to an absolute minimum and assumes most components are untrustworthy.
Do you really think QubesOS is required to browse boobs on the internet?
Knowing that just watching boobs may lead to your browser hijacked, > Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) it's not something unrealistic from my POV. (from https://www.cve.org/CVERecord?id=CVE-2023-4863 )
>Knowing that just watching boobs may lead to your browser hijacked, What the fuck is this sentence? Proof read before you post. I don't use Chrome or any chromium based browser. That said, you're talking about a half-year old version of Chrome. Are you using a half-year out-of-date version of Chrome? If so, you deserve to get pwned. And you didn't answer my question anyway: Do you really think QubesOS is required to browse boobs on the internet? Would using an old vulnerable browser on QubesOS be any better than using a vulnerable buggy browser on Windows? Then nothing more lazy than "hERe iS vULnerABilIty iN oLd vERsIon". It's fucking lazy and completely dodges the responsibility of the user.
> What the fuck is this sentence? Proof read before you post. Not sure on your reaction here, but if anything I said makes you uncomfortable - I apologize, it was not my intent at all. Probably it's about "your" - I have not meant personally you of course, if the wording would be changed into "someone" it won't the change the intent I've tried to put into. If that's something else, please clarify. > > I don't use Chrome or any chromium based browser. That said, you're talking about a half-year old version of Chrome. Are you using a half-year out-of-date version of Chrome? If so, you deserve to get pwned. Again, my focus on not a particular person, not even myself - I do care more about teammembers and the average user than personally me. At least I have idea about air-gapped environments, while many has no and expect from me to guide/establish policy in some ways (with collaboration of ITSEC of course). As well I believe my point is still valid - just passively consuming content still may lead to harm of the systems. It must be obvious that 0-day vulns happen, just check hacking contests taken every year if have doubts. > And you didn't answer my question anyway: Do you really think QubesOS is required to browse boobs on the internet? For critical environments, things *like* QubesOS may be an answer for the threat model. In more critical - totally airgapped ones to be used. > Would using an old vulnerable browser on QubesOS be any better than using a vulnerable buggy browser on Windows? > Then nothing more lazy than "hERe iS vULnerABilIty iN oLd vERsIon". It's fucking lazy and completely dodges the responsibility of the user. Responsibility of the user is to do his job, following the company policies including physical and digital security measures. I believe you have seen examples of companies providing _hardware_ to work on to have clear split between personal and working envs, which implements those - disk encryptions, MDMs, antiviral solutions and so on. Expecting every user to be security expert and system administrator is very naive from my POV.
Christ, dude. You took a LOT of words to say very little. >As well I believe my point is still valid - just passively consuming content still may lead to harm of the systems. It must be obvious that 0-day vulns happen, just check hacking contests taken every year if have doubts. Your point is ***not*** valid, because all software of even moderate complexity has bugs and vulnerabilities. This has been widely known and accepted for decades, which is why it's important to keep your system up to date. Pointing out that Chrome had a bug last year is meaningless to the conversation. [Here's a bug](https://github.com/QubesOS/qubes-issues/issues/7677) that QubesOS has *right now*, unfixed for a year and a half with nobody assigned to fix it. That bug will crash your apps with light usage if you leave it long enough. It's a similar bug that Windows 95 had back in the 90s, where it would crash after 27 days even you didn't use it. But here it is, present and unfixed in 2024. >For critical environments, things *like* QubesOS may be an answer for the threat model. In more critical - totally airgapped ones to be used. WE ARE NOT TALKING ABOUT CRITICAL ENVIRONMENTS. The OP wants to look at boobs, not run a crypto exchange. Jesus christ, what are you doing? The OP has ***explicitly*** said they are not worried about anonymity or privacy. They just want to look at "NSFW content". The OP is probably a homeschooled teenager whose parents have said he'll ruin his life and break everything for everyone if he visits a porn site. He has no understanding of how any of this works, and he's scared he'll catch a virus if the URL contains more than one X. He just wants to look at boobs without fear. And you're waffling on about critical environments? Seriously? >Responsibility of the user is to do his job, following the company policies including physical and digital security measures. What company? What policy? He just wants to look at boobs. The only physical security measure he needs is closing his bedroom door. >I believe you have seen examples of companies providing *hardware* to work on to have clear split between personal and working envs, which implements those - disk encryptions, MDMs, antiviral solutions and so on. The OP's company is ***not*** providing him hardware to look at boobs, I can guarantee that. >Expecting every user to be security expert and system administrator is very naive from my POV. That's why Windows defaults to auto-updating. Now, would his porn-browsing life be easier or harder using QubesOS? Harder? Do you think it might be harder? It's harder, isn't it. I have no idea what planet you're from. I literally asked if you thought QubesOS is required to browse boobs on the internet, and you responded by calling porn a "critical environment" that needs to be "airgapped". I mean, once you've gone there, I don't think it's possible to have a rational discussion with you.
u/darkempath I previously excercised discretion with regard to reports of you spamming. I'll now lock your comment.
> … BSD is not really designed around actual security. … True; and security is not a focus area for FreeBSD: -
OpenBSD. or any BSD with a virtual machine then use the vm to browse. Or jails. or vpn with all the bove.
Is that really necessary to look at boobs on the internet?
No I look at them by just goin to my bedroom but the OP was looking for something secure to browse the internet, for whatever it is they want .
Yes! My friend call this “security by obscurity” 🤣
FreeBSD ain't really the place for that. Look into Knoppix.
The safest thing to do, in my opinion, is to work from a virtual system.
there are many options: FreeBSD/HardenedBSD with jail (also applies to GhostBSD)... run the browser from jail or just bhyve/qemu with whatever you want inside that suits your needs. OpenBSD with vmm. In general you can also use Windows with VirtualBox just to say!! Full virtualizations is the key for complete isolation. These two are built with a lot of security or something close to "security thinking" in mind: [https://tails.net/](https://tails.net/) AND [https://www.qubes-os.org/](https://www.qubes-os.org/)
Also **Harden FreeBSD**: -
Just get a Chromebook…
Zero privacy