Big 🅱️ruh moment

@OnceWithAnAlternative

10 ай бұрын

yo im seventh

@isaackingvideos

10 ай бұрын

Bruh I’m first not [Dam KZread refresh]

@projectjabir4805

10 ай бұрын

Just show case your pc instead of using it. Then you'll never get any viruses.😂

@WiluckGD

10 ай бұрын

yeah massive bruh moment

@sizanbelike

10 ай бұрын

Certified 🅱️rah moment

It's only paranoia until you're right. And it's never paranoia to begin with because this stuff happens all the time.

@Twinrehz

9 ай бұрын

Just because you're not paranoid, that doesn't mean they're not out to get you!

@TD-er

9 ай бұрын

Absolutely! @ThioJoe Can you also describe your rules for AppLocker in the description text? I have been scrolling over and over through the video, which is good for the 'view time' of course, but it would be more practical to also have some kind of overview.

@jirehla-ab1671

9 ай бұрын

​@@Twinrehzhow abt using pirated software & activating office windows using batch files?

@encycl07pedia-

9 ай бұрын

"this stuff happens all the time" I haven't run into a virus since around 2005. It's just user error to download and run files without verifying them. It's yet another reason you should code things yourself instead of importing libraries for everything.

@anon_y_mousse

9 ай бұрын

@@jirehla-ab1671 Why do that when you can use LibreOffice for free.

From the scammers point of view, it must be frustrating that one of the first batch of victims just happened to be someone who was able to identify the signs and get the thing listed in public databases.

@qkzalswns

9 ай бұрын

Imagine working on a virus for hours and days even just for one of your first victims to be him. Reported it to his antivirus developer, even multiple AV devs, made a video about it and showed how to protect yourself from this RAT, but also many others. If I was behind this virus, I'd probably be in depression if I wasn't already xD

@tranhanna7524

9 ай бұрын

@@qkzalswns He doesn't need to. He just need the virus to run on a few dozens computers, steal some CC info, some crypto wallet keys and wallah he has good ROI.

@awrdwad

9 ай бұрын

@@qkzalswns he was never our first victim lol we got loads

@dustlessbard007

9 ай бұрын

@@awrdwad good for you, maybe you can pay for spotify premium now

@Only_Sleep

9 ай бұрын

@@qkzalswns the person running it probably didn’t work on it at all. Since it has marketing, it’s probably being sold off to people. The scammer is definitely slamming their keyboard over having their money wasted though

This is a reminder that no one is entirely safe from hacks and scams

@KobrokoHere

10 ай бұрын

K

@crisnmaryfam7344

9 ай бұрын

The moment you think you know everything, You know nothing.

@GodofToast

9 ай бұрын

@@crisnmaryfam7344 absolutely

@UJustGotGamed

9 ай бұрын

@@KobrokoHere K

@micosstar

9 ай бұрын

@@GodofToast absolutely

The problem is that even if there is no "init.ps1" file the package can be dangerous. And even worse when you compile it into your own software it can also be spreading with your application. Nowerdays also analyzers and stuff can be installed via nuget package and run alongside visual studio. You don't even need to start your app for the code to execute.

@raven4k998

9 ай бұрын

you seen thiojoe is kind of sketchy as he got virus attacked🤣🤣🤣

@jimmlmao

9 ай бұрын

the malicious code can also be injected in the designer if you are using winforms

@LiEnby

5 ай бұрын

If it adds winform or wpf controls then displaying them in the designer will execute it .

such moments makes us feel proud that we are so much into tech and security XD

@KobrokoHere

10 ай бұрын

K

@apache937

10 ай бұрын

if u werent then u wouldnt be installing packages with nuget anyways

@whohan779

9 ай бұрын

Well, Nuget is rather sketchy still compared to official Winget (all packages basically screened by Microsoft-related entities). Inbuilt Windows tools even do singature checks for trusted issuers (which you would only expect from most Linux distros or official stores). Though, of course Chocolatey & Nuget have many more packages available.

@GrigRP

9 ай бұрын

Good morning sir

A error message about a invalid character on any download should be a HUGE red flag. I would never think to tell people this. Thank you for your service!

I like how Smart App Control was mentioned as "easier for most people" when it requires you to nuke your windows install. I feel like for most people they'd rather figure out how to do the AppLocker stuff.

@thebritishindian1

9 ай бұрын

Plus reinstalling windows is a multi-day job when you have to reinstall all of the open source apps, utilities, chrome extensions etc… It’s something I only do when I upgrade the OS. Also, I found that when I install security suites, file Explorer starts hanging, so I use Windows Defender now. I’m not happy about that, but I am super careful and scan downloads with virustotal.

@hardVatsuki

9 ай бұрын

@@thebritishindian1 some of the apps have portable version, like browsers, it saves a tons of time when I reinstall the windows.

@TheShizzlemop

9 ай бұрын

i think he means for most "light" or "casual" users, people who only browse the web, use social media, emails, gaming etc. much easier to just download a game and a few programs again from a list than to get all of your programs and dependencies and settings, directories etc back how you had them.

@erikhicks07

9 ай бұрын

Microsoft didn't enable this by default because they knew it would inevitably lock people out of a lot of apps, possibly even their own

@encycl07pedia-

9 ай бұрын

lol. Why do people still use Windows by choice in 2023? If you want a secure Windows version, use Windows 8/8.1 RT or Windows Phone. They're not very useful in terms of additional applications, but at least you can't run 99.9999999% of malware on them. Or just don't be pit stew. I stopped using Windows back in 2017. The spyware telemetry doesn't feel like a big deal until you use a metered connection and Win10 uses half a GB of data in 15 minutes without your knowledge or consent.

The fact that they were able to fake having this many downloads is the scary bit, I would have thought it's legit too. That should definitely be fixed.

@fireteamomega2343

9 күн бұрын

Yeah sounds like they also found an SQL exploit

I'm a coder and had a Security+ certification in a prior life - and I'm blown away by how many new things I learned from this video. I've been a big fan of your channel for a while, but - wow - this video is truly outstanding. I know I'll be using it as a how-to reference repeatedly and recommending it to as many people as I can.

@ThioJoe

8 ай бұрын

Glad it was helpful, thanks! 🙏

One insidious variation of these software supply chain attacks is when the bad guys buy out publishers (who are often just lone developers) of established and popular packages and then replace the legitimate package with a malware version. Developers who have used the package for years would have no idea what was going on because as far as they know they're just downloading the latest version of a trusted package.

@erikhicks07

9 ай бұрын

True. It's really an ethical responsibility of the original developer to give advanced notice of such.

@encycl07pedia-

9 ай бұрын

1. If it ain't broke, don't fix it. 2. Stop using other people's code and write it yourself. A big reason why software now is full of buggy messes is because people just include every library on the planet. The npm left-pad debacle shows just how pointless many of these imports are.

One thing that really stands out to me about the download numbers at 2:00 is that all four packages have almost exactly the same number of downloads, which for four disparate packages claiming to have downloads in the hundreds of thousands is very suspicious. They couldn't even be bothered to add some randomness to how many fake downloads they botted.

@qkzalswns

9 ай бұрын

And it would be believable if the numbers were similar for only Discord and Xbox plugins as they are both for gaming. But I am not sure how OpenAI, Discord, Xbox and VRChat would be used almost exact same number of times like they can all fit in a single project made by everyone who used them. Even if the plugins were all logical to work together, 200k projects using ALL of them? And I am not sure that many people would use the Discors plugin with Xbox and OpenAI.

@encycl07pedia-

9 ай бұрын

@@qkzalswns Discord isn't for gaming...

Very interesting piece of malware. Thank you for providing details for using App Locker. Keep up with the awesome uploads!

@KobrokoHere

10 ай бұрын

K

i wouldve liked to see windows defender tested against this virus

@CattopyTheWeb

10 ай бұрын

And Kaspersky

@starnumber12046

10 ай бұрын

Avast

@fluentmoheshwar

10 ай бұрын

+1

@Bartekwis

9 ай бұрын

I want to see Kaspersky too

@laitinlok1

9 ай бұрын

If you check virustotal, microsoft blocked it

glad you got out of being hacked, thanks for detailing it and making people aware of the fact that even the best of us can make mistakes

I honestly dont understand how microsoft manages nuget so poorly. 1) Why allow cyrillic characters in the first place? 2) No quality control on the packages? ... This seems to be straight up negligent from microsoft.

@LiEnby

5 ай бұрын

What if the library is just streight up in the cryillic language?

@eggi4443

Ай бұрын

what do you mean "why"? languages exist bruh

8:17 - MZ is well known magic number for all executables in Windows, so it tried to make an exe file You can make a context menu option to add something into AppLocker exceptions with a tiny bit of scripting

@aeghohloechu5022

9 ай бұрын

You will still need to find the exact file, and that seems to be the most tedious part, considering you need to go through the event log

Thanks Joe that was a nice technical video, and in your usual way you spoke clearly for those less technical, whilst giving us techy people info too 10/10 :)

@kamisarma

9 ай бұрын

Doubt it would work. From what I saw on TPSC yt channel, it's not that good. Offline it barely detects anything.

Its crazy how a program as big and reputable as Visual Studio has such a glaring security oversight. Even though I primarily use Linux (arch btw kekw) I'm still looking forward to seeing your App locker setup video! Ty for teaching me something new as always!

I think myself fairly capable regarding security, but I learnt a lot here. Thanks, Thio!

Nice work! A (possibly MORE) valuable test - at least for a lot of folks - might be to see what Windows Defender does with this thing, and stuff like it.

@redyau_

9 ай бұрын

Yes! I was/am under the impression from videos in the pasz years that paying for security software often makes things _worse_ than what Windows already offers. Is that still true?

@qkzalswns

9 ай бұрын

​@@redyau_So at home I used to have antivirus, even tried multiple of them. But every single time an AV would find something suspicious and pop up the notification, so would the defender. Last time I reinstalled Windows I haven't even bothered to get or pay for AV. Been using online Defender since and had no problems. And yes, it has stopped multiple malicious .exe files. I also have it set up so that most of my folders aren't accessible without a pop up asking for the permission. So basically no app can download anything into Documents, Music, Videos, Desktop, directly on the C disk, Windows folder or anywhere else except in Downloads. And it also asks for admin permission to run everything all the time except Web browser. Yes, it is kinda annoying to have admin access prompt show up everytime I open Photoshop but that way no .exe files can be run without permission.

As a Win 10 LTSC user for work - Would love to see the video for app locker if its supported! We've effectively blacklisted Win 11 until its matured a bit more.

Thank you for the video. I also use Bitdefender on 4 PCs that I only access through Microsoft Desktop Remote (gaming and Stable Diffusion). Your video got me to wake up, do scans, and review the recommendations like "autoplay media", etc. I guess unless you are always active, you are a noob with security. So again, thank you, I really appreciate what you do.

Thanks for this awareness! Being a developer or other kind of technical user you have the advantage of understanding things faster then regular users, but this shows we still need to be aware and careful. Note that this same issue is not just important for the DotNet developers, but also for those who rely on other package managers like those of Node, Python, Ruby or even Rust.

There is a reason they use plugins. So the initial file sent / downloaded / executed is small in size (say 50KB instead of 15MB) the idea is get the foot in the door, execute the stub file, and the stub file goes to get the full size files and executes them.

By the way Thio, you're my #1 place to get news on tech and stuff. (Your old flat earther rant video was also hilarious lol)

honeslty its nice that you share your experience so others dont meet the same fate instead of just being satly about it and posting on social media like other people would do.

Whoa! Thank you very much! I didn't pay serious attention to app locker. I will from now on. Seems like a hassle, but a life saver at the same time. The problem with MS "automated" options without exeptions is if you would like to run something that MS don't want you to. For example, an old version of Office could be blocked for "security reasons" for being "outdated", even if you only would use it locally. I've seen this behaviour in some antiviruses that block certain web sites because of "reasons" (that have nothing to do to security)...

How TF is this allowed on the visual studio plugin page?

That first batch file is indeed weird. The fact that it starts with MZ indicates that it's really an EXE file, so it's strange that it wouldn't run after being renamed to EXE.

@zwz.zdenek

9 ай бұрын

Many other Windows files start with MZ. Libraries, drivers, even some fonts. There could be a DLL intended for sideloading with a popular executable, such as explorer.exe.

@LiEnby

5 ай бұрын

You can actually start a process with any file extension using the CreateProcess API function

Wow thats crazy because it so happen that one of my school projects requires me to code on visual studio, thanks for the head up!

As an IT worker, I'm very thankful for your videos. I gain a lot of education from the channel that I don't anywhere else. Looking forward to seeing the video on App Locker down the line. We do have this implemented at my company, but we're fairly new to it so I'd love to hear more about it's potential and how it can be better utilized.

@qkzalswns

9 ай бұрын

These situations like his aren't something that happens to everyone so seeing it from him means that I've learned something g I probably otherwise never would.

That's was unexpected. I always trusted visual studio with what It does in the background and also expected that packages get verified before posted.

Congrats 3 million! Is there someway to disable this Visual Studio leagacy feature of automatically running the tools/init.ps1 script?

@I.____.....__...__

10 ай бұрын

You can ask Microsoft to fix their code, but they have a history of intentionally ignoring user feedback. 😒 (Just like all companies.)

Excellent, useful video. I really appreciate your work in building these vids and bringing them to us.

Thank you for this informative video. I consider myself a poweruser but have never even heard of AppLocker. I enabled it as soon as I finished the video. Looking forward to your video about AppLocker!

The biggest problem with checking for signed executables is that EV code signing certs are only given to companies. If you're a small indie FOSS developer/group without an incorporated entity you're basically shit outta luck. And with smart app control, given how much data they force you to send to them, is, in my european opinion, not really a good alternative and will not work anyways in many cases. For my PC e.g. it just tells me I have to do a clean install(because... it's not turned on. which i'd venture a guess is the same for everyone who upgraded from an older windows version) which is like... Uh.. No?! I already did that once, and thanks to windows being so horrible when it comes to reinstalling it took me forever to properly set everything up again(having to re-download multiple 100+GB apps again on an 80Mb/s line is PAIN) and I'm still having issues thanks to MS p much ignoring some issues with more advanced security features(which they pushed so hard for on W11) not being able to turned on or not properly reporting that they are turned on..

@qkzalswns

9 ай бұрын

Agreed! In our school, all computers are connected to the main school server from which admin is controlling our internet access as well as other stuff like our Google Suite (or however it is called, I believe it is Workspace) for our email and domain management. Something similar to what he has showed in the video is set up there too. Our website access is controlled but also what files can and cannot be run. As we have programming as a school subject, stuff like this happens to us to so we cannot run any .exe or .dll files without admin permission. Our teachers computer cannot overwrite the rule set by network admin. Teacher can only add new rules with some limitations. So when we make a program, it obviously isn't signed by Microsoft or any big company so in order to run it we need our network admjn to approve the program. We suggest adding the folder where any files would be runnable but the school did not agree. I just got an idea that we could as for such a thing on our teachers computer. That way he would have the control over which files will be stored in the folder. However, one class made a little program for calculating something school's finance department needed. As they were about to show their program to the principal and Head of IT in front of multiple Computer Science and Programming teachers, the program did not run because it was not signed by a known company and it was only allowed to run on IT Classroom computers. Once again, it was resolved later as it got approved for the whole network, but it was kinda embarrassing for the studens who made it. Also, it would be veeery appreciated if Microsoft enabled OneDrive to store our Windows settings like WiFi passwords, lightmode/darkmode and blue light settings, etc., like every phone does, so when I log into my Microsoft account on my new laptop I don't have to set everything up ONE BY ONE setting every single time I switch my laptop. Also the synchronisation of those settings between my laptop and PC would be very nice, thank you Microsoft.

I'm used to SRP and didn't look at AppLocker when it came around since it seemed to be the same. Looking forward to your video about it.

@ThioJoe

10 ай бұрын

I think SRP is being deprecated actually

@danyal_assi

10 ай бұрын

@@ThioJoe o

I actually had a similar experience myself, once, where my own carelessness would've gotten me infected with malware. The thing that saved me was Comodo Firewall, though I've since stopped using that firewall, the reason being it would prompt you for permission any time an application did anything that had potential to be malicious. Such as dropping an executable file into appdata, running an executable file, and much more, but the prompts were quite annoying on a day to day basis and that was the only time they ever actually did any good.

Scary stuff. Thanks for including the VirusTotal links! They are very interesting to look at.

I had not even thought of package installer/stores/extension managers like NuGet or VSCode extensions as being a good way to distribute malware payloads. Better research any package before you install, to make sure it's really something you can trust and actually coming from the source you think it is.

@lynnk.7587

9 ай бұрын

I heard it some months ago and since then, I compare the VS NuGet result to the original NuGet from the original GitHub repo

Windows: the only mainstream OS to provide no isolation between applications. Once one runs, it has access to everything. Good video and great explanations on how to properly use/configure AppLocker.

@capability-snob

9 ай бұрын

Secure OS engineer here! You could say this about all of the major operating systems. MacOS does have the App Sandbox, which is a true capability sandbox, but it doesn't tell the user about how safe they are, and it has some interesting holes around file type groups that have been exploitable in Microsoft office. Linux really has nothing usable in that space - don't install apps you don't completely trust on Linux.

@ericesev

9 ай бұрын

@@capability-snob Linux has AppArmor & SELinux, but both are basically unused so +1 for having nothing usable. I jumped ship to ChromeOS about 9 years ago after reading their security design docs. I'm a malware analysis engineer and CrOS keeps me safe enough. Just frustrating to see folks continue to be attacked by stuff like this and not seeing OS vendors work toward improving the situation. What do you use?

These are the kind of videos I live for! Very informational.

In some of your videos, like the tips and tricks ones, I know everything that's going on. (Still enjoy watching them, because occasionally there is something new for me!) In this video, I had no idea about almost any of this, beyond how to install NuGet packages...and that's the scary part!

Possibly of even more concern is that 8 hours later some of the more common AVs (Avast, AVG, Trend, Kaspersky, F-Secure) are still not flagging the a file and only doing somewhat better on the first file.

@tezcanaslan2877

9 ай бұрын

I thought AVG was buried to early 2010s

Smart App Control is not on "a fresh install of windows" What is needed is you to allow them to gather optional diagnostic data when you select those options in the OOBE. If you select "only mandatory diagnostic data" the option is already grayed out on a fresh install by default. And yeah there's also the thing about "if you disable it you cannot re enable it"

Another thing you gotta look out for is VS projects downloaded from the internet running custom build steps. I know VS warns about it, but most ppl are so accustomed to just clicking through the dialog

The big issue with NuGet and kin is the same as with NPM and other code snippet repositories in that basically anyone can upload files to them. This is quite different from distro-specific repositories where you first need to gain the trust of maintainers to even get permission for uploading. This is why I feel a lot more comfortable getting development libraries from the Arch repos even on Windows (via MSYS2). While I also use MSVS and the package managers, those are subject to a lot more auditing and sanity checks, exactly because of the much higher risk factor.

Honestly, now I'm worried too cause I do the exact same thing by looking at most downloades

How could someone can hack you🤦‍♂ You Are Thio!🔥🔥

You're brave! In terms of risk, I'd consider my development environment at the top. For me, it's a completely separate system with no password manager and no access to commit to code repos. I use Code Server as the IDE for my development environment. That way it is seamless to access from my primary laptop/desktop. The SSH key needed for pushing committs to Github is on a Yubikey, on my primary machine. When I need to push code I ssh to the development environment and use ssh-agent forwarding. The private key never leaves my Yubikey and can only be activated with a physical press.

to make things a bit easier on yourself, could you make a "whitelist folder" where you could just drop a file that failed to run already to bypass applocker? i mean in theory, malware could take advantage of that too, but that'd have to be a pretty targeted attack.

@aeghohloechu5022

9 ай бұрын

The issue is when you have a trusted app that can download other executables like in this case. You would most likely mark it's download folder as trusted. If it downloads a malicious software, it will also be put in the same folder. Now you have an untrusted file in a trusted folder.

@qkzalswns

9 ай бұрын

​@@aeghohloechu5022this is why in our school in IT Classroom we aren't allowed to run any .exe files. Our teacher has one folder that can run any .exe file so we send our files via network to him and he runs the program in the folder. If it was made as an exam then that's it. But if we made it for use in school like one class that made a program for our school's finance department, then our Web admin has to approve it.

@undefinedchannel9916

7 ай бұрын

@@qkzalswns this definitely won’t work for larger schools.

@LiEnby

5 ай бұрын

​@@qkzalswnsalot of the time you can take advantage of the rundll32 program to execute arbitary code on locked down devices btw. As applocker doesn't effect DLLs

I use Ubuntu (a Linux based operating system), and I have two programs I make sure to install. ufw is an uncomplicated firewall for Linux distributions that does exactly what it says in the name. Linux doesn't usually come with a firewall depending on which distribution you use, so always make sure you have it installed with sudo ufw enable to both verify installation and enable your firewall if it isn't already. clamav is an antivirus built to work in Linux. Antivirus programs usually don't work in a Linux environment because of the architecture differences from their primary target audience: Windows users. You also don't technically need an av due to the lack of conventional malware for Linux Desktop users. However, it's better to be safe than sorry.

@schwingedeshaehers

10 ай бұрын

Also, it has a different approach to rights on a system

@Ghfvhvfg

9 ай бұрын

Linux was built for security from the start, if you are bored enough von can Look at almost everything running on your system Windows had a other history so they never had it from the start.

The last time I fell for a scam, I got a spoofed email from a collegue asking for my help. Unfortunately for the scammer, my collegue's office was right next to mine so I just walked over to see what help he needed. That was my reminder I am not immune from falling for a scam

I agree Joe, it's to bad you can't enable Smart App Control after Win 11 Pro has been running a while, I checked mine, it was what yours showed. This was the first time I ever heard of that app.

Congrats on 3 Million!!!

Lesson? Never download anything ever.

@bgtubber

10 ай бұрын

Not even more RAM?

@KeinNiemand

9 ай бұрын

Then your stuck with no sofware outside of what comes with windows, or old stuff on phsical media

Thank you for you service!🖖

erm, having played with chatgpt ideas in visual studio this worried me abit because i could easily have fallen for this. thankfully i knew there was no official openai nuget so was fairly confident i would remember if i saw one and used it. but i just had to go back and double check about 6 projects ai related to be sure none of them used any packages that were suspicious (thankfully they all fine) will be checking this in future for sure and as a developer i plan to add that explicit exclusion and use applocker right away

The real package was the friends we found along the way.

IIRC, wasnt the first "virus" actually a screensaver? Pretty sure it was made as a prank, that would turn off someone screen after a set period of inactivity giving the impression of a fault. Later on it was found that it could help prevent burn in on old CRT so rebranded as a screensaver.

@CheddarVG

10 ай бұрын

Something tells me screensavers wouldn't exist without that virus

@Cooe.

9 ай бұрын

No. Viruses long predate screensavers. The first virus was more thought experiment than anything else and the payload was merely text iirc.

Thank you as always! Please make a video on how to setup App Locker.

Congrats on 3 mil!!!

5:34 I think this was a bit misleading.. I wouldn't call it extremely rare. There are plenty of blackmarket shops selling signing services and EV certificates for less than $100. It's uncommon to see in day-to-day malware but in highly-specialized and targeted attacks it's pretty common.

@schwingedeshaehers

10 ай бұрын

If it is less than 100$ why don't use it for normal malware?

@jarrettcameron1150

10 ай бұрын

@@schwingedeshaehers Regular malware is distributed frequently, higher distribution is more likely to get noticed/analyzed. Certificates are more likely to get revoked.

@Exachad

9 ай бұрын

You definitely can't get EV for under $100

@schwingedeshaehers

9 ай бұрын

@@jarrettcameron1150 but even then. You only have to look when your Certificate is revoked, and then remove it/make a new one.

@anti-cheat

9 ай бұрын

@@Exachad Check HF, you can’t get the certificate but you can submit an executable to get signed for ~75 USD.

Would windows defender have been sufficient? Would it have stopped it?

Ive just swapped from Kaspersky to Bitdefender on Windows and Android devices, Ive always hated the UI ever since the beginning, but the latest UI is great and I am loving Bitdefender.

I just sent this to all devs I know that use VS, n told them to watch at least the first 4 minutes, cuz this is definitely something I could have fallen for.

Congrats on 3 Million Subscribers! 🎉

The fact that ThioJoe, a *technology KZreadr,* narrowly dodged a scam...

@CattopyTheWeb

10 ай бұрын

Don't forget LinusTechTips also got hacked in the past

@Dumb_Killjoy

10 ай бұрын

​@@CattopyTheWebTwice if I'm remembering correctly

@Inspirator_AG112

10 ай бұрын

@@Dumb_Killjoy: I knew that one time, but twice?

@pikacringe

10 ай бұрын

Someordinarygamers too

@Dumb_Killjoy

9 ай бұрын

@Inspirator_AG112 The LTT Twitter got hacked around 6 or 7 years ago. I think that's why Linus has his own personal Twitter, since the intrusion came from SIM jacking his phone number.

I'm glad to know that I'm not the only paranoid person in the world 😊 Keep up the great work 👍

Thanks for sharing this with us ❤

this is an insanely good ad

I’m surprised that Microsoft doesn’t vet these extensions. Maybe I shouldn’t be… Why don’t you open the created file in HXD & the batch file in Programmer’s Notepad?

@hostgrady

10 ай бұрын

Most of these programming package managers don't sadly because it's all community uploads unlike say Winget or Linux package managers where a few trusted community members/company employees vet the packages and then upload them. pip and node suffer from these issues all the time and when a project gets hacked it can be really bad if some people have their settings to use the latest version of a package instead of a specific version.

@NinjaRunningWild

10 ай бұрын

@@hostgradyYeah, but that’s no excuse for MS to not be green-flagging valid extensions & red-flagging invalid ones. They shouldn’t be allowing them to just be posted without oversight.

@hostgrady

10 ай бұрын

@@NinjaRunningWild yeah they also run npm which is what nodejs uses, they're really terrible with it

You're on a whole different level Joe haha. Genius man

I'm looking forward to that app locker tutorial

What a unique way to almost get hacked

@qkzalswns

9 ай бұрын

Was thinking the same.

This is why Hackers shouldn't target Tech KZreadrs Not only are they unsuccessful, their entire strategy is made publicly known.

@cameron7374

9 ай бұрын

It being publicly known doesn't mean all of the millions (if not billions) of potential victims automatically know about it.

Wow I always thought when something looks official and without any grammatical mistakes it's safe. I guess I have to find new ways of detecting viruses myself. I'm glad you're safe and thank you for providing us with this info, it helps a lot.

@thenickstrikebetter

7 ай бұрын

To be fair it said "a official" when it should be "an official"

@rookiegamer1234

7 ай бұрын

I don't mind when someone makes gramatical mistake. I sometimes download from places where there are gramatical places as well. What I do first tho is check rating on website and check if website itself is secure, i have plenty of websites that have proven themselves to me. But even in google play store or official places can someitmes contain a virus as almost everyone can upload whatever they want.@@thenickstrikebetter

This is so vindicating. I've had to say no so many times to users wondering "Why can't I just install Spotify myself?", it only takes one bad download and I have so much more work. I have been thinking about scenarios exactly like this with the Cyrillic letters.

Imagine if now he is actually an ai clone of him pretending that he almost got hacked

@mozneda

10 ай бұрын

was wondering the same

NuGet sounds like something to just stay away from!

@I.____.....__...__

10 ай бұрын

That's like saying the Windows Store, App Store, Google Play Store are things to stay away from because sometimes malware makes it onto them. (Then again…)

Interestingly enough, I was just thinking about this very thing a few days ago as I was going through my Android phone Play Store looking for an OpenAI app. I noticed a very large number of purported AI apps in the store. Many try to imitate (through the logo or name) an official OpenAI app. It looked odd to me, and after a very quick research, I realized that OpenAI doesn't yet have an official Android app. They only offer one for iOS. I ended up not downloading anything to my phone. And my thought was was AI functionality can very easily turn into a vector for scams and even malware. And here you are with one example of the latter!

Same for each package manager! Pip is also non-moderated

Question really is if windows defender would detect it... But obviously since bitdefender is sponsor, you wont test for it...

Does packages in store never get reviewed before posted?

@ThioJoe

10 ай бұрын

I think they get a basic scan but nothing to stop them from fetching a remote virus

@GandhiTheDerg

10 ай бұрын

@@ThioJoe As always. You'd think the page hosts would start scanning scripts, especially autorun scripts, for commands that download files and automatically sandbox and test what is downloaded from them. Play store has the exact same issue, because they do not test for Files downloaded by the game, only the files they host themselves appearently

Thank you for the heads-up!

Thanks so much for this video! I'm a sysadmin and have AppLocker applied to my SMB. I'll be adding your deny rules to my policy, right now we've just been relying on the implicit deny and I've been allowing things by path (yes, I know, hash like you do is much better but I'm applying these policies to over 100 users/computers I can't manually add each new hash every time a Teams update or whatever drops, that's way too much work.) Also, if you didn't know AppLocker has previously only been available via Local Group Policy and Intune CSP unless you had Windows Enterprise. If you wanted to apply it to an organization using Windows Pro, you had to use Intune, the ADMX policies for Group Policy Management on DCs existed but they didn't do anything unless you had Windows 10/11 Enterprise licenses on your workstations. I've noticed recently that my AppLocker policy is being applied via GPO, I was using it just to write the policy and export to an XML file to copy/paste into the Intune AppLocker CSP configuration profile I created. However it seems to be working via GPO now, so apparently Microsoft changed the requirements and it will now work with Windows Pro licenses via Group Policy Management on an AD domain. If you're (I mean @ThioJoe or anyone nerdly enough to have read all that above) you might also be interested in an NDR, NG Firewall (why are Fortigates with SFP+ ports so expensive? I want to run one at home), and SIEM. Stay safe. The Internet is a crazy place these days. Kinda bummed I didn't get to enjoy the days when a sysadmin's primary concern was uptime.

You know for someone who is a tech master you seem to get into trouble alot

@NinjaRunningWild

10 ай бұрын

The more you do, the more potential trouble you run into.

@ThioJoe

10 ай бұрын

That’s my secret, I’m not a tech master

@danyal_assi

10 ай бұрын

What secret?

how common does this happen?

@ThioJoe

10 ай бұрын

No clue

@VaiCaDep0893

10 ай бұрын

@@ThioJoe Do you know an app that I can use to protect myself on Android?

@elnkr2603

10 ай бұрын

​@@VaiCaDep0893 it's called "don't install/run suspicious apps". If you only get your stuff from the Play Store and other trustworthy sources like F-Droid you shouldn't have any problems.

@VaiCaDep0893

10 ай бұрын

@@elnkr2603 I know, but at least suggest me an app

@AkinaJVS

10 ай бұрын

​@@elnkr2603even Play Store has some sketchy shit published to, i worked at phone technical assist for 6 months and out of countless adware ridden android phones, not one had "unknown install sources" allowed, all of it was downloaded from the play store and then when already installed had many techniques to hide the app from the menu and giving themselves permissions

I think you should create a video about your applocker setup for advanced users, it would be useful.

I work as a security analyst and ive literally accidentally ran malware on my workstation. It happens to the best of us. Luckily my work uses a really good EDR which stopped it within seconds.

Visual Studio itself is quite alarming with all the extensions from all over the place which are readily added. There are dozens of options available for a given capability, and just finding which one is useful is a chore. Verifying validity and non-maliciousness is yet another major chore. A plain, uninfectable editor and a command-line debugger still work just fine.

I normally very dislike the too extreme facial expressions in the thumbnails (even more if produced by the AI), but this one, man, this one fits! It was genius.

You made me rethink my security config on my PC!

Ok, that is nice and good. What are you using to backup your system for disaster recovery? The other thing is, would a security suite find anything after you have been infected?

I’ve been using bit defender for many years already a couple of years ago I got hacked by scammers, taking over my KZread channel and bit defender did not protect me at the time. It finally detected it the behaviours being inappropriate and blocked it, but not before it was too late. They had already stolen my cookies so they could log into my channel.

LavaMoat has a nice solution for this. More generally, software that provides plugins should use a capability system - either WASM or a capability language such as Secure EcmaScript. This means that plugins are granted exactly the access the user accepted when installing.

oh my you're making me super paranoid now

7:45 "The big daddy malware" got me😂

I personally use Bitdefender, so this is a relief. I've even had false positives, and it detected some batch file that I made some time as a troll, so it seems that it's pretty aggressive with their heuristics threat detection.

@Wacka1wacka

4 ай бұрын

So is bitdefender better than McAfee?