This would only work if the supposed payload targeted a vulnerability in a media player. I might be wrong but I’ve never heard of one such vulnerability. And since there are so many different media players out there, such attack would not compromise as many people that other more efficient attack vectors could
Comment on DVDs and public transit: Boycott drives people to ditch Big Tech to protest ICE
pemptago@lemmy.ml 3 weeks agoHow does one keep their system secure with all that torrenting? A large mkv of a new movie seems like an effective container to deliver a payload.
demonsword@lemmy.world 2 weeks ago
Attacker94@lemmy.world 3 weeks ago
So long as you are careful about file formats you shouldn’t have any issues, but there are a decent amount of measures you can take.
- Do all your downloads inside a VM that is sandboxed away from your main system, and then monitor the system processes when you run the file. 1.1 if you really want to isolate it watch things on that VM, but that’s a bit of a pain
- Have your download system on a vlan that isolates it from the rest of your network.
- Only download from well trusted communities and make sure to verify checksums.
- With a little bit of time to kill you can learn how to run a sandboxed video player on Linux or could go the extra mile and run a system like nixos which is isolated by design
It doesn’t have to do with device security, but you should only do downloads over a VPN with a kill switch enabled to stop your ISP from sending you a cease and desist letter. Keep in mind that you are just trading your ISP for your VPN server when you do that though, so you may want to pick one that has been proven to not record logs, I use PIA for that reason, but I have also heard that mullvad also got subpoenad and demonstrated that they didn’t hold logs.
MangoCats@feddit.it 2 weeks ago
Is TOR a practical alternative for VPN - never tried it, but it seems tempting…
bitwolf@sh.itjust.works 2 weeks ago
I wouldn’t consider it so. Imo it has a different intended use case.
Similar to a a VPN’s server, if a TOR exit node is compromised, so is your traffic.
However, TOR is significantly slower than just torrenting over a VPN. It speed loss could make a 15min download take 6-8hours. For a movie that could be a few gbs in size it would take even longer.
Attacker94@lemmy.world 2 weeks ago
I’m not too well versed in it, but just based upon how it works I would imagine you would be at greater risk without taking at least as many precautions as the normal internet.
pinball_wizard@lemmy.zip 3 weeks ago
In theory, sure. In practice, we don’t see much of that.
Don’t run the video player with administration credentials, and keep the video player up to date and it’s likely to be fine.
Auli@lemmy.ca 2 weeks ago
What is the mkv going to do? It is not a executable format.
W98BSoD@lemmy.dbzer0.com 3 weeks ago
Carefully.
Seriously, I don’t know if any/many issues caused by downloading and playing a legitimate video file (MP4/MKV/AVI).
I feel like, if there are, those are being saved for a nation state level attack and not Fred downloading Shrek 2 questionably.