×
Login Register an account
Top Submissions Explore Upgoat Search Random Subverse Random Post Colorize! Site Rules Donate
21

files.catbox.moe does not protect against files containing WEBP labelled as jpg, PNG, etc. This lets Mossad control your phone or laptop

submitted by Cantaloupe to whatever 1.7 yearsSep 25, 2023 01:32:52 ago (+24/-3)     (scored.co)

https://scored.co/c/Technology/p/17r9WUN5oT/-oh-my-god-world-wide-computer-e/c

Just an FYI, either update you system or browser to protect against this.

Fixes are generally after Sept 13th.


28 comments block

sort by: hot new top old low

[ - ] NorthAmericanPorchMonkey 9 points 1.7 yearsSep 25, 2023 08:12:39 ago (+9/-0)

webp is the nigger of image formats

[ - ] BlowjaySimpson 1 point 1.7 yearsSep 25, 2023 18:15:14 ago (+1/-0)

I'd argue it is the kike of image formats. Far to much going on to write it off as nigger tier.

[ - ] Boyakasha 7 points 1.7 yearsSep 25, 2023 08:46:56 ago (+7/-0)

If you think mossad doesn’t have legally sanctioned access to devices via NSA/FBI backdoors, then you’re fooling yourself. Always assume all devices are monitored, because they very likely are.

[ - ] Sleazy 5 points 1.7 yearsSep 25, 2023 12:00:41 ago (+5/-0)

like MOSSAD needs that exploit to control you shit

They work hand in hand with the NSA and have the keys to all the back doors

they want in, they are getting in

[ - ] x0x7 2 points 1.7 yearsSep 25, 2023 11:27:49 ago (+2/-0)

Use Linux.

[ - ] deleted 0 points 1.7 yearsSep 26, 2023 01:59:33 ago (+0/-0)

deleted

[ - ] RepublicanNerd -1 points 1.7 yearsSep 25, 2023 12:54:35 ago (+0/-1)

Linux is no longer the safe alternative. It was recently reported that malicious windows software has been ported over to the linux operating system.

[ - ] BlowjaySimpson 0 points 1.7 yearsSep 25, 2023 18:15:54 ago (+0/-0)

True, but you can't deny it is still the safer alternative.

[ - ] RobertJHarsh 2 points 1.7 yearsSep 25, 2023 07:42:38 ago (+2/-0)

Whenever an exploit is discovered usually the feds or kikesad have been using it for a least a year. The reason I use a VPN is not to hide from the feds, I could give a fuck what they see. It's the ISP not bitching at me if I decide to download shit.

[ - ] x0x7 0 points 1.7 yearsSep 25, 2023 11:26:24 ago (+0/-0)

What does a VPN have to do with any of this?

[ - ] Inward 0 points 1.7 yearsSep 25, 2023 13:12:29 ago (+0/-0)

It doesn't, but that's beside the point.

[ - ] RobertJHarsh 1 point 1.7 yearsSep 25, 2023 17:56:13 ago (+1/-0)

The article specifically mentions VPN users as well as Tor users as the main target. Which means they are targeting those IP ranges.

[ - ] Inward 0 points 1.7 yearsSep 25, 2023 23:55:18 ago (+0/-0)

I was being facetious but I'm glad you actually posted a good reasoning.

[ - ] RobertJHarsh 0 points 1.7 yearsSep 25, 2023 17:55:41 ago (+0/-0)

For over seven months, especially the last 3 weeks, specially crafted hacked meme images on scored.co, 4Chan, Voat.xyz, Poal, Gab, by Feds and MOSSAD could have permanently rooted your BIOS (UEFI) , storage firmware, and OS preloader blocks. Tor and VPN users were main targets.

VPN's own ranges if IPs. The mossad fucks know what they all are.

[ - ] RedBarchetta 1 point 1.7 yearsSep 25, 2023 10:35:51 ago (+1/-0)

who the fuck uses webp. Screenshot that fucker and upload the png or jpg. What kind of retard deals with that stupid webp. I only thought it existed so content managed website didn't end up hosting the image on 20 different sites.

[ - ] deleted 0 points 1.7 yearsSep 25, 2023 10:59:17 ago (+0/-0)

deleted

[ - ] Empire_of_the_Mind 1 point 1.7 yearsSep 25, 2023 13:55:31 ago (+1/-0)

This is a wildly complicated hack, not something that script kiddies are using. the fact that people are actually using a google-created, overly complicated image format like webp is the root of the issue. google can't be trusted. here are details on how this exploit works: https://blog.isosceles.com/the-webp-0day/

Note that Russia has been banning iphones for government use since last year and China did the same last month. Russian officials have made repeated statements about the vulnerability of iphones. They are not referring to idiots, they're talking about state-level people. If you're some random joe no one cares about your iphone. If you're a top official of somewhere important and have access to secret info, that's another story.

What should you do? Run the updates getting pushed out this week on all of your stuff.

[ - ] dontbeaphaggot 0 points 1.7 yearsSep 26, 2023 09:30:23 ago (+0/-0)

Does the exploit run in telegram?

[ - ] Empire_of_the_Mind 0 points 1.7 yearsSep 26, 2023 11:40:09 ago (+0/-0)

in theory yes, because the exploit utilizes the image processing, which is at the OS level and not application specific. TG has already pushed an update for this, but again this is a super complicated hack and is not something that your typically tranny hacker has any ability to execute. It's a real risk for important people but ultimately it's a massive red flag about webp.

[ - ] dontbeaphaggot 0 points 1.7 yearsSep 26, 2023 09:22:04 ago (+0/-0)

'my revelation to many free speech sites, the ones that took action were proven NOT run by feds (poal.co) the ones that refused to protect users (talk.lol voat.xyz) were revealed to be FED HONEYPOTS, and they kept hosting the malware fake jpg links from catbox'

There's stillvalue in posting in jew-run honeypots, it's nice knowing that glowie sphincter gets permanently fused from realizing that the goy population is all coalescing together to lift the yoke of Jewish deceit and control off their tyrannical governments.

And you know what comes next? Rabbi?

deceitful prophet-killing demons

[ - ] Swej_Ehtsag 0 points 1.7 yearsSep 25, 2023 09:52:54 ago (+0/-0)

Still waiting for someone to explain, for example, how Windows computers are infected. A buffer over run exploit? If so, what program? What API? Does it hide something in the task scheduler? Registry? If you say "root", explain the process in which it infects the UEFI/BIOS and what exactly it changes in there that somehow allows for backend access to a computer?

Sure, the sky is falling, but could we get a detailed technical explanation as to how exactly it's falling?

[ - ] deleted 1 point 1.7 yearsSep 25, 2023 10:52:53 ago (+1/-0)*

deleted

[ - ] Swej_Ehtsag 0 points 1.7 yearsSep 26, 2023 18:10:02 ago (+0/-0)

Holy shit... a guy promoting NordVPN and telling you to install software that will slow down and monitor your system (aka malware) is your first link and your second link has the total sum of this to say, "The details of the CVE-2023-463 vulnerability are complex" without any actual explanation as to exactly what it might do, but then recommends downloading more random malware to protect yourself.

[ - ] deleted 0 points 1.7 yearsSep 26, 2023 23:37:45 ago (+0/-0)*

deleted

[ - ] Swej_Ehtsag 0 points 1.7 yearsSep 27, 2023 12:07:23 ago (+0/-0)

So buffer overflow, aka a programmer who forgot to sanitize external input. This happens all the time and as diversity hires grow, it will become an ever increasing problem. None of the malware programs calling themselves anti-malware programs would ever be able to protect you as they can't possibly discover every zero day exploit themselves.

If a person had real concerns about this the only feasible solution would be to stop using Windows entirely or run it as a VM with a clean snapshot image. Chromebooks would most likely be the safest options for plebs as it runs most of it's programs in a sandbox, but then you have big brother jewgle monitoring your every keystroke. For experienced users they could use a Linux distro, but would need a program that monitors inbound/outbound traffic, preferably at the router level in order to catch any potential exploits.

None of these things are going to happen for these normies though, because they want to be good consoomers and play their anti-white triple A video games and don't have the patients to learn how to properly setup and manage Linux or give up their video games. So yes, a valiant effort to stop this current buffer overflow issue, but hundreds, if not thousands, of these will continue to happen throughout the year and nothing less than what I previously suggested will be able to detect them.

[ - ] observation1 0 points 1.7 yearsSep 25, 2023 03:15:17 ago (+0/-0)

I remember clicking on a mp3 that catbox directed to a webm.

Does this mean im fucked?

[ - ] SilentByAssociation 1 point 1.7 yearsSep 25, 2023 10:40:12 ago (+1/-0)

Very possibly...

[ - ] SithEmpire 0 points 1.7 yearsSep 25, 2023 02:50:02 ago (+0/-0)

Don't blame it all on the server, and mind that the browser "fix" is more of a user preference. If content from a url ending with ".jpg" should be accepted only if the content type is image/jpg, that's a user choice.

Separately, a user choice to reject the webp, webm content types would be a great idea, regardless of the url.

[ - ] deleted 0 points 1.7 yearsSep 25, 2023 01:40:06 ago (+0/-0)

deleted

[ - ] dontbeaphaggot 1 point 1.7 yearsSep 26, 2023 09:31:49 ago (+1/-0)

Wait now you're telling me that the Mossads buttfucking each-other?

[ - ] deleted 0 points 1.7 yearsSep 26, 2023 11:36:33 ago (+0/-0)

deleted