What happens if you Expose 14 yr old Linux to the Internet? 

e

BBL drizzy

Same lol

😂

@@ReferredRhyme82BBL drizzaaayyy

I like this idea

​@@spacecat3198 Me to, I'm just concerned RU-vid would take issue since it could be interpreted as "teaching how to hack".

It is not. Most of his videos rely on SMB vulnerabilities. This is essentially protocol that allows sharing of resources (including files) over network . If you disable it, hackers are left high and dry .

This kind of thing would realistically not happen if you connected your own 14 year old system to the internet. Firewalls exist on basically every router sold these days, and there's almost no reason to connect a PC directly to a modem anymore, which is how this happens.

You wanna find out, try redacted or redacted or some other ctf where you can pwn a box. It can be pretty freaking hard, but that's usually a matter of finding the vulnerabilities (by hand, usually) Redacted 1 is: Words that sound like "hakkk zee box" Redacted 2 is: worst that sound like "tryyyyy hakkkkk meeee" I am literally not allowed to type the names of the sites or the comment gets pwned.

I saw one when I was on vacation once! It was running CentOS or something with kernel 2.4

@@system128 I saw a centos system on a cash register that was running not being used stuck on the login panel and it was lightdm, and it had the same 19 inch lg monitor i had at home

This is true for all operating systems, even Windows.

@@Alethila Not really, Windows can get compromised with just an internet connection, as it was a major attack vector in the past because the user base wasn't the most knowledgeable at securing their system and the defaults were in favor of making using the computer easier. This is why everyone complained when Vista was released, it made running privileged software a little more secure, but flaws in release versions of Windows will not have the patches that would keep you safe for very long when connected to the internet.

@@jfftck "Windows". You say that like it's one version. This creator made a video in the same style about windows 95, and he had to go out of his way to make it insecure. Turning off the firewall and so on. Truth is, Linux has many of the same problems and weaknesses. It's only less apparent because Linux has a much lower userbase. Stop looking at tech as a fanboy, instead take objective looks. You'll grow both in a professional and personal manner.

@@kristoffer8609 Windows 95 didn't come with a firewall, so if it had one, that isn't a base installation. My first computer was a DOS system, then my family upgraded to a Windows 95 computer. I can also provide proof that I work in one of the big tech companies, so I think I know what I am talking about. I have a problem with these videos because of the non-standard setup. Furthermore, I was using Linux as a teenager and having to manually set up everything, not like this version that was shown in this video. I don't recommend using any OS that is out of date, but the cool thing about Linux is it has a live session -- which is a version running in memory and doesn't write anything to your drive, so you can browse the web without worries of being hacked as it will wipe everything if you restart. This live session can also install a newer version, so until Windows or macOS support this feature, it will always have a way to install from older versions.

Probably the only versions of Windows that are going to be compromised out of the box are XP pre-SP2, Windows 2000, and maybe NT 4. Everything else has either sane defaults of firewall and closed services or are too old and primitive to be targets. And this assumes you're going out of your way to connect it directly to the internet, which hasn't been a thing for about two decades.

How was it connected? I would doubt that would be exposed to the internet.

@@EricParker I don't remember this was like 3 or 4 years ago but ssh was the one thing I could think of that caused it so I guess? I couldn't find any videos on malware like that though, I wouldn't be surprised if it was someone's scareware designed to let people know to change their password xD but yeah my Pi was connected to the internet at the very least because I wanted to run PokeMMO on it and also RetroAchievmeents on Retropi

@@EricParker My comment got auto deleted by YT but yeah, I wanted to run PokeMMO and RetroAchievements so it was connected to the internet, not sure if SSH was configured for WAN though I just had default settings I think. Also not 100% sure it was ssh it could've been some other remote desktop thing I don't remember, it was like 3 or 4 years ago

I'm jealous! I wish my linux install was hacked one day like that

@@ETORERIGO I wish I recorded it but I didn't think to in my panic lol.

Wrong. You can still use Windows Xp, Vista and 7.

@@susstevedev windows xp is vulnerable as fuck

@@susstevedev Eric has already shown a windows XP video, watch it and you'll see. In that video he connects it to the internet, and immediately gets rats, spyware & adware.

@@susstevedev Have fun with all the malware you can get from those unsupported Windows.

If the update didn't cause any problems with other users.

Yep.

that's a common method, and also is what a bunch of those websites which train you to hack intentionally do.

Why don't ISP's block such IP's that send the same hacking packets to multiple hosts. It probably is obvious. Also, if we move to IPv6 will the hackers be able to find commputers that easily?

This was definitely the case with Drupal, too, at least some years ago.

@@typingcat The answers are no and no: First no because somehow the ISP needs to know that someone is hacking, and that needs a packet scanner, which usually only works with unencrypted connection, that also needs to scan a packet through thousands of scanners, so the ISP knows for sure that it is indeed a hacker, and even if they know then they can block normal clients who have just been hacked/downloaded some malware, and if the ISP blocks them then they also block normal communication... not worth it. Second, no, because luckily IPv6 is so hudge, so if everyone has (almost) random IP then finding a target is harder... not impossible, but harder.

@@Maramowicz none of that matters because: the ISP needs to care. Hackers use ISPs that don't care. In fact, there's a whole class of attacks (such as DNS amplification attacks) that rely on sending packets over the internet from an IP address that isn't actually yours, which shouldn't be possible, but that some ISPs just don't prevent

@@LoganDark4357 ISP when someone setups bots to attack people: 😊 ISP when they see you're torrenting a movie: 😈

As he mentioned, it's the services running on the machine that make it vulnerable. If there are no listening ports exposed to the internet, there is no toe-hold for an attacker to latch on to. You have to be able to get a response from the machine in order to make it do anything.

Might actually work better

just curious, did you used Lynis compliance checker to harden this ubuntu or just used it with default settings?

@@JoraGamer hi! I ran a CIS benchmark to patch up the most basic things. I would like to try Lynis auditing, but it didn't come to mind then 😁. Thanks, I will have something to do now

WHAT??

Wait, how did that happen? Can you share some more details about the attack?

drake intensifies

Nothing because at that age they were already exposed to the internet at least for a decade 😓

Gen Alpha memes

you get me

Obviously you should have used the password "toor", which is so much better because everyone knows hackers can't read backwards.

@@the-answer-is-42 Haha

That's the default configuration for "damn vunlerable linux".

yeah it was actually redis which was encrypted, I remember now - pretty common if iptables isn't installed

Leurak??!!!! Creator Of Memz VIRUS!

Leurak??!!!!

@@ツッヾヅ no way

​@@ツッヾヅabsolutely insane

Dirtectly. If it was NAT probes would only see a router.

NGINX gang

It was a few years ago now (maybe 8, time flies, lol), but the university I studied at had an entire internet room filled with XP machines. We used them for computer labs. I had to talk someone out of doing something banking related on it.

@@the-answer-is-42 Were they connected to outside world with external IPs or through a router with 192.168 ips?

@@kirill9064 Through a router I think, but they were public computers everyone was using.

@@the-answer-is-42 Were they without immutablility software that would reset system on restart?

@@kirill9064 yeah, it was just normal XP machines. Nothing fancy about them.

It’s safe

Yes.

You can also buy a little hardware tap that you just put in the middle of the ethernet link to the modem/router/internet and then you have two other RJ45 plugs which deliver incoming and outgoing traffic. However, he's using a VM so his networking is probably not amenable to either of these methods. But it's all getting pretty complicated at that point; probably too much so for a RU-vid video.

And if you're running this in Proxmox/KVM, you can solve the problem with simple networking. The vulnerable VM will have a net adapter attached to say, vmbr1 on the hypervisor. Simply create another virtual bridge (vmbr2), attach them BOTH to a new linux VM for Wireshark, then create a virtual bridge inside of it, and enable packet forwarding. All traffic will be filtered through the Wireshark VM, and can be safely recorded.

That's not even a tiny hurdle. I used to run SSH on port 443 so I could get into my systems from work. Watching the traffic hit that was amazing; I'd sit there watching it in real time and work out where they were hitting me from and it was fun but a bit too much after a while. Of course I didn't use a password; it was locked down with SSH key authentication and rate limiting firewall rules.

@@dingokidneys It'd still be interesting to see what malware gets dropped when one of those guys gets in

It would take a while for 1 attacker to find you. With 2 attackers it would take half as much time for someone to find you. Now imagine how many intentional bad actors there are online. Then add in all the compromised systems acting as part of a botnet. If there are 1 million hosts each trying a completely random IPv4 address once a second it will take (on average) less than an hour for one of them to find you.

nah you won't unless you install shady apks on your android device. On iphone i don't think you can get infected by just simply connecting to the internet the only way to get a virus on an iphone is by jailbreaking it and even then you won't be infected since ios is not very easy to hack.

@@frans3090 makes sense. Was just wondering if there could be any attacks since outdated versions of phones have vulnerabilities and flaws yk

Who is exactly exposing them?

@@princess7jasmine couldn’t find it though it was a small youtuber

@@tezcanaslan2877 So, you're making a baseless claim?

It is Ubuntu Lucid. So 10.04.4

that would be interesting, also ios or android

@@lPlanetarizado Mac os 9.0.4?

Because stock Linux doesn’t ship with any open ports. Nothing happened regardless, but I was trying to give it a chance

seems to be safe and legit, people dont really report security issues with it, I've been using it myself for over a year, but you never can know if in the future the author doesn't change his mind and ships an update with malware

Yeah it is safe. I've used Ghost Spectre for nearly 2 years now. I am very satisfied :D

I wouldn't trust it, AtlasOS and ReviOS are both open source. There is LTSC which is less optimized for gaming, but is developed by Microsoft

@@mixskillter4785 Yeah but that's also with almost any software you download

@@ttkftykyfts Yeah i'm using it for 2 years already and had no issues, but yeah I don't know if it's good not keeping up with some Windows Updates

MacOS doesn't need to worry about it. Not the win you thought it was really. Like that UEFI hack that MacOS is the only OS unthreatened by it, while Windows AND Linux are completely unable to do anything about it.

@@BlueEyedVibeChecker Apple Silicon has a flaw that can't be fixed with software, and you can run Linux on hardware that doesn't have flaws. There are many platforms that Linux supports that it can run on anything. Also, the flaw for UEFI, which does have a software patch, requires the software to be run in privileged level, but Apple's exploit could expose your security credentials remotely. Stop trying to act like Apple is flawless in execution, besides running 14-year-old software will most likely be on old hardware without UEFI boot image flaw.

I saw :)

I miss Unity 7's design too.

Yep, I'm still using MATE, a fork of GNOME 2, though with a more "modern" theme. But that interface is irreplaceable.

proprietary

​@@ThatBKsecurity through obscurity

Especially if it is Mac OS 9.

You gotta be like 5 years old.

chrome os is actually really secure

@@tomtravis858 13

@@Difluoroacetamide As an Android user, I find it hard to believe you. But as someone who knows how an OS with

@@BlueEyedVibeChecker security through obscurity and chromeos is just a very locked down gentoo based proprietary linux distro