can there be malware behind an innocent-looking photo shared on this site using a steghide technic?
>>101226428time for meds
>>101226428Wow, aren't you newThat's the whole reason we have captchasSome asshat hid a virus in a jpg that when executed causes you to spam 4chan
>>101226428>Can 4chan anons hack you?>can there be malware behind an innocent-looking photo shared on this siteYes. That's why your browser has an OS-level sandbox, why people tell you not to run as root (sandboxes don't work as root) and why people talk about "safe" programming languages like Rust.>using a steghide technic?It's not really the same thing as steganography, because it isn't trying to hide a message, but it's trying to exploit a flaw in an image decoder to force it to run shellcode.
>>101226428It happened last year with libwebp and CVE-2023-4863
>>101226581Good ole Kimmo Alm. I wonder what he's up to these days.
>>101226428Technically, yes. But only if your computer is actively trying to look for executable code in mundane pictures. It would imply your computer is already infected by another malware.I seriously doubt there's an exploit convoluted enough to execute arbitrary code concealed in a that way.Considering how retarded you sound, it is perfectly possible that your endpoint is breached already, though.In any case, there's not much you can do about it.
>>101226428>Can 4chan anons hack you?All the hackers left in 2008. Bots aside, it's 99% phone posters larping. If you are concerned, use firejail+apparmor to launch your browser and further tighten the rules in ~/.config/firejail/yourbrowser.profile after reading the documentation. You can limit what directories and files your browser can even access, read from, write to, etc...https://firejail.wordpress.com/https://wiki.archlinux.org/title/firejail
>>101226700>But only if your computer is actively trying to look for executable code in mundane pictures. It would imply your computer is already infected by another malware.That's not how it works at all. Malware doesn't "look" for other malware to run. Malware exploits flaws in programs to force itself to run. For example, a malicious image could exploit a buffer overflow bug in an image decoder to overwrite a function return address on the stack and execute a ROP chain. You should do some research into how modern exploits are made.>I seriously doubt there's an exploit convoluted enough to execute arbitrary code concealed in a that way.Anon who posted 15 minutes before you already mentioned one from 2023.
>>101226428no malware, possibly steganography (hidden messages within an image file)
>>1012264284chon resizes images so additional things are usually jumbled up and harmless.
>>101226869>using a steghide technicYou missed that part I think.
>>101226899I think you meant to say "no known malware".
>>101226428>lust provoking image>irrelevant time-wasting question
>>101226937I don't think OP knew what he meant when he said that, so I ignored it. What he wanted to know was "can you get hacked by an image because of something hidden in it," which is true.
>>101226428Me? Yes.They? No.
>>101226917That's not even true. 4chan is one of few social media sites that still doesn't recompress images you upload, which is why images can be reposted forever without getting deepfried like they do on other sites.
>>101226917I tested openpuff on 4chang and facebook and hidden data seems to survive the compression. Old fashioned lsb techniques are fucked but more complex schemes work just fine.
>>1012264284chaim runs images through a Cloudflare "optimizer", so unless you encode the content in visually safe image data, it'll get blown the fuck out.
executables no, but its perfectly possible to hide CP in otherwise innocuous looking images which is why you should always be mindful of file sizes because it's been done here more times than you'd believe
>>101228480boomp it.
>>101227047>4chan>social mediaI hate that you're right
fun fact: every jpg file has hidden pixels because jpegs must be padded to the next divisable by 8 resolution. typically encoders pad images with border pixels, but you can actually store actual pixel data there.
>>101226917only the thumbnail. the expanded image is the same. you can download an image you posted and the hash will be exactly the same. the only real change they do to the full size image is strip data after the "magic bit". But that doesn't prevent steg at all.>>101228435that's not a thing anymore, like I said to the other guy, now they strip any data after the end of the actual jpg/png/etc data. they could still do it through steg but that would have to be decoded and embedding an image in an image with steg would probably really fuck up the original image, unless the embedded image was tiny.
>>101230297nowadays they put short codes as watermarks for 'p links in their images. They are hard to see because their color is nearly identical to whatever they are put on. barely noticeable but still illegal(probably), thats how troons shut sites sites down that they dont like stealthily.
>>101231337obviously you have to know what sites the partial links belong to which is hard to guess since they change their methods up.
>>101231266kek
>>101226428Yes, there's at least one person on that website who canNo, we're too stupid for that
>>101228826>+1 karma>+like
>>101226428usually no,click here to testhttp://127.0.0.1:8080
>>101231337can you make a diagram with ms paint to explain i dont understand. what do you mean by code? a url?
>>101226428Check this out anon
>>101233756one value off-color, url shortener watermarks
>>101226623And WEBP was briefly enabled on 4chan before the CVE was publicly announced.
>>101226603Rust has an "unsafe" keyword in the core of the language. Doesn't sound very "safe" to me.>W-well it's safe if you opt to ignore this widely used feature that allows almost anything, including breaking memory "safety"
>>101228480He won
>>101228480sminem won.
If someone finds a 0-day in chrome and another in windows that allow them to do RCE with uploaded images alone and they blow those 0-days in order to prank 4chinners, then they are the most retarded person that has ever existed.Those kinds of 0-days are worth millions.
>>101235850>le 0-days hypethe cyberfag version of dubstep drops
>>101226822>it's 99% phone posters larpingFucking this
>>101228480>>101228506>>101235812>>101235844Samefag
>>101236189im trans if that betters btw