WARNING! to all VLC player users! Stop using VLC and update it now!!

TheBeardedBaby

legendary

Activity: 2240

Merit: 3150

₿uy / $ell ..oeleo ;(

Quote from: Stedsm on June 28, 2019, 12:02:06 AM

Quote from: ABCbits on June 27, 2019, 12:13:17 PM

Quote from: Stedsm on June 27, 2019, 11:57:28 AM

Even if my PC has a reputed Anti-Virus/Anti-Malware/Anti-Spyware software to ^protect^ my PC, should I still consider it compromised if my OS is pirated?

Yes, your system is still vulnerable against zero-day exploit, especially due to update is disabled by default on some pirate distribution.

And what about a crack (or an activator) that allows you to freely update your software even with a fake key? If my OS remains updated, is it still vulnerable to hacks just because it isn't genuine?

Quote from: ABCbits on June 27, 2019, 12:13:17 PM

Quote from: Stedsm on June 27, 2019, 11:57:28 AM

4) I've an Antivirus which is itself cracked to use its Premium features

4) No Idea

Sorry for the incomplete statement there.
What I mean is:
What if I have an Antivirus software which is cracked by a software from some website to use its Premium features like adding extra database of all the known viruses from that Antivirus company, even though my Windows is genuine and not cracked?

Everything that's is cracked is not secure, just because it's very common that the cracking files are injected with Trojan horses. So you are infected right after your fresh installation. Try to avoid all the unlicensed software.

Stedsm

legendary

Activity: 3052

Merit: 1273

Quote from: ABCbits on June 27, 2019, 12:13:17 PM

Quote from: Stedsm on June 27, 2019, 11:57:28 AM

Even if my PC has a reputed Anti-Virus/Anti-Malware/Anti-Spyware software to ^protect^ my PC, should I still consider it compromised if my OS is pirated?

Yes, your system is still vulnerable against zero-day exploit, especially due to update is disabled by default on some pirate distribution.

And what about a crack (or an activator) that allows you to freely update your software even with a fake key? If my OS remains updated, is it still vulnerable to hacks just because it isn't genuine?

Quote from: ABCbits on June 27, 2019, 12:13:17 PM

Quote from: Stedsm on June 27, 2019, 11:57:28 AM

4) I've an Antivirus which is itself cracked to use its Premium features

4) No Idea

Sorry for the incomplete statement there.
What I mean is:
What if I have an Antivirus software which is cracked by a software from some website to use its Premium features like adding extra database of all the known viruses from that Antivirus company, even though my Windows is genuine and not cracked?

tranthidung

legendary

Activity: 2310

Merit: 4085

Farewell o_e_l_e_o

Quote from: harizen on June 21, 2019, 06:32:58 PM

< ... >
To those newbies who are confused, better stop using VLC.

I read from one member of group I joined that animated images also a highly vulnerable things. It sounds like you have good knowledge about that, so if you have time, can you give me some basics about such vulnerabilities of animated images, please

You made a very helpful recommendations, but you also made me shocked by saying you have still used the version 2. Shocked

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: Stedsm on June 27, 2019, 11:57:28 AM

Even if my PC has a reputed Anti-Virus/Anti-Malware/Anti-Spyware software to ^protect^ my PC, should I still consider it compromised if my OS is pirated?

Yes, your system is still vulnerable against zero-day exploit, especially due to update is disabled by default on some pirate distribution.

Quote from: Stedsm on June 27, 2019, 11:57:28 AM

1) I run Pirated Windows in a Linux OS based PC through Virtual Machine software
2) I run Linux OS in a Pirated Windows through Virtual Machine software and keep my coins in Linux
3) I run both by installing both these OS in one PC simultaneously
4) I've an Antivirus which is itself cracked to use its Premium features

1, 2) Should be secure, it's difficult to "get out" from Virtualization & vice-versa
3) Should be secure, use drive encryption on Linux OS if you have serious security concern
4) No Idea

Stedsm

legendary

Activity: 3052

Merit: 1273

Quote from: bob123 on June 22, 2019, 12:26:51 PM

Quote from: Stedsm on June 22, 2019, 11:28:19 AM

--snip--

Almost all cracked versions of valuable Software (windows, photoshop, etc..) are infected with malware.
If you are using cracked software, you should definitely regard your computer as compromised.

Even if my PC has a reputed Anti-Virus/Anti-Malware/Anti-Spyware software to ^protect^ my PC, should I still consider it compromised if my OS is pirated?

Quote

Just because noone stole cryptos from you yet, it doesn't mean that they can't. Chances are high that they have access to your computer and/or it is used for spam mails / any other kind of botnet.

Once again, what about those preventive softwares?

Quote

Cracking a software so it is able to run without activation keys etc. is not an easy task. It takes quite some time and they want to be paid for that work.

If you REALLY insist on using cracked software, use linux as main OS and run all of this cracked stuff in a virtual machine if you really can't just use the open source alternatives.

Ok, I've got some extra questions here for more knowledge and I really don't want to make an extra thread for the same:

What IF?

1) I run Pirated Windows in a Linux OS based PC through Virtual Machine software
2) I run Linux OS in a Pirated Windows through Virtual Machine software and keep my coins in Linux
3) I run both by installing both these OS in one PC simultaneously
4) I've an Antivirus which is itself cracked to use its Premium features

Velkro

legendary

Activity: 2296

Merit: 1014

Quote from: TheBeardedBaby on June 21, 2019, 03:08:16 PM

And another vulnerability found, no one is safe.

I know many people use it that's why I post it here.
Keep your coins save.

Read below.

Its most popular video player in the world. Its huge vulnerability and noone is safe while using it now. Update asap or just dont use it for a while.
Be safe, i didnt hear reports someone lost BTC because of it, but you never know, better to be safe than sorry.

bernardos

member

Activity: 686

Merit: 45

I dont use it that often but when I do watch videos on my PC VLC is my main player. Thanks iasenko, I had 3.0.5 installed but now I have updated to the newest version.

Lafu

legendary

Activity: 3136

Merit: 3213

I never trusted VLC player in the past and i havnt installed it , glad i am havnt used it and i was expecting some kind of security problems !
The software Develop. for some Malware and other Trojans getting everyday smarter !
Just remember about the Fake Anns with the download links on the Wallet Link .

Harlot

hero member

Activity: 1806

Merit: 672

I don't get it so is the video file the one vulnerable or is VLC the one triggering it to do so? If it's the latter then you need to have two of the corrupted files for you to be hackable am I right on this one? Or is the article unclear on their explanation because based on their message suspicious video files if played with VLC will make the hacker have full acces with your computer.

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

I am not using VLC Media player anymore in my computer years ago rather than using the media player that your computer's operating system. As of now I only use windows Media Player or Windows Media Player Classic. VLC player have problems when i'm using it before that is why I am only using those two media players until now.

Kakmakr

legendary

Activity: 3542

Merit: 1965

Leading Crypto Sports Betting & Casino Platform

Quote from: hatshepsut93 on June 25, 2019, 11:34:40 PM

Quote from: gentlemand on June 23, 2019, 12:27:14 PM

The average computer must have 50-100 third party programs that could pounce on you at any moment.

I long ago stopped doing anything directly crypto related on anything other than a dedicated machine. I am guilty of continuing to do exchange related things but it's 2FA'd up the arse and I don't put significant sums through any exchange either.

This will never, ever, ever end and will only get sneakier and more creative. It does make me wonder about crypto's future viability when the machines we use seem to be throwing an ever increasing number of weaknesses.

Add to this the fact that many people like to pirate software and media (no judgement here), and you got a recipe for a disaster.

Right now there are so many options for getting electronic devices that can be used with Bitcoin - I personally have 2 old PC's for those purposes, but if I didn't, I'd probably buy a Raspberry Pi - at 40-50 they are cheaper than hardware wallets, offer the same level of security when used as cold storage, more flexible, and can be used for a wide variety of purposes. You can install Tails on a USB stick, and do your online trading from it, and it will have much higher level of security than using your main PC and hardware wallet.

Yea, but Tails can also be vulnerable if you using a Persistent volume & a outdated version of the wallet that comes pre-configured and installed with the OS.

I use Tails, but I rarely use the wallet that comes with it, because it is mostly outdated and I do not want to update it on a persistent volume, every time I "clean" boot it.

Consider using virtual pc's too, because you basically have a "clean" OS every time you end a session and fire up a new one. Wink

hatshepsut93

legendary

Activity: 3024

Merit: 2148

Quote from: gentlemand on June 23, 2019, 12:27:14 PM

The average computer must have 50-100 third party programs that could pounce on you at any moment.

I long ago stopped doing anything directly crypto related on anything other than a dedicated machine. I am guilty of continuing to do exchange related things but it's 2FA'd up the arse and I don't put significant sums through any exchange either.

This will never, ever, ever end and will only get sneakier and more creative. It does make me wonder about crypto's future viability when the machines we use seem to be throwing an ever increasing number of weaknesses.

Add to this the fact that many people like to pirate software and media (no judgement here), and you got a recipe for a disaster.

Right now there are so many options for getting electronic devices that can be used with Bitcoin - I personally have 2 old PC's for those purposes, but if I didn't, I'd probably buy a Raspberry Pi - at 40-50 they are cheaper than hardware wallets, offer the same level of security when used as cold storage, more flexible, and can be used for a wide variety of purposes. You can install Tails on a USB stick, and do your online trading from it, and it will have much higher level of security than using your main PC and hardware wallet.

jos.walker

newbie

Activity: 2

Merit: 0

Quote from: bitmover on June 22, 2019, 04:30:06 AM

Thanks for the warning

I have read in many places around that media player classic is a way better player in terms of quality. However, vlc is more compatible with different video files (and I love the 125% audio volume function, which is missing on mpc)

More discussions here

Quote

Conclusion

I'm going to call this a victory for MPC-HC. Major kudos to the MPC-HC developer team for finally making it stable (with a nod to LAV package by Nevcairiel) while maintaining its keep-it-simple-stupid philosophy.

I would recommend keeping VLC around and up to date for those times that you want to stream outside of a browser, or loop segments, or play material at different speeds.
https://www.techhive.com/article/2892383/which-is-the-better-free-video-player -mpc-hc-176-vs-vlc-22.html

First of all, thanks for the warning OP. From time to time I get lags and crashes using VLC, so stopped to use it for some time. Seems like it's time to update to the latest. Better safe than sorry.
Second, that's pretty sad that VLC is losing this fight, since MPC can play anything, but it uses more RAM than VLC. I attempted to watch an episode of Macross Frontier (1920x1080 23.976FPS) and while MPC taking up 25% CPU (quad-core) the video lagged every second or two. VLC however uses 7% on the same PC and plays lagless.

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: LbtalkL on June 25, 2019, 08:32:46 PM

This means even if I use older version of VLC if the video file I play is not suspicious I am safe from these hacks?

Yeah. Only if the file is malicious. But why risk it? Just update to the latest version.

LbtalkL

full member

Activity: 1176

Merit: 162

Quote from: harizen on June 21, 2019, 06:32:58 PM

According to the article,

"All the attacker needs to do is craft a malicious MKV or AVI video file and trick users into playing it using the vulnerable versions of VLC."

So generally, for that hacking thing to work, it will come from a video file as source. Not by using directly the outdated VLC to the prior downloads (in other words new downloads from random sites).

Am I right here?

I just wonder how can they trick the user here. Hopefully, those internet guys out there know how to deal on any download site they will encounter.

And I can't find the latest news about it. Can someone link it to me?

a) Stick with the popular and reputable download sites (especially torrent sites).
b) Use common sense
c) MORE IMPORTANTLY, UPDATE TO THE LATEST VERSION! (Version 3.0.7.1)

I will not stop using VLC. It's the fastest player, at least based on my user experience for 10 years I guess. I'm using a super outdated version of VLC lol (version 2) so I just need to update it.

To those newbies who are confused, better stop using VLC.

This means even if I use older version of VLC if the video file I play is not suspicious I am safe from these hacks?

gentlemand

legendary

Activity: 2590

Merit: 3015

Welt Am Draht

The average computer must have 50-100 third party programs that could pounce on you at any moment.

I long ago stopped doing anything directly crypto related on anything other than a dedicated machine. I am guilty of continuing to do exchange related things but it's 2FA'd up the arse and I don't put significant sums through any exchange either.

This will never, ever, ever end and will only get sneakier and more creative. It does make me wonder about crypto's future viability when the machines we use seem to be throwing an ever increasing number of weaknesses.

finaleshot2016

legendary

Activity: 1778

Merit: 1009

Degen in the Space

VLC software version 3.0.4 was already considered as a malware last year but fixed. VLC was very known as an open source software so hackers can easily put some malware on it.
Just a fact, VLC was also used by the Government of America, CIA specifically, to spy target people.

Hiluxury Bitcoin

jr. member

Activity: 199

Merit: 1

ooh thanks mate for sharing with us this good news and now i have deleted my VLC player. So it it good to delete it?.

LTU_btc

legendary

Activity: 3234

Merit: 1375

Slava Ukraini!

Quote from: TryNinja on June 21, 2019, 06:11:58 PM

Quote from: LTU_btc on June 21, 2019, 06:06:32 PM

I'm not sure that I will get answer, but I will ask. How about Ace Player (it's VLC based player)? On my PC it's made using 2.0.5 version of VLC. So, as I understand it's also unsafe. If yes, it's bad because I don't know alternative players to watch Ace Stream on PC.

It possibly has the same vulnerability. I would stop using it and wait until the maintainer (if there is one) talks about this/fix it.

I just googled a bit and found a guide to make it worth with Kodi (legit player/media service). Maybe you can try: https://techiestechguide.com/acestream-kodi/

Yeah, seems it would be best not to use it until new version of player will be released.
And thanks for link. I never used Kodi on PC, so I'm going to try it. In past I tried Acestream with Kodi on Android device, but it was laggy a bit, I hope it will perform better on Windows.

squatter

legendary

Activity: 1666

Merit: 1196

STOP SNITCHIN'

Quote from: ?? on ??

one of the reasons for the slow spread of cryptocurrency is increased security measures. To keep the coins you have to be paranoid and check everything

Here's a couple options that can stave off that paranoia:

1) Keep your private keys offline. Electrum makes it very easy to sign transactions offline, so you can transact using a watching-only wallet on your online computer without compromising your private keys.

2) Security through isolation. Don't browse the internet, download torrents, open email attachments, etc. on the same machine where you hold private keys or log into exchange accounts. Have a PC that only uses a very limited number of "safe" applications and bookmarked websites.

Cold storage is the best option, but at the very least, you shouldn't be using Bitcoin alongside other reckless and insecure daily activities.

Topic: WARNING! to all VLC player users! Stop using VLC and update it now!! (Read 741 times)