are you perhaps a teen? that's a magnet link, its used to transfer things via bittorrent. we used to put them in the spokes of our bicycles when we'd ride down to the five-and-dime
When I was riding bikes to the store we had dialup and floppies were giving way to CDs.
It’s been over a decade since I’ve used BitTorrent and I didn’t know magnet links were still popular. I hate seeding and there was also a lot of malware hidden in public trackers.
Once I switched to Usenet I never looked back. P2P file sharing has never been a good experience for me.
Media decoders are often rather complicated and often involve parsing data directly into large and constantly changing memory buffers. A huge chunk of Android vulnerabilities have been from vulnerabilities in media libraries, even JPEG parsing has been known to lead to vulnerabilities in Linux.
A sophisticated attacker could make use of bugs in the player to hack the system. This sort of trick is often used against high value targets where the effort needed makes it worth it.
Why does the video player have the capability to do anything other than read video files the user specifies through the system file chooser dialog and play them on the screen?
Because playing them on the screen involves demuxing audio and video, decoding audio and video, usually using two different but complex codecs, some which have extensive capabilities and features (think multilingual subtitles, interactive menus, etc etc). Oh surely your video player should allow you to pause and play with a remote control, right? More code surface. We probably need an ability to check for updates. And so on and so on.
But even without anything more than open, decode, play - anywhere a vulnerability exists could allow an attacker to execute arbitrary code.
Most of the time it’s a rar file that contains screenshots, album art, thumbnails, etc. not just a video file. I’ve been burnt a decade plus ago when I automated some extractions into a media folder on an old windows laptop. By the time I noticed, it was deep in the registry and near impossible to remove. It was something akin to MacKeeper malware on Macs, I don’t recall the old windows malware names.
With my Usenet automation I’ve never had the issue in about 9ish years but it could happen. I pay a usenet provider and indexer a low fee to rid myself of torrents and seeding.
This is a really good talk I saw in person on this exact subject. Focuses on using rust and the nom library for safe parsing. He opens with a description of how VLC is one of the worst offenders for vulnerabilities historically because it supports so many different file formats / parsers written in c.
There would need to be an unpatched vulnerability in your player that the file exploited. Only virus I ever got was from an mp3 file that exploited the vulnerable version of winamp that I was using because I hated the newer version.
I've not torrented in at least a decade, and I don't remember seeing magnet links inline in text like that.
Certainly don't miss those hours of waiting for an ISO to download only to find it's all corrupt, or a record label plant, or a handheld recording of a cinema screen...
I think you mean 2 decades. I haven't waited an hour for anything to download since I used to grab bootleg concerts that were very poorly seeded in the early/mid aughts.
I thought you were right at first, but with commercial VPNs constantly be advertised as a way to get around content restrictions, I wouldn't be surprised if more people understood a VPN than a torrent these days. Assuming they're willing to pay that is.
"Understood" is different from "can afford" and "has the ability to purchase," and definitely different from "will subscribe to an otherwise useless British VPN in order to watch two hours of television."
Most such VPN providers have servers on multiple location. UK is very popular location so just connect to it if you already paid for VPN. I think some people already paid for VPN as I can see YouTuber's ads.
