The bizarre secrets I found investigating corrupt Winamp skins
(jordaneldredge.com)
from Interstellar_1@lemmy.blahaj.zone to technology@lemmy.world on 27 Jul 2024 05:55
https://lemmy.blahaj.zone/post/14739475
from Interstellar_1@lemmy.blahaj.zone to technology@lemmy.world on 27 Jul 2024 05:55
https://lemmy.blahaj.zone/post/14739475
Very interesting article!
threaded - newest
Nice find. Really whips the Llamas ass.
nice findings!
Oh for fucks sake, now the article itself has a misplaced mobile Wikipedia link and there’s nowhere I can quickly see to put my copy paste about it.
copy paste for context:
Please, anyone who reads this, stop posting links to the mobile version of Wikipedia. It doesn’t switch automatically on PC, and I see it happen all the time. Just take the half a second to remove the “.m” from the beginning of the link, save everyone else from the pain of having to be surprised by it and taking the time to do it themselves.
addons.mozilla.org/…/redirect-mobile-wikipedia/
General infosec tip: keep your browser add-ons to the absolute minimum you can live with. Add-ons are attack vectors. The more you have - the more at risk you are. And only install the ones you have a reason to trust.
Nah, browsers are sandboxed to absolute shit it is such a pain in the ass to make an extension just to do a phishing attack or to buy the ownership of one to introduce malicious code.
At most an extension with really broad permissions like read/write contents of any page (a fact that is made obvious upon installation) can replace a link to take you to a phishing page to harvest creds, but thanks to SSL and HTTPS it won’t even work without fifty some odd warnings
You live by that and I’ll live by the advice I’ve seen from infosec professionals that recommend as few add-ons as possible due to security concerns. But yes, browsers are getting more secure over time and that’s good.
I’m an cybersec MSc and an infosec professional.
You obviously shouldn’t install closed source or otherwise shady extensions from dodgy authors you don’t know, but on the whole there is very little they can do that you should worry about.
Most “advice” comes from people who want to sell you something and the infosec industry is mostly a scam to drain B2B procurement budgets plus a few gay furry researchers at defcon who are incomprehensible savants and actual malware authors who do something, unless they just write crappy .NET junk.
Take for example an average “”“zero-day”“” in 2024: arstechnica.com/…/threat-actors-exploited-windows…
This isn’t even a vulnerability. It’s just phishing that requires a user to have file extensions turned off, then download a dodgy as hell .PDF file that isn’t one due to hidden extension, which then uses a milquetoast .hta trojan downloader that only works if one has IE enabled on Windows AND opens the .pdf in MS Edge to pull in reverse shell code via probably psexec of some sort.
There are so many steps one wonders why not just send a iamnotavirus.exe uac prompt and all to download, compile and run ransomware from vxunderground source code then and there.
Worrying about stuff like this in browser is akin to using a VPN on public WiFi to avoid MITM attacks, there’s nothing wrong with it but there’s basically nothing to actually worry about there.
Sorry if I’m nitpicky or confused here. You just said it’s obvious that you shouldn’t install closed sourced or otherwise shady extensions. Do you think a normie knows and cares if an extension is open source? And how do they know if an extension is “shady”? And what about legit extensions that get bought by shady people and turned into shady ones long after they’ve been installed and the user base trusts it?
I mean, couldn’t an addon just read the password you put into a login field, or send in a request, and send it off to their servers?
If an add-on is modifying contents of pages it shouldn’t or of the clipboard when it shouldn’t, you would have to give it explicit permission at install time, i.e. “This extension can: Read and Modify Data on all sites you visit: Read and Modify contents of the clipboard.”
Obviously a simple URL redirector for wikipedia requesting access to this data is absurd and would be an immediate red flag. The reason this very thing doesn’t happen more often, is because frankly you’d have to be so computer illiterate to get to that stage that it is much easier to just phish you with basic Facebook profile info for much greater gains.
This is also the reason most “hacks” nowadays are either supply-side or phishing, shit is just too secure, no fun. We should bring back ActiveX.
To you, yes it should be. But it does require knowledge about how websites and browsers work that most people don’t have. I’d be very surprised if 50% of people have any idea what those permissions actually do and what would be reasonable for different extensions to have.
But installing few extensions doesn’t protect against it if the few extensions you install have scope and permissions to do bad things. It’s all worded in plain English, at some point you gotta just not use computers anymore if you can’t read.
Even if it’s good advice for nan checking emails on IE6 on windows vista, it really shouldn’t be necessary for a Lemmy user.
Of course having fewer extensions installed doesn’t protect you from the ones that you have installed. But the fewer you have the smaller your attack surface is. And as a general tip, I think it’s a good one, even on Lemmy. Because I’m not going to assume people’s understanding of the web, browsers or permissions. And when it comes to the general population, a lack of understanding of an extension’s permissions has very little to do with ones ability to read.
People not having the Wikipedia app baffles me. Sharing from there gives you reasonable links.
Yes that works, and you can also use something like URLCheck and just drop that path
What is that, an extension?
Yes it is f-droid.org/packages/com.trianguloy.urlchecker/
Why use an app when there’s a web site? In case of Wikipedia I fail to see any functional benefit for an app.
Better reading experience overall. Compartmentalizing all my Wikipedia reading so as not to mix it with my other many open tabs. (Wikipedia app has tabs, too.) Sections are not collapsed by default. Easier to search on the page by default than in the browser.
I can probably go on it I made a more in-depth comparison after using the web version for a bit…
The app has offline capabilities and to save articles on a named list. I use it as a reference when forgetting something or to save the list type article as a starting point when researching a software to use. Or just generally a reading material when on the go (yes, I find reading wikipedia articles entertaining)
Ok, offline functionality does make sense
There’s a Wikipedia app? I find that baffling.
Try it. It’s great.
How much time do you spend on Wikipedia?
My man, I think I have over a hundred tabs and saved wikipedia articles alone that I always refer to when needed. The app works great for me
I would assume, and hope, it works really well for such usage. I only tend to end up on Wikipedia a couple of times a week, and 95% of that is on my desktop to have a quick look at something I won’t be getting back to ever again.
Then the app is not for you. 😊
Time? Pff, no clue. But I look things up all the time and don’t have time to finish articles the first time round, ever (two kids under six).
So it’s great to have and get back to articles.
This is the Internet I miss!
What? You don’t like browsing the web, where everyone is shoving politics down your throat, and making violent hostile threats, and everybodys offended over baby names, and the web is like 3 websites big???
You don’t LOVE that?
Please accept the cookie policy before any of that stuff…
Sign it, sign it now!!!?
Name verified
Try finding a nice desktop background picture of something specific. It’s all just links to subscription based stock image sites.
If anyone knows places to search for freely shared images that would be amazing. Just wanted a whale shark photo in 2K…
Wikimedia Commons!
Good shout, thank you
Google image search has a rights filter.
This is how I learned that InterFaceLift was kill.
Just today was looking for a seamless tile of grass for desktop background (decided to just use solid color, because eyes get tired looking at separate grass blades, though), spent like 15 minutes. On that.
Unsplash is great if you want photography
Looks good, thanks!
There is also wallhaven.cc if you need more options
It’s unfortunate, but AI image generators will make exactly what you want, royalty free.
Onboarding the general population was such a historic mistake
It is still there, just not picked up by Google or Bing.
This is pretty cool, although it makes me feel old.
I can’t imagine anyone younger than 30 would even get what this article is about.
Actually, I’d love to hear from anybody younger than 30. Does this article make sense to you at all?
I am not at all representative of my age group (I am on lemmy ffs), but yes, I do know what winamp is/was.
Same
*crickets*
Yeah? Dude got some corrupt skins for the Winamp program back in the day that didn’t work and poked into the files to see what was in there.
Makes me wanna check out WACUP, but last time I tried a skin with it that I at least remember working back in the day, it didn’t work.
Idk maybe it’s because I’m not American so we didn’t have the latest tech at all times, but I’m in my mid-20s and my first OS was Windows 2000 (no I don’t mean ME). I remember my dad teaching me how to rip CDs with Alcohol 120% when I was 5 or so lol.
I’m under 30, I have no idea what winamp is but I figured it’s some music software from the skins’ pics. I imagine it was popular for it to have a museum thing about user created skins
(I haven’t googled anything yet)
It was the only thing at some point in time which explains the popularity.
It was the thing in its time.
27, I dimly remember what Winamp was (never used it though) and extrapolated what Skins would be. I assume they’re essentially an archive of image files used to give a music player a custom look? Except they’re not technically restricted to image files and can apparently contain other files too, which I assume will make them invalid as skins, i.e. corrupted.
How far off am I?
Mind, I’m far from representative for my age group, given my IT expertise.
I’m 21, but people talk about winamp online all the time so I’m pretty familiar
Bro people know what hieroglyphs and wax Edison cylinders are. People know things, winamp is not some obscure hidden knowledge
Wasn’t implying it was hidden knowledge.
I was thinking about the zeitgeist of different generations in context of computing.
Oh wow, I never heard of the skin archive. This is fantastic.
I still use Winamp 2.95, with a Pure Pwnage skin I downloaded back in the mid 2000s. Added it to the archive.
You must be a l33t h4x0r!
Boom! Headshot!
This takes me back to a simpler time.
A time of playing Total Anihilation and hanging on MSN messenger.
Does anyone remember musicmatch jukebox with the jumping sheep visualisation?
Oh god musicmatch was soooo good, it was my daily driver while everyone else was using winamp…something about whipping unsuspecting animals in the ass.
Screenshot
So much nostalgia right now. I wish we could go back to those days!
Musicmatch! I thought I was the only one!
This threw me for a sec because I was like “no way was someone playing Total Annihilation and not listening to that incredible OST”.
Me and a friend used to love the menu background sound. Like a deep mechanical humming sound.
We used to call it “indust”. My friend looped it for an hour and recorded it to minidisc.
Maybe this is why I like dark ambient drone sounds so much even today…
Hell yeah!
The Jukebox was better because of cataloging from online sources and library features. Don’t remember the visuals
Such a lovely post, a nice distraction from all the doom scrolling articles! I wish we had more of this.
…
I should write a happy news moderator bot for my instance.
That was truly strange, awesome
I think audacious can load winamp skins (and xmms skins).
Will try at some point.
Qmmp can use them too.
What a great read. Thanks for sharing.
I wonder if a “KOOL” tube is a tube for smoking a cigarette out of (I remember that being a brand).
That’s really cool
This is a truly fantastic story. It reminds me of why the Internet is cool, if you dig deep enough, there’s always treasure to be found.
If you want to see the Flintstones R34 image you have to the crack the file yourself.
This is like finding digital time capsules. Very interesting.
Post the Flintstones image, you coward!
fileinfo.com/extension/avs
I miss foobar2k
Did it go somewhere?
Nope, it’s still great on Windows. Perhaps they went to Linux since it’s still Windows-only.
They probably miss it cause they don’t use it anymore. Streaming music is too convenient. Only reason why I still have a collection or FLACs and MP3s is cause I’m a DJ. Most people just stream. Even audiophiles have several lossless streaming options these days.
exactly at one point I had a several terabyte raid 5 array that I had been collecting since napster through the LAN iTunes sharing thing through torrents but I don’t even know where those drives are, let alone a mobo/desktop that I can plug it into. at least they’re sata not pata/ide. I see videos freaking out about how weird ipod shuffles were and I’m like I loved my shuffle and click wheel and video one
but honestly as much as I lament my “losses” this new era with connected devices everywhere and an endless explosion of high quality new content is amazing. even if I chose to only listen to new music 24/7 I could never even scratch the surface of all the new stuff coming out these days in every language in every genre accessible for free to everyone with a phone. it seems silly to think about the days when Metallica sued napster over 20$ cds (although the south park episode was great) now artists are begging for people to hover 2 seconds over free tik tok clips of their songs
Really enjoyed the ride, very interesting. Thanks for sharing!
what a great article
An AMA with the kid whose dad got him a custom winamp skin would be neat.