• redtea
    link
    fedilink
    arrow-up
    5
    ·
    2 years ago

    That is reassuring. I was making a joke, suggesting that I thought ‘read me’ meant ‘re ad me’.

    But now that you’ve mentioned it, I wouldn’t mind asking: so are .txt files about as ‘safe’ as files can get? I knew pdfs can send tracking info and data from other opened pdfs back to the creator. (And that even sandboxed readers can be evaded.) And I knew word files could include scripts that are executed when opened. But I did not know that txt files couldn’t do anything.

    Are there other files that can’t really do anything? And do you know what the most dangerous file type is? (Other than an e.g. an exe or dmg file.)

    I’ve heard that epubs are generally safe because they’re essentially just txt files in a package. But I’m not confident as epubs can clearly include internal and external links and possible JavaScripts.

    • Franfran2424
      link
      fedilink
      arrow-up
      3
      ·
      2 years ago

      most dangerous file type? by ratio of damage some weird types that are created on purpose to store malicious code to be executed by a custom driver or program.

      by total? likely malitious .exe programs if executed by the user on accident, or javascript .js files if autorun ones, associated to some file/page to be executed without user knowing (data insertion, email hidden javascript, or a miriad of other attacks using this files that are supposed to run on background on web pages - those damned cookies are mostly javascript).

      ranking the bad is hard.

      • redtea
        link
        fedilink
        arrow-up
        2
        ·
        2 years ago

        I think I’d be happy with a device that only displayed text and only let me type text. For everything else worth doing, a VHS and a good old cathode ray would be fine. Modern tech seems far too vulnerable.

        • Franfran2424
          link
          fedilink
          arrow-up
          2
          ·
          2 years ago

          To be honest, I do like the visual perks of javascript, but having it literally everywhere is just inefficient. HTML+CSS had the advantage of running on a fucking potato with less risks, but you could do just blogs, difficult user interaction (done by email back in the day iirc).

    • Franfran2424
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      2 years ago

      I mean, they are basically just text (the standard used for encoding and the raw data). You can copy it and execute its code or links, but its about as simple as it gets, and simple enough that there’s no easy exploit for .txt files that doesnt require the user actively doing something wrong.

      I dont know enough about epubs to be honest, but I would guess basic images and videos with no link or script insertion possible on execution are relatively safe, so basically the simplest common file types, since they should just read data, pass it through the decoding needed, and display it.

      Videos may be trickier since they include more information on how to be run, compression tricks used and a lot more stuff, as well as the data, but simple images should not have anything, just basic information on the co-dec standard used, info on the width and length, and the raw data.

      It may be possible to build a SQL insertion program for any file depending on the system and how that file is opened in it (a malicious driver for some file type could run some hidden code in images of that type, its been investigated as a possible cyberattack), but I would hope such obvious stuff would be figured out for simple programs and sensible OS distributions (if unexpected input: break and return “unreadable file”).

      • redtea
        link
        fedilink
        arrow-up
        2
        ·
        2 years ago

        Thanks for replying. This is useful to know.

        • Franfran2424
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          2 years ago

          Its honestly a bit complicated since I am not a cybersecurity expert, so please ask professionals and dont rely on this alone if big money relies on this kind of security.

          TLDR: I dont like videos, and SQL insertion and malitious drivers are the main issue for a smart user in terms of malitious image/text files, but also mostly outside their control

          • redtea
            link
            fedilink
            arrow-up
            2
            ·
            2 years ago

            It’s always useful having the details explained. We can’t know too much. So thank you.