@Neron616
At least we can all sleep easy knowing that Mutahar is using his Indian computer magic for good.
@ThatBoyAqua
Really appreciate these videos. I get easily paranoid about cybersecurity and my own ignorance makes this worse so having a video that dispels misinformation and lays out security risks clearly is such a godsend. Thanks Muta ❤️
@andrasfogarasi5014
3:58 I'm pretty sure Windows nowadays has severely nerfed autorun so that it no longer executes arbitrary code upon inserting storage media. However, sticking an unknown USB stick into your computer is still a bad idea. This is because even though the vast majority of USB sticks are flash drives, some aren't. Some will instead be recognised by the computer as a "keyboard". This is because the only thing a computer can see when a USB device is plugged in is the electrical signals it sends. If a USB device signals that it's a keyboard, it will be recognised as a keyboard. It matters not whether that signal comes from an actual keyboard or a USB stick. The computer can't see that. And as these USB sticks are "keyboards", the computer will start taking input from them. And with the power of Windows+R, this allows the USB stick to execute arbitrary code on the computer. Such a USB stick is commonly called a rubber ducky.
@TheDarkestPhoenix
So, as a general rule of thumb, if you get an email from "Paypal" or "Amazon" or any other service asking you to log in using a link... don't. Go to their website directly using whatever way you normally get there, and (usually) there will be a prompt on the official website if there is an actual issue. If there is not one as far as you can tell, you were likely getting phished.
@tuckseedo
In short, NO images will not hack you. The original was a embed link that was able to hack someones computer. clicking on a image will not get you, a link can
@emilemil1
If it's just a phishing link that grabs your info, what about the claim that 2FA won't help? That's literally what 2FA is designed to protect you from.
@nayu23
"I couldn't find the fuck here" this made me laugh more than it should be
@zerobyte6955
As a student of cybersecurity I absolutely love when you do these kinds of videos.
@DOOMStudios
When Muta Speaks Hindi You know it’s gonna be great.
@Teddyrific
The real question is, can the computer hack the image?
@NewtypeEri
“Can this discord image Hack your computer??” image in thumbnail is Muta I mean, I can just image my PC just being filled with endless Muta files 💀
@user-lt2rw5nr9s
The padlock for SSL is not the recommended training anymore. Let's Encrypt makes it easy to spin up SSL certificates. The padlock is meant to show encrypted connection, not that the domain is who they claim to be.
@FairyTaleFam
This may be stupid to admit, but I have a bad phobia of downloading files and clicking links. No matter how reputable it is, or how many security checks I do, I have horrible anxiety that can turn into panic attacks at the mere idea of downloading anything. Videos like these that walk through how hacks work are so helpful to me. If I know exactly how it works, and how I can avoid it, it really makes the internet less scary. Thanks man, videos like this are helping me overcome some childhood internet trauma :')
@Dbrano3
Just wanted to add on more details about the usb thing. As there might be some confusion how someone could have a “auto start” script on that but not on an image. This is because malicious hackers will replace the usb internals with their own custom microcontroller. And the way that microcontrollers work are but constantly running a script when they have power so its the internal hardware of a microcontroller that is just continually running the program as soon as it has power. A nice comparison is a mouse. When you plug it in (eg give it power) it just works. You don’t have to click on a start up mouse exe. It just works cuz as soon as the microcontroller in the mouse receives power it executes the program (i.e, sending you movements and keypresses. In contrast since images would contain only the malicious software. It still needs to be executed. You cant have a script arbitrarily activate without initializing the script. If that happens then the hacker would have their script continually hacking themselves because as soon the script was created it would automatically start and infect themselves. Hope this clarifies things for that one person who was confused lol
@neyoid
Also if you use different passwords for all your websites, if you get phished the damage is contained to that one account, and also if they wanna change the password/email they will need to get access to YOUR email, but if the two have different passwords you're much more safe
@spacecadet5860
Thanks for making videos like this, I completely understand why a lot of normies who aren't super tech literate end up falling for hype based misinformation when it comes to stuff like this. It makes sense, considering that no one wants their personal information stolen by hackers and the like, but I truly believe that social media (as well as news media) have a tendency to make mountains out of mole hills when it comes to stuff like this. Honestly cooler heads should prevail when it comes to stuff like viruses and malware, otherwise it does nothing to help your average computer user to stay safe when online, and often serves the exact opposite effect by making people paranoid for no good reason.
@PliskinYT
Thank you Muta! my friend and I legit saw this on Twitter and I straight up said, "Let's wait for Muta to make a video on this to see if this is legit or not." Because I know like 80% of these things are either Misinformation or just false, not to say I don't take necessary precautions in case obviously. You're one of the few people who cover these kinds of topics and helps most people understand it.
@Maeshalanadae
Hey, a bit misleading in delivery, but at least they had good intentions warning people of that link. And good on you, Muta, for educating people about such things.
@Chris12115
Great video Muta, but there is also the possibility of people using free SSL certificates like Lets Encrypt or Cloudflare SSL.
@SomeOrdinaryGamers