"Did you ever install software on Windows 95?" IIRC that is an InstallShield installer (or something mimicking one). That visual style of installer was also seen back in Windows 3.11. I believe it is based off of the Windows 3.11 first run setup wizard. For the local file listings in the browser, it's worth noting even after the same origin problem was fixed, websites would still try to trick users into thinking you were vulnerable by showing you a frame with your local file listing and then trying to convince you to buy their anti-virus software to fix it. This was especially bad in IE where the local file listing was a REAL Windows File Explorer frame, as IE and the file explorer were deeply integrated then, before MS realized it was a bad idea (and they got sued over anticompetitive practices regarding IE by the EU).
the nice part about IE and Windows File Explorer integration was you can style a folder view using literal html, css, and javascript. that and a bunch of troubles of having wild script executing in your File Explorer.
I think some leftovers of that file explorer integration are still visible today... Btw some of the software my dad uses still has those installshield graphics. Meh.
An old colleague of mine was very annoyed when they finally did away with the Active Desktop feature (which was kind of the last vestige of that whole webifying Windows effort). He'd set up a page with helpful shortcuts to his most-used tools and directories, and I think he even had a little textbox that did something-or-other (maybe search a directory or run a command; I forget what was possible). I think all those kinds of conveniences did eventually make their way into Windows natively, but by then he'd made the switch to Linux. Anyway, all I ever did with Active Desktop was make silly wallpapers that would react when you moved the mouse over certain elements. As for how old I am: not only do I remember InstallShield installers; I know why you can close a window by double-clicking the program icon in the top-left (which iirc even worked on Explorer windows in Vista and 7, when there was no visible icon).
0:44 Joking about being able to hit ESC at the Windows password prompt is a common theme - but few people know that the Windows password actually *does* protect you in some way. There is the CryptProtectData / CryptUnprotectData function pair in the Win32 API that is used to encrypt data with a user-specific key. This key is derived from the login password. If you hit ESC at the login prompt, you can't decrypt data that was encrypted in a session that had the correct password entered. This data encryption facility is used to store SMB passwords (IIRC Windows 95 insistes on sending the logon name as user name to every SMB computer you connect to, so no SMB usernames need to be stored) and website credentials saved by Internet Explorer. Hitting ESC at the password prompt makes saving SMB passwords and storing website logins unavailable.
The old installer brings back memories. I once was allowed to install a game in kindergarten as a 4 year old kid. Installing the game took about an hour (I clicked "previous" and "next" over and over again because I've seen my brother do it, plus I couldnt read yet). Eventually I got it installed. It's funny that the video got out today. I just picked up an old Pentium 4 HP computer with Win XP Professional.
Ah man, I laughed too much at your comment. I learned to install stuff almost the same way. Eventually I leant that "cancel" is something bad without having any idea what it means. Didn't help that English isn't even close to my own language and started in school many years after. Been fooling around and with (literally) computers since the age of 3 and started it with Win3.1. Father never let me on his DOS computer. But learnt to install stuff on Win95 in secret from my parents at 7 or 8y old. So many good memories from those times, but I'm glad I don't have to touch those anymore.
Beyond its interesting history and bringing back the good retro feelings, you're doing a very important thing: review the old developed, but probably still used security policies with today's hacker's eyes, because the whole concept could be outdated. Different root cause, but the log4j is a good example of how long could a vulnerability sleeps.
Fantastic video! That's a throw back indeed! Haha, I remember those three vertical bars when installing software, hahaha! Looking forward to your future videos for this series.
There is so much questions that I wanted to ask, that it made an overflow in my memory... But I still comment for referencement. Continue like this it's amazing !
In the 90s, the WWW was easy to understand, not the Internet, which most people don’t even understand today. Browser didn’t exist at first and I was using IRC, Usenet, mailing lists… way before any browser could be run even on big university computers.
In the early days you could just disable Javascript, because it wasn't used a lot. You could use the internet fine. Then Dynamic webpages came along with a lot of Javascript (and ActiveX for IE users) and Macromedia Flash. In these times, disabling Javascripts killed some functionality like form checking or displaying data. I am glad developers have created like noscript plugins to "filter" javasript. This should be a standard setting, browsers never gave users a granular access control with javascript. Just a ON/OFF button to use it and a console to debug. Thanks for the history lesson
This was a pretty good video! I'm 23, but started actually tinkering with computers/electronics & programming when I was young (~8 ish) But when I was a bit older, around 12, is when I finally got started messing around with website development. AND OOhHH BOYYY!!! Not a lot of people today remembers/knows how BAD the internet truly was even 10 years ago. So I remember spending hours stressing to get something to work in Internet Explorer 6 to 8. But Microsoft still had a large monopoly with their GARBAGE IE. It was a pain in the ass to work, because it quite literally acts like Safari. It was either behind on the standards, or it didn't implement it properly, or it just ignored it and Microsoft did their own things. But IE was an absolute security nightmare. You remember (or have seen some videos) on weird internet website history? Pretty much all those real actual virus websites, or stupid websites you see in on email chain spam mail, a lot of those pretty much effected only Internet Explorer, because of how garbage it was. You could quite literally go on some website, and they could very easily exploit some vuln and BAM you have malware. Around the same time, Smosh, was still pretty damn popular on youtube (rip good ol' days) and they posted stuff on their website. ANd my god the 12 year old me loved their website design. But one day the Google Ads on the page reloaded, and the ad on the top went white. And then I quite literally got a virus. From a fucking ad! I was obviously pissed, but I knew **JUST ENOUGH** to open task manager, found the malware software running, and I killed it, then I manually deleted the files. ANd jussttttt to be safe, I installed Avast on my shitty WIndows Vista PC lmao. But Internet Explorer was truly a very odd & strange thing. Not only did it support javascript, but it even supported VBScript/VBA (basically running Visual Basic in your browser.) Not only that, but IE had a disgustingly plugin system, and you could have Flash, Shockwave, SIlverlight, Java, ActiveX; etc, that were all basically completely different technologies, different programming languages, and things you can build different apps OR games. IE also had a bunch of even weirder shit, like it had this proprietary gross conditional comment thing, where you can surround some HTML and target a specific version of IE. Because the standards were garbage, so a website had to have a lot of CSS to format for different browsers, and different versions! The one realllyyy cool thing, but I never understood, was Internet Explorer 5, had something called HTML Components (.htc) and it was a little plaintext file of some code, that would implement behaviour of DHTML (basically the predecessor to DOM) and I recall painstakingly Googled how to get PNG images to be transparent in old IE versions; which of course those HTC files partially fixed. Side note that this video reminded me, my uncle gave me a shitty old PC, I think it only had 8 megabytes of ram. This was 2012, but it was an old hacked together PC of various old parts from the mid 90's; and I installed Windows 95) I remember installing IE 4 & then 5 on it, and trying to use the internet on it. I don't think it lasted very long, but I remember trying to see if I could use it as a server. I have no idea if anyone actually read this but, modern day website development is soo refined butter now. Everything is essentially more secure, and probably in some form of sandbox. All the scary extension/plugin stuff were ripped out. But the soul of the internet, where anyone could express themselves is long gone. Now every website looks the exact same, and now everything just feels like a gross APP... :(
I actually enjoyed reading it. I built my first website when I was 9, I copied my older brother's code and tinkered with it, until I understood basic html. I kind of miss how simple things were back then, responsive design for multiple screen sizes killed me when I got back into dev in my 20's. Anyway, it was cool reading your post, took me back to old days! Lol
I vaguely remember times when internet explorer was the thing everybody used, but at home my dad installed firefox very early. School computers though... IE everywhere even years later
This is damnnn interesting. And for aspirants like me passionate about vuln or exploit research these series are absolutely valuable content. Please please keep doing more on such details on exploits, describing patches and how they stop the exploits and ... But discussions like these on endpoints along with these web exploits could make it even helpful for lot more people.
That's REALLY interesting, especially for folks like me that weren't there at the time! I remember, as a tech-inclined kid, reading old newsletters by a prominent Italian IT journalist which advised to just don't use JS, Java and ActiveX. For modern standard, unthinkable 😃
This is just GOLD! Thanks for so much dedication and enthusiasm along with the teaching. I am much fan of history and computers. My nephew is studying web development and came to me asking for some directions. I inevitably ask him to study some history about computers so he can understand how things are done today! I really had fun with this video.
As a professional web developer, I'm ashamed to say that I simply copy and pasted the strictest origin-policy I could find. I still don't fully understand it and I hope this series will cast some light on the dark and dusty corners of the web. I do feel that the same origin policy headers are not very well explained, so I'm looking forward to getting your thoughts on them and how best to use them today. Lucky for me, I don't need and I don't want to share information across origin, so I'm absolutely fine with the restricted set that I have.
Realtek audio drivers still use the same installer with the blue background (or at least they used to in 2019 when I was installing their drivers, idk about more recent versions)
What an excellent video! Thank you very much for this historical approach. And your english is very clear for me, and subtitles are useful too. English is not my native language. I hope you can understand me =)
seeing that installer wasn't a throwback, but seeing bang-path style email addresses sure was. It reminded me that last time i saw Navigator gold, i had to install trumpet winsock first...
0:37 window 95 had no login screen for user login. as you can see in the title of that window it was for accessing to network. I think windows added user login window for the first time in windows NT
I am old enough to remember this lightgreen workspace. Windows 95 was on my first personal computer when i was a child. It was Pentium 120 MHz. It`s so pleasant nostalgy )
Hell yes, I remember this very vividly - installing "Soldier of Fortune" on my families computer (obviously I was not allowed to) whily hearing my mom unlock the front door, praying the load bars would go away before she got to the room the computer was in (they did and I did enjoy the game quite a bit).
Thank you, this is weekend, I used to learn a net stuff and your video regarding security concern is the best! not like other youtuber that concert to subscribtion and join specific channel, but you just recommend to support internet archive instead again thanks!
5:21, those are two different *host* names, not different domains. Cross site cookie protections and frame/ limits would have still seen these as the same site all the way up until the mid 2000s. (And even today, some security checks for things like microphone access will see them as the same site.) It's been 25 years, but vaguely remember the earliest versions of netscape would actually prevent cookies from being read via javascript across different sites. (But there were easy ways to get around that, and IE wasn't even *trying*.)
My Journey on the internet started way back with windows 98 , netscape, and a 56k dial up modem, and then came Napster :) . Took 2 minutes to load an image, 30 minutes to download a song LOL.
Your scientists were so concerned with whether they could, they didn't stop to think about whether they should! Perhaps if JS had a few more months of beta testing, they'd have discovered some of these issues sooner, and could have addressed them at the core instead of having to work around them later... Imagine how the web would be today if they'd thought to implement a permission model.
It is important to remember that, not only was the community a lot smaller 27-28 years ago - there really weren't *that* many people on the internet, even less of them were capable developers but the general mindset was also different to today. The late 80s and early 90s were a time where building systems based on trust was still very much a thing. Whilst some basic security was a thing, it wasn't anything like today. Even if they had given JS some more time, it really wouldn't have changed much. Think of it this way: How long did it take Microsoft to integrate a proper anti-virus scanner into Windows? The first release of MS Security Essentials was in 2009. Way past the point where I'd say many people started going online, wouldn't you agree? Coincidentally, Windows 7 was also the release where MS finally seemed to have addressed many of the security issues that Vista only improperly addressed. The point is, sometimes things simply happen over time, not because somebody didn't think hard or long enough, but because it takes people time to figure shit out. I'm sure the designers of IPv4 are biting themselves in the arse every time they think about the address limit they were responsible for. Sure, they came up with a solution later on but you see how that turned out by looking at the adoption rate of IPv6
@@Skyfox94 Well I personally bypassed it and all the others too no big deal. Also you should check out some of the research into windows defender and you will see how deeply flawed it is yourself. Sure if you are not a pro you won’t bypass it but still its not even close to being hard. It is not just a problem of defender, Microsoft handles security extremely poorly in general. Ill go even further, to me Defender is just another attack vector
Great video! Sounds like browsing the internet back then was the wild wild west! But yeah I'm glad the same origin policy exists. No steal my cookies hackers!
I hope you can touch on why it was ever allowed to write cookies of a different domain (when they clearly saw issues with cross-origin operations early on) - was it just for the ad industry?
Back in the days i posted an image to a computer magazines (!) forum, which was pulled from another server. thing was that this server required http authentication prior to delivering the image, so when people got to the forum and klicked the thread, they were presented with an http authentication dialog from the image server. i didnt do anything evil like having my own image server with an altered http server to transmit user:pass unencrypted back to me (dunno if thats even possible or if the browsers have/had some sort of security), but it worked as intended - the computer magazines forum admins locked the image posting capability.
I was born in 99, but my parents had been using windows 98 for quite a while before we got XP so yes, I have installed software on a windows 98 PC before :)
When I play with fetch API to hack a website. I got to know that the Same-Origin Policy is a crucial web security mechanism. Really interested to know the history of Same origin policy
Yes, I remember Windows 95. I started with Windows 3.0 and the beautiful MS-DOS. My programming journey started with TSR (terminate and stay resident), do you remember that?
Could you do a video about possible vulnerabilities in the Minecraft 1.19.1 chat signing/reporting system? I would love to know more about it from a security perspective
There was a time when Microsoft did not have driver for devices with TCP/IP stack cause according to there service hotline they "can't support every little protocol" :D
My first own „Big Game“ was Gothic. I was confused for month how to install a game with two Disks with only one disk drive… The next lesson that i learned was that gpus are not just plug and play. Learned everything the hard way (without internet) but was only 9 years old, so im fine. Today its so much easier to get knowledge, but finding out things by your own is a unique feeling because, how will you use something the right way if you don’t understand how it works?
![BLACK BAG - Official Trailer [HD] - Only in Theaters March 14](http://i.ytimg.com/vi/Du0Xp8WX_7I/mqdefault.jpg)
This video should be called "The origin of the same origin policy"
but this way he will get more clicks :)
@@vaisakh_km it's a joke, obviously it's not a good title, just a bad pun
@@oriyadid
I liked his Minecraft videos .
The essence of genius. Most of us will never achieve galaxy brain.
Go on, Go on.. Leave me breathless
This is going to turn into a really fun series, please keep doing more :D
This is soo interesting yet I'd never spend my own time researching it so thank you for spending yours!
"Did you ever install software on Windows 95?"
IIRC that is an InstallShield installer (or something mimicking one). That visual style of installer was also seen back in Windows 3.11. I believe it is based off of the Windows 3.11 first run setup wizard.
For the local file listings in the browser, it's worth noting even after the same origin problem was fixed, websites would still try to trick users into thinking you were vulnerable by showing you a frame with your local file listing and then trying to convince you to buy their anti-virus software to fix it. This was especially bad in IE where the local file listing was a REAL Windows File Explorer frame, as IE and the file explorer were deeply integrated then, before MS realized it was a bad idea (and they got sued over anticompetitive practices regarding IE by the EU).
What an interesting comment, but scrollbar go brrr xD
the nice part about IE and Windows File Explorer integration was you can style a folder view using literal html, css, and javascript.
that and a bunch of troubles of having wild script executing in your File Explorer.
I think some leftovers of that file explorer integration are still visible today...
Btw some of the software my dad uses still has those installshield graphics. Meh.
An old colleague of mine was very annoyed when they finally did away with the Active Desktop feature (which was kind of the last vestige of that whole webifying Windows effort). He'd set up a page with helpful shortcuts to his most-used tools and directories, and I think he even had a little textbox that did something-or-other (maybe search a directory or run a command; I forget what was possible). I think all those kinds of conveniences did eventually make their way into Windows natively, but by then he'd made the switch to Linux.
Anyway, all I ever did with Active Desktop was make silly wallpapers that would react when you moved the mouse over certain elements.
As for how old I am: not only do I remember InstallShield installers; I know why you can close a window by double-clicking the program icon in the top-left (which iirc even worked on Explorer windows in Vista and 7, when there was no visible icon).
"I can still install software on windows 95" (hides old software defensively behind back) Don't judge me
Thanks!
0:44 Joking about being able to hit ESC at the Windows password prompt is a common theme - but few people know that the Windows password actually *does* protect you in some way. There is the CryptProtectData / CryptUnprotectData function pair in the Win32 API that is used to encrypt data with a user-specific key. This key is derived from the login password. If you hit ESC at the login prompt, you can't decrypt data that was encrypted in a session that had the correct password entered.
This data encryption facility is used to store SMB passwords (IIRC Windows 95 insistes on sending the logon name as user name to every SMB computer you connect to, so no SMB usernames need to be stored) and website credentials saved by Internet Explorer. Hitting ESC at the password prompt makes saving SMB passwords and storing website logins unavailable.
The old installer brings back memories. I once was allowed to install a game in kindergarten as a 4 year old kid. Installing the game took about an hour (I clicked "previous" and "next" over and over again because I've seen my brother do it, plus I couldnt read yet). Eventually I got it installed.
It's funny that the video got out today. I just picked up an old Pentium 4 HP computer with Win XP Professional.
Ah man, I laughed too much at your comment. I learned to install stuff almost the same way. Eventually I leant that "cancel" is something bad without having any idea what it means. Didn't help that English isn't even close to my own language and started in school many years after.
Been fooling around and with (literally) computers since the age of 3 and started it with Win3.1. Father never let me on his DOS computer. But learnt to install stuff on Win95 in secret from my parents at 7 or 8y old. So many good memories from those times, but I'm glad I don't have to touch those anymore.
Very interesting video, thank you for your efforts. I am looking forward to further videos of this series!
Beyond its interesting history and bringing back the good retro feelings, you're doing a very important thing: review the old developed, but probably still used security policies with today's hacker's eyes, because the whole concept could be outdated. Different root cause, but the log4j is a good example of how long could a vulnerability sleeps.
Fantastic video! That's a throw back indeed! Haha, I remember those three vertical bars when installing software, hahaha!
Looking forward to your future videos for this series.
I wish I could have your voice read/explain everything to me, I don't know why but I just feel more engaged when listening/watching your videos
There is so much questions that I wanted to ask, that it made an overflow in my memory...
But I still comment for referencement.
Continue like this it's amazing !
In the 90s, the WWW was easy to understand, not the Internet, which most people don’t even understand today. Browser didn’t exist at first and I was using IRC, Usenet, mailing lists… way before any browser could be run even on big university computers.
This is my favorite video from LiveOverflow. The retrospective view makes it interesting. Keep it up!
I am so curious to see the evolution of this. Thank you for sharing mate.
what a throwback in history. before these language of browser attacks -- before the internet even became a thing. what a treasure of a video
Love this idea for a history series, can't wait to see some SoftICE action!
Thanks for this "classic" kind of video.
In the early days you could just disable Javascript, because it wasn't used a lot. You could use the internet fine. Then Dynamic webpages came along with a lot of Javascript (and ActiveX for IE users) and Macromedia Flash. In these times, disabling Javascripts killed some functionality like form checking or displaying data. I am glad developers have created like noscript plugins to "filter" javasript. This should be a standard setting, browsers never gave users a granular access control with javascript. Just a ON/OFF button to use it and a console to debug. Thanks for the history lesson
Javascript can still be very easily obfuscated
@@necroowl3953 what does it contribute to the comment above?
2:03 As a german "Live Überlauf" killed me it's so dull that it is funny 😂
It's Uberlauf. And what's funny about that?
Amazing video. I really really loved it. Thank you for putting the work into making it 💙
Great way to explain the details from the start using Win 95.
This was epic. Looking forward to next episode
Please continue to do these history types of videos. As an old man that started on CP/M, I love this stuff :)
This was super cool, thank you. Very excited for the next video!
First time viewing the 95 installation :)
This was a pretty good video! I'm 23, but started actually tinkering with computers/electronics & programming when I was young (~8 ish) But when I was a bit older, around 12, is when I finally got started messing around with website development. AND OOhHH BOYYY!!! Not a lot of people today remembers/knows how BAD the internet truly was even 10 years ago. So I remember spending hours stressing to get something to work in Internet Explorer 6 to 8. But Microsoft still had a large monopoly with their GARBAGE IE. It was a pain in the ass to work, because it quite literally acts like Safari. It was either behind on the standards, or it didn't implement it properly, or it just ignored it and Microsoft did their own things.
But IE was an absolute security nightmare. You remember (or have seen some videos) on weird internet website history? Pretty much all those real actual virus websites, or stupid websites you see in on email chain spam mail, a lot of those pretty much effected only Internet Explorer, because of how garbage it was. You could quite literally go on some website, and they could very easily exploit some vuln and BAM you have malware. Around the same time, Smosh, was still pretty damn popular on youtube (rip good ol' days) and they posted stuff on their website. ANd my god the 12 year old me loved their website design. But one day the Google Ads on the page reloaded, and the ad on the top went white. And then I quite literally got a virus. From a fucking ad! I was obviously pissed, but I knew **JUST ENOUGH** to open task manager, found the malware software running, and I killed it, then I manually deleted the files. ANd jussttttt to be safe, I installed Avast on my shitty WIndows Vista PC lmao.
But Internet Explorer was truly a very odd & strange thing. Not only did it support javascript, but it even supported VBScript/VBA (basically running Visual Basic in your browser.) Not only that, but IE had a disgustingly plugin system, and you could have Flash, Shockwave, SIlverlight, Java, ActiveX; etc, that were all basically completely different technologies, different programming languages, and things you can build different apps OR games.
IE also had a bunch of even weirder shit, like it had this proprietary gross conditional comment thing, where you can surround some HTML and target a specific version of IE. Because the standards were garbage, so a website had to have a lot of CSS to format for different browsers, and different versions! The one realllyyy cool thing, but I never understood, was Internet Explorer 5, had something called HTML Components (.htc) and it was a little plaintext file of some code, that would implement behaviour of DHTML (basically the predecessor to DOM) and I recall painstakingly Googled how to get PNG images to be transparent in old IE versions; which of course those HTC files partially fixed.
Side note that this video reminded me, my uncle gave me a shitty old PC, I think it only had 8 megabytes of ram. This was 2012, but it was an old hacked together PC of various old parts from the mid 90's; and I installed Windows 95) I remember installing IE 4 & then 5 on it, and trying to use the internet on it. I don't think it lasted very long, but I remember trying to see if I could use it as a server.
I have no idea if anyone actually read this but, modern day website development is soo refined butter now. Everything is essentially more secure, and probably in some form of sandbox. All the scary extension/plugin stuff were ripped out. But the soul of the internet, where anyone could express themselves is long gone. Now every website looks the exact same, and now everything just feels like a gross APP... :(
Also sorry for the ted talk lmao. ADHD brain go bbrrrrrttttttttttt
Bro I feel you.
It is crazy to think what we were able to do with a few MBs
I actually enjoyed reading it. I built my first website when I was 9, I copied my older brother's code and tinkered with it, until I understood basic html. I kind of miss how simple things were back then, responsive design for multiple screen sizes killed me when I got back into dev in my 20's. Anyway, it was cool reading your post, took me back to old days! Lol
thank you for your enlightenment. i hope to find a few buddies in the future that would love having conversations about this kind of stuff
I vaguely remember times when internet explorer was the thing everybody used, but at home my dad installed firefox very early. School computers though... IE everywhere even years later
7:04 It's a throwback for me, and I miss the 3 indicators on the left in modern installations.
wow, thank you so much, I spent so much time trying to understand client-side stuff, but after watching this video I finally understood!!
For me it is incredible how one can find the exact copy of a legacy program and installed in the appropriate machine. Ah, the beauty of the digital.
This is damnnn interesting. And for aspirants like me passionate about vuln or exploit research these series are absolutely valuable content. Please please keep doing more on such details on exploits, describing patches and how they stop the exploits and ... But discussions like these on endpoints along with these web exploits could make it even helpful for lot more people.
That's REALLY interesting, especially for folks like me that weren't there at the time!
I remember, as a tech-inclined kid, reading old newsletters by a prominent Italian IT journalist which advised to just don't use JS, Java and ActiveX. For modern standard, unthinkable 😃
Il buon Paolo per caso? 😉
@@Valery0p5 eh sì!
This is just GOLD! Thanks for so much dedication and enthusiasm along with the teaching. I am much fan of history and computers. My nephew is studying web development and came to me asking for some directions. I inevitably ask him to study some history about computers so he can understand how things are done today! I really had fun with this video.
As a professional web developer, I'm ashamed to say that I simply copy and pasted the strictest origin-policy I could find. I still don't fully understand it and I hope this series will cast some light on the dark and dusty corners of the web. I do feel that the same origin policy headers are not very well explained, so I'm looking forward to getting your thoughts on them and how best to use them today. Lucky for me, I don't need and I don't want to share information across origin, so I'm absolutely fine with the restricted set that I have.
Love these videos. Please keep up with the great content like this!
Definitely a throwback :)
Realtek audio drivers still use the same installer with the blue background (or at least they used to in 2019 when I was installing their drivers, idk about more recent versions)
This is an excellent video, super informative! As a creator myself, I can’t fathom how much hard work was put into this.
Loving the series! Keep up the good work!
Really interesting! Waiting for the next episode
fab absolutely fab!! watching this fun video while preparing for JS interview reminds why JS is interesting.
What an excellent video!
Thank you very much for this historical approach. And your english is very clear for me, and subtitles are useful too.
English is not my native language. I hope you can understand me =)
Thanks man!! This really helps to understand the tech itself 😁
Ooo nice. Hacker history, what a great concept 👍
Yep installed Netscape in those days, on win95 and Linux. A 'bit' slower than shown here on a 4Mb 486.
This was helpful. Thanks!
Great video as always!
seeing that installer wasn't a throwback, but seeing bang-path style email addresses sure was. It reminded me that last time i saw Navigator gold, i had to install trumpet winsock first...
Thank you!!! for creating this video!!!
I love your videos! :D Every video is always exciting and motivates me to try things out :)
Amazing video! Thank you that is a great way to learn
Eagerly waiting for the "Infosec heist" web series.
Your videos contain so much insightful information.
its now safe to turn of your computer...loved it.
0:37 window 95 had no login screen for user login. as you can see in the title of that window it was for accessing to network. I think windows added user login window for the first time in windows NT
I am old enough to remember this lightgreen workspace. Windows 95 was on my first personal computer when i was a child. It was Pentium 120 MHz. It`s so pleasant nostalgy )
Alternative title:
The origin of the same origin policy
enjoy this history , gave me great flash backs thanks \o/
Netscape crash? Wonder how hard it would be to debug and exploit that by only using tools from back in the day :P
IKR :p
OMG your video is so amazing, thank you so much
This is great content! seriously
Excellent research.
Hell yes, I remember this very vividly - installing "Soldier of Fortune" on my families computer (obviously I was not allowed to) whily hearing my mom unlock the front door, praying the load bars would go away before she got to the room the computer was in (they did and I did enjoy the game quite a bit).
Thank you, this is weekend, I used to learn a net stuff and your video regarding security concern is the best!
not like other youtuber that concert to subscribtion and join specific channel, but you just recommend to support internet archive instead
again thanks!
Amazing. Thank you!
OH boy! A new LiveOverflow?? Oh sicckkk finally something that I can actually understand!
It's wild that I'm trying to break a same origin policy right now that's controlled by regex and this video pops up in my feed.
This is for sure my first time 😆
At school was 4 computers, I was hooked for sure ;]
When DOOM game was installed.. new rules appeared.. sometimes we could see only locked doors.
great history lesson
5:21, those are two different *host* names, not different domains.
Cross site cookie protections and frame/ limits would have still seen these as the same site all the way up until the mid 2000s. (And even today, some security checks for things like microphone access will see them as the same site.)
It's been 25 years, but vaguely remember the earliest versions of netscape would actually prevent cookies from being read via javascript across different sites. (But there were easy ways to get around that, and IE wasn't even *trying*.)
Wonderful video!
4:43 🥶 gives me chills everytime
men, what a great video!
Super cool 😎
Fun history lesson 😁😁
Amazing job.
My Journey on the internet started way back with windows 98 , netscape, and a 56k dial up modem, and then came Napster :) . Took 2 minutes to load an image, 30 minutes to download a song LOL.
XSS is like my bread and butter so its really wonderful to see its origins
Your scientists were so concerned with whether they could, they didn't stop to think about whether they should!
Perhaps if JS had a few more months of beta testing, they'd have discovered some of these issues sooner, and could have addressed them at the core instead of having to work around them later... Imagine how the web would be today if they'd thought to implement a permission model.
It is important to remember that, not only was the community a lot smaller 27-28 years ago - there really weren't *that* many people on the internet, even less of them were capable developers but the general mindset was also different to today. The late 80s and early 90s were a time where building systems based on trust was still very much a thing.
Whilst some basic security was a thing, it wasn't anything like today. Even if they had given JS some more time, it really wouldn't have changed much.
Think of it this way: How long did it take Microsoft to integrate a proper anti-virus scanner into Windows? The first release of MS Security Essentials was in 2009. Way past the point where I'd say many people started going online, wouldn't you agree? Coincidentally, Windows 7 was also the release where MS finally seemed to have addressed many of the security issues that Vista only improperly addressed.
The point is, sometimes things simply happen over time, not because somebody didn't think hard or long enough, but because it takes people time to figure shit out. I'm sure the designers of IPv4 are biting themselves in the arse every time they think about the address limit they were responsible for. Sure, they came up with a solution later on but you see how that turned out by looking at the adoption rate of IPv6
It's easy to us to say this now that we use the browser as a sandbox to access arbitrary software. Took a while even to the OS to implement those
@@Skyfox94 How long did it take for microsoft to integrate a proper virus scanner? We are still waiting.
@@AnonYmous-spyonmepls Defender is quite adequate actually
@@Skyfox94 Well I personally bypassed it and all the others too no big deal. Also you should check out some of the research into windows defender and you will see how deeply flawed it is yourself. Sure if you are not a pro you won’t bypass it but still its not even close to being hard. It is not just a problem of defender, Microsoft handles security extremely poorly in general.
Ill go even further, to me Defender is just another attack vector
At 5:21, those are hosts, not domains. The domain is the same (i.e. liveoverflow). The hostame part of the FQDN isn't.
Poverty meant my parents still had a lot of 16 bit computers well in the 2000, so yes I remember those interfaces...
And no internet at home till 2012/3?
So yeah I ate that Windows 7 offline guide for breakfast each day when I was a toddler
thanks for sharing
I was always told that the only thing that Java and Javascript had in common was the name, nothing else. Interesting.
Oh man the nostalgia...
Great video! Sounds like browsing the internet back then was the wild wild west! But yeah I'm glad the same origin policy exists. No steal my cookies hackers!
Live Uberlauf. Sehr interessanter Name :D
Wow..... Old days ....... Windows 😍
Thanks a lot
I hope you can touch on why it was ever allowed to write cookies of a different domain (when they clearly saw issues with cross-origin operations early on) - was it just for the ad industry?
Back in the days i posted an image to a computer magazines (!) forum, which was pulled from another server.
thing was that this server required http authentication prior to delivering the image, so when people got to the forum and klicked the thread, they were presented with an http authentication dialog from the image server.
i didnt do anything evil like having my own image server with an altered http server to transmit user:pass unencrypted back to me (dunno if thats even possible or if the browsers have/had some sort of security), but it worked as intended - the computer magazines forum admins locked the image posting capability.
I was born in 99, but my parents had been using windows 98 for quite a while before we got XP so yes, I have installed software on a windows 98 PC before :)
When I play with fetch API to hack a website. I got to know that the Same-Origin Policy is a crucial web security mechanism. Really interested to know the history of Same origin policy
Yes, I remember Windows 95. I started with Windows 3.0 and the beautiful MS-DOS. My programming journey started with TSR (terminate and stay resident), do you remember that?
Could you do a video about possible vulnerabilities in the Minecraft 1.19.1 chat signing/reporting system? I would love to know more about it from a security perspective
awesome!
I'm old, actually used w95 and ME, that install screen is very familiar. I remember it from installing some scooby doo game
This is a throwback, but not as much as my ZX Spectrum emulators that emulate tape loading :-P
There was a time when Microsoft did not have driver for devices with TCP/IP stack cause according to there service hotline they "can't support every little protocol" :D
My first own „Big Game“ was Gothic. I was confused for month how to install a game with two Disks with only one disk drive…
The next lesson that i learned was that gpus are not just plug and play. Learned everything the hard way (without internet) but was only 9 years old, so im fine.
Today its so much easier to get knowledge, but finding out things by your own is a unique feeling because, how will you use something the right way if you don’t understand how it works?
7:00 nah man that software is like a decade older than myself
My first windows was XP. It was around for a very long time