Is it possible to get a virus by opening a website or an email,

Yes it is entirely possible to get a virus just by looking at an email.
However, any email client made in the last decade will block that kind of thing, resorting to the need to have the user circumnavigate the defenses and just run attachments like a fucking tard

>>59266278
Care to explain? How by looking at an email, it can execute code?

>>59266306
try reading the whole thing retard

>>59266339
The fuck you talking about?

>>59266350
>However, any email client made in the last decade will block that kind of thing
kill yourself retard, cant even read two lines of text

>>59266239
It is possible to get viruses and malware just by viewing an email. Think about it, you can get exploited just by viewing a webpage in a browser. Your email doesn't get sent or viewed in some other format. It's HTML. Unless of course you view emails in plain text.

>>59266350
You're a fucking idiot, Lad.

>>59266361
Oh my god, you really are retarded. I was asking how an email with no protection what so ever, could execute code...

>>59266372
How does that work?

>>59266391
>Is it possible to get a virus by opening a website or an email, or do you always have to open their links and attachments?
where are you asking about an email with no protection whatsoever? go back to >>>/leddit/ nigger

On Windows: yes

On GNU/Linux: no

>>59266407
Oh my god.
I'm going to ask again in a simple way.
>Imagine there's a email client that implements a simple SMTP protocol with no security
>A guy sends me an email with a virus
>I open it.
>It executes code
I'm asking how.

>>59266306
It's HTML, dude. It executes code to show you pictures and formatting.
Not to mention that email clients often have javascript interpreters...

>>59266445
That was my question. I didn't know it could interpret JS.

>>59266445
So, how can HTML infect your machine? I can kind of understand how Javascript could do it, but isn't the browser blocking javascript from gaining access to your whole machine by running it in a sandbox?

So how can you get infected by just opening a webpage?

>>59266239
Yes, if there happens to be the combination of haxxored website and browser security hole on your system.
In fact, #1 should be enough, technically.

>>59266479
Avoid shoddy webmail clients.

Since your browser DEFINITELY has a JS interpreter.

>>59266484
HTML5 does a lot more than regular old HTML.
>sandboxing
kek
There are ways around sandboxing, and they mostly revolve around showing the user information that looks safe, while actually containing a sandbox-avoiding payload.
Sandboxing helps though.

Javascript is a fucking nightmare though. It can do so many things, all of them nasty. A single flaw in the sandbox and it just gets everything anyway.

>>59266434
>what are vulnerabilities

>>59266484
HTML can send arbitrary requests to an attacker's server- through the <img> tag most often. On an <img> tag, your client will send a HTTP request to the URL, and if the URL is say virus.net, it could load up virus.net/trustmeimadolphin.js instead.
JS sucks.

>>59266548
Alright, thanks. I get it now.

By a properly configured uMatrix, one should be safe from such exploits?

>>59266503
how hard would it be to escape sandbox in any major browser and execute malicious javascript code?

>>59266576
Yeah. Use noscript as well due to it's anti-XSS stuff.
Noscript should be a default install on browsers, and browsers should have a little tutorial on it for grandma.

>>59266578
Pretty hard actually. Chrome's browser sandbox gets updated all the time- escaping from one basically relies on extremely subtle and hard to find exploits. And these are usually closely guarded by security companies- the legendary zero day.

>>59266524
Dude if you just don't know the answer, say "I don't know", but stop pretending you have some knowledge by using generic terms.

yes, back when I did scamming on steam, i had a java exploit which would execute from browser, a cunt didn't sell me a sandbox exploit he apparently had, that could have been the biggest steam robbery in history

>>59266683
how exactly did it work? was it only working if you used a steam browser?

>>59266710
user downloads file, executes it, we get *.ssfn files, keylogs needed to login into steam, we log in, DDOS the guy, sell all items, transfer the money. we had a team of 150+ people doing the dirty job for us (getting people to download the .exe), all we had to do is sell items and cash in the %. lmao the workers were so stupid, we only paid like €30 for the whole setup and got paid 40%. this was all before 2FA btw

>>59266710
>>59266735
oh and if you're on about the java exploit, it would download and execute the .exe.

>>59266744
>>59266735
That sounds pretty nice my dude.