I get that there won’t be any security updates. So any problem found can be exploited. But how high is the chance for problems for an average user if you say, only browse some safe websites? If you have a pc you don’t really care much about, without any personal information? It feels like the danger is more theoretical than what will actually happen.

Or… are there any examples of people (not corpos) getting wrecked in the past by an eol OS?

  • englislanguage@lemmy.sdf.org
    2·
    5 months ago

    It seems like part of your thinking is: Why would a criminal invest effort to attack an average John Doe? The answer is: With a popular (widely used) operating system, the effort goes close to zero. Attacks can be automated, so they will be. Also, even if they are not interested in your data, they will be interested in other benefits they gain from controlling your computer:

    • Computing power e.g. for Bitcoin mining
    • Your internet connection to attack other computers via yours, taking your computer to hide their identity and location. This is commonly done as DDOS for blackmailing businesses or silencing websites. Or for sending spam or fake reviews.
    • Your identity. If they can get your name, they can order stuff on your name, which will get you a bad credit score or even criminal charges (identity theft)
    • Access to your local network. Many devices are easier to hack via local network access than from the internet. A criminal who took control of your computer could for example take over your “smart” appliances or WiFi printer.
  • jet@hackertalks.comEnglish
    2·
    5 months ago

    https://www.youtube.com/watch?v=6uSVVCmOH5w

    XP … Exploited in 2 minutes

    When you stop getting updates, that’s okay if you’re isolated, and not talking to any networks. But if you’re on the network at all, you’re falling behind the ecosystem. You stopped evolving, you’re static target, everybody knows your door code etc etc etc

    This is why you can see ancient machines running industrial machinery totally isolated, but you’d never see one attached to a network

    • Hucklebee@lemmy.worldOP
      0·
      5 months ago

      I guess that’s where I have a limited understanding of how Internet and maybe even exploits works: how would people even find my machine? There is little to no incentive, unlike with a corporation. They must know where my door is to even use the keys.

      Can you just sort of do a brute force scan of all machines currently on the internet? Seems unlikely. In my mind, you can only access a machine if you have some idea about it’s whereabouts, either physically or digitally. But then again, I have no knowledge about these kinds of things.

      • Manifish_Destiny@lemmy.world
        1·
        5 months ago

        Check out shodan.io Search your own IP. There are plenty of state actor tools that do the same thing. vulnerable systems are targeted because they’re vulnerable, not because there’s a payout. Most of the time you’d just automate the attacks with something like msfconsole and a ruby script.

    • slazer2au@lemmy.worldEnglish
      01·
      5 months ago

      This is kinda a bad argument as a regular user will not connect to the internet like this. You have a router or a carrier will have a CGN in front of your PC.