Instalează Steam
conectare
|
limbă
简体中文 (chineză simplificată)
繁體中文 (chineză tradițională)
日本語 (japoneză)
한국어 (coreeană)
ไทย (thailandeză)
български (bulgară)
Čeština (cehă)
Dansk (daneză)
Deutsch (germană)
English (engleză)
Español - España (spaniolă - Spania)
Español - Latinoamérica (spaniolă - America Latină)
Ελληνικά (greacă)
Français (franceză)
Italiano (italiană)
Bahasa Indonesia (indoneziană)
Magyar (maghiară)
Nederlands (neerlandeză)
Norsk (norvegiană)
Polski (poloneză)
Português (portugheză - Portugalia)
Português - Brasil (portugheză - Brazilia)
Русский (rusă)
Suomi (finlandeză)
Svenska (suedeză)
Türkçe (turcă)
Tiếng Việt (vietnameză)
Українська (ucraineană)
Raportează o problemă de traducere
Reguli și ghiduri pentru discuții
Raportează această postare
cool, good news for w10 users.
Thx for this news and the link @Nite69
Right now, it is my oldest computer in general, but far from my weakest. I just keep my only copy of win 7 on it to help me run older software.
yep i do as well, but on my main cause its got plenty of storage.
but ya, older desktops and laptops have plenty of uses, i could likely name off a giant list of random things one could use them for and save money in the process, people just need to think outside the box and rid themselves of the throwaway mentality.
Last year AMD's fTPM suffered an exploit called "faulTPM".
https://www.tomshardware.com/news/amd-tpm-hacked-faultpm
Intel's motherboards have also had exploits, with the "Management Engine", a feature that incorporates BIOS level "Remote Desktop" / "Steam Link" type remote functionality.
https://www.pcworld.com/article/406707/how-to-check-for-the-intel-active-management-exploit-that-lets-hackers-take-over-your-pc.html
You have to secure your computer, regardless of whether it is receiving updates.
If you know what exploits are out there, you can take measures to mitigate or eliminate the risk. Block ads and cross site scripting. Limit the usage to known trusted sites, and don't get adventurous.
Firewalls and safe browsing do more for security than Windows updates do. Practice good cyber hygiene.
Security is usually a PEBPAK, or ID:10-T issue.
Being overly obsessive about security doesn't solve every problem, and can negatively impact productivity and cause data loss. Imagine if I stored my data on a BitLocker encrypted drive, tied to a Microsoft Account (MSA), and then I lost the password to that account. Say I typed it into the wrong website and somebody stole my account. Now, instead of losing a simple account, I have lost my data to self inflicted "Ransomware", if a ransom is even offered.
2-Factor is a risk of breach these days also, given it is not always "2-Factor". My IMEI might get spoofed, and an SMS text intercepted which may allow malicious parties to access my account without my primary password or email password. Do I keep up with two authentication mechanisms? Or am I just providing malicious actors with an easier vector of attack? My phone might get disconnected, and I might lose access to the 2-Factor verification system. Or I might throw a USB Keyfob into the washing machine and have it cease functioning.
Need to be conscientious regarding cyber security regardless.
What is going to impact users of older operating systems is software compatibility.
The issue remains at large for dropped OS due the fact they either can't be patched, or no one want to put effort into doing such that just be more hassle to doing such, while holes remains, new ones appear like I said Swiss cheese became more swiss due to added new holes as time moves on that just how it goes sadly. Supported OS can get holes, but can be plug which is the point, or else it pointless to use support os if they don't patch at all which neither is better that why updates & support exist.
TPM can be exploited, but the difference is that either using hardware, or software, while Intel/AMD use software, there hardware choice. What important to note is how that exploit can be done, either required to be physically there to do it hands on the board, or remotely means anywhere in the world doesn't need to be touching it physically which is two completely different things.
If you use software encryption, it is user choice to enable, or not, such as bitlocker, and if you use such you should be having backups of the encryption keys incase of any issues may possibly arises, choosing not to have backup key is often user downfall, which they would've been better to just not use encryption at all, or willing to accept the risks for laziness. Just like those that choose to make so many accounts online, but keeps forgetting their login info which is my point could've just got a password manager to make things simple, even writing it down can help if don't want to use software to manage your stuff.
For getting device affected with virus does often requires user approval, unless user gave full permission to everything if they changed permission level for windows, or disable/autofill for Linux. The other issue is exploits which requires to be specifically done, either known exploit on OS that wasn't patched against, to bypass such permissions, but again see the point with dropped OS this won't get patch period, compare to supported that likely get the patch against which is the major difference. Again for remote exploit has to be done specifically under certain conditions.
2FA made huge game change in the whole industry as well for consumers, this can be done via email, sms, or app either sent you the code, or generated on user end, this massive hurts those trying to do brute force methods as code always changes on each use, and passage of time, other features can be added along side with 2FA which is up to company, or user such as designated device, location, time frame, imprint scanner, and so on. But due to nature how consumers can be unpredictable, most companies settle on basic of things due to some users are on the go, using multiple devices, and such.
Now blaming 2FA to be the fault is silly, because it can't be the fault as all it does is helps verify, and if end user of that key hands it to the scammer, this is the user fault. It's like trying to blame your car dealership for allowing a random guy steal your car, but you went out of your way to put your keys in the guy hand for whatever gods know why, and let him drive off that why it's silly.
For getting your IMEI this requires them to had access to your device either affecting your device with virus, or handing them your device, or someone at the company that higher up getting approved to accessing anyone account without needing verification, or approval by others that steal that information to make personal use, but they wouldn't really do much with this information alone, they need more about the user with it as well. Then there the SMS interception, which requires you to know when it gonna happen, and having access to being able do such because you wouldn't know what someone gonna use their sms for, as well wouldn't know what the sms for as companies use multiple numbers in different regions, not just that but the fact is with service providers some actually have protections against this, where if detect multiple same numbers appearing at same time, this can trigger the system to flagging that number, and not easily to taking someone number either as some providers use verification process that need to be done in order to even process as such, so if using a provider that has no protection at all against some of these attacks it make sense, but again the attacker would need to know what they're looking for, and they wouldn't be able to get past sms text as required access at the provider side so there's that. Another thing there no reason why anyone has to provide these things to the public, or give it to anyone specifically, as a lot of services online either rely on email, or app for 2FA, so SMS is a smaller access point, plus it's a one time code, that time based, so yeah...
There nothing obsessive about wanting updates, or security the point of updates, and security exist for a reason, not just for display to look at, there is a difference compare those being overly obsessive that wears tin foil hats that take things to the extreme, or overly react to things that either misinformed, or scared of just something that had happen with fear of it happening again, example fear of phones exploding in someone pocket, while that was only specific producr bad design, and only few people it happen which is understandable to have such fear, but also silly due to mass other products, and everyone else wasn't affected at all.
Either way you look at it at the end, what someone may consider a problem may not apply to someone else if find updates, and security as an inconvenience. Even for OS either accept the possibility of higher risks with unsupported OS, or mitigated the issue using supported OS. Companies are often likely to drop OS once they lose full support which also another thing have to accept loss of service, and move on, or use supported requirements to keep with the service. Even provider do this for phones as well.
I'm not gonna lie, Windows 11 ain't my favourite. But, it does what I need it to do so im safe for now.
Probably unsafe to hang onto the same SIM card is what I am assuming.
Does that matter? Wouldn't the SMS be sent to my IMEI number, at the attackers location? The cellular network is global, isn't it? People do travel out of country.
Yeah. I would expect some mechanisms in place by now, but that is more than I've gotten wind of.
Meanwhile, Apex Legends is in the news because tournament participants got hacked.
Never meant to imply there was anything obsessive about wanting updates.
Windows For Workgroups 3.11 is not likely considered to have "Swiss Cheese" holes in it. Windows 95 is probably more secure than Windows Vista.
I could see video games like Call of Duty becoming more vulnerable over time.
Single player games can likely be enjoyed without compromising security. The mere usage of an older Operating System does not require it being placed "at risk".
That the thing like I said as you travel to other countires, they may use another number to send to you, example let say your bank does sms to you, well they may be under number 02124, while in another country it may come under as 12405 as can see not the same number, so the attacker wouldn't even know which is which, nor know what that code is for unless they knew whom under those numbers, and knows vitcim full information beforehand meaning having email, pin, or etc, and waiting on sms to happen again they have to know, or it be pointless, and 2FA is timed based, as well usage is once, so again they have a smaller chance, so this has to be planned, or study to learn what it for, and learn about the victim to pull it off in the 1st place.
Yeah it be silly for providers not to add these mechanisms as it's not even hard to do these things to try prevent such things from happening.
For Apex there still ongoing issues, no one 100% sure if it East Anti Cheat that at fault which, or if it EA fault, there replies saying it wasn't EAC fault from EAC themselves, but I give it another week to be sure no other news appears, which if it is EAC fault this meant Epic gonna be panic mode to figure this out to fix the issue, but my guts tells me it EA fault as I see no other signs for other games using EAC having such issues, as we would've heard something, and there has been reported Apex has been hacked muiltiple times, example someone was gifted 1000 loot boxes, so this does heavily points to being EA fault.
This is where context matters, if goal to be offline then most of those issues are gone by default, but if plan to play multiplayer online, or wanting access to online to do things the risk is there, yes games with multiplayer can be a risk overtime, but depends rather if it simple enough, or not, as well if it worth their time doing it, or not due to number of players, not to say it won't happen it can happen.
And considering my Amazon and eBay accounts seem to let me log in on a mobile SMS verification code only, I'm not filled with confidence across our ecosystem.
Agreed.