… and post their photos with EXIF data in them
ortac wrote:
Combined with this there is the strange paradox that people seem obsessed with online security and privacy and yet they don’t hesitate, for example, to post photos of their kids on social media, or continually “check in” and declare their location to the world.
And somehow it makes ginormous headlines how you iPhone must not be hackable at all, not even by government through due judicial process, no, no, no. It’s all a bit hypocritical.
Anyway, I still think that there is a good reason to stop supporting a WinXP dropbox app, if Microsoft themselves ended support for the platform so “long” ago. At some point we need to look forward, not backwards. 15 years of looking backwards is a VERY VERY long time in IT…..
Peter wrote:
How exactly would you penetrate NAT inbound without conning the user to open a channel for you?
If you have an old non-updated operating system, with old vulnerable libraries, there are quite a few vulnerabilities kicking around that requires no explicit act by the user. Things like merely previewing an email may be enough.
The “drive by browser exploit” for instance, can be embedded on a legitimate website which itself has been hacked. Or it can come in some advertising, or embedded in an email, merely viewing the malicious web page or email is enough – the user doesn’t have to confirm anything for this class of exploit and may never know. Windows XP has had some particularly egregious exploits over the years that were vulnerable to this style of attack. Once they are in your network all bets are off. Most NAT routers will have things like uPnP enabled by default, so the now exploited client machine can then open the network wide open to the attacker to add to their botnet. Even without uPnP, they can open an outbound connection. Very few home networks implement egress filtering – they just let everything out. And there’s your channel.
Now XP is no longer getting updates, and modern browsers are one by one dropping support for XP (Chrome drops XP support this month for example) – eventually the only browsers you’ll have for XP will be old vulnerable ones. Microsoft stopped updating XP two years ago.
Windows wasn’t targeted because people hate Bill Gates or Microsoft, Windows has been the prime target because:
All of those are “trick the user to open an inbound channel” exploits.
Peter wrote:
All of those are “trick the user to open an inbound channel” exploits.
No. Tricking a user to open an inbound channel is doing something like “Click on this link for XYZ!” or other social engineering to get a user to click on an exploit. “Drive by” browser exploits don’t require a user to be tricked.
What I’m describing are the ones where a site – possibly a legitimate trusted site the user visits every day – has been compromised, or its advertising partner has been compromised – and the user unwittingly picks up an exploit without having to actively click on a suspicious link or be tricked to click on something via social engineering, in other words just being in the wrong place at the wrong time going about their daily business – hence “drive by” – kind of comparing an innocent bystander getting shot in a drive by shooting. Modern browsers have defences against this kind of thing, but old browsers (“old” in this context means even something as recent as released a year ago) may not have quite as much defence against this kind of thing. No tricking going on.
That’s before we get into the vulnerabilities present on many consumer grade routers, but that’s out of scope when discussing the things that can get ancient, vulnerable, but still somewhat popular operating system choices.
OK; agreed, but how common is this assuming you are at least somewhat tech savvy computer user?
Throw in some factors:
When a certain UK chat site got infected (happened a few times) my AV warned about it, and I reported it to their mods, but they seemingly couldn’t care less. It was an infected advert feed once, SQL injection another time. That said, they had a dodgy PHP-BB installation so that was to be expected. I have not seen many infected websites in general. I don’t think it’s a big thing, but then I don’t “get around” as much as some people do…
If one could install win7 over the top of winXP I would probably do it.
Peter wrote:
Bill Gates is just not a popular character
@Lucius, you will be absolutely delighted to know that I am gradually moving to Skydrive Onedrive
I am running a client called Syncdriver.
The resulting functionality is pretty similar to Dropbox, for PC-PC and phone-PC transfers. And, somehow, I managed to get a free 115GB space, for two years. Came with the Samsung S7, I believe…
The Google equivalent is much more clunky.
Peter wrote:
you will be absolutely delighted to know that I am gradually moving to Onedrive
Not really. There is no money to make in storage (it’s commodity since trivial). Best would be to use dropbox for file storage, have them absorb the file hosting cost, and use Office 365, where the profit margins are high (because its not commodity since extremely complex). That would delight me :-)
I wonder if Microsoft will pull the plug on Onedrive on “unsupported” operating systems?
It seems not too likely because the API seems to be published, as evidenced by the existence of 3rd party clients. Does the client need to reveal the OS? And if it does, it could just fake it.