Support ended in January 2023...

who cares? it impacts nothing. windows updates are counter productive for a decade. "but security and zero days!!"

ok surely that firewall and home lab and ability to not download and run garbage is enough for someone on the supposed "hacker news" to handle. but no, we got heaps of people using "out of support" as some sort of argument whatsoever to upgrade to absolutely dogshit versions of windows. make it make sense

▲

esseph 6 hours ago | parent [-]

People get their identities stolen every day, and it is a super, super, super shitty process to go through depending on how deep it goes. It can change your life forever.

Having oldass OS and application versions make that a thousand times easier when you have so, so, so many CVEs you can exploit. And LLMs have been show to make this very trivial now.

All you need to do is click on the wrong pop-up, or the wrong link in your email, or tap something on your phone screen, or have a poorly configured (often from the factory) router, and the initial intrusion takes place. After that, an outbound encrypted session quickly gets setup, and congrats, now your network is acting as a residential proxy that can be sold to criminals that want to download CSAM from your IP, AI companies that will use your connection for scraping, and other elements that will either mine the data on your systems (your PII, logins, etc) and scrape your screens.

But if you don't care about your life becoming a living hell, then I can't make you.

This happens all the time, every day.

If you have a car, you maintain it. If you have a bike, you maintain it. Power tools? You maintain them. Your electronic devices also need to be maintained. They have access to your most sensitive data, and potentially private conversations.

▲

mixmastamyk 5 hours ago | parent | next [-]

If you're behind a NAT and have an evergreen browser, say FF with UBO, avoid email attachments, etc... it's not very risky.

▲

esseph 4 hours ago | parent [-]

Did you know a website can scan your lan through a browser now?

https://developer.chrome.com/blog/local-network-access

Did you know that a lot of current home router NAT implementations are currently broken, in particular for UDP traffic handling, and you can therefore spoof your way into the network?

https://www.armis.com/research/nat-slipstreaming-v2-0/

A lot of router vulnerabilities floating around out there.

Ever hear of UPnP/UPnP2? Did you know that applications can trigger your router to open inbound ports for you?

There have also been some 0 click exploits lately, those are fun. You don't have to do anything at all!

https://github.com/Defense-Intelligence-Agency/Zero-Click-Ex...

Yeah, you're still at risk, and moreso because you're not aware of how open you are.

▲

mixmastamyk 4 hours ago | parent | next [-]

You're talking to a Slashdot refugee. Haven't ever had UPnP available. I don't use Chrome and do use OpenWRT with AdGuard, you insensitive clod. ;-)

	▲	esseph 21 minutes ago \| parent [-]
		I had a 5 or 6 digit ID which was pretty good for a kid not from the Bay Area, but I never got into slashdot flame wars. I still reflexively check it many times a day.

▲

agoodusername63 4 hours ago | parent | prev [-]

Do you think that the average HN commenter has the same phishing risk as your grandpa?

They're fine.

▲

esseph 2 hours ago | parent [-]

Everybody says that until it happens to them. Every time.

▲

bigstrat2003 2 hours ago | parent [-]

Considering I'm going 40 years strong of not once falling for a phishing scam, I feel pretty confident in my assessment that I won't do so in the future. It has to be an exceptionally good phish to get anyone moderately technical to even take a second look. And even then, generally one can tell upon a second look. It's not hard to not get phished.

	▲	esseph 2 hours ago \| parent [-]
		It can be visually identical to the real domain. https://www.kicksecure.com/wiki/Unicode It's also happened with code pushes on GitHub, which didn't get caught in code review, and has compromised build processes by introducing a malicious domain that is visually identical. Sounds like a HN-type problem. https://www.knostic.ai/blog/zero-width-unicode-characters-ri...

▲

cindyllm 5 hours ago | parent | prev [-]

[dead]