I get that there won’t be any security updates. So any problem found can be exploited. But how high is the chance for problems for an average user if you say, only browse some safe websites? If you have a pc you don’t really care much about, without any personal information? It feels like the danger is more theoretical than what will actually happen.

Or… are there any examples of people (not corpos) getting wrecked in the past by an eol OS?

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    5 months ago

    This is kinda a bad argument as a regular user will not connect to the internet like this. You have a router or a carrier will have a CGN in front of your PC.

    • Prison Mike@links.hackliberty.org
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      How is CGN going to stop you from downloading some exploit? CGN as well as NAT might have some level of security but it’s by no means a firewall or anti-exploit framework.

    • Skull giver@popplesburger.hilciferous.nl
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      The Nintendo Switch documentation recommends you forward all ports to the Switch in case of network problems. Literally all of them. If your DHCP lease for both your PC and your Switch expires, you may just accidentally disable your firewall this way. Nintendos’s documentation is absolutely insane to even suggest that, but well-intentioned consumers don’t know that.

      Then there’s the NAT problem: though I haven’t heard of stories using it in the wild, many if not most consumer routers allow websites to bypass the firewall. In some cases, this only allows access to a subset of ports on your computer, in others it’ll expose every port on every device in your network (TCP/UDP). This attack is known as “NAT slipstreaming” and very few routers will allow you to disable the H.323 and SIP ALG to prevent this problem. This isn’t a problem on IPv6, luckily.

      If you do have this option, and don’t use SIP or H.323 video calling, you should definitely turn those ALGs off.

        • Skull giver@popplesburger.hilciferous.nl
          link
          fedilink
          arrow-up
          0
          ·
          5 months ago

          At least UPnP can be turned off easily (if it’s not off by default already). ALGs are more… problematic.

          The worst part is that ALGs will bypass the firewall rules by default, making NAT (or at least the stupid hacks to keep NAT working) a security risk.

    • vividspecter@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      5 months ago

      You have a router or a carrier will have a CGN in front of your PC.

      Many are using ipv6 these days, so no CGNAT used. Potentially with some level of protection (particularly in the mobile case), but there isn’t a 100% guarantee.

      • slazer2au@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        5 months ago

        But you are still going to have some form of statefull firewall, where this video the firewall was deliberately disabled.

        • Crashumbc@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          5 months ago

          This is like saying I can leave my front door unlocked because we have a neighborhood watch…

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      5 months ago

      I think the common use case is telephones. Attaching your old cell phone to a random open Wi-Fi network is pretty common

      But this is just a demonstration, it’s still applies to using the internet, interacting with the network is the danger. Not how you interact with it. Browsing websites can send exploit payloads to your outdated software.

    • lemmyng@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      5 months ago

      The number of users connecting their PC forfeit directly to the modem or purposefully disabling all protections because they’re too lazy is higher than you think.

      • slazer2au@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        5 months ago

        Carrier operated modems are run in NAT mode so a home PC will get a RFC1918 IP address not public routable ones

      • AggressivelyPassive@feddit.de
        link
        fedilink
        arrow-up
        0
        ·
        5 months ago

        I would suspect, hardly anyone who knows how to do that is stupid enough to do it.

        Most modems/ISP routers are relatively secure by default.