On 2022-04-25 at 03:06:25 UTC-0400 (Mon, 25 Apr 2022 15:06:25 +0800)
James <j...@tigger.ws>
is rumored to have said:
On 25 Apr 2022, at 1:44 pm, Dave Horsfall <d...@horsfall.org> wrote:
On Mon, 25 Apr 2022, James wrote:
I too have old macs that cant be updated. I just keep a time machine
backup and if ever I get hacked a quick restore will fix. For 10
years
I've had no issues !!
Your "old macs" are not protected by a firewall? One day...
As for backups, consider malware that will not trigger until well and
truly embedded into your backups; not much use then, are they?
Dave methinks there is lots of hysteria in the arena
Yes, but there is also a lot of nasty reality.
I have no firewall on my modem and no firewall on any of my machines.
Yet the world is full of stories about exploits! Most of those are
windows exploits!
Most but by no means all. A lot of modern attacks are multi-platform as
they start as scripts on web pages that run in any browser, or as abuse
of embeded execution mechanisms such as VBA in MS apps and embedded
JavaScript in PDFs.
Lets consider firewalls:
By RFC no router on the internet may route a private IP. So *every*
router between you and bad guys is broken!
So, this glosses over a couple of things...
1. Enabling NAT in your router (which may also be a modem) is a *form*
of a firewall. Without NAT, 'private' (RFC1918) IPs do in fact not route
anywhere
2.
A firewall allows ESTABLISHED,RELATED traffic back, so if you've got a
bad machine then bad guys can get to that machine and from there to
your macs.
If you have a compromised machine then it is a target.
A decade ago one of the anti-virus companies offered $10 000 and a
Sony Viao to first person to hack their honeypots. The windows
honeypot was hacked in under an hour, the mac in a week (a flaw in
safari) and the linux 'pot has never been hacked. They ascribed this
to being unkewl to hack linux. Nonsense you'd be a hero for exposing a
flaw (as has happened a couple of times.)
If you enjoy playing then by all means, if not then enjoy an icecream,
except if you have windows machines on your network forget the
icecream.
I guess IPV6 will change the landscape somewhat.
The subtle comment about ring 0: linux and mac work in a way that is
very limited, what disk?, whereas widows you are not allowed, here is
$100, well ok.
Query: heresay not allowed, who has ever had a mac hacked?
James
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
