Hacker News new | ask | show | jobs
by trog 642 days ago
If you look at the background radiation of the Internet of automated things just hitting services to probe for exploits, they are most commonly looking for exploits from bugs in older software.

There's a timing argument - that unless you're at risk of zero days (like you're the DOD) - that you probably don't need to upgrade immediately. But it seems unarguable to me that the longer you wait, the greater the risk from a security perspective.

As always, security is a trade off. Risk of breaking from an update has to be balanced against risk of exploit. I'd argue the latter is going up more quickly than the former.
1 comments
thot_experiment 642 days ago
How many actual zerodays are there that don't require you to ALSO be doing something dumb per year? It seems exceedingly rare. I understand the argument if you're talking about like, a server running some CMS or whatever, sure that's gonna get pwned because it's a big target so it's worth going after. Your natted personal machine? You're fine unless you're running executable off random russian sites (and even then you're probably fine if you're getting your shit from reputable shady sites)
link
l33t7332273 642 days ago
There was that Windows IPv6 no click zero day within the last couple of weeks
link
thot_experiment 642 days ago
good thing i disable IPv6 at home because it's an annoying pita and i run no machines with windows in the cloud, checkmate :P

on a more serious note though I don't think machines with ipv6 enabled that are behind a NAT are likely to be vulnerable to this, i suppose maybe wormable if you can natpunch through some p2p voip or gaming service, it's the sort of patch i would probably install if i were made aware of it (if i had ipv6 enabled), but being made aware of it doesn't like, leave me worried, and i don't consider it to be likely to affect me unpatched

link
BSDobelix 642 days ago
>I don't think machines with ipv6 enabled that are behind a NAT are likely to be vulnerable to this

Would you be interested in educate yourself about IPv6?

https://ipv6.he.net/certification/

link
thot_experiment 641 days ago
No, I'd rather just keep turning it off. Though if you're interested in telling me why I'm wrong concisely instead of being snarky I'll read that.
link
BSDobelix 640 days ago
NAT and IPv6......you really should educate yourself about it IPv6 is not "that" new...trust me (bro). You know, keep learning is a big part of life ;)
link