Are they doomed?
- Thread starter RTexasF
- Start date
I just saw the guy has a new video with an even easier way. I just tried it on 2 win 10 laptops and it worked fine.
- Joined
- Jul 28, 2023
- Messages
- 339
Apple "silicon" is based on ARM which is even more vulnerable and exploitable than AMD/Intel x86/64. Arm licenses its designs to just about anyone, and with the plethora of people who have access to this information, allows it to be infinitely more vulnerable to attack on a hardware level. Apple software has proven to be pretty resilient, but only on the same level and reasoning as linux, the underlying kernel isn't very consumer friendly. Windows as a software is infinitely more exploitable than linux and macOS, but Arm hardware is infinitely more exploitable than x86. Thus it doesn't matter if you have a mac, you are right up there on the easy to hit list.
Again, this whole "I like this" because "security" argument is bogus, and everyone, literally every single person using electronics of any kind needs to wrap their head around this concept that there is no such thing as true security. SMS has been read by the NSA since its inception. Phone records logged. Internet traffic metadata sold. The only real way to not be vulnerable is to simply not use it at all.
MIT researchers uncover 'unpatchable' flaw in Apple M1 chips
MIT researchers uncover vulnerability in a hardware-level security mechanism utilized in Apple M1 chips called pointer authentication codes, or PAC.
techcrunch.com
ARM : Security vulnerabilities, CVEs
Security vulnerabilities related to ARM : List of vulnerabilities affecting any product of this vendor
www.cvedetails.com
Apple is no more secure than Micro$oft.
My problem with Micro$oft is not so much their security issues but with their data mining.
Micro$oft collects huge amounts of data from their users then sells it. Selling their OS to the public is a break even, if that. Data mining is a huge profit for them. If it wasn't for that fact, Micro$oft would have quit consumer OS's, like they have threatened in the past, and just stick to business and server software.
Google and Chrome have the same data mining issues. Makes you think "why are they free?"
Micro$oft collects huge amounts of data from their users then sells it. Selling their OS to the public is a break even, if that. Data mining is a huge profit for them. If it wasn't for that fact, Micro$oft would have quit consumer OS's, like they have threatened in the past, and just stick to business and server software.
Google and Chrome have the same data mining issues. Makes you think "why are they free?"
- Joined
- Jul 28, 2023
- Messages
- 339
Everyone does this, and everyone who says they don't is probably lying.
Linux too?
- Joined
- Jul 28, 2023
- Messages
- 339
There is a high chance some distro's do.
OVERKILL
$100 Site Donor 2021
As somebody who has done wardriving, and who follows the sec scene, there are lots of folks out there with time on their hands that do exactly this. You don't have to be a high value target to end up on the radar of a teen with a pentest kit who wants to have some fun. Kali, a venti white chocolate mocha and a few hours of boredom isn't a far fetched scenario.
You would do both. It isn't an either-or scenario, just like not using an outdated and unpatched OS, you take all reasonable steps as preventative measures, because that's simply being responsible. And yes, end user training is critical, since social engineering is by far the biggest threat and is the dominating single common factor in the majority of compromises.
Malicious sites that leverage potentially unpatched exploits or leverage social engineering (your computer is infected, call this number in full screen) are blocked by many modern AV solutions like ESET EndPoint. Preventing the end user from accessing this stuff in the first place shouldn't be controversial or poo-poo'd, it's just one more layer in the onion of "reasonable" security. The smaller you can make your exposure surface the better, even though you can never eliminate it.
Other than changing the egress point of your traffic to a location other than your ISP, what are you really accomplishing with a VPN? Who are you using as a resolver, the provider? How do you know they aren't logging who you are and what sites you visit? The sites themselves and any personal information you provide (like an e-mail address, which is also a target) are far more likely targets than (mostly already encrypted) traffic in transport.
I employ the approach used by the nuclear industry regarding exposure and risk, which is ALARA. While risk will never be zero, using all reasonable means to reduce exposure surface and risk are taken. Make my (relatively low value) data not worth pursuing.
The advice being levied here is essentially:
"Don't worry about it (using an outdated and vulnerable OS), nobody is going to attack you"
"You can't protect yourself anyway, because if they want your data, they are going to get it anyway"
Both of which I don't agree with, nor does the industry at large. While effort is proportionate to the perceived value of the data, that does not mean that lower value targets won't be pursued out of opportunity or boredom. Making yourself "not worth it" is common sense in this context.
It is like changing mfg of cars. After 2 hours of learning where the stuff is on a new car (e.g. wipers, headlights etc) driving around the block is basically the same.
Yeah thete are a couple of Linux versions that look and feel like Microsoft but with waaaaay better security. The word Security and Microsoft never should be used in the same sentence. You might as well add Apple to that now.Per MS they will be charging a monthly fee to extend support.
Microsoft will charge consumers for extended Windows 10 support
For the first time, Microsoft will allow consumers to buy extended-support subscriptions to Windows 10 so you can avoid moving to Windows 11.www.pcworld.com
This is why I always advocate for everyone to start switching and learning linux as early as you can. Most day to day tasks are done exactly the same way as windows. Mint and Ubuntu would be my recommendations for new users, and maybe....maybe Debian 12.
If you are worried about security, what a joke. Combining the word Microsoft and Security into one sentence is physically painful for me to do.
Mint is much more like Windows than any other distro I have tried. Mint is also super easy to learn. Not trying to be a Mint fanboy here but it works very well for me.
Tossed it onto a couple machines now, does seem nice.
ssd’s are pretty cheap, went to a hamfest and bought 5 128gb ones for like $30. Dual boot? nah, swap drives instead.
Zorin and Kubuntu are the Linux distros I like using most due to them being most Windows-like yet quite different form each other.
The Intel Core i5-7500 in my home PC is not supported. This PC is 6 years old.
Exactly. VPN's have their uses for sure, but the way they are marketed as being this huge boon to your data security is pretty deceptive.
"Just send all of your Internet traffic through our system and everything will be fine. You can trust us. We promise we won't spy on you, even though that would be hugely profitable for us."
There are ways around that.
