GRcade

Green Gecko wrote:Thanks. Would you recommend Linux?

I feel it's generally accepted that the open-source nature of Linux, the centralised software repositories common on most flavours, and its popularity for server applications - meaning a strong incentive to find and fix bugs - make it the most secure OS, even more so if you put a little effort into setting it up properly.

Lagamorph wrote:

Return_of_the_STAR wrote:

Gently-Parted Ringpiece wrote:Win 10 isnt affected is it?

Ive only read about xp being affected. What slightly confuses me is I though Microsoft discontinued supporting xp a year or more ago but I've read articles that Microsoft released a fix for this vulnerability 3 months ago and those systems affected simply hadn't updated to the latest patches. Does anyone know if that's correct?

General support for Windows XP was discontinued but companies could purchase ongoing support if they wanted, though it was expensive to do so, so new patches are still being developed for it.

I think Microsoft have now released a patch for this specific exploit for Windows XP/Server 2003 for everyone though.

I've heard that it would have cost something like 5 million to purchase ongoing support for the entire NHS, which I consider relatively cheap considering how much the government wastes on other far less important things, but they didn't want to pay their much so didn't bother.

Ironhide wrote:

Lagamorph wrote:

Return_of_the_STAR wrote:

Gently-Parted Ringpiece wrote:Win 10 isnt affected is it?

Ive only read about xp being affected. What slightly confuses me is I though Microsoft discontinued supporting xp a year or more ago but I've read articles that Microsoft released a fix for this vulnerability 3 months ago and those systems affected simply hadn't updated to the latest patches. Does anyone know if that's correct?

General support for Windows XP was discontinued but companies could purchase ongoing support if they wanted, though it was expensive to do so, so new patches are still being developed for it.

I think Microsoft have now released a patch for this specific exploit for Windows XP/Server 2003 for everyone though.

I've heard that it would have cost something like 5 million to purchase ongoing support for the entire NHS, which I consider relatively cheap considering how much the government wastes on other far less important things, but they didn't want to pay their much so didn't bother.

I think they were told at the time it was for 1 year only though, so during that year they would have to upgrade. Looking at one article on the Guardian the migration of computers away from Windows XP was a condition of the deal.

Lagamorph wrote:

Ironhide wrote:

Lagamorph wrote:

Return_of_the_STAR wrote:

Gently-Parted Ringpiece wrote:Win 10 isnt affected is it?

Ive only read about xp being affected. What slightly confuses me is I though Microsoft discontinued supporting xp a year or more ago but I've read articles that Microsoft released a fix for this vulnerability 3 months ago and those systems affected simply hadn't updated to the latest patches. Does anyone know if that's correct?

General support for Windows XP was discontinued but companies could purchase ongoing support if they wanted, though it was expensive to do so, so new patches are still being developed for it.

I think Microsoft have now released a patch for this specific exploit for Windows XP/Server 2003 for everyone though.

I've heard that it would have cost something like 5 million to purchase ongoing support for the entire NHS, which I consider relatively cheap considering how much the government wastes on other far less important things, but they didn't want to pay their much so didn't bother.

I think they were told at the time it was for 1 year only though, so during that year they would have to upgrade. Looking at one article on the Guardian the migration of computers away from Windows XP was a condition of the deal.

There is a registry hack that you can use to extend the life of your XP by 5 years. It basically tells Microsoft Update that you're using the embedded version of XP.

https://www.forbes.com/sites/gordonkell ... 26961a70fc

Doesnt really fly in an enterprise though, does it?

Also there is very very little reason to be on XP, the major issue at least where I was was 16bit apps as 7 didn't support them, however 8 and up added it back so it was easier to them move if you stays 32 bit.

Ironhide wrote:I've heard that it would have cost something like 5 million to purchase ongoing support for the entire NHS, which I consider relatively cheap considering how much the government wastes on other far less important things, but they didn't want to pay their much so didn't bother.

But there are nukes to buy!

Green Gecko wrote:

massimo wrote:

Green Gecko wrote:Am I safe if I'm on a Mac?

From this particular exploit, yes as it's a windows XP vulnerability. Who knows what other macOS based Zero days have been leaked from the NSA and are now out in the wild though.

Thanks. Would you recommend Linux?

I'm not cool enough to use Linux, couldn't say.

massimo wrote:

Green Gecko wrote:

massimo wrote:

Green Gecko wrote:Am I safe if I'm on a Mac?

From this particular exploit, yes as it's a windows XP vulnerability. Who knows what other macOS based Zero days have been leaked from the NSA and are now out in the wild though.

Thanks. Would you recommend Linux?

I'm not cool enough to use Linux, couldn't say.

There are loads of tin foil hat stuff about the NSA back doors in Linux. Linus Torvalds parents were communists don't you know.

lex-man wrote:

massimo wrote:I'm not cool enough to use Linux, couldn't say.

There are loads of tin foil hat stuff about the NSA back doors in Linux. Linus Torvalds parents were communists don't you know.

In all seriousness the NSA probably does have Linux vulnerabilities on file. Not a conspiracy, like, they're just good at what they do. But I feel since they likely have vulnerabilities for everything on file, it's inescapable and therefore not worth worrying about.

Karl wrote:

lex-man wrote:

massimo wrote:I'm not cool enough to use Linux, couldn't say.

There are loads of tin foil hat stuff about the NSA back doors in Linux. Linus Torvalds parents were communists don't you know.

In all seriousness the NSA probably does have Linux vulnerabilities on file. Not a conspiracy, like, they're just good at what they do. But I feel since they likely have vulnerabilities for everything on file, it's inescapable and therefore not worth worrying about.

Yeah but the Linux top brass aren't involved.

Yeah just use the os that is best for the job you are doing and make sure it is fully patched etc.

Vulnerabilities happen, it isn't worth panicking about or you will never stop worrying about it, just make sure you update etc. and that's the best you can do.

There is no such thing as a secure system.

It's not exactly a secret that the NSA are, dangerously, stockpiling zero day exploits rather than alerting developers to them so they can be patched. In my opinion this is a more a danger because agencies that are supposed to be protecting the public are actually sitting on vulnerabilities rather than trying to protect us from them. The average person does not have much to fear from the agencies per say. Still doesn't mean I don't mind the fact that security agencies are so obsessed with hoarding data that they are completely failing to do their actual jobs.

Well, strawberry float.

NHS cyber-defender Marcus Hutchins arrested in US

http://www.bbc.co.uk/news/uk-england-40820837

He supposedly had a hand in creating malware used in a bank attack.

Green Gecko wrote:There is no such thing as a secure system.

There is. It's just not connected to anything.