People keep saying to keep these XP machines off the internet. I seriously doubt there’s much threat, especially for even older OS’s like 98 and 95. It’s the very devil just trying to browse with them, nothing much out there is going to be able to attack them. Security through obscurity indeed!
In any case, we’re no longer in the Wild West days when people had machines hooked directly to the internet and a firewall was a third-party addon. LOL, ZoneAlarm anyone!
We all have a basic firewall built into our routers so unless you deliberately expose services you’re fairly bulletproof to scanners. I remember scanning for Win2000 machines in blocks of IPs, long after it was defunct. Plenty were out there!
You are forgetting targeted attacks. A blind attack would pretty much not have much of an effect indeed, however if the attacker knows the machine, then it’s easy for the attackers to exploit these vulnerability if left “out in the open”, and cause havoc, possibly create a lot of damages or leech informations pumped into those machines via old Windows installations.
For a business sure.
You wanna hack my dnd campaign and some pictures of my cock? Sure whatever dude. All financial and important shit goes through my phone anyway and that’s likely to be hacked from the institutions I use.
They’ll infect it and make it part of their DDoS bot swarm.
While that is awful and sucks. Again, probably won’t really target me
If China or America use my machine as a member of their DDoS bot swarm likely I probably couldn’t even fight back as much as I’d like. Either one of those countries could have backdoor bullshit into any system you think of.
If it is a nefarious third party maybe I want them to use my computer to attack the financial system of these capitalist regimes or to harm the infrastructure of an oppressive government.
Again, have my cock and dnd campaign. If my system runs slow and annoys me guess I’ll deal with it. They already will get my information from the millions of sources compiling and collecting it.
I dunno doesn’t really make me shake in my boots
This is short-sighted. It also reeks of “Fuck you, I got mine!” I know that’s not your intention. I just think you haven’t thought super hard about it. I was the same with privacy concerns.
So let me throw some edge cases at you.
You remember the network time protocol vulnerability that was used to power botnets for a little bit? Well, until everyone upgraded their shit, service providers had to just block IP ranges of compromised machines until enough machines in that block stopped DDoS’ing them.
So what happens when some script kiddy pays for time on the botnet, which includes your box, to smash Wizards while you’re trying to look things up? Or what if someone uses your box as a jump box to go attack some giant corporation, and shit gets traced back to you? Or what if someone decides you’re the unlucky one where their whole goal is to dominate your entire home network, and they get your phone when it’s on your home wifi?
Some might be surprised how many systems are still running on AS400s. IBM still makes and maintains IBMi, the modern iteration. My last company wrote our flagship product for these machines, all green screen. Our customers would sometimes move to our GUI product and jump right back to the prompt menus. Hey, if you gotta move fast and have a bulletproof system, text menus are the only way to fly!
By my god, the skill set for running and programming those beasts touches on almost nothing I’ve learned in 30+ years of IT work. Wish I had got experience in that part of the company, seen some solid job posts for that sorta tech.
I worked in the airline industry for years and learned a GUI overlay for one system and another entirely green screen system called SHARES (see if you can guess the airline). Honestly I kind of enjoyed working with those systems; there’s some refreshing “back to basics” feeling kind of like driving a manual transmission.
In my current job I’ve been using another legacy system. Well, my job was to create a relatively modern service for the legacy system to call, but none of the remaining developers knew how to use the extensions of that system that does SOAP calls. So I had to learn just enough of that legacy system to hold their hands through the parts that call my service. Kind of fun, to be honest!
SOAP calls
Now that’s a name I’ve not heard in a long time.
Almost all of Germanys internal healthcare communications does use that.
