How to do attend to critical vulnerabilities?

  • Drop everything. Rush home and update your computer.

    Votes: 4 8.5%
  • Remote access your computer and update.

    Votes: 0 0.0%
  • Wait until the end of work. Go home and update your computer manually.

    Votes: 10 21.3%
  • End of work. Go home, turn computer on, let automatic updates do it's thing.

    Votes: 6 12.8%
  • Wait to use computer, then update.

    Votes: 23 48.9%
  • Do nothing.

    Votes: 4 8.5%
  • Total voters
    47

TairikuOkami

Level 29
Verified
Content Creator
That depends, as for Windows, I update ASAP, even before the official release. As for the browser, I check About tab time to time, since I have the automatic update disabled, I see no reason to have a browser allowed to run with admin privileges whenever it wants to. Besides a sudden browser update can be an inconvenience.
 
The vast majority of reported critical vulnerabilities are blown way out of proportion. Just like most home users freaked out over Wannacry when the vast majority of them didn't even know what SMBv1 was, let alone were using it. This is the unfortunate, yet typical pattern of IT security things.
 

Freud2004

Level 5
Sorry...it sounds wisely and professional but it's just a useless truism. It explains nothing ang gives any advice.
Really ? Do you think that the most hacks are made using special tools and well done malwares? No, 80% off the hacks are human hacks, 80% off the malware tools is the user o install them, open links, etc. Social hacking is the most common form off hacking, the human behavior are the weak part in security.
So, 80% off the times a hack is successful because human error, is the human behavior o fails, not the security solution....

Listen to darknet diaries, and see how the most extraordinary hacks begin, all are successful because some humans install something that should not be there.

Great hackers with skill to program and devolve great hacking tools are rare, Script kiddies are a lot, they just put that tool in a crack and wait for some user that install it, just wait for the human error. (Script kiddies, is this term still in use? In my time was the name to give too noob hackers)

Sorry for poor English ;)
 
Last edited:

YuanJiawj

Level 10
80%
Really ? Do you think that the most hacks are made using special tools and well done malwares? No, 80% off the hacks are human hacks, 80% off the malware tools is the user o install them, open links, etc. Social hacking is the most common form off hacking, the human behavior are the weak part in security.
So, 80% off the times a hack is successful because human error, is the human behavior o fails, not the security solution....

Listen to darknet diaries, and see how the most extraordinary hacks begin, all are successful because some humans install something that should not be there.

Great hackers with skill to program and devolve great hacking tools are rare, Script kiddies are a lot, they just put that tool in a crack and wait for some user that install it, just wait for the human error. (Script kiddies, is this term still in use? In my time was the name to give too noob hackers)

Sorry for poor English ;)
Only 80%? virus, hack tools and malwares were developed by humans and it was not 80%. Many users download a lot of things and they don't care if they get infected or have a problem afterwards. "Advanced" users are concerned about the security and privacy of their data. Malwares, viruses and ramsomware will continue to exist as long as there are people who are not concerned about improving the security of their computers.
 

McMcbrad

Level 10
You can’t say it’s always user’s fault, because there are scenarios where user doesn’t have to do anything. Targeted attacks are one case, where you might be in your office, browsing through your email and you see a colleague of yours sent you a critical document. You open the document and kaboom - your company now owes hackers USD 1 million in BTC to unlock files, critical to the core operation. Because ransomware typically features collateral movement, another colleague of yours won’t even do anything - files on their machine will get encrypted as well.

So whose fault is all that?
You might say user who downloads the document, but this user is not a threat analyst.
You might say the IT admin, but with so many holes and security vulnerabilities, it’s hard to keep up.

Another scenario is the Piriform CCleaner case, where users didn’t have to do anything to be infected. I have had fraudulent transactions (blocked by my bank), because my data has leaked from trusted websites.
 
Top