Sure, I'll update it. But I'm not the CIA and Tom Cruise is not hanging from my bedroom's ceiling to steal my pirated games and my unfinished novel. I won't panic just yet.
The vulnerability, assigned as CVE-2024-30078, does not require an attacker to have physical access to the targeted computer, although physical proximity is needed.
Sure, I'll update it. But I'm not the CIA and Tom Cruise is not hanging from my bedroom's ceiling to steal my pirated games and my unfinished novel. I won't panic just yet.
While im sure this is getting autopatched on your machine and yes, its unlikely you'll be targeted, this attitude is common and shows a very naive understanding of how these kinds of attacks are...
Exemplary
While im sure this is getting autopatched on your machine and yes, its unlikely you'll be targeted, this attitude is common and shows a very naive understanding of how these kinds of attacks are used.
"Physical proximity" MIGHT mean an actual human with a computer near your network, but more likely means "an infected machine near your network".
So you start with one machine and then let it spread to everything in its range and of course it self propagates from there.
In general attacks are NOT targeted directly. The CIA doesn't say they want your novel, someone just infects every device they can access, which then infects all the devices around them, and so on. Further once one device is compromised, it can infect other devices on the network using different attacks which may not require physical proximity.
Point being, you're right, no one is going to target you directly, but at the same time, its much easier and much more profitable to just encrypt EVERY infected computers HDD and say "if you want it back here's the crypto wallet you'll be sending money to". And that will likely be AFTER they've copied every byte of data off your machine and run it through some programs to dig for any and all sensitive information you've accidentally exposed in plain text, so there's decent odds you get identity theft in your future as well.
Point being, this kind of attack is not something ANYONE should be blase about (especially with elderly neighbors who are super likely to be infection points having been compromised by some other less sophisticated method and then used to spread). MS is doing the right thing jumping on this, and my example is absolutely large worst case, but its why these things are taken seriously. This is probably one of the worst vulnerability discoveries ever.
The attacker just has to be in your WiFi's range that's all, though the article doesn't give any more details than that. The important thing is how come such a major vulnerability was left...
The attacker just has to be in your WiFi's range that's all, though the article doesn't give any more details than that. The important thing is how come such a major vulnerability was left unpatched (or not discovered) for so many years?
BTW I think Tom Cruise is well past his Last Samurai days to be able to achieve such miraculous feats!
My Windows is probably updating as we speak, my wifi is not that strong, and, chiefly, my neighbors are largely older and non-tech. I'm not in great danger :P Also, don't doubt the Cruise. Never...
My Windows is probably updating as we speak, my wifi is not that strong, and, chiefly, my neighbors are largely older and non-tech. I'm not in great danger :P
Also, don't doubt the Cruise. Never doubt the Cruise.
Definitely scary, but from what I can see so far, it's not something to be terribly worried about. Someone would have to intentionally want to attack you specifically (if I understand it correctly...
Definitely scary, but from what I can see so far, it's not something to be terribly worried about. Someone would have to intentionally want to attack you specifically (if I understand it correctly they'd have to send the malicious packets to you directly, but I guess it wouldn't be hard for someone to write a tool that scans for all the MAC addresses in the area and push packets to everyone).
I checked my work laptop and I got the update on the 12th, thankfully.
I wonder why the fixation on this specific thing. Wi-Fi is notoriously easy to break into and users should be in their guard on public Wi-Fi, anyway. I feel like the patch is going to create a...
I wonder why the fixation on this specific thing. Wi-Fi is notoriously easy to break into and users should be in their guard on public Wi-Fi, anyway. I feel like the patch is going to create a false sense of security in people who already vaguely knew to be on their guard at Starbucks.
This isn't an attack like "oh if you sign into your bank on starbucks wifi an attacker might be able to compromise it" (they can't, really). The attack is "if you're on the starbucks wifi at all...
This isn't an attack like "oh if you sign into your bank on starbucks wifi an attacker might be able to compromise it" (they can't, really).
The attack is "if you're on the starbucks wifi at all an attacker can execute arbitrary code on your computer". No user interaction needed, connect to wifi and get a free crypto locker on your computer.
I'm not really clear on the vulnerability but it sounds like it works as long as your WiFi is on (maybe needs to be connected to a network). With Starbucks (as an example) you can do things to...
I'm not really clear on the vulnerability but it sounds like it works as long as your WiFi is on (maybe needs to be connected to a network). With Starbucks (as an example) you can do things to mitigate the risk but it sounds like this vulnerability could bypass that. Also, maybe you're vulnerable on your own secure wifi network.
Sure, I'll update it. But I'm not the CIA and Tom Cruise is not hanging from my bedroom's ceiling to steal my pirated games and my unfinished novel. I won't panic just yet.
While im sure this is getting autopatched on your machine and yes, its unlikely you'll be targeted, this attitude is common and shows a very naive understanding of how these kinds of attacks are used.
"Physical proximity" MIGHT mean an actual human with a computer near your network, but more likely means "an infected machine near your network".
So you start with one machine and then let it spread to everything in its range and of course it self propagates from there.
In general attacks are NOT targeted directly. The CIA doesn't say they want your novel, someone just infects every device they can access, which then infects all the devices around them, and so on. Further once one device is compromised, it can infect other devices on the network using different attacks which may not require physical proximity.
Point being, you're right, no one is going to target you directly, but at the same time, its much easier and much more profitable to just encrypt EVERY infected computers HDD and say "if you want it back here's the crypto wallet you'll be sending money to". And that will likely be AFTER they've copied every byte of data off your machine and run it through some programs to dig for any and all sensitive information you've accidentally exposed in plain text, so there's decent odds you get identity theft in your future as well.
Point being, this kind of attack is not something ANYONE should be blase about (especially with elderly neighbors who are super likely to be infection points having been compromised by some other less sophisticated method and then used to spread). MS is doing the right thing jumping on this, and my example is absolutely large worst case, but its why these things are taken seriously. This is probably one of the worst vulnerability discoveries ever.
The attacker just has to be in your WiFi's range that's all, though the article doesn't give any more details than that. The important thing is how come such a major vulnerability was left unpatched (or not discovered) for so many years?
BTW I think Tom Cruise is well past his Last Samurai days to be able to achieve such miraculous feats!
My Windows is probably updating as we speak, my wifi is not that strong, and, chiefly, my neighbors are largely older and non-tech. I'm not in great danger :P
Also, don't doubt the Cruise. Never doubt the Cruise.
Check out this cool video about zero day market that explains quite a lot about how this works in more layman's terms
Definitely scary, but from what I can see so far, it's not something to be terribly worried about. Someone would have to intentionally want to attack you specifically (if I understand it correctly they'd have to send the malicious packets to you directly, but I guess it wouldn't be hard for someone to write a tool that scans for all the MAC addresses in the area and push packets to everyone).
I checked my work laptop and I got the update on the 12th, thankfully.
Mirror:
https://archive.is/NpeeP
I wonder why the fixation on this specific thing. Wi-Fi is notoriously easy to break into and users should be in their guard on public Wi-Fi, anyway. I feel like the patch is going to create a false sense of security in people who already vaguely knew to be on their guard at Starbucks.
This isn't an attack like "oh if you sign into your bank on starbucks wifi an attacker might be able to compromise it" (they can't, really).
The attack is "if you're on the starbucks wifi at all an attacker can execute arbitrary code on your computer". No user interaction needed, connect to wifi and get a free crypto locker on your computer.
I'm not really clear on the vulnerability but it sounds like it works as long as your WiFi is on (maybe needs to be connected to a network). With Starbucks (as an example) you can do things to mitigate the risk but it sounds like this vulnerability could bypass that. Also, maybe you're vulnerable on your own secure wifi network.
That’s a big yikes.