On Tue, 19 Dec 2017 12:53:58 +0100, Axel Berger wrote:

> "A. Dumas" wrote:
>> No upgrades, no security updates, nothing.
>
> Exactly. And 14 % is a lot of devices. If there really were security
> risks like the "newer is always better" faction continues to claim,
> wouldn't we have heard about serious exploits by now?
>
Whether you hear about exploits depends what you read. Are you aware of
cryptocurrency mining malware? If not, why not? It infects Android phones.

> And most if not nearly all Raspberry applications I have seen are either
> strictly local or at least behind a router.
>
Sure, but do you know your router is secure? Many consumer grade routers
are not. Have you run a penetration tester against yours? Is its admin
login visible from the outside?

If your router is insecure, and your RPi is on your LAN its potentially
at risk: there have been recently reported, but quite old, faults in
Linux crypto packages. These are now patched, but you'll may well be
exposed if you haven't kept your RPi software updated.

> And if new really was better, why is it always and nearly exclusively
> only the early adopters of updates that really get hit by exploits?
>
Thats quite untrue. Several of the vulns discovered and reported during
2017 date back several years. Sometimes these are known to have been
exploited, sometimes not.


--
Martin    | martin at
Gregorie  | gregorie
          | dot org

--- SoupGate-Win32 v1.05