upvote

points

by psyklic11 hours ago |
comments
upvoteby dspillett10 hours ago|
[-]
Also in terms of security, there was generally a much smaller potential attack surface and those surfaces were harder to reach because we were much less constantly connected.
reply
upvoteby NitpickLawyer7 hours ago|
parent|
next
[-]
> in terms of security

I wouldn't go that far. As soon as you went online all bets were off.

In the 90s we had java applets, then flash, browsers would open local html files and read/write from c:, people were used to exchanging .exe files all the time and they'd open them without scrutiny (or warnings) and so on. It was not a good time for security.

Then dial-up was so finicky that you could literally disconnect someone by sending them a ping packet. Then came winXP, and blaster and its variants and all hell broke loose. Pre SP2 you could install a fresh version of XP and have it pwned inside 10 minutes if it was connected to a network.

Servers weren't any better, ssh exploits were all over the place (even The Matrix featured a real ssh exploit) and so on...

The only difference was that "the scene" was more about the thrill, the boasting, and learning and less about making a buck out of it. You'd see "x was here" or "owned by xxx" in page "defaces", instead of encrypting everything and asking for a reward.

reply
upvoteby tptacek9 hours ago|
parent|
prev|
next
[-]
Software has gotten drastically more secure than it was in 2000. It's hard to comprehend how bad the security picture was in 2000. This very much, extremely includes Linux.
reply
upvoteby PaulHoule9 hours ago|
parent|
prev|
next
[-]
But there was much less awareness of buffer overflows and none of the countermeasures that are widespread today. It was almost defining of the Win95 era that applications (eg. Word) frequently crashed because of improper and unsafe memory management.
reply
upvoteby armchairhacker9 hours ago|
parent|
prev|
next
[-]
I remember opening a webpage and being hacked seemed more likely. Adobe Flash and Java had more vulnerabilities and weaker (if any) sandboxes than JavaScript.
reply
upvoteby tolciho8 hours ago|
parent|
prev|
[-]
Except that when you did connect Windows to anything it was hacked in less than 30 seconds (the user ignored the "apply these updates first, and then connect ..." advice, they wanted some keyboard driver. Hacked, whoops, gotta waste time doing a wipe and reinstall. This was back when many places had no firewalls). IRIX would fall over and die if you pointed a somewhat aggressive nmap at it, some buggy daemon listening by default on TCP/0, iirc. There was code in ISC DHCPD "windows is buggy, but we work around it with this here kluge..." and etc etc etc etc etc
reply
upvoteby tosti3 hours ago|
parent|
[-]
Not just dhcpd. Besides the entire existance of Wine and Samba, Qemu has a workaround for win2k. Mkudffs has a workaround for MS-Windows not being able to read the filesystem without an mbr. Libc can work with local system time for those who dual-boot. Git can work around the difference in line endings. There are probably more of these kludges than you can shake a stick at.
reply