It’s time again for our biweekly meeting. We’ll be meeting at Rudolphs Bar-B-Que again starting at 18:30 (6:30 p.m.).
Windows XP. MacOS 10.5. Android 4. These operating systems are ancient by today’s standards but there are a lot of people still using them. When you ask why users usually say, “It works for me.”
But they don’t work. Why? Because they’re not secure operating systems. None of them are supported by developers anymore, which means they no longer receive security updates. In fact, they don’t receive any updates at all, which means they don’t support modern cryptographic protocols either.
Consider SSL, the cryptographic protocol that secures your website connections. At least, SSL used to. It has been replaced by TLS since every version of the SSL protocol is no longer secure. Anybody transmitting confidential information, such as their credit card number or login credentials, over SSL risks having that information intercepted by an unauthorized party. Forward secrecy, a TLS protocol that prevents unauthorized parties from deciphering any TLS connections they may have collect even if they acquire the server’s private key, is another protocol that isn’t supported by a lot of older software.
This week we’re going to talk about the dangers of legacy software. Both for users and for developers who want to support legacy users. Then we will discuss why using modern, supported software is the easiest thing you can do to bolster your security.