Remember back in 2002 where if you connect an unpatched windows machine to the internet, it would only be a few minutes before it got infected?

Well running unpatched stuff is no longer like that. I bet you could use a 2013 iDevice for a whole year and not get exploited once.

Exploits are mostly against the rich and famous now, and not so much against regular joe.

> Remember back in 2002 where if you connect an unpatched windows machine to the internet, it would only be a few minutes before it got infected?

Was that actually true, or just an urban legend? I've heard this a lot back then, but never actually saw it happen.

It was true. This was mostly because Windows XP had several open ports by default, and before SP2 (released in 2004) did not have a firewall. So when a vulnerable service in the default install was found behind a default-open port it would spread and replicate extremely quickly: https://en.wikipedia.org/wiki/Blaster_(computer_worm)

It was true (well perhaps more like 10 minutes). You had to connect your machine straight to the internet (ie. through a dialup modem), not via a router.

Also, some ISP's blocked ports which protected you somewhat.

It was certainly quick enough that there was no way to get the updates installed before the machine would bluescreen (many of these exploiters didn't care much for the stability of your machine...)

It was true. I got happy99.exe almost immediately when I accidentally plugged a cable into an RJ45 jack upstream of my NAT gateway.

Not a big threat downstream.

Oh, it's definitely true. I experience it multiple times.

What's a good site to read postmortems on hacks carried out against consumer banking apps using iOS versions with obsolete "security posture?" I haven't run across any such reports but can't say they don't exist.

Nowadays, most security features and upgrades are designed to protect the device against its owner.