Who's Online |
62 user(s) are online ( 25 user(s) are browsing Forums)
Members: 1
Guests: 61
DaFreak,
more...
|
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/2 14:42
#143841
|
Just popping in 
|
I also don't understand why anyone would program a virus or trojan horse to attack an Amiga system. Unfortunately, Amigas have become very rare, so it isn't really worth the effort to design a trojan horse I think. 
|
|
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/2 14:40
#143842
|
Just popping in
|
Quote:
Are you running any daemons? It could be valid but you have a PPC cpu which is not as popular as the x86. Even if you are using an exploit you should know the offsets where to jump which is different in every OS. And I'm not 100% sure, on OS4 it would work.
It doesn't come down to offsets or jumps. The field isn't that narrow. You see I am not asking for advice on MY setup I am asking for general advice. The point being, advice we can give to a new user ( and all users ) out there even if it is: "Don't run any daemons when connected to the internet unless they are properly firewalled by an external router/gateway". That is it! Quote:
Quote:
3. Snooping and fishing for data. By not using the right level of security on your clients ( e.g. using telnet rather than SSL based clients ) they get hold of passwords and usernames just by listening in and seeing the raw plain text data passing.
It's a user related problem.
..... unbelievable. Of course it is a user related problem, but so what? It is still advice! It is still something that some people know the answers on and other people can provide helps to stop people needlessly exposing sensitive data. There are three possible outcomes from this: 1. You continue to treat it like a tennis match, and nothing useful gets developed out of it. We continue to live as isolated islands of information and some get caught out ( "so what, it is a user related problem" ) but tough doodoos eh?. 2. We develop a FAQ on security on the Amiga, and for applications running on the Amiga so the information is there. 3. We do (2) and develop/enhance a security scanner or write some scripts to check for simple things. I can't see the Freidens or the OS4 development team having the time to redevelop the TCP stack or implement a process security model, so how about we help the users to get smarter as a collective rather than just trying to slap the issue down each time?
|
|
The court case is like a thunderstorm after a long humid summer.
|
|
|
|
BTTR's mirror?
|
Posted on: 2006/12/2 14:39
#143843
|
Not too shy to talk 
|
Is there a mirror of Back-To-The_Roots anywhere?
|
Valiant@ CamelotAmigaOne XE, 800Mhz, 1GB, 9250 Radeon, OS4.1u7 Sam440ep, 666Mhz, 512Mb, 9250 Radeon, OS4.1u6 A1-X1000, 1.8Ghz, 1GB, 9250 Radeon, OS4.1x A1-X5000/40 2.2Ghz, 2GB, Radeon HD 7700, OS4.1 FE ud 2
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/2 14:37
#143844
|
Just popping in
|
Quote:
In a chatroom you can see the ip addresses which are connected, and go after them. Even just being able to knock people off the net might be a pain.
Nothing like that can happen under OS4. Even hacking utilities like NMAp can't identify the host operating system, let alone try to attack OS4. For the record, I've been running an A1 on the internet for the last 4 years, with a STATIC ip address and without any kind of firewall. Never had a "security" problem. Also, not having any open port by default, does certanly help.
|
|
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/2 14:36
#143845
|
Just popping in
|
1. Trojan horses writen for AmigaOS (PPC or m68 CPU) ?
Never heard from one.
2. Daemon
Amiga is not Unix there are no daemons to be usesd.
3. Thats a Problem, i use telnet, i do not know a SSH Client or Server for Amiga OS
4. Same Problem, PGP Amiga ?
But 3. and 4. could not harm my Amiga -> outbound.
If you use apache samba and so on, different story.
The Amiga ports are normaly rather old, many security holes have been found.
But there are not many users out there, able to assamble a code for the Amiga.
Packages, sounds also like Unix.
|
|
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/2 14:35
#143846
|
Supreme Council 
|
This is an important issue, no matter what services amiga os has now or will be able to get in the future.
So try be less negative to each other in this thread and discuss the issue instead.
|
|
Vacca foeda. Sum, ergo edo
Mr Bobo Cornwater
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/2 14:34
#143847
|
Just popping in
|
It isn't scary. I'm not saying anything will happen at all. I'm saying we just don't know. There is no information I can find that helps and the OS was never designed to be used on the internet and as far as I am aware does not sandbox tasks. Because of that, it is ripe for exploitation if/when someone wants to.
Because of this there is more onus on those who develop servers ( daemons ) and mail applications and other system automation tools ( whether connected or not to the network ) to provide their own security.
Because we don't know, we are in a state of ignorance. What I can't stomach is the attitude towards the subject.
|
|
The court case is like a thunderstorm after a long humid summer.
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/2 14:33
#143848
|
Just popping in
|
Quote:
Mitch wrote:
There are plenty of opportunities to get hacked on line all you need to do is look at something like securityfocus.
There are a list of possibilities:
tthe
1. Trojan horses - downloaded or executed through accessing a web page or opening/downloading emails or running bad software. Once in, you are reliant on whatever security the OS or the software packages that are interpreting/running the exploit provide.
Look. We are soo few comparing to the Win users, so it doesn't worth the effort to build a trojan for OS4. Quote:
2. Daemon attacks - anything from remote code exploitation ( running stuff on your machine ), denial of service, forcing it offline or sending it bad information to cause anything from buffer overflows or misallocating the entire memory in your OS.
Are you running any daemons? It could be valid but you have a PPC cpu which is not as popular as the x86. Even if you are using an exploit you should know the offsets where to jump which is different in every OS. And I'm not 100% sure, on OS4 it would work. Quote:
3. Snooping and fishing for data. By not using the right level of security on your clients ( e.g. using telnet rather than SSL based clients ) they get hold of passwords and usernames just by listening in and seeing the raw plain text data passing.
It's a user related problem. Quote:
4. Ephemeral security - send emails in plain text rather than using PGP or some other security plugin.
See pont #3. Quote:
The point is you might not be exposed to any of them, or be exposable, however at the moment there is nothing out there that I have seen that does a risk assessment of the basic OS, the OS with extra packages installed, individual packages, different configurations or provides any advice whatsoever.
Other portals have long been swamped with political wars and it looks like those that want to start arguments for the sake of it will either be steering clear of here or thrown off. So, I think it is high time we started to collate our experiences and advice and stop thinking we are invulnerable.
Just know how vulnerable you are ( or not ).
Only problem could be using echo/chargen/etc services by default. But if I'm correct ther are switched off by default. You can check by using nmap on your winbox targetted with your OS4 machine. Quote:
Security through ignorance is stupidity. Security through willful ignorance is basically being a sucker.
I aggree. Quote:
I don't want to get involved in ego trips, I just want to enjoy the hobby.
Enjoy! 
|
|
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/2 14:28
#143849
|
Just popping in
|
Nessus has a port scanner as its second phase of scanning ( the first phase is a lookup ), it has specific attacks for smb and apache - more if you register the plugins.
I'm not an ignorant.
That is like saying "my webserver has no idea what an Amiga is"
It doesn't have to. Many of the nessus plugins scan for services which are all or mostly written to RFCs, and therefore do have some common exploitation issues. Many more do indeed scan for specific problems with say, Windows or Linux, but as I said it isn't a simple matter of running Nessus.
As you say, nessus is ignorant of what the issues are but by saying "move along nothing to see here" all the time we are never going to change that situation.
|
|
The court case is like a thunderstorm after a long humid summer.
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/2 14:28
#143850
|
Just popping in
|
@Mitch Wow, this does sound scary!  I hope that none of these attacks will happen to me in the future when I surf the world wide web with my Amiga. So far I never had any problems, but who knows, maybe the hackers find new ways to attack Amiga computers? I hope that one of the developers of the next generation Amiga OS can clarify if there is support for better security functions planned.
|
|
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/2 14:26
#143851
|
Just popping in
|
Running Nessus aginst an Amiga,
try it please. I do not think that nessus has any idea waht an AmigaOS is.
|
|
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/2 14:25
#143852
|
Just popping in
|
You are talking about inbound, I am talking about outbound AND inbound.
SAMBA is available for the Amiga for example (smb).
There are web servers ( blackwidow, apache )
There are myriad other little tools both in and outbound.
I repeat, once in, as there is no process or filesystem security, you are scuppered. Just because your computer initiated the connection ( client ) doesn't make it safe. That is why firewalls are only of limited use in internet security.
|
|
The court case is like a thunderstorm after a long humid summer.
|
|
|
|
Re: Learning to love Workbench 1.3
|
Posted on: 2006/12/2 14:25
#143853
|
Just popping in
|
I use 1.3 and 2.05. For productivity I mainly use my A600 with 2.05. I prefer using the 'stock' OS instead of 'mucked up' and 'patched' versions. I know where everything is!
|
|
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/2 14:23
#143854
|
Just popping in
|
SSH ? Amiga ?
AmigaOS is not a UNIX or Linux.
no SSH - no problem,
no ftp - no problem,
no smb - no problem,
.
.
.
http as client is the only open Port if you use a standard OS4
|
|
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/2 14:13
#143855
|
Just popping in
|
There are plenty of opportunities to get hacked on line all you need to do is look at something like securityfocus.
There are a list of possibilities:
tthe
1. Trojan horses - downloaded or executed through accessing a web page or opening/downloading emails or running bad software. Once in, you are reliant on whatever security the OS or the software packages that are interpreting/running the exploit provide.
2. Daemon attacks - anything from remote code exploitation ( running stuff on your machine ), denial of service, forcing it offline or sending it bad information to cause anything from buffer overflows or misallocating the entire memory in your OS.
3. Snooping and fishing for data. By not using the right level of security on your clients ( e.g. using telnet rather than SSL based clients ) they get hold of passwords and usernames just by listening in and seeing the raw plain text data passing.
4. Ephemeral security - send emails in plain text rather than using PGP or some other security plugin.
The point is you might not be exposed to any of them, or be exposable, however at the moment there is nothing out there that I have seen that does a risk assessment of the basic OS, the OS with extra packages installed, individual packages, different configurations or provides any advice whatsoever.
Other portals have long been swamped with political wars and it looks like those that want to start arguments for the sake of it will either be steering clear of here or thrown off. So, I think it is high time we started to collate our experiences and advice and stop thinking we are invulnerable.
Just know how vulnerable you are ( or not ).
Security through ignorance is stupidity. Security through willful ignorance is basically being a sucker.
I had hoped the constructive clause (1) in the terms of service might lead to decent open debate on how to fix a few issues like information, mindset and possibly even software. If it looks like the discussion on here isn't going to be constructive or will meet with knee jerk reaction then there isn't a lot of point contributing to the forum.
I don't want to get involved in ego trips, I just want to enjoy the hobby.
|
|
The court case is like a thunderstorm after a long humid summer.
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/2 14:06
#143856
|
Just popping in
|
@Mitch Is it possible to get hacked when you use the Amiga on the world wide web? I am glad it never happened to me. Is it possible to use an internet-router as a wall against such attacks? Or are there still possibilities to have our Amigans hacked?
|
|
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/2 13:56
#143857
|
Just popping in
|
@Mikey_C
I already am being. Tell me what exactly are you bringing to this "deal" you are offering? I don't know I get the impression you think I'm some kind of troll.
It is exactly what I have been calling for since post 1 - to collaberate on bringing the information to the fore.
It is too big a task for one person and most of the knowledge will be out there already. It won't be a matter of just running nessus against an Amiga on your local network.
Most of these issues - because they aren't being exercised by internet intruders yet - can only be exposed by structured security testing or design analysis to discover the flaws.
@Sauron
I think it is all being taken personally whereas I'd rather people were told what are the good/bad points to do with the operating system and using the browsers/network tool online.
Eventually some kind of "cops" tool to expose inner setup flaws for beginners to install could be built but to do that you need a knowledge base. This is what I'd like to see happen. As I find things out I'll certainly let people know.
@Sister_Rita
Security through obscurity is all very well up to the point where you get hacked. The reality is though that most of our security is through ignorance - a false sense of security.
-----
In general why do it? There is no filesystem or process security built into AmigaOS, so once in, anything can be done so every daemon needs to have its own sandbox.
|
|
The court case is like a thunderstorm after a long humid summer.
|
|
|
|
Re: TGE on Amiga
|
Posted on: 2006/12/2 13:37
#143858
|
Just popping in
|
@salass00 Yes I did try that and yes it solves the problem. @Rogue, Yes there are still many issues left to solve. I am using a radeon 9000. About the alignment exceptions they happen in my code and I have been adviced to review all the warnings generated during compilation, there might be something fatal.
|
|
|
|
|
|
Re: Amiga 1200 Black screen. CPU DEAD?
|
Posted on: 2006/12/2 13:36
#143859
|
Just popping in
|
Actually I did make a sort of sqeaky woman like sound when it started to work again ;) ....
|
|
|
|
|
|
Re: Amiga 1200 Black screen. CPU DEAD?
|
Posted on: 2006/12/2 13:34
#143860
|
Just popping in
|
Ok...
Will try this. It would be great if I got it to work. =)
There is quite a difference with it on even though its only 10Mhz difference, but there's also the extra ram memory.
Is it possible to run it whitout the ram memory?
|
|
|
|
|
News feed
OS4 Feedback forum
OS4Depot Feedback forum
Amigabounty forum
OpenAmiga forum
AmiCygnix forum
ABC shell forum
AmiKit forum
Cinnamon Writer forum
CodeBench forum
Digital Universe forum
Dopus 5 forum
E-UAE forum
Gnash forum
Ibrowse forum
JAmiga forum
Odyssey forum
OWB forum
Qt forum
SmartFileSystem forum
Timberwolf forum
TouchDevice forum
TuneNet forum
Unsatisfactory Software forum
