Click Here
home features news forums classifieds faqs links search
6071 members 
Amiga Q&A /  Free for All /  Emulation /  Gaming / (Latest Posts)



Lost Password?

Don't have an account yet?
Register now!

Your support is needed and is appreciated as is primarily dependent upon the support of its users.

Main sections
» Home
» Features
» News
» Forums
» Classifieds
» Links
» Downloads
» OS4 Zone
» IRC Network
» AmigaWorld Radio
» Newsfeed
» Top Members
» Amiga Dealers
» About Us
» FAQs
» Advertise
» Polls
» Terms of Service
» Search

IRC Channel
Ports: 1024,5555, 6665-6669
SSL port: 6697
Channel: #Amigaworld
Channel Policy and Guidelines

Who's Online
13 crawler(s) on-line.
 131 guest(s) on-line.
 0 member(s) on-line.

You are an anonymous user.
Register Now!
 matthey:  1 hr 38 mins ago
 Rob:  1 hr 53 mins ago
 Dwyloc:  2 hrs 4 mins ago
 towo2099:  3 hrs 25 mins ago
 Marcian:  3 hrs 30 mins ago
 amigakit:  4 hrs 15 mins ago
 michalsc:  4 hrs 44 mins ago
 BigD:  4 hrs 50 mins ago
 zipper:  4 hrs 50 mins ago
 t0lkien:  5 hrs 6 mins ago

/  Forum Index
   /  MorphOS Software
      /  PolyOrganizer - Major updates.
Register To Post

Goto page ( Previous Page 1 | 2 )
Re: PolyOrganizer - Major updates.
Posted on 5-Jan-2024 18:10:06
#21 ]
Elite Member
Joined: 8-Mar-2003
Posts: 2648
From: Unknown


You are talking bout a targeted attack by entity willing to put time and other resources into.

Plenty of these work on OSes were you have legions of hackers trying to find the latest 0day exploit either to cash in on bug hunting bounties or sell them to highest bidder.

Most real attacks are done as crimes of opportunity where some just runs a bunch of scripts hoping that some Win/Linux/macOS boxes on the other side haven't had the latest patches installed.
Those would into NIL: on Wayfarer, with the script-kiddie just going to the next IP hoping to strike there.

- We don't need good ideas, we haven't run out on bad ones yet
- blame Canada

 Status: Offline
Profile     Report this post  
Re: PolyOrganizer - Major updates.
Posted on 5-Jan-2024 18:21:52
#22 ]
Elite Member
Joined: 24-Aug-2003
Posts: 4544
From: As-sassin-aaate! As-sassin-aaate! Ooh! We forgot the ammunition!


All exfiltration attacks are targeted, it's a question of how specifically targeted they are.

The question of time and resources is an interesting one, when you consider a totally wide open OS. There were a lot of Amiga malware authors back in the day.

"Man runs business on OS with 1980's security, promotes on forum..."

I mean that could be construed painting a target on yourself. He's already said he doesn't use encryption either, and all some potential neer do well had to do was ask.

Seriously though, if you're going to do that, consider not having it on a network at least.

Doing stupid things for fun...

 Status: Offline
Profile     Report this post  
Re: PolyOrganizer - Major updates.
Posted on 5-Jan-2024 18:45:04
#23 ]
Elite Member
Joined: 8-Mar-2003
Posts: 2648
From: Unknown



Karlos wrote:
There were a lot of Amiga malware authors back in the day.


And how much of those would work through the net and not insta crash on MorphOS?

I mean it is for sure possible, just as it is possible someone saw your post as a challenge to get into whatever box you're running.

Neither is very likely and the question which one might succeed isn't an easy answer.

If you have data that is worth looking into by someone with the resources, you shouldn't have it anywhere near your personal machine no matter the OS.

- We don't need good ideas, we haven't run out on bad ones yet
- blame Canada

 Status: Offline
Profile     Report this post  
Re: PolyOrganizer - Major updates.
Posted on 5-Jan-2024 18:47:15
#24 ]
Elite Member
Joined: 24-Aug-2003
Posts: 4544
From: As-sassin-aaate! As-sassin-aaate! Ooh! We forgot the ammunition!


And how much of those would work through the net and not insta crash on MorphOS?

None, presumably, but that's not the proposed vector. The proposed vectors are anything that can be done to read memory via breaking JS, the DOM, CSS, or anything else that the browser is less protected against on an OS that can't notice when memory not allocated by the application is accessed from it. Written by someone with the sort of mentality that liked to do this back in the day, just because.

Remember, the whole point here is not about which is the most popular target - I doubt anyone is interested in attacking anything amiga or amiga related in 2024, with the exception of some extremely partisan nutter in one camp or another that's never gotten over the whole thing.

The point is that obscurity is not a valid security model.

If you have data that is worth looking into by someone with the resources, you shouldn't have it anywhere near your personal machine no matter the OS.

Agreed. Even on linux with FDE enabled, we only have developer tooling on our workstations. However, even if this was a "buisness machine", I wouldn't advocate anything that runs as naked and unprepared for the 21st century landscape as AmigaOS or it's work-alikes.

Last edited by Karlos on 05-Jan-2024 at 07:02 PM.
Last edited by Karlos on 05-Jan-2024 at 06:59 PM.
Last edited by Karlos on 05-Jan-2024 at 06:53 PM.
Last edited by Karlos on 05-Jan-2024 at 06:49 PM.

Doing stupid things for fun...

 Status: Offline
Profile     Report this post  
Re: PolyOrganizer - Major updates.
Posted on 5-Jan-2024 20:21:14
#25 ]
Super Member
Joined: 6-Oct-2006
Posts: 1229
From: Athens/Greece


But do you have memory protection with your RPi accel.? Take notice from the major questions raised up above. What if a highly specialised anti-amiga cyber criminal organisation infiltrates to your network and steal your birthday reminders?

Last edited by Cool_amigaN on 05-Jan-2024 at 08:22 PM.


 Status: Offline
Profile     Report this post  
Re: PolyOrganizer - Major updates.
Posted on 5-Jan-2024 20:50:54
#26 ]
Elite Member
Joined: 9-Jun-2004
Posts: 12887
From: Norway


Login in details (take over user accounts.)
pictures (to be used as blackmail)
e-mail addresses (to be used for spam)
software license.
source code
CPU power can be stolen to create bitcoins.

Using a MorphOS/AROS or AmigaOS system has a risk, what that risk exactly.
an exploit can be using SH or Phyton (a generic exploit), a exploit can be a c library ported to the platform, like SSL Heartbleed. As much as I want to believe everyone in Amiga community can be trusted, is it just wishful thinking?

We have nothing in MorphOS/AROS and AmigaOS that looks for mysterious CPU usage, network activity or look for modification of system files, or anything actually detect an exploit. This makes MorphOS/AROS and AmigaOS is high risk.

Last edited by NutsAboutAmiga on 05-Jan-2024 at 09:05 PM.
Last edited by NutsAboutAmiga on 05-Jan-2024 at 08:58 PM.
Last edited by NutsAboutAmiga on 05-Jan-2024 at 08:54 PM.

Facebook::LiveForIt Software for AmigaOS

 Status: Offline
Profile     Report this post  
Re: PolyOrganizer - Major updates.
Posted on 5-Jan-2024 21:36:50
#27 ]
Super Member
Joined: 6-Oct-2006
Posts: 1229
From: Athens/Greece


Yeap, what if someone takes over my hollywood scripts and then blackmails me by threatening to show to the public how incompetent I am when it comes to coding? What if he deletes the next update of Real Amiga SWOS Total Pack while it's so close to release? That would be a loss for the broader community though and then I 'll become an amiga martyr.

But seriously though, the original question was a masked attempt in order to decrease the value of MorphOS as a daily driven / home office use. Because I am more than sure that even Karlos can understand that if's far easier to inject simple AmigaDOS commands with the help of curl under a binary of a script (via s-omni on aminet) that would let's say free some ram (by flushing the libs) while transmitting to an FTP infected user files. Something which is true for saved passwords of IBrowse and anyone can view them under FileX for example (keep away from OnlyFans ppl when on Amiga with RPi, 'cause you never know..).

Amiga users are far more vulnerable from a malevolent attack of a malaware file uploaded on Aminet rather than becoming targets of multi-national bot network operators.

And btw, I also login to my corporate account via Iris, scan via Scandal, print via network printer, do WhatsApp via Wayfarer, while connected to our webdav (by Clouddav), use PageStream, PolyOrga and VNC to a PC when I have to use some MS Office tools almost every day. So, kudos to Matt and just to let you know that you are not alone in this :)

But I suppose the real question remains, does it do memory protection? What if my CEO finds out?

Last edited by Cool_amigaN on 05-Jan-2024 at 09:37 PM.


 Status: Offline
Profile     Report this post  
Re: PolyOrganizer - Major updates.
Posted on 5-Jan-2024 22:52:04
#28 ]
Elite Member
Joined: 24-Aug-2003
Posts: 4544
From: As-sassin-aaate! As-sassin-aaate! Ooh! We forgot the ammunition!


The point I was making is being rather stretched now. To reiterate: obscurity is not security.

If you are running a business from a machine and the only security that machine has is being a fringe platform nobody is interested in, well you might be fine, but you are still hanging your bare arse out of a window, just on a side street without as much traffic as unsecured server street. No real cyber criminals are going to come after you, unless you are caught in an exploit that just happens to work due to some fundamental vulnerability in the source your browser (for example) is based on.

However, you still have to consider the potential for bad actors and weirdos, especially in this community (sorry to say) that might specifically target you, maybe because you've pissed them off for any number of batshit reasons that only our crazy platform history makes possible.

Last edited by Karlos on 05-Jan-2024 at 10:54 PM.

Doing stupid things for fun...

 Status: Offline
Profile     Report this post  
Re: PolyOrganizer - Major updates.
Posted on 7-Jan-2024 17:17:44
#29 ]
Regular Member
Joined: 28-Feb-2004
Posts: 238
From: NY


Thanks! Nice to see how you use your daily driver. What hardware do you use with MorphOS?

Have you tried using wayfarer and a docker for MS Office stuff? I tried it years ago, it worked but was clucky.

VPN does seem like the best fit, what software do you use? I'm just using zvpn and it works best for me, but it doesn't map all the keys. At least it seems to handle multiple screens on multiple systems ok.

Last edited by Matt3k on 07-Jan-2024 at 05:25 PM.

 Status: Offline
Profile     Report this post  
Goto page ( Previous Page 1 | 2 )

[ home ][ about us ][ privacy ] [ forums ][ classifieds ] [ links ][ news archive ] [ link to us ][ user account ]
Copyright (C) 2000 - 2019 was originally founded by David Doyle