@Karlos

You are talking bout a targeted attack by entity willing to put time and other resources into.

Plenty of these work on OSes were you have legions of hackers trying to find the latest 0day exploit either to cash in on bug hunting bounties or sell them to highest bidder.

Most real attacks are done as crimes of opportunity where some just runs a bunch of scripts hoping that some Win/Linux/macOS boxes on the other side haven't had the latest patches installed.
Those would into NIL: on Wayfarer, with the script-kiddie just going to the next IP hoping to strike there.

_________________
- We don't need good ideas, we haven't run out on bad ones yet
- blame Canada

@Kronos

All exfiltration attacks are targeted, it's a question of how specifically targeted they are.

The question of time and resources is an interesting one, when you consider a totally wide open OS. There were a lot of Amiga malware authors back in the day.

"Man runs business on OS with 1980's security, promotes on forum..."

I mean that could be construed painting a target on yourself. He's already said he doesn't use encryption either, and all some potential neer do well had to do was ask.

Seriously though, if you're going to do that, consider not having it on a network at least.

_________________
Doing stupid things for fun...

@Karlos

Quote:

Karlos wrote: There were a lot of Amiga malware authors back in the day.

Sure.

And how much of those would work through the net and not insta crash on MorphOS?

I mean it is for sure possible, just as it is possible someone saw your post as a challenge to get into whatever box you're running.

Neither is very likely and the question which one might succeed isn't an easy answer.


If you have data that is worth looking into by someone with the resources, you shouldn't have it anywhere near your personal machine no matter the OS.

_________________
- We don't need good ideas, we haven't run out on bad ones yet
- blame Canada

@Kronos

Quote:

And how much of those would work through the net and not insta crash on MorphOS?

None, presumably, but that's not the proposed vector. The proposed vectors are anything that can be done to read memory via breaking JS, the DOM, CSS, or anything else that the browser is less protected against on an OS that can't notice when memory not allocated by the application is accessed from it. Written by someone with the sort of mentality that liked to do this back in the day, just because.

Remember, the whole point here is not about which is the most popular target - I doubt anyone is interested in attacking anything amiga or amiga related in 2024, with the exception of some extremely partisan nutter in one camp or another that's never gotten over the whole thing.

The point is that obscurity is not a valid security model.

Quote:

If you have data that is worth looking into by someone with the resources, you shouldn't have it anywhere near your personal machine no matter the OS.

Agreed. Even on linux with FDE enabled, we only have developer tooling on our workstations. However, even if this was a "buisness machine", I wouldn't advocate anything that runs as naked and unprepared for the 21st century landscape as AmigaOS or it's work-alikes.

Last edited by Karlos on 05-Jan-2024 at 07:02 PM.
Last edited by Karlos on 05-Jan-2024 at 06:59 PM.
Last edited by Karlos on 05-Jan-2024 at 06:53 PM.
Last edited by Karlos on 05-Jan-2024 at 06:49 PM.

_________________
Doing stupid things for fun...

@AmiDelf2

But do you have memory protection with your RPi accel.? Take notice from the major questions raised up above. What if a highly specialised anti-amiga cyber criminal organisation infiltrates to your network and steal your birthday reminders?

Last edited by Cool_amigaN on 05-Jan-2024 at 08:22 PM.

_________________

@Cool_amigaN

Login in details (take over user accounts.)
pictures (to be used as blackmail)
e-mail addresses (to be used for spam)
software license.
source code
CPU power can be stolen to create bitcoins.

Using a MorphOS/AROS or AmigaOS system has a risk, what that risk exactly.
an exploit can be using SH or Phyton (a generic exploit), a exploit can be a c library ported to the platform, like SSL Heartbleed. As much as I want to believe everyone in Amiga community can be trusted, is it just wishful thinking?

We have nothing in MorphOS/AROS and AmigaOS that looks for mysterious CPU usage, network activity or look for modification of system files, or anything actually detect an exploit. This makes MorphOS/AROS and AmigaOS is high risk.

Last edited by NutsAboutAmiga on 05-Jan-2024 at 09:05 PM.
Last edited by NutsAboutAmiga on 05-Jan-2024 at 08:58 PM.
Last edited by NutsAboutAmiga on 05-Jan-2024 at 08:54 PM.

_________________
http://lifeofliveforit.blogspot.no/
Facebook::LiveForIt Software for AmigaOS

@NutsAboutAmiga

Yeap, what if someone takes over my hollywood scripts and then blackmails me by threatening to show to the public how incompetent I am when it comes to coding? What if he deletes the next update of Real Amiga SWOS Total Pack while it's so close to release? That would be a loss for the broader community though and then I 'll become an amiga martyr.

But seriously though, the original question was a masked attempt in order to decrease the value of MorphOS as a daily driven / home office use. Because I am more than sure that even Karlos can understand that if's far easier to inject simple AmigaDOS commands with the help of curl under a binary of a script (via s-omni on aminet) that would let's say free some ram (by flushing the libs) while transmitting to an FTP infected user files. Something which is true for saved passwords of IBrowse and anyone can view them under FileX for example (keep away from OnlyFans ppl when on Amiga with RPi, 'cause you never know..).

Amiga users are far more vulnerable from a malevolent attack of a malaware file uploaded on Aminet rather than becoming targets of multi-national bot network operators.

And btw, I also login to my corporate account via Iris, scan via Scandal, print via network printer, do WhatsApp via Wayfarer, while connected to our webdav (by Clouddav), use PageStream, PolyOrga and VNC to a PC when I have to use some MS Office tools almost every day. So, kudos to Matt and just to let you know that you are not alone in this :)

But I suppose the real question remains, does it do memory protection? What if my CEO finds out?

Last edited by Cool_amigaN on 05-Jan-2024 at 09:37 PM.

_________________

@Cool_amigaN

The point I was making is being rather stretched now. To reiterate: obscurity is not security.

If you are running a business from a machine and the only security that machine has is being a fringe platform nobody is interested in, well you might be fine, but you are still hanging your bare arse out of a window, just on a side street without as much traffic as unsecured server street. No real cyber criminals are going to come after you, unless you are caught in an exploit that just happens to work due to some fundamental vulnerability in the source your browser (for example) is based on.

However, you still have to consider the potential for bad actors and weirdos, especially in this community (sorry to say) that might specifically target you, maybe because you've pissed them off for any number of batshit reasons that only our crazy platform history makes possible.

Last edited by Karlos on 05-Jan-2024 at 10:54 PM.

_________________
Doing stupid things for fun...

@Cool_amigaN

Thanks! Nice to see how you use your daily driver. What hardware do you use with MorphOS?

Have you tried using wayfarer and a docker for MS Office stuff? I tried it years ago, it worked but was clucky.

VPN does seem like the best fit, what software do you use? I'm just using zvpn and it works best for me, but it doesn't map all the keys. At least it seems to handle multiple screens on multiple systems ok.

Last edited by Matt3k on 07-Jan-2024 at 05:25 PM.