Who's Online |
47 user(s) are online ( 40 user(s) are browsing Forums)
Members: 1
Guests: 46
salass00,
more...
|
|
|
|
Re: Amiga Security Faq
|
Posted on: 2006/12/3 10:18
#144401
|
Just popping in ![Just popping in](https://www.amigans.net/uploads/rank3e632f95e81ca.gif)
|
This really needs to be a wiki, the edit permissions on XOOPS forum don't permit this properly.
|
The court case is like a thunderstorm after a long humid summer.
|
|
|
Re: Amiga Security Faq
|
Posted on: 2006/12/3 9:18
#144402
|
Just popping in ![Just popping in](https://www.amigans.net/uploads/rank3e632f95e81ca.gif)
|
Quote:
3. AmigaOS online as a client 3.0 Suitability 3.1 TCP/IP stacks 3.1.1. AmiTCP 3.1.2. Miami 3.1.3. Roadshow 3.1.4. bsdsocket emulation.
|
The court case is like a thunderstorm after a long humid summer.
|
|
|
Re: Amiga Security Faq
|
Posted on: 2006/12/3 9:01
#144403
|
Just popping in ![Just popping in](https://www.amigans.net/uploads/rank3e632f95e81ca.gif)
|
Quote: 5 Security scanners 5.0 Generic 5.1 Amiga Specific 6. Anti-virus software 6.0 ....
|
The court case is like a thunderstorm after a long humid summer.
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/3 8:58
#144404
|
Just popping in ![Just popping in](https://www.amigans.net/uploads/rank3e632f95e81ca.gif)
|
Thank you and I will.
I was wondering if it might not be worth limiting the FAQ to the Amiga itself and general issues and ask the people behind OS4Depot to allow us to put advisory notices on software packages on there like they have comments. I don't know if aminet could support the same because that seems like a much older technology without a database behind it.
|
The court case is like a thunderstorm after a long humid summer.
|
|
|
Re: Amiga Security Faq
|
Posted on: 2006/12/3 8:36
#144405
|
Just popping in ![Just popping in](https://www.amigans.net/uploads/rank3e632f95e81ca.gif)
|
Quote: 4. AmigaOS online as a server 4.0 Suitability 4.0.1 Finding out what is running 4.0.2 Closing ports 4.0.3 Never go online with... 4.1 Stacks 4.1.1 AmiTCP 4.1.2 Miami 4.1.3 Roadshow 4.1.4 UAE and bsdsocket emulation 4.2 Apache 4.2.1. PHP 4.2.2. MySQL client 4.2.3. SQLITE 4.3 Black Widow 4.4 SAMBA
Quote:
4. AmigaOS online as a server
4.0 Suitability
AmigaOS can be used as a server and is suitable for such so long as the the designer of the server application and the systems administrator are aware that it has no internal security model.
If you are new to computing and want to put your Amiga on an internal network without wireless LAN then you may want to experiment here. If you want to put your Amiga in a DMZ, or on the internet directly then the general advice is DON'T RUN IT AS A SERVER.
A lot of the servers that you could run on the Amiga are hasty ports from the UNIX world ( or more precisely the Open Source world that writes for UNIX like operating systems ). This means that a lot of the UNIX assumptions ( like secured processes and filesystems ) that break under AmigaOS won't have been considered during the porting of the application.
Even applications that are written for AmigaOS often don't think through the consequences. Especially when it is one server used with a plugin that might expose a vulnerability ( for example: Apache, install PHP ) in the underlying Amiga architecture.
4.0.1 Finding out what is running
There are two places to look for this. Firstly in your s:startup-sequence, s:user-startup and WBStartup drawer for applications that offer internet services. If you don't know what the vulnerability status of the application is: remove entries that would automatically load it.
The second place to look is using the TCP/IP stack itself. The best means is to get it to show what open ports have items listening on them. Generally such servers will have a connection waiting in LISTEN or ACCEPT status.
Find out the equivalent of netstat -an is for each stack and post it here with sample output
Notice there are also other connections reported at strange port numbers? Don't worry, these are most likely to be outbound connections where your machine is a client.
4.0.2 Closing ports
It is possible with some TCP/IP stacks to close a port that a server would otherwise use ( this is a basic firewall methodology ) so that even if a server thinks it is listening on it, it can't. It might mean that when a server starts up it cannot work correctly in which case it will terminate and you can at least see what is listening on that port!
4.0.3 Never go online with
SAMBA running in network share mode ( where you are sharing out a drive or drawer on your Amiga to a network ). Vulnerabilities are found frequently in SMB and if you do go onto the internet with it you can expect your computer to spend at least part of its time processing enquiries about what SAMBA services are available. It is either insecure or wasteful.
A VNC server running allowing your Amiga to be remote controlled.
Edited by Mitch on 2006/12/3 9:12:10 Edited by Mitch on 2006/12/3 9:16:36
|
The court case is like a thunderstorm after a long humid summer.
|
|
|
Re: Amiga Security Faq
|
Posted on: 2006/12/3 8:01
#144406
|
Just popping in ![Just popping in](https://www.amigans.net/uploads/rank3e632f95e81ca.gif)
|
Quote: 3. AmigaOS online as a client 3.0 Suitability 3.1 TCP/IP stacks 3.1.1. AmiTCP 3.1.2. Miami 3.1.3. Roadshow
Quote: 3 AmigaOS online as a client
3.0 Suitability
Is AmigaOS suitable as a client? One of the main problems with AmigaOS being used as a network client isn't the OS itself but the version of the protocol or software that runs on it. A lot of these are backlevel or have been undertested.
You can use "old" applications like FTP, HTTP and TELNET on your local network if you like but you need to be aware of a few things:
A lot of the protocols that were designed for these applications were written in a more innocent time. They pass data in plain text ( ISO codepage at best ) and this means that they can be snooped on at the clients network or the servers network by a hostile third party. Because of this when you fill out a password and send it over one of these protocols it is like sending out a letter with the private contents on the outside - great so long as no one reads it on its way!
Client issues are closer to the general client issues that we encounter on all other operating systems, but there still is the flaw in that we can't prevent or limit a bad client application from screwing up your system unlike on Operating Systems that support security credentials.
Even on your home or business network you shouldn't consider yourself safe, especially if you use any wireless devices. You need to assume that someone may get into your home network at some point and you don't really want them to sniff out your passwords, bank details or even family photographs showing your children, your car registration plate or your house number.
Consider use secure alternatives, even if they have some flaws because they can act as a deterrant or delay.
At the end of this FAQ is a table which shows which clients and servers are rated for use in varying scenarios.
The client ones are:
AA -HOMESINGLE - A home user connected to the internet directly with no other computer on the local network.
AB - HOMENETWORK - A home user connected to the internet directly whom is using software based network connection sharing with one other computer on the local network. AC - HOMESINGLEFIREWALL - As HOMESINGLE but behind a consumer firewall.
AD - HOMENETWORKGATEWAYFIREWALL - As HOMESINGLE but sharing and consumer firewall device are the same ( not the computer ).
AW - HOMEWIRELESS - Any A? scenario with a wireless device.
We strongly recommend reading up information on how to secure your wireless traffic properly no matter if you are in an urban or rural area. If you can't secure it with your device, throw it away or invest time in setting up a Virtual Private Network ( not covered in this FAQ ) to resolve some of the issues.
Edited by Mitch on 2006/12/3 8:50:59
|
The court case is like a thunderstorm after a long humid summer.
|
|
|
Re: Amiga Security Faq
|
Posted on: 2006/12/3 7:57
#144408
|
Just popping in ![Just popping in](https://www.amigans.net/uploads/rank3e632f95e81ca.gif)
|
Quote: 1.3 Data privacy
Information on your machine that you might fill out for just one site could be used on another. A recent attack allowed the contents of a clipboard to be used on Internet Explorer and that be sent to a remote site. Cookies are another long standing bone of contention for users but so are automatic form fillouts ( the information is held somewhere on your system ) for userids and passwords. Simpler privacy exposures can include Spyware ( that deliberately tracks usage patterns and reports them to a remote location ) or something just as simple as something that tracks your search strings and suggests alternatives.
1.4 General
The most important advice is to identify what type of risks you are currently exposed to and keep an eye on the security alerts that come around for that software. This cannot be under-emphasised because your typical cracker ( or the more clueless version who just uses existing scripts known dismissively as a ?script-kiddie? ) will be reading these alerts too and be waiting to expose your computer if they can.
Don't get overly paranoid if you can help it, don't let it suck out all enjoyment of using your Amiga online or offline but just be very aware that if someone finds they can do something unpleasant to someone else online they are going to do it.
|
The court case is like a thunderstorm after a long humid summer.
|
|
|
favorite More replacement?
|
Posted on: 2006/12/3 7:56
#144409
|
Just popping in ![Just popping in](https://www.amigans.net/uploads/rank3e632f95e81ca.gif)
|
What's everyone's favorite More replacement? I've recently begun using EvenMore. Love it! http://www.evenmore.co.uk/
|
|
|
|
Re: Hi
|
Posted on: 2006/12/3 7:04
#144410
|
Just popping in ![Just popping in](https://www.amigans.net/uploads/rank3e632f95e81ca.gif)
|
If I had to guess, "fair dinkum" is a latin term for a penis of average endowment...
|
|
|
|
Re: AmigaOS4.0 on PPC
|
Posted on: 2006/12/3 4:08
#144411
|
Quite a regular ![Quite a regular](https://www.amigans.net/uploads/rank3dbf8e9e7d88d.gif)
|
That last sentence "Amiga Inc could license a dongle for it" might prove to be the stumbling block. So far Amiga Inc have not granted a license to run OS4 on any hardware other than the Eyetech AmigaOne. There are other platforms around, and there has been much discussion about this on other boards ![](https://www.amigans.net/uploads/smil3dbd4e398ff7b.gif) .
|
|
|
|
Re: Source code?
|
Posted on: 2006/12/3 3:56
#144412
|
Quite a regular ![Quite a regular](https://www.amigans.net/uploads/rank3dbf8e9e7d88d.gif)
|
I think you'll find that the P96 developers are not strictly part of the OS4 team but have made native PPC versions for OS4 and support them accordingly. However, they operate at arm's length from the rest of OS4 development.
|
|
|
|
Re: Is AmigaOS secure enough to use online?
|
Posted on: 2006/12/3 3:35
#144413
|
Not too shy to talk ![Not too shy to talk](https://www.amigans.net/uploads/rank3dbf8e94a6f72.gif)
|
@Mitch
The FAQ you started looks very promising. You may want to include Roadshow also though as it is the TCP/IP stack that comes with OS4.
|
Valiant@ CamelotAmigaOne XE, 800Mhz, 1GB, 9250 Radeon, OS4.1u7 Sam440ep, 666Mhz, 512Mb, 9250 Radeon, OS4.1u6 A1-X1000, 1.8Ghz, 1GB, 9250 Radeon, OS4.1x A1-X5000/40 2.2Ghz, 2GB, Radeon HD 7700, OS4.1 FE ud 2
|
|
|
Re: Programming languages for old Amigas
|
Posted on: 2006/12/3 3:30
#144414
|
Not too shy to talk ![Not too shy to talk](https://www.amigans.net/uploads/rank3dbf8e94a6f72.gif)
|
Quote: Sister_Rita wrote: I am a complete beginner in programming Amiga computers. The only experience I have is some Amiga Basic from a long time ago. I did not like Amiga Basic so much, it was very buggy. No surprise, it is from the Microsoft Corporation! ![](https://www.amigans.net/uploads/smil3dbd4e398ff7b.gif)
There's nothing wrong with AmigaBASIC, other than being slightly dated. I've used it to program my AmiGen genealogical database using ACE, a BASIC compiler. The BASIC interpreter as supplied by M$ to Commodore/Amiga, on the other hand, is a complete mess. Fortuanately, it hasn't worked on any Amiga for quite some time now.
|
Valiant@ CamelotAmigaOne XE, 800Mhz, 1GB, 9250 Radeon, OS4.1u7 Sam440ep, 666Mhz, 512Mb, 9250 Radeon, OS4.1u6 A1-X1000, 1.8Ghz, 1GB, 9250 Radeon, OS4.1x A1-X5000/40 2.2Ghz, 2GB, Radeon HD 7700, OS4.1 FE ud 2
|
|
|
Re: Start Spreading the news!
|
Posted on: 2006/12/3 2:52
#144415
|
Just popping in ![Just popping in](https://www.amigans.net/uploads/rank3e632f95e81ca.gif)
|
great site
|
|
|
|
Re: Amiga 1200 Black screen. CPU DEAD?
|
Posted on: 2006/12/3 2:20
#144416
|
Amigans Defender ![Amigans Defender](https://www.amigans.net/uploads/rank3dbf8edf15093.gif)
|
@Stedy Hello and welcome to amigans may you enjoy this site ![](https://www.amigans.net/uploads/smil3dbd4d4e4c4f2.gif)
|
Amiga is the heart and soul of computing nothing else comes close
|
|
|
Re: Programming languages for old Amigas
|
Posted on: 2006/12/3 2:12
#144417
|
Just popping in ![Just popping in](https://www.amigans.net/uploads/rank3e632f95e81ca.gif)
|
I used GFA Basic on my Atari ST quite a bit back in the day, and I'll certainly vouch for its usefulness as well as its ease of use. I never knew it was available for the Amiga.
AMOS, which I'm guessing is the Amiga cousin to STOS on the Atari, is good but is a little more "retro" in that it still uses line numbers, and is much more geared towards the creation of games rather than any more serious applications. If I'm wrong about AMOS, someone please correct me...I'm just going off my memory of STOS and assuming AMOS was the exact same.
Anyways, it's quite interesting to know that GFA Basic is available on the Amiga. I'll have to go search for it myself... :)
|
|
|
|
Re: Amiga 1200 Black screen. CPU DEAD?
|
Posted on: 2006/12/3 2:00
#144418
|
Just popping in ![Just popping in](https://www.amigans.net/uploads/rank3e632f95e81ca.gif)
|
Hi,
Been following the thread for a bit, thought I should add my usual advice in this situation.
Clean the A1200 CPU slot connector and the accelerator card connector using contact cleaner, then when it is dry, try it all again. I had to do this every 6 months on one of my Amigas.
Oh also check the Kickstart ROMS are firmly in their sockets.
Good luck,
Ian
|
|
|
|
Re: Amigans bug thread
|
Posted on: 2006/12/3 1:42
#144419
|
Just popping in ![Just popping in](https://www.amigans.net/uploads/rank3e632f95e81ca.gif)
|
Sorry, but sometimes I find your manner a bit disrespectful. There is a button to create polls and I reported in this bug thread that this functionality does not work. What did I do wrong? ![](https://www.amigans.net/uploads/smil3dbd4d99c6eaa.gif) I am sorry to hear that you do not like polls. Maybe I should first create a poll to ask if everyone likes polls before I create a second one? ![](https://www.amigans.net/uploads/smil3dbd4e398ff7b.gif)
|
|
|
|
Re: Amigans bug thread
|
Posted on: 2006/12/3 1:26
#144420
|
Just can't stay away ![Just can't stay away](https://www.amigans.net/uploads/rank3dbf8ea81e642.gif)
|
WooHoo! No polls is GOOD ![](https://www.amigans.net/uploads/smil3dbd4d6422f04.gif) It's what I asked for in the 'what do you want here' thread ![](https://www.amigans.net/uploads/smil3dbd4d6422f04.gif)
|
Amiga user since 1985 AOS4, A-EON, IBrowse & Alinea Betatester
Ps. I hate the new amigans website. <shudder>
|
|
|