Login
Username:

Password:

Remember me



Lost Password?

Register now!

Sections

Who's Online
32 user(s) are online (17 user(s) are browsing Forums)

Members: 0
Guests: 32

more...

Support us!

Headlines

 
  Register To Post  

(1) 2 3 »
Is AmigaOS secure enough to use online?
Just popping in
Just popping in


See User information
In any incarnation is AmigaOS secure enough to risk connecting to the internet with your private data on the system?

Every other OS out there has holes and flaws and I was wondering ( in the light of a lot of people investigating the retro classic market ) if it is worth building a list of what you should and should not do with an Amiga online?

Is the advice always: Use a hardware firewall.

The court case is like a thunderstorm after a long humid summer.
Go to top
Re: Is AmigaOS secure enough to use online?
Amigans Defender
Amigans Defender


See User information
@Mitch
I use my A1 OS4 comp online 24/7 never had a prob yet

Amiga is the heart and soul of computing nothing else comes close
Go to top
Re: Is AmigaOS secure enough to use online?
Just popping in
Just popping in


See User information
Ah but maybe that is because AmigaOS is so insecure you'd never find out!

The court case is like a thunderstorm after a long humid summer.
Go to top
Re: Is AmigaOS secure enough to use online?
Amigans Defender
Amigans Defender


See User information
Nope its called security through obscurity.

Go to top
Re: Is AmigaOS secure enough to use online?
Just popping in
Just popping in


See User information
Well, at first I use no filesharing services with AmigaOS,
only password-protected FTP some times.
So no access to my files over the net.
In fact there are hardly any services at all.

Next we are so very few that even if there would be a way
to execute some code thru IBrowse for example,
we are just no target to make it worth the effort.

And last but not least, connecting to the Internet
today usually means by DSL or cable so there
is most likely a router involved which provides
basic firewall features thru NAT.
This means that only packets requested
are sent to the computer which requested them.

Go to top
Re: Is AmigaOS secure enough to use online?
Amigans Defender
Amigans Defender


See User information
@MikeyC
shhhh they will here you and start on us now all you virus writers there is no OS4 or amiga

Amiga is the heart and soul of computing nothing else comes close
Go to top
Re: Is AmigaOS secure enough to use online?
Just popping in
Just popping in


See User information
Security through obscurity is all very well but how many of you hang around on IRC?

Well we all know that AmigaOS4 are a target for some quite hostile and disturbed people and that might include some of its users.

In a chatroom you can see the ip addresses which are connected, and go after them. Even just being able to knock people off the net might be a pain.

So as you say good advice is not to fileshare but AmigaOS4.0 I don't think has a SSH v2+ compliant implementation so either you use a lower grade ( and hackable ) SSH/SFTP or telnet/ftp which can be sniffed for passwords and userids and by using AmigaOS with these not so secure protocols can expose any server that you might own.

I guess I just think it might be sensible to acknowledge that AmigaOS might not be very secure, provide some general advice, and emphasise the need to provide a secure set of clients.

The court case is like a thunderstorm after a long humid summer.
Go to top
Re: Is AmigaOS secure enough to use online?
Amigans Defender
Amigans Defender


See User information
Look, I don't think that anyone here is aware that there are some potential risks being an AmigaOS4 user or indeed, even OS3.x

Bitching and whining about it don't help, I would wager everyone in here knows the score. I would imagine most of us here are using our amiga's behind some form of firewall so its not as if we are all stupid.

If you want, why not code a bit of anti-virus software for the amiga? or even a native firewall or something.

moaning doesn't help.

Go to top
Re: Is AmigaOS secure enough to use online?
Just popping in
Just popping in


See User information
I'm not bitching and whining. I am just saying that sticking our collective heads in the sand about the potential isn't a good idea.

I am not even mentioning virus software.

Anyone who uses a computer on the net has some basic security advice to follow. Anyone who uses AmigaOS 3.0 or 4.0 on the net has to take extra precautions even if it is just to be warned that using telnet, ftp and other similar plain text mediums for userid and password access to a server is a mistake and to download a SSH variant if available.

Any server admin worth their salt want deal with SSHv1 connections.

The court case is like a thunderstorm after a long humid summer.
Go to top
Re: Is AmigaOS secure enough to use online?
Amigans Defender
Amigans Defender


See User information
@Mitch
my router has a firewall built in that will do me i'm never gona run widows ever so its not an issue as far as i'm concerned

Amiga is the heart and soul of computing nothing else comes close
Go to top
Re: Is AmigaOS secure enough to use online?
Just popping in
Just popping in


See User information
Just because it's security through obscurity doesn't make it any less secure. Does any version of the AmigaOS natively allow for remote logins of any type, such as FTP, telnet, web hosting, etc? The more of these types of services are available (and even enabled by default), the more of a risk you'll have. I'll venture a guess and say that AOS 1.3 - 3.9 at the very least doesn't have most, if any, of these. A bigger concern would probably be browser encryption, but considering the current state of browsers, I doubt most sites you would do any online transactions with would even work correctly with them. As it stands, though, I'd say overall you're far more secure using an Amiga online than a Windows or even a current Mac.

Go to top
Re: Is AmigaOS secure enough to use online?
Just popping in
Just popping in


See User information
Hehe run Widows. That sounds about right for Windows!

But someone said ( other than me ) earlier that it might be possible to do something nasty through IBrowse - well it is. The JavaScript implementation in AWEB hangs on some sites too so it must be possible to attack that way.

But putting browsers to one side, just simple advice like:

1. Don't run a web server on your Amiga
2. Don't allow access to TCP: on your Amiga
3. etc etc.

Plus how much security testing has gone into the development of the TCP implementation on the Amiga, and any daemons. Just because YOU don't use some of these things doesn't mean there aren't some pretty clueless people out there who do.

For their sakes we should not be so arrogant and make some advice freely available. That advice has to come from the collective so I am asking people to be constructive about it and share experiences.

If that is considered "bitching and whining" by the moderators then lock the thread and throw me off. If not, pitch in with advice.

Certainly I'd never use SAMBA online so my advice would be there - if you don't use a firewall, make sure you turn off SAMBA first.

The court case is like a thunderstorm after a long humid summer.
Go to top
Re: Is AmigaOS secure enough to use online?
Amigans Defender
Amigans Defender


See User information
@Mitch

Tell you what, lets do something positive, you write an article/guide on how to make Amiga OS4 more secure using AMISSL v1, v2 & 3 and I'll make sure its published on this site and you are given full credit for it.

Lets be constructive, not destructive.

Go to top
Re: Is AmigaOS secure enough to use online?
Just popping in
Just popping in


See User information
@Mitch

Forgive Mikey_C's tone, I think he's just too used to having to deal with the flame wars over on the other sites and misunderstood what you're getting at.

What you're proposing is probably a good idea. I'm still a noob with Amigas in general and haven't even touched OS4, so I have no clue as to what the online security situation currently is. However, if it's something that really hasn't been looked into by others in-depth, recognizing the current shortcomings is definitely the first step in getting them fixed.

Go to top
Re: Is AmigaOS secure enough to use online?
Just popping in
Just popping in


See User information
@Mikey_C

I already am being. Tell me what exactly are you bringing to this "deal" you are offering? I don't know I get the impression you think I'm some kind of troll.

It is exactly what I have been calling for since post 1 - to collaberate on bringing the information to the fore.

It is too big a task for one person and most of the knowledge will be out there already. It won't be a matter of just running nessus against an Amiga on your local network.

Most of these issues - because they aren't being exercised by internet intruders yet - can only be exposed by structured security testing or design analysis to discover the flaws.

@Sauron

I think it is all being taken personally whereas I'd rather people were told what are the good/bad points to do with the operating system and using the browsers/network tool online.

Eventually some kind of "cops" tool to expose inner setup flaws for beginners to install could be built but to do that you need a knowledge base. This is what I'd like to see happen. As I find things out I'll certainly let people know.


@Sister_Rita

Security through obscurity is all very well up to the point where you get hacked. The reality is though that most of our security is through ignorance - a false sense of security.

-----

In general why do it? There is no filesystem or process security built into AmigaOS, so once in, anything can be done so every daemon needs to have its own sandbox.

The court case is like a thunderstorm after a long humid summer.
Go to top
Re: Is AmigaOS secure enough to use online?
Just popping in
Just popping in


See User information
@Mitch

Is it possible to get hacked when you use the Amiga on the world wide web?
I am glad it never happened to me.
Is it possible to use an internet-router as a wall against such attacks? Or are there still possibilities to have our Amigans hacked?

Go to top
Re: Is AmigaOS secure enough to use online?
Just popping in
Just popping in


See User information
There are plenty of opportunities to get hacked on line all you need to do is look at something like securityfocus.

There are a list of possibilities:
tthe
1. Trojan horses - downloaded or executed through accessing a web page or opening/downloading emails or running bad software. Once in, you are reliant on whatever security the OS or the software packages that are interpreting/running the exploit provide.

2. Daemon attacks - anything from remote code exploitation ( running stuff on your machine ), denial of service, forcing it offline or sending it bad information to cause anything from buffer overflows or misallocating the entire memory in your OS.

3. Snooping and fishing for data. By not using the right level of security on your clients ( e.g. using telnet rather than SSL based clients ) they get hold of passwords and usernames just by listening in and seeing the raw plain text data passing.

4. Ephemeral security - send emails in plain text rather than using PGP or some other security plugin.

The point is you might not be exposed to any of them, or be exposable, however at the moment there is nothing out there that I have seen that does a risk assessment of the basic OS, the OS with extra packages installed, individual packages, different configurations or provides any advice whatsoever.

Other portals have long been swamped with political wars and it looks like those that want to start arguments for the sake of it will either be steering clear of here or thrown off. So, I think it is high time we started to collate our experiences and advice and stop thinking we are invulnerable.

Just know how vulnerable you are ( or not ).

Security through ignorance is stupidity. Security through willful ignorance is basically being a sucker.

I had hoped the constructive clause (1) in the terms of service might lead to decent open debate on how to fix a few issues like information, mindset and possibly even software. If it looks like the discussion on here isn't going to be constructive or will meet with knee jerk reaction then there isn't a lot of point contributing to the forum.

I don't want to get involved in ego trips, I just want to enjoy the hobby.

The court case is like a thunderstorm after a long humid summer.
Go to top
Re: Is AmigaOS secure enough to use online?
Just popping in
Just popping in


See User information
SSH ? Amiga ?
AmigaOS is not a UNIX or Linux.
no SSH - no problem,
no ftp - no problem,
no smb - no problem,
.
.
.
http as client is the only open Port if you use a standard OS4

Go to top
Re: Is AmigaOS secure enough to use online?
Just popping in
Just popping in


See User information
You are talking about inbound, I am talking about outbound AND inbound.

SAMBA is available for the Amiga for example (smb).
There are web servers ( blackwidow, apache )
There are myriad other little tools both in and outbound.

I repeat, once in, as there is no process or filesystem security, you are scuppered. Just because your computer initiated the connection ( client ) doesn't make it safe. That is why firewalls are only of limited use in internet security.

The court case is like a thunderstorm after a long humid summer.
Go to top
Re: Is AmigaOS secure enough to use online?
Just popping in
Just popping in


See User information
Running Nessus aginst an Amiga,
try it please. I do not think that nessus has any idea waht an AmigaOS is.

Go to top

  Register To Post
(1) 2 3 »

 




Currently Active Users Viewing This Thread: 1 ( 0 members and 1 Anonymous Users )




Powered by XOOPS 2.0 © 2001-2024 The XOOPS Project