View Single Post
Old 01 August 2015, 14:24   #147
Registered User
kolla's Avatar
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 430
Originally Posted by meynaf View Post
No, you could not. Too bad my A1200 no longer works. An online appointment with you trying to hack me would have been FUN.
Yes, good old fashion core wars, it's been a while

Besides, you did not answer the question of "what would you do exactly" - which could be rephrased as "how would you do that" (but i don't expect a precise reply either).
In a targeted attack, the method depends on the target - there are many ways HOW to steal your data, but it all typically begins with installing malicious code that contacts me (my system) to pick up tasks and deliver data.

I'm not using torrent software. Also you can not snatch any keyfile off me without scanning my dirs - and this doesn't go inconspicuous.
Well, running "assign" requires no disk access, and most people have dir cache on, listing only filenames is a breeze with close to no disk access required.

About IRC, i can perhaps type something starting with "/kick"
You wouldn't know you were trolled. And when you finally do, you wouldn't know why. And at last, kicking the troller is pointless, the troller is decoy, remember?

All you need is an exploit of some sort. Unfortunately it's everywhere the case. And you're not gonna get it.
Maybe, maybe not

You can sandbox on the Amiga as well.
Maybe we have different understandings of sandboxing?

I could type "su" then guess your "1234" (or your birthdate) root password and type "rm -rf /".
Hm, no, your user is not privileged to run su, or do privilege escalation.

Might not work on yourself but might work on many people, and memory protection won't help.
Those "many people" are unlikely to just give you some account. Of course you may resort to brute force ssh attack and be lucky, but you still have a long way to go. My systems don't let any user in with merely a password.

The idea, of course, is to have a service (remote login) available, and still be fairly safe.

On the other hand, no remote login at all available on my A1200.
Yeah, it is quite boring like that. It does however have a TCP stack, and certain software may look up records in DNS and be confused about what they receive. Also, you may browse on sites (friendly amiga sites) which may or may not have html crafted to exploit features in friendly amiga browsers that have not seen updates in 10+ years. And then magic may happen.

Not all of them. But all have memory protection.
Now imagine of they didn't.

Are you gonna buy tanks to protect your home ? If not, why ?
My servers are like little fortresses sure. Tanks are expensive, memory protection is free and gives the system features I enjoy and me control that I want and need.

What is about memory protection that i'm against ? Simple : it can not be disabled.
And you want to disable it because...?

But, good boy, i'm not saying YOU have to live without, ok ?
So what is about memory protection that you don't even want the possibility of it being facultative ? I'm not forcing you to disable it, ok ?
It would be forcing people to deal with a pointless and confusing option. It would complicate the operating system a lot, a whole range of compromises would had to be made to even make disabling of memory protection possible. Many system tools would simply only work in one of the two modes...

If I am a software developer for a system that may run with virtual private memory space, or with shared common memory space... hmm, why would I want to write software for the latter?
kolla is offline  
Page generated in 0.06133 seconds with 9 queries