View Single Post
Old 01 August 2015, 16:04   #149
meynaf
son of 68k
meynaf's Avatar
 
Join Date: Nov 2007
Location: Lyon / France
Age: 44
Posts: 2,459
Quote:
Originally Posted by kolla View Post
In a targeted attack, the method depends on the target - there are many ways HOW to steal your data, but it all typically begins with installing malicious code that contacts me (my system) to pick up tasks and deliver data.
Right, it begins by... installing code. And you simply can't !


Quote:
Originally Posted by kolla View Post
Well, running "assign" requires no disk access, and most people have dir cache on, listing only filenames is a breeze with close to no disk access required.
Sorry, no dir cache on my HD. Oh, by the way, its heads are parked (actually permanently because it's dead).


Quote:
Originally Posted by kolla View Post
You wouldn't know you were trolled. And when you finally do, you wouldn't know why. And at last, kicking the troller is pointless, the troller is decoy, remember?
That's equal, i've not been on irc for many years and probably will not be again ever.


Quote:
Originally Posted by kolla View Post
Maybe, maybe not
Try it.


Quote:
Originally Posted by kolla View Post
Maybe we have different understandings of sandboxing?
Maybe.


Quote:
Originally Posted by kolla View Post
Hm, no, your user is not privileged to run su, or do privilege escalation.
There are probably several users on your machine. How can you know which one i used ?


Quote:
Originally Posted by kolla View Post
Those "many people" are unlikely to just give you some account. Of course you may resort to brute force ssh attack and be lucky, but you still have a long way to go. My systems don't let any user in with merely a password.

The idea, of course, is to have a service (remote login) available, and still be fairly safe.
I still prefer to not have any remote login available at all.


Quote:
Originally Posted by kolla View Post
Yeah, it is quite boring like that. It does however have a TCP stack, and certain software may look up records in DNS and be confused about what they receive. Also, you may browse on sites (friendly amiga sites) which may or may not have html crafted to exploit features in friendly amiga browsers that have not seen updates in 10+ years. And then magic may happen.
Then create such an exploit site and we'll see. Can you catch IB2.3 red handed ?


Quote:
Originally Posted by kolla View Post
Now imagine of they didn't.
I see zero change.


Quote:
Originally Posted by kolla View Post
My servers are like little fortresses sure. Tanks are expensive, memory protection is free and gives the system features I enjoy and me control that I want and need.
Unfortunately memory protection isn't as free as you think.


Quote:
Originally Posted by kolla View Post
And you want to disable it because...?
Read this thread and you'll know.


Quote:
Originally Posted by kolla View Post
It would be forcing people to deal with a pointless and confusing option. It would complicate the operating system a lot, a whole range of compromises would had to be made to even make disabling of memory protection possible. Many system tools would simply only work in one of the two modes...
Many system tools would only work without memory protection, that's for sure.


Quote:
Originally Posted by kolla View Post
If I am a software developer for a system that may run with virtual private memory space, or with shared common memory space... hmm, why would I want to write software for the latter?
You don't write software for either mode. Your code doesn't even know in which mode it is.
meynaf is offline  
 
Page generated in 0.11566 seconds with 9 queries