MorphOS security comparison
  • Order of the Butterfly
    Order of the Butterfly
    Raf_MegaByte
    Posts: 430 from 2004/10/10
    From: Nella grande r...
    Quote:

    ChrisH wrote:
    Quote:

    Elowan wrote:
    Ok - my main worry was to be vulnerable when surfing the web.

    So it seems, MorphOS is maybe even more secure, than some linux distros - not because it is very safe and secured, but just because it´s rare and uncommon.

    Beware that this is not entirely true. Odyssey is based upon WebKit, and WebKit is certainly a pretty big target for attack. So if Odyssey doesn't use an up-to-date version of WebKit, then there is some risk.



    Paradoxally the sites we have to fear are those maintained by Amigans as Amigans have enough knowledge to create malicious Javascript code potentially dangerous for our systems and iniect this code at any visit.

    I think it should be not difficult to create a javascript program executing DOS commands or AreXX, am I wrong?

    [ Edited by Raf_MegaByte 29.04.2016 - 00:42 ]
    Bill Gates "Think!", Steve Jobs: "Think different!" So... Let these guy continue blabbering thinking and enjoy computing! We are on Amiga!
  • »28.04.16 - 21:40
    Profile
  • Yokemate of Keyboards
    Yokemate of Keyboards
    Andreas_Wolf
    Posts: 12073 from 2003/5/22
    From: Germany
    > you can check if Odyssey is vulnerable using this:
    > http://www.deusen.co.uk/items/iwhere.9500182225526788/
    > (Click on "Go", and you will see a fake Daily Mail URL in the address bar.)

    Exploit doesn't work here (Odyssey 1.24 on MorphOS 3.9).
  • »28.04.16 - 23:15
    Profile
  • pOS
  • Order of the Butterfly
    Order of the Butterfly
    pOS
    Posts: 216 from 2003/11/14
    From: Bavaria
    Quote:

    Andreas_Wolf wrote:
    > you can check if Odyssey is vulnerable using this:
    > http://www.deusen.co.uk/items/iwhere.9500182225526788/
    > (Click on "Go", and you will see a fake Daily Mail URL in the address bar.)

    Exploit doesn't work here (Odyssey 1.24 on MorphOS 3.9).


    Same versions here, but on my system clicking on "Go" actually results in a fake URL.....
  • »28.04.16 - 23:57
    Profile Visit Website
  • Yokemate of Keyboards
    Yokemate of Keyboards
    Andreas_Wolf
    Posts: 12073 from 2003/5/22
    From: Germany
    > Same versions here, but on my system clicking on "Go" actually results in a fake URL.....

    Yeah, I tried again today and the exploit works in fact. Something must have gone wrong when I tried first.
  • »29.04.16 - 07:49
    Profile
  • Priest of the Order of the Butterfly
    Priest of the Order of the Butterfly
    KennyR
    Posts: 872 from 2003/3/4
    From: #AmigaZeux, Gu...
    With the number of active and regular users of all AmigaOS and Amigaoid OS's now down to probably around 30-50 worldwide, being hacked because of an exploit -- even one that's easy -- is extremely unlikely. One in a million people still know what an ARexx script was. One in a hundred million still know how to write one. And Amiga browsers just didn't get far enough on for Java or Javascript to be a problem.

    The security issue with the Amigaoid OS's is sending out your passwords over the web cleartext or using out of date and compromised SSL. The attacker doesn't care what you used to make the connection, he sees your password.
  • »01.05.16 - 19:43
    Profile
  • Order of the Butterfly
    Order of the Butterfly
    Elowan
    Posts: 214 from 2011/4/18
    From: Frankfurt (Ger...
    Quote:

    KennyR schrieb:

    The security issue with the Amigaoid OS's is sending out your passwords over the web cleartext or using out of date and compromised SSL. The attacker doesn't care what you used to make the connection, he sees your password.


    Hmmm - I was thinking SSL takes care of this?!

    Cheers!
    12" ibook G4 1.33Ghz, 1.5GB RAM, ATI 9550 32MB, 16GB SSD, WiFi, BT, ComboDrive
  • »02.05.16 - 14:05
    Profile
  • Yokemate of Keyboards
    Yokemate of Keyboards
    Andreas_Wolf
    Posts: 12073 from 2003/5/22
    From: Germany
    >> sending out your passwords over the web cleartext or using out of date
    >> and compromised SSL

    > Hmmm - I was thinking SSL takes care of this?!

    Yes, unless it's out of date, compromised or not used at all :-)
  • »02.05.16 - 15:51
    Profile
  • vox
  • Priest of the Order of the Butterfly
    Priest of the Order of the Butterfly
    vox
    Posts: 524 from 2003/11/25
    From: Belgrade
    Quote:

    Elowan wrote:
    hi there,

    Would you use MorphOS for online-banking, pay-pal, ebay and such?


    Cheers!

    [ Editiert durch Elowan 25.04.2016 - 17:23 ]



    Its limited due to browser abilities.

    SSL is old, its not secured in that way.

    One way of protection by obscurity where no Flash or Java works,
    other is by CPU code where no x64 related mailware cannot be executed.

    So we are quite safe :-)
    ------------------------------------------
    iMac G5 1GB with MorphOS and MacOS X
    Lame PC with AmiKit XE
    YT channel https://www.youtube.com/channel/UCdHl_msNWHEVPf229h_gijQ
    Telegram Amiga group: https://t.me/amigaranchorelaxo
  • »04.05.16 - 00:52
    Profile
  • Order of the Butterfly
    Order of the Butterfly
    ChrisH
    Posts: 167 from 2009/11/26
    Quote:

    vox wrote:
    One way of protection by obscurity where no Flash or Java works,
    other is by CPU code where no x64 related mailware cannot be executed.

    So we are quite safe :-)

    I have some JavaScript snake oil to sell you. It is FDA approved...
    Author of the PortablE programming language.
    It is pitch black. You are likely to be eaten by a grue...
  • »13.05.16 - 19:42
    Profile Visit Website