Linked by Kroc Camen on Sat 17th Oct 2009 05:27 UTC
Microsoft Whilst it's not okay in Microsoft's eyes for Google to install a plugin into Internet Explorer, increasing the potential surface area of attack, when Microsoft do it to Firefox, it's a different matter. Now a security hole has been found in a plugin that Microsoft have been silently installing into Firefox.
Thread beginning with comment 389884
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Opt-in
by mrAmiga500 on Sat 17th Oct 2009 23:33 UTC in reply to "RE[4]: Opt-in"
mrAmiga500
Member since:
2009-03-20

It would be relatively easy to own an Amiga 500 which you were using for browsing...
Most of the AmigaOS browsers, and even things like the tcp stack are rather dated, no longer maintained and wouldn't take too long for a skilled attacker to find some holes. Actually exploiting such holes would be relatively easy too.


Really? What could an attacker do? They might be able to knock me offline or even crash the Amiga, but I seriously doubt that they could access my files, install software or anything else.

I'd like to see somebody try - just for interest. Would somebody like my A500 IP address so they could attempt it?

Reply Parent Score: 1

RE[6]: Opt-in
by moondevil on Mon 19th Oct 2009 09:26 in reply to "RE[5]: Opt-in"
moondevil Member since:
2005-07-08

Well for starts they can wipe out your data. That's all.

As soon as you get a compromissed programm with a live network connection, the process has the same rights as the user that started it. Now whatever is running inside that process, read "injected code", can do whatever that user can do.

If the specific user can wipe out files, than you can say goodbye to all you Amiga 500 files, that have the same user as owner. Or maybe the program will upload data from your files, who knows.

Reply Parent Score: 1

RE[7]: Opt-in
by mrAmiga500 on Mon 19th Oct 2009 14:59 in reply to "RE[6]: Opt-in"
mrAmiga500 Member since:
2009-03-20

Well for starts they can wipe out your data. That's all.

As soon as you get a compromissed programm with a live network connection, the process has the same rights as the user that started it. Now whatever is running inside that process, read "injected code", can do whatever that user can do.

If the specific user can wipe out files, than you can say goodbye to all you Amiga 500 files, that have the same user as owner. Or maybe the program will upload data from your files, who knows.


No, they can't wipe all my data. You're thinking "too modern". The Amiga OS doesn't have built in support for remote execution of programs or processes. It doesn't have users, owners or rights. It doesn't have a built in file server. There is no way someone could see my files, let alone execute, upload or delete one.

I don't use any security at all and I feel supremely safe. (...until somebody can prove otherwise ;) )

Edited 2009-10-19 15:01 UTC

Reply Parent Score: 0