Amiga.org
Amiga computer related discussion => General chat about Amiga topics => Topic started by: Ral-Clan on February 17, 2015, 05:46:24 PM
-
Anyone read this news?
http://www.pcworld.com/article/2884952/equation-cyberspies-use-unrivaled-nsastyle-techniques-to-hit-iran-russia.html
The ability for malware to start doing this type of thing makes me want to curl up in a ball with my trusty old VIC-20 and its datasette.
I realize that it's describing malware on the level of inter-country espionage, but this type of knowledge trickles down eventually.
-
Do you work for a company that supplies you with a laptop or iPhone? Google "iMonitor" sometime.
-
Options for folks who value their privacy and anonymity, listed in decreasing orders of security:
1 Join an Amish community while remaining offline and off the grid. Churning butter is every bit as much fun as a session of Minecraft.
2 Design your own computer hardware and software that you can trust, and remain disconnected.
3 Use old stuff from before the invention of malware, and remain disconnected.
4 Put your faith in Linux or other open source OSes (in the belief that no one would bury malware in obscure, community developed SW), and remain disconnected.
5 Go online to only 'safe' sites, trusting, with trepidation, the latest security updates from your favorite vendor. Firewalls are like castles, unbreachable.
6 Caution is for sissies! Bank online and bare your soul on Facebook with gusto. After-all, 99% of the world can't be wrong!
7 "The new world order can't arrive fast enough! 10,000 years of human history has become boring and stale." Just don't forget to upload your mind when the moments right.
-
Or, Cerf the Web for your porn and pedophilia pictures using an old, Retro computer; transact your search for explosives, ricin, and anthrax through Tor after you log on to someone else's network with a disposable drive, SD card, or USB thumb drive.
There are many options:)
-
Can I borrow your computer for a day or 2? :)
So, privacy is only desirable to a criminal?
-
Can I borrow your computer for a day or 2? :)
So, privacy is only desirable to a criminal?
No, the Feds only give a sh-t about criminal activity; those feeling threatened by the thought of lost privacy can do all of the above I mentioned sans the criminal stuff. You can run Linux from a cheap thumb drive logged into a public network.
However, those with paranoia and a pervasive, long-standing suspiciousness and generalized mistrust of others who are hypersensitive, easily feel slighted, and habitually relate to the world by vigilant scanning of the environment for clues or suggestions that may validate their fears or biases, and those who think they are in danger and look for signs and threats of that danger, potentially not appreciating other evidence, are the ones at most risk (of having Mel Gibson star in a movie about them). "Be Afraid, very afraid."
-
Did I hit a nerve? :)
-
Yes, I'm not a fan of Mel Gibson.
-
Well, you can always use those compromised drives in an Amiga. The malware won't have a damn clue what to do with 68K and Amiga APIs! :)
-
Actually a good point! While I would expect the firmware infects Windows X86, they would have to write multiple versions for the different systems out there. I could be done, but at a cost of size and detection.
-
Options for folks who value their privacy and anonymity, listed in decreasing orders of security:
1 Join an Amish community while remaining offline and off the grid. Churning butter is every bit as much fun as a session of Minecraft.
2 Design your own computer hardware and software that you can trust, and remain disconnected.
3 Use old stuff from before the invention of malware, and remain disconnected.
4 Put your faith in Linux or other open source OSes (in the belief that no one would bury malware in obscure, community developed SW), and remain disconnected.
5 Go online to only 'safe' sites, trusting, with trepidation, the latest security updates from your favorite vendor. Firewalls are like castles, unbreachable.
6 Caution is for sissies! Bank online and bare your soul on Facebook with gusto. After-all, 99% of the world can't be wrong!
7 "The new world order can't arrive fast enough! 10,000 years of human history has become boring and stale." Just don't forget to upload your mind when the moments right.
Heh, I just had to chime in. I did some volunteer work with the Amish and Mennonites recently up in Detroit and ugh... ya, those old assumptions about the Amish are a little out dated. Some of them use electronics, mind you they generate their own power, but they use electronics. Some Amish like groups even have Facebook. And as a matter of fact, they are not all Communal, and some don't farm but work at the local factories instead.
-
Finally, a benefit to the high barrier for entry for new Amiga programmers:
"Ok, I got the worm working under 3.9, but as soon as the ROM update is enabled it crashes."
"You need to make sure the victim is using scsi.device 45.13 or earlier."
"Even on an 060?"
"No, for 040 or lower it has to be scsi.device 45.14 AND FastFileSystem 45.9."
"Ugh, fine. Is there a difference between the SCSI scsi.device and the IDE scsi.device?"
"Check the RKRM."
"I don't have the newest version."
"I loaned you the Developer CD that had the RKRMs on it - use that."
"I left it at home."
"Why are we making this compatible with these old Amiga things again?"
"Beats me. Can you send me those bsdsocket.library includes?"
"vasm or AsmPro?"
"Hell, I don't know."
:crazy:
And the whole issue would be moot if the drive manufacturers would
a) Allow/make it easy for end users to re-flash their firmware
b) Require a write-enable jumper to be set in order to do so
-
[Yeah, off topic but I ran across some Amish talking on their cells and wearing Nike shoes; when I asked about their groceries, they buy them at the store like everyone else. I was a bit surprised, but it makes sense.]
-
Finally, a benefit to the high barrier for entry for new Amiga programmers:
"Ok, I got the worm working under 3.9, but as soon as the ROM update is enabled it crashes."
"You need to make sure the victim is using scsi.device 45.13 or earlier."
"Even on an 060?"
"No, for 040 or lower it has to be scsi.device 45.14 AND FastFileSystem 45.9."
"Ugh, fine. Is there a difference between the SCSI scsi.device and the IDE scsi.device?"
"Check the RKRM."
"I don't have the newest version."
"I loaned you the Developer CD that had the RKRMs on it - use that."
"I left it at home."
"Why are we making this compatible with these old Amiga things again?"
"Beats me. Can you send me those bsdsocket.library includes?"
"vasm or AsmPro?"
"Hell, I don't know."
:crazy:
And the whole issue would be moot if the drive manufacturers would
a) Allow/make it easy for end users to re-flash their firmware
b) Require a write-enable jumper to be set in order to do so
Good one Matt,
That gave me a good laugh at the end of the day...
Matt
-
Heh, I just had to chime in. I did some volunteer work with the Amish and Mennonites recently up in Detroit and ugh... ya, those old assumptions about the Amish are a little out dated. Some of them use electronics, mind you they generate their own power, but they use electronics. Some Amish like groups even have Facebook. And as a matter of fact, they are not all Communal, and some don't farm but work at the local factories instead.
Sorry, I wasn't trying to stereotype anyone. In truth, I have respect for their convictions and society. I enjoy visiting their communities (trying not to be a tourist) when I pass through.
-
Matt,
This is a big point about troubleshooting an Amiga, its frequent crashes could be a weak PSU, failing capacitor, eroded track, or one of the multitude of patches made to the flippin' OS! Or a tampered with HDD.
As far as the infected HDD firmware goes, this was another (NSA/TSA/Homeland/Fatherland Security Act) large scale effort that now uncovered, will lead to the Snowden Effect of people finding way to make sure they are not having their privacy invaded (which we used to have with a Constitution, or a Bill of Rights, and a few Amendments to protect us) until along came someone who felt that his own security was superior to anyone else's in America or even on this planet.
The drive companies will have to act and MAKE firmware safe, secure, and uncorruptible or face the backlash of us finding a company that will do this; a company that sell the drives that can not be infected.
-
Matt,
This is a big point about troubleshooting an Amiga, its frequent crashes could be a weak PSU, failing capacitor, eroded track, or one of the multitude of patches made to the flippin' OS! Or a tampered with HDD.
As far as the infected HDD firmware goes, this was another (NSA/TSA/Homeland/Fatherland Security Act) large scale effort that now uncovered, will lead to the Snowden Effect of people finding ways to make sure they are not having their privacy invaded (which we used to have with a Constitution, or a Bill of Rights, and a few Amendments to protect us) until along came someone who felt that his own security was superior to anyone else's in America or even on this planet.
The drive companies will have to act and MAKE firmware safe, secure, and uncorruptible or face the backlash of us finding a company that will do this; a company that sells the drives that can not be infected.
-
Sorry, I wasn't trying to stereotype anyone. In truth, I have respect for their convictions and society. I enjoy visiting their communities (trying not to be a tourist) when I pass through.
I laugh because before I worked with them, I had pretty much the same perception of them as you did. I don't offend easy. :)
-
Found this quote on Ars Technica: "While it's simple for end users to re-flash their hard drives using executable files provided by manufacturers, it's just about impossible for an outsider to reverse engineer a hard drive, read the existing firmware, and create malicious versions."
The article has a lot of interesting, if not somewhat sad, information. How long was that shrub in office?
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/
-
No, the Feds only give a sh-t about criminal activity; those feeling threatened by the thought of lost privacy can do all of the above I mentioned sans the criminal stuff. You can run Linux from a cheap thumb drive logged into a public network.
Actually, if you are ever accused, they start looking at your online activity and what you look at.
Attitudes are changing where you are 49% innocent.
And there is an article online that Google is allegedly going to make people's private pictures public and they can do it because once you upload or post something, it becomes the property of the website and buried in the language is your permission to do so.
http://www.wired.com/2015/02/dick-pics/
-
Anyone read this news?
http://www.pcworld.com/article/2884952/equation-cyberspies-use-unrivaled-nsastyle-techniques-to-hit-iran-russia.html
The ability for malware to start doing this type of thing makes me want to curl up in a ball with my trusty old VIC-20 and its datasette.
I realize that it's describing malware on the level of inter-country espionage, but this type of knowledge trickles down eventually.
It does not trickle down, it is there already. Not quite script-kiddie ready, thankfully, but the info is out there:
http://spritesmods.com/?art=hddhack
Also notice from that article that some of our *harddrives* now comes with 3 fairly decent ARM cores. I remember when I was amazed that the SCSI controller for my A2000 had a Z80 on it.
-
Found this quote on Ars Technica: "While it's simple for end users to re-flash their hard drives using executable files provided by manufacturers, it's just about impossible for an outsider to reverse engineer a hard drive, read the existing firmware, and create malicious versions."
This would have been funny if it wasn't so tragic that they believed this. I posted this in another comment:
http://spritesmods.com/?art=hddhack
So much for "just about impossible"
-
This would have been funny if it wasn't so tragic that they believed this. I posted this in another comment:
http://spritesmods.com/?art=hddhack
So much for "just about impossible"
http://www.wired.com/2014/07/usb-security/
http://spectrum.ieee.org/tech-talk/computing/embedded-systems/usb-flash-drives-are-more-dangerous-than-you-think
http://www.theregister.co.uk/2014/07/31/black_hat_hackers_drive_truck_through_hole_in_usb_security/
-
I remember when I was amazed that the SCSI controller for my A2000 had a Z80 on it.
Even the 1541 disk drive had a 6502 CPU... I believe it even had a slightly higher clock speed than the 6510 in the C64.
-
Even the 1541 disk drive had a 6502 CPU... I believe it even had a slightly higher clock speed than the 6510 in the C64.
And that's why us old timers back in the day called 1541's "smart drives"! :)
Back in the day.......
Q - "What's wrong with this 1541?"
A - "pull those damn SCR's and test 'em with a VOM!" :roflmao:
LOL, we didn't need transistor checkers back then...
-
Even the 1541 disk drive had a 6502 CPU... I believe it even had a slightly higher clock speed than the 6510 in the C64.
And 2K of memory! You could write viruses that would work on it! :roflmao:
-
And 2K of memory! You could write viruses that would work on it! :roflmao:
How many bytes is Stuxnet? Did I spell it correctly?
-
Well, you can always use those compromised drives in an Amiga. The malware won't have a damn clue what to do with 68K and Amiga APIs! :)
:hammer:security by obscurity :D
-
{Disk copy protection software ran in the 2K of the 1541, which actually transferred data slower than the 1540, and since the 6510 speed was tied to the C64's color, the 6510 either ran slower or the color was washed out}
-
Here's one to add grist to the mill:
http://www.extremetech.com/computing/199614-nsa-gchq-colluded-to-steal-sim-encryption-keys-for-millions-of-phones-possibly-including-yours
-
Tad more grist.........
Lenovo Shipping PCs with Pre-Installed ‘Superfish Malware’ that Kills HTTPS... Company defends deplorable
http://www.infowars.com/lenovo-shipping-pcs-with-pre-installed-superfish-malware-that-kills-https/
Although HP has been doing mostly the same for years....
-
Tad more grist.........
Lenovo Shipping PCs with Pre-Installed ‘Superfish Malware’ that Kills HTTPS... Company defends deplorable
http://www.infowars.com/lenovo-shipping-pcs-with-pre-installed-superfish-malware-that-kills-https/
Although HP has been doing mostly the same for years....
Yeah, but there are instructions to remove it -- for those who can read.
-
perhaps fiddling with hdd firmware could be useful, to 'unlock' unused platters for eg.
-
Unused?
-
Anyone read this news?
http://www.pcworld.com/article/2884952/equation-cyberspies-use-unrivaled-nsastyle-techniques-to-hit-iran-russia.html
The ability for malware to start doing this type of thing makes me want to curl up in a ball with my trusty old VIC-20 and its datasette.
I realize that it's describing malware on the level of inter-country espionage, but this type of knowledge trickles down eventually.
Typical Kaspersky AD virus-article;) Don't believe the hype..
-
Typical Kaspersky AD virus-article;) Don't believe the hype..
Wow! On your second post!
-
Unused?
yes, like CPU overclocking and such.
I doubt manufacturers always use all surfaces completely, looking at various capacities they have.
-
yes, like CPU overclocking and such.
I doubt manufacturers always use all surfaces completely, looking at various capacities they have.
Much like how they chose long ago to use 1000, instead of 1024 for defining they're structure of sizes. All this bull%&$#?@!%&$#?@!%&$#?@!%&$#?@! about gigabyte vs gibibyte.
So my question about this. How can you NOT remove it? if it's a firmware thing, wouldn't just flashing over the official firmware wipe it?
slaapliedje
-
Yes, kindly read the thread, vide supra, noting references (URL's)
-
yes, like CPU overclocking and such.
I doubt manufacturers always use all surfaces completely, looking at various capacities they have.
I'm sure there is a platter left unused on the Samsung 850 Evo!
-
I'm sure there is a platter left unused on the Samsung 850 Evo!
ah, a joker :rolleyes:
but perhaps one could use reserved ('overprovisioned') space with a robust filesystem that can handle badblocks well.
-
Perhaps one could lose all of his data.
-
Here is another one:
http://www.bbc.com/news/technology-31587621
-
Much like how they chose long ago to use 1000, instead of 1024 for defining they're structure of sizes. All this bull%&$#?@!%&$#?@!%&$#?@!%&$#?@! about gigabyte vs gibibyte.
So my question about this. How can you NOT remove it? if it's a firmware thing, wouldn't just flashing over the official firmware wipe it?
slaapliedje
I'm sure it is undocumented and where would you get clean firmware? You need it from the hardware company and they would just give you the undocumented stuff you tried to get rid of.
-
Yes, kindly read the thread, vide supra, noting references (URL's)
As stated
-
[Yeah, off topic but I ran across some Amish talking on their cells and wearing Nike shoes; when I asked about their groceries, they buy them at the store like everyone else. I was a bit surprised, but it makes sense.]
I'm not Amish. I don't have a cellphone and I don't wear Nikes. Is that a good thing or a bad thing?
-
Worse! You're Canadian! :confused:
-
This paranoia of believing that everything is ok, nobody spies on us, we have nothing to hide, the governments work for our benefit, etc needs to stop.
-
This paranoia of believing that everything is ok, nobody spies on us, we have nothing to hide, the governments work for our benefit, etc needs to stop.
I have more to hide for Facebook and Google than for my government. I am always amazed how people get ANAL over governments spying but giving all their live to Twitter, Google, Facebook etc.
-
This paranoia of believing that everything is ok, nobody spies on us, we have nothing to hide, the governments work for our benefit, etc needs to stop.
Then why would they do it if it wasn't keeping us safe?
-
I have more to hide for Facebook and Google than for my government. I am always amazed how people get ANAL over governments spying but giving all their live to Twitter, Google, Facebook etc.
Now we know the writers of all the viruses ;) You should really sue them per infection.