top | item 43759119

(no title)

jpk | 10 months ago

> Security is not a consideration for such devices, because of their very limited number. Nobody is going to crack into your internet-connected Amiga except maybe some of your friends, as a prank.

This depends pretty heavily on your threat model. You're right that a device like this is exceedingly unlikely to get exploited by attackers casting a wide net against common vulnerabilities. But an attacker targeting you-in-particular would love to learn you've put ancient hardware and/or software on the network.

discuss

bluGill|10 months ago

Even if there are a lot of exploits on my Amiga (I don't own one, but work with me...), my value is likely low enough that it wouldn't be worth the cost to hack just me. If I was (or become) a major figure politically, militarily, or rich (maybe my 401k is that large - if you can get at it) it would be worth attacking me, but otherwise there are just not enough Amiga owners out there. Also you can expect someone with an Amiga is somewhat more likely than average to be protected - ransomware data and they restore from backups instead of pay. As such the value is exploiting Amiga is likely not high enough to be worth the cost.

jpk|10 months ago

Your entire comment is threat modeling, which is great! But it demonstrates my point: using an old, insecure thing is sometimes obscure enough to fly under the radar of one class of threats, but presents a juicy attack surface for another class of threats. And one's own personal risk for any given class of threats will vary depending on one's circumstances. So the parent comment's unqualified statement of, "security is not a consideration for such devices," isn't quite right.