Re: [Ql-Users] Email attachments
Evening Christopher, On a Windows pc? Never open anything attached that you are suspicious of etc. In a QL, just have fun. I wrote a QL virus many many years ago when all viruses spread by floppy disc. I never released it into the wild. Many viruses, trojans or whatever they are called this week, are "invoices" or "bank payments" or "parcel delivery notes" in Word doc format. I always open those! In Libre Office, on a Linux host, running a Linux Virtual Machine as guest! Usually there is a macro, set to run on opening the doc, and it's usually encoded. I have been known to take a few apart. So far they are all pretty much the same, an http request is sent to a compromised server and an exe file is downloaded and executed. Normally I send an email to the web site owner and the isp with details. They usually shut down the payload pretty damned quickly. Your Russian Web site could be another compromised one, the script kiddies don't usually host these things on their own web sites. And you should see what details I leave for my passwords and usernames on those phishing Web sites. It seems that many of my private details have to do with their mothers sexual dalliances with camels We had one at work the other day. At least 5 people clicked the suspicious link. It was a set up. The email had been sent to everyone by our security team. The link took the victims to a Web site where a message advised that their details had been collected, they have made a huge mistake, and there would be words had with their bosses! No, I wasn't a victim. :-) And I have been known to keep the "Microsoft tech support" people on the phone for hours! At least when they are talking to me, they are not ripping off some unsuspecting person. Mind you, I wouldn't do any of the above with windows, even in a vm! Cheers, Norm. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ QL-Users Mailing List
Re: [Ql-Users] Email attachments
jms1 wrote: > I would have thought not a SQmulator as it runs in java and java is not > particularly safe. > Can Marcel answer for QPC1 or 2? Security is not a design goal for a QL emulator. There is no security in SMSQDOS anyway. But unless you're personally wanted by the NSA I'm pretty sure you're safe. > It is suggested any virtual machine is safe and is the method used for > testing new versions of an OS on its own operating system. Nothing is safe if the attacker is determined and the stakes are high enough. I'm pretty sure nobody on this list qualifies ;-) At the conference I've been to there was a talk from somebody who has hacked a pay TV service. I was in awe at what lengths he went to to achieve his goal (for example he read the contents of the ROM by dissolving the package of the security chip and read the bits using a microscope!). This is the talk: https://www.youtube.com/watch?v=lO4TNnkN64A You stand no chance against people like him, no matter what. > As Spies are hacking into machines can we produce a safe OS? No. Unless you consider "it's so obscure that nobody bothers" as safe. Marcel ___ QL-Users Mailing List
Re: [Ql-Users] Email attachments
Hi, On 13/01/2017 18:32, Christopher Cave wrote: It is my normal practice to delete any email coming from an unknown or suspect origin WITHOUT looking at any attachment. Today I took such an attachment, a zip-file, and opened it with ACP in a QL-environment. There was a .ru (Russian ?) email address embedded in the file. My usual approach seems justified but was the procedure I adopted safe? You were perfectly safe. Wolfgang ___ QL-Users Mailing List
Re: [Ql-Users] Email attachments
On Fri, 13 Jan 2017, at 06:08 PM, jms1 wrote: > Well that is an interesting point. > > How safe is the virtual QL machine? > . > I would have thought not a SQmulator as it runs in java and java is not > particularly safe. Not sure how you come to that conclusion, I used to work on Java and it goes through a stringent security process. > Can Marcel answer for QPC1 or 2? > > How about Virtual Box running another OS. > > It is suggested any virtual machine is safe and is the method used for > testing new versions of an OS on its own operating system. > > As Spies are hacking into machines can we produce a safe OS? > George Gwilt says it was proved no a long time ago. > > It would be nice to know more. > So the main thing is the attacker would have to know you were using a QL emulator to even start the attack. I know security by obscurity is not a good thing. But the QL was pretty obscure even back in the day. Graeme ___ QL-Users Mailing List
Re: [Ql-Users] Email attachments
Well that is an interesting point. How safe is the virtual QL machine? . I would have thought not a SQmulator as it runs in java and java is not particularly safe. Can Marcel answer for QPC1 or 2? How about Virtual Box running another OS. It is suggested any virtual machine is safe and is the method used for testing new versions of an OS on its own operating system. As Spies are hacking into machines can we produce a safe OS? George Gwilt says it was proved no a long time ago. It would be nice to know more. On 2017-01-13 17:32, Christopher Cave wrote: It is my normal practice to delete any email coming from an unknown or suspect origin WITHOUT looking at any attachment. Today I took such an attachment, a zip-file, and opened it with ACP in a QL-environment. There was a .ru (Russian ?) email address embedded in the file. My usual approach seems justified but was the procedure I adopted safe? Christopher Cave mailto:cc...@cix.co.uk ___ QL-Users Mailing List ___ QL-Users Mailing List
[Ql-Users] Email attachments
It is my normal practice to delete any email coming from an unknown or suspect origin WITHOUT looking at any attachment. Today I took such an attachment, a zip-file, and opened it with ACP in a QL-environment. There was a .ru (Russian ?) email address embedded in the file. My usual approach seems justified but was the procedure I adopted safe? Christopher Cave mailto:cc...@cix.co.uk ___ QL-Users Mailing List
Re: [Ql-Users] DM5 upsetting Dates in QPC2
Op Fri, 13 Jan 2017 06:41:10 +0100 schreef Wolf: Hi, there ae 2 versions of DM : DM5_obj and DM5_int_obj , the problem only seems to arise on the..int version, use the other one instead. Minor point is that only the _int_ version has been patched for GD2. I just installed both versions in SMSQm8 and both reported the date error but now my PC clock was not upset, nor by OK on the given date. There was a Qlib error next on "Q_ERR_ON"(?)- both versions and Qlib_run was installed - but a Continue did start the program. Then there was a running error on the FEX keyword, which is expected to be an FI2 command but may have been disabled while the SMSQ/E command does something completely different. To resolve both issues the sources are needed so I think it's wise to avoid DM5 until this is resolved. Earlier I had patched my copies of DM5 and FI2 to read FFX instead of FEX, which worked until the date problem arose. Bob On 12/01/2017 17:47, Martyn Hill wrote: Hi Bob Just to confirm that I too have been unable to run DM5 on QPC (v4) and saw oddities around the date before it would hang QPC. I didn't investigate to the same depth, but it appears to match your experience. Martyn. On 12/01/2017 15:35, Bob Spelten wrote: Hi All, I was trying to get DiskMate5 to run in QPC2/QLE but ran into a serious problem. It reported a wrong date but while the suggested date was correct my PC clock had been reset in the background to 18-Jan-2053, causing problems on the W$7 side. In my QPC2/QLE this also froze SMSQ/E but not in my normal QPC2. Also a previous QPC2 (v3.40/3.16) behaved the same. I have used DM5 for GD2 sporadically before but never seen this bug. Has something changed in SMSQ/E's date handling that is not working for DM5 anymore? Has anyone experienced this before? Bob -- The BSJR QL software site at: "http://members.upc.nl/b.spelten/ql/; ___ QL-Users Mailing List
Re: [Ql-Users] DM5 upsetting Dates in QPC2
Wolf wrote: >> Do you think the source ocde could be released. > It would be nice, but I presume the author would aready have done so by now. Problem is, even the author doesn't have the source code anymore. Marcel ___ QL-Users Mailing List
Re: [Ql-Users] DM5 upsetting Dates in QPC2
Hi, I tried both and give the same date problem. Here, they both protest that the date is wrong, but only the ...int version crashes QPC, the other works OK.. The file Extensions_cde looks like it is DIY Toolkit extensions, Phil Borman's WIN Tools. Which I doubt have any problems. This Extensions_cde seems to add the following keywords: XSTAT XDSTAT TREE WDSTAT WDDIR WDDEL WDDEL_F NEWCHAN% LOOKUP% UPPER$ LOWER$ SORT I_FILL PDCODE BRK_OFF BRK_ON SET_POS PUTIN$ ANYOPEN% MSEARCH POKE_$ PEEK_$ INARRAY% GetHEAD SetHEAD In the updates_doc, there was an issue with v5.05 getting the months wrong, maybe the invalid date is connected to this. I'm not sure whether the date is really the problem, for two reasons: 1. You can set the date to something, in, say, 2005 - and it still crashes in QPC. 2. When the software tells you that the date is wrong, you can leave this window either with ESC or OK. When you leave it with ESC, the software does NOT try to set the date, so that isn't the problem either. But this maybe be a Year2000 issue. Probably not, we'd have noticed by now. Do you think the source ocde could be released. It would be nice, but I presume the author would aready have done so by now. Regards, Wolfgang ___ QL-Users Mailing List
Re: [Ql-Users] DM5 upsetting Dates in QPC2
Hi, I tried both and give the same date problem. The file Extensions_cde looks like it is DIY Toolkit extensions, Phil Borman's WIN Tools. Which I doubt have any problems. In the updates_doc, there was an issue with v5.05 getting the months wrong, maybe the invalid date is connected to this. But this maybe be a Year2000 issue. Do you think the source ocde could be released. Regards, Derek On 13/01/17 05:41, Wolf wrote: Hi, there ae 2 versions of DM : DM5_obj and DM5_int_obj , the problem only seems to arise on the..int version, use the other one instead. Wolfgang On 12/01/2017 17:47, Martyn Hill wrote: Hi Bob Just to confirm that I too have been unable to run DM5 on QPC (v4) and saw oddities around the date before it would hang QPC. I didn't investigate to the same depth, but it appears to match your experience. Martyn. On 12/01/2017 15:35, Bob Spelten wrote: Hi All, I was trying to get DiskMate5 to run in QPC2/QLE but ran into a serious problem. It reported a wrong date but while the suggested date was correct my PC clock had been reset in the background to 18-Jan-2053, causing problems on the W$7 side. In my QPC2/QLE this also froze SMSQ/E but not in my normal QPC2. Also a previous QPC2 (v3.40/3.16) behaved the same. I have used DM5 for GD2 sporadically before but never seen this bug. Has something changed in SMSQ/E's date handling that is not working for DM5 anymore? Has anyone experienced this before? Bob ___ QL-Users Mailing List ___ QL-Users Mailing List