On Mon, Nov 14, 2016 at 05:02:35PM -0800, Sec Tester wrote: > A thought on security through obfuscation. > > Right now in terminal is you type: "uname -r" we get the kernel version, > which has "qubes" in the name. > > Straight away the attacker, knows he's dealing with a qubes VM. Could we not > name the kernels to match their original OS? > > And following that same concept, disguise any other tell tale signs this is a > VM on Qubes. QubesIncoming, could just be called received. Use non qubes > unique process or packet names. This would also include renaming Xen stuff. > Hiding any obvious qubes unique directories deeper into the file system. > > Of course if an attacker specifically tries to tell if they are in a VM its > impossible to 100% hide it, but if an attacker does a quick check and thinks > they're on a standard debian desktop, memory attacks & dom0 are never a > target. > > Just an idea. >
This has come up a few times before. The problem is that there are countless ways of identifying a qube, and your obfuscation will be clear to anyone who can see code: the "quick check" will just include whatever flavour you have that month. Anyone who has a memory attack would be able to identify where it could best be used. So berferd might poke about for a while, but it wouldn't take long for her to see where she was, and to reach for her Xen toolbox. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161115014220.GA16252%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
