On Sat, Apr 08, 2017 at 12:22:05AM -0400, Chris Laprise wrote: > On 04/05/2017 12:02 AM, g...@vfemail.net wrote: > >|Hi guys > >1. I have installed and update Qube-os on my SSD and after i connect to > >motherboard HDD.SSD- primary, HDD-secondary. It attached directly to > >Dom0. If my HDD - malicious, is it a threat? > > Future versions of Qubes may be able to protect against a malicious HDD, but > not currently. Even an AEM-enabled Qubes could be vulnerable to a DMA > attack. > > >2.Is Debian 9 safer than Debian 8, or Fedora 24 more safer than Fedora 23? > >Thanks| > > The first three are receiving security updates, but the fourth is not > because its at end-of-life. > > Chris
Debian-8 is somewhat more secure then Debian-9, in that the priority is to release security updates for stable(8). Updates for unstable may be delayed for assorted reasons, sometimes weeks after a fix for stable. Note too that for Debian systems there are no security updates for packages from the contrib and non-free repositories. I am fairly certain that a default install has those repositories enabled - you can disable them by removing the names from /etc/apt/sources.list, but this will restrict the software that is available to you. It's a clear trade off. (This is an oversimplification in that some packages may get updates, but there isn't a systematic security update process for these packages.) (It's one of those cases where Qubes trades convenience against security - this one is a mistake imo.) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170408132427.GA31048%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
