On Wed, 16 May 2018, [email protected] wrote: > On 05/15/2018 01:22 AM, john wrote: > > > On 05/14/18 14:58, Ángel wrote: > >> This paper is most interesting for the discovery of multiple ways email > >> client leak information on visualization. > >> (not clearly stated in the paper: some of them are already fixed, while > >> in other cases the developers are still working on providing them) > >> > >> Luckily, with Qubes it is easy to set a firewall rule so that your email > >> AppVM can only contact with your email server. > >> NB that some of these leaks are dns-based, so ideally you would not > >> allow it to perform any dns query, either. > >> > >> Best regards > >> > > can you give an example to the steps to make such a fw rule, if > > it's that simple please ? > I would suggest simply only allowing the ports you need for your email > client.
It's much less secure approach than blocking all but the email server address. With a port filter, the attacker only needs to use that same port for the attack to succeed. -- i. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.20.1805170016590.32415%40whs-18.cs.helsinki.fi. For more options, visit https://groups.google.com/d/optout.
