torsdag den 21. marts 2019 kl. 11.34.10 UTC+1 skrev David Hobach: > > True, that is somewhat more advanced though. State-level attackers have > teams that can open and replace arbitrary hardware with malicious one > within 15 mins, yes. So if you fear them, don't leave your laptop > unattended anyway. > In contrast your colleague sitting next to you at work can plug in a USB > stick into your laptop and perform the thunderbolt attack whilst you're > at lunch. > Having someone physically take away your laptop or even dismantle it is > a lot more suspicious. > > Qubes OS is focusing on security and fortunately doesn't make security > tradeoffs even for usability. > > [1] http://thunderclap.io/
I have to say that I agree with Matthew on this. It seems kind of over the top, especially with no way to at least accept the risk and enable it anyway. Making it work the same as with USB devices seems like a good way to do this (without trying to make this issue trivial, it genuinely seems like a major pain point to design a proper solution and I completely respect that). I just think it seems overkill to not even have an option to enable it. I don't doubt at all that there are people out there who would be exposed if this was enabled by default, so I definitely respect and understand that. We are however able to enable USB support and exposure to dom0 when wanting to use a USB keyboard for instance. There is a fine warning in the documentation about it, so you as a user, know exactly what risk you are taking by doing so. If you are hired a place where you can use Qubes OS as your main OS, and you have colleagues who something like that, then I would maybe argue there is something inherently wrong with the working environment, but you are correct at any rate. I do not agree with the premise though! I will try out what Matthew suggested. Otherwise I guess I will just have to wait it out. Shame I didn't research better before I invested in it though :( Thank you for your input! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0c0512a5-bc36-426a-890a-5feb8801d2b2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
