Re: [qubes-users] Can my pc be compromised and if so can I just create a new net-vm and firewall-vm and if so how when I can’t clone them ?

Chris Laprise Wed, 05 Aug 2020 04:40:47 -0700

On 8/5/20 3:46 AM, anneeyr...@gmail.com wrote:

I’m a victim of stalking.


Lately my 3. new mobile in about a year 1 day after using it suddenly said that 
it’s new sim card was blocked. And sadly I restarted the phone although I 
thought the reason for this was that it had been compromised and probably 
should had set it back to factory settings.

I was at my parents house at he time and the phone haven’t been any other place 
at the time.

Afterwards I found a sign of a installed and deleted app on my mothers Ipad.

I have read on the web that it is possible to use software like for example an 
Ipad app to get access to mobile phones and mobile broadband.

As my new pc also only have been there and I have Qubes OS installed on it and 
I have been using my own mobile broadband modem together with it, I wonder if 
my pc also can be infected and if so could it be that only the firewall-vm and 
the net-vm is compromised or could it be the whole system... ?

Are you confident the Qubes boot partition is safe? That is thevulnerable spot in terms of someone getting physical access to yourmachine. A few things can help keep boot safe:


1. Anti-evil maid

2. Heads

3. Putting an ATA lock password on your internal boot drive

The third option is not considered very strong, but its still adeterrent of sorts and its easier to setup than the first two.


Can I just delete the firewall-vm and the net-vm and create new ones afterwards 
and shall I just create them in the same way when creating new app-vm’s or 
standalone-vm’s or how shall I create them when I can’t clone them ?

The possibility for sys-firewall to be compromised is pretty low, but ifyou wipe/replace sys-net its easy to do the same for sys-firewall 'justin case'.


To do it for sys-net, here is the one-step method in dom0:

sudo blkdiscard /dev/qubes_dom0/vm-sys-net-private

Be careful, as 'blkdiscard' is basically a bulk erase command. There areother ways to do it, such as creating a new replacement for sys-net, butthey involve multiple steps and are frankly a bit frustrating todescribe and use.


--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eb7fec04-2962-db2f-f3c2-a30047162004%40posteo.net.

Re: [qubes-users] Can my pc be compromised and if so can I just create a new net-vm and firewall-vm and if so how when I can’t clone them ?

Reply via email to