Hello trueriver, Thanks for your post. No, you're not being overly cautious. Regarding your thoughts on whether there is much point securing the OS, I had the same kind of issues after my computer was hacked earlier this year. I realised, I couldn't just do a small fix here or there, as the issue of security was a bit like a water-carrying pipe with many punctured holes: patching just one or a few holes only meant that water came out of some other holes.
The result of my encountering of these issues, was the creation of a Wikibooks book on end-user computer security <https://en.wikibooks.org/wiki/End-user_Computer_Security>, particularly aimed at individuals without much resources (resources such as money)—feel free to add/edit its content, as it is a wiki. On Wednesday, 25 November 2020 at 14:31:55 UTC trueriver wrote: > ... In the days of CRT monitors one way the security of a computer system > could be compromised non-intrusively (ie without amending the > installed code) was by picking up the radio-frequency leakage ... > > Nowadays we do not have to worry about CRT monitors. But TVs are > increasingly delivered with their own internet connection, ... Clearly there is a computer inside which can be hacked, and if > so a remote shoulder surfing attack would be very possible. > > Getting back to your particular issues, smart TVs (and other internet-connected devices), are clearly a security concern, and I am not convinced that these issues are adequately dealt with for general consumers. Firmware doesn't generally seem to be sufficiently locked-down, meaning that middle-men attackers can possibly reprogram devices without leaving much evidence that leads personally back to them. > Is the same true of monitors and of TVs that do not have an apparent > internet link? ... > > Regarding microprocessor/micro-controller VDUs without wireless-communications tech, they are probably safer. However, because you can now even get small WiFi SD cards <https://en.wikipedia.org/wiki/Eye-Fi>, even at what appears to be relatively inexpensive prices, I would perhaps be concerned over whether such VDUs might have undergone tampering so as to be able to steal your information through wireless means. ...if there much point securing the OS when the monitor might be an easier > target > for those out to (umm) monitor our reading and our keystrokes? > > There is a point in securing the OS in spite of the other security vulnerabilities you've highlighted, but only as part of a comprehensive security solution. It only takes the weakest link in the chain... > ... I wonder if there is already some available mitigation? ... > > In terms of available mitigation, the latest idea I've had (not yet properly included in the book), is to buy computer hardware with anonymity over Amazon (see some notes about it here <https://en.wikibooks.org/wiki/Talk:End-user_Computer_Security/Main_content/Broad_security_principles#Concerning_%C2%A7%E2%9F%AAUser_randomly_selecting_unit_from_off_physical_shelves%E2%9F%AB,_and_add_%C2%A7%E2%9F%AAAnonymity_based%E2%9F%AB?>). You could also try using brands you trust more, or that are advertised as being more secure than normal. Also, you might think about going "barebones" in respect of the VDU: strip out the "bells and whistles" so as to reduce the attack surface. Hope this helps, Kind regards, Mark Fernandes -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/31910182-8bc7-400c-bd63-b389e479feban%40googlegroups.com.