Re: [qubes-users] Re: epoxy on ram to prevent cold boot attacks?
>> https://freedesktop.org/wiki/Software/PulseAudio/FAQ/#index15h3 > > I've looked at it few years ago and it was outdated/unmaintained at that > time already. I gave up on setting this on Win 7. I bet now it's even > harder. Yes, weird how neglected it is. Do people not write utility software for Windows now? Is it too locked down by MS (expensive signing) or too insecure for anyone to bother coding? Remote sound seems like the type of thing a lot of power users would want, even on Windows. >> When I assign a single USB drive to a VM, is dom0 still really in charge >> of the USB bus, and just shuffling stuff back and forth to the VM(s)? > > If you assign a single USB device to VM (using qvm-usb or qvm-block), > then yes - all the nasty USB stuff is still handled in dom0/sys-usb. > Only assigning the whole USB controller (PCI device) to a VM will move > USB processing out of dom0. So other than the potential of bugs in the stack, and faking a keyboard/mouse, there's really nothing a USB device could do to provoke any action (break-in attempts) in dom0? Would a USB Wifi dongle auto-configure as a second adapter on Qubes? (I might check that myself later.) Mass storage devices will be noted by dom0, but nothing silly like autorun could happen (unless you set it up manually). Device impersonation is a threat, I suppose. Can one USB device effectively "bus master" to probe a disk or something like that? Any other device type that could be a threat via USB? As long as you have a solid stack and reject HID/network, USB might not be quite as scary as I thought. Once you get your keyboard/mouse off of USB. That recipe for rejecting HID in one of those links worked great, /etc/udev/rules.d/99-disable-usb-input.rules: ACTION=="add", SUBSYSTEM=="input", SUBSYSTEMS=="usb", ATTRS{authorized}=="1", \ ENV{PARID}="$id", RUN+="/bin/sh -c 'echo 0 >/proc/bus/usb/devices/$env{PARID}/authorized'" Any new attempts to insert HID devices are ignored. I suppose there's a window at boot time before udev configures where a rogue USB device could impersonate a HID device and try to hijack the system (e.g. right at grub). But supervising any boots for any oddness is trivial (and a good idea). >> https://dkopecek.github.io/usbguard/blog/2015/USBGuard-vs-UDev > > Very interesting project indeed. And it is packaged in Fedora! N!!! Lol, I spent hours trying to get that to build. I had checked for packages under debian-8, found none, so figured Fedora was even less likely to have it (being more conservative). I was even building it under a bare-bones Fedora-23 VM. I could have just dnf'd it. That's a great thing, presumably having undergone review from the Fedora folks to be in the main repositories. (If Qubes can't in turn trust Fedora and its repo, it's toast from the start.) But I assume you still don't increase the amount of running dom0 software lightly. Installing it only brought in libqb (102k) and itself (206k), so it's fairly lightweight. Might see how well it agrees with dom0. :P > But as you've noted below, if all we need can be done using udev rules, > it's better to not introduce another complexity. With Fedora's review (and a fairly small package), I feel a lot more comfortable with it, perhaps as an option. Making it easier for people to track/configure USB devices is a pretty compelling selling point. Possibly outweighs the risk of the minimal additional of dom0 software. > The whole idea of having separate USB VM is to not care about USB > related compromise. It isn't fully possible with all kind of devices (like > USB camera - compromised USB VM will be able to sniff the traffic), but > it is surely an improvement. Leaving any camera or microphone connected at all isn't for the highly security conscious. :) > It would make sense to have Disposable USB VM - I hope we'll manage to > have it in Qubes 4.0. That's interesting. So, for example, you could possibly configure it such that if a certain device is inserted, a disposable VM could pop up, attached to that USB device, that could then run an app (such as keepass). When you're done, the DVM goes away. That's rather tidy. And safer. I assume memory freed from a dead VM is wiped upon freeing by Xen? Or at least wiped before allocating it elsewhere? >> Some discussions online argue that USB white-listing isn't helpful, >> since >> a BADUSB could just emulate your actual keyboard. Well, it would have >> to >> know the device ID's first. > > Yes. But then, such device would be able to communicate with > only one driver - of that keyboard. Not arbitrary chosen one of hundreds > of them -> large reduction of attack surface. I suppose even a brute-force search of device ID's through the relatively few vendors is feasible (without some protection). > Of course, if it hit unlocked system (or locked, but know the password), > controlling keyboard means controlling the whole system. But you can > guard against such attacks
[qubes-users] Re: QubesOS under VMware - I know I know ...
On Friday, 2 September 2016 00:31:15 UTC+10, p.@.com wrote: > Hi all, > > I am thinking of installing Qubesos on my laptop but before that I would like > to play with it before installation. The only option I know is to install it > under Vmware. I know this solution is not supported but for educational and > learning purposes it would be good to be able to do that. > Does anybody know if this is possible ? I tried to install it under Vmware > but it failed. Any workarounds ? I can even lower the security of QubesOS (if > this is somehow possible) to achieve it - this is just for educational > purposes. > Any help ? > > Best regards > Przemek If you want to put Qubes under VMWare, I recommend 3.0, it installs every time. If you have a server, then install Qubes under ESXi, it's what I did, and I've not had issues doing it many times before I then put it onto my actual PC. Qubes 2 also installs easily under VMWare, even on Player or Workstation on local PC. Just be sure you have enough Virtual HDD space for it. (32 GB+) As for 3.2 I'm not sure, I just put it on my Laptop using an HDD I had lying around. So that is 1 way you can accomplish this too. - Get another HDD that you have lying around. - Install onto that on your PC. - Mount HDD under VMWARE. - Clone HDD to virtual disk. - Boot and start the VM with only the virtual disk. This method has to sometimes be used, as I was told when I had issues at one point on my particular hardware (My laptop). I did that, and it worked fine under VMWare Player 6. On ESXi I installed directly on ESXi 5.5, worked first time. So there are many options to get it working under VMWare. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0f483128-a90f-4876-8910-804dc63bf0d3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: epoxy on ram to prevent cold boot attacks?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Sep 01, 2016 at 06:55:05AM -, johnyju...@sigaint.org wrote: > > On Wed, Aug 31, 2016 at 10:05:59PM -, johnyju...@sigaint.org wrote: > >> I'm curious to some mentions-in-passing about Andrew's hate for USB > >> keyboards. USB-anything isn't good for security, but what in particular > >> so much worse about USB? Both USB and PS/2 can keylog, or play > >> predefined > >> scripts to try and exploit the system. One of the dangers of rogue USB > >> devices is that they can suddenly pretend to be a keyboard (which Linux > >> will accept without confirmation, something I'm not thrilled about). > > > > It is mostly not about the keyboard itself, but other devices on the > > same bus. Anything that can control the bus to which keyboard is > > connected, can control the keyboard / pretend to be a keyboard. > > I can understand pretending to be the keyboard, but seeing the keyboard's > traffic, controlling the keyboard is really possible from another device > on the bus? If so, what a fatal flaw in the design of USB. On, it's about compromising system to which such USB device is connected. > > In addition, USB is quite complex and as with all complex code there are > > bugs. > > I hear you. I've bit-banged PS/2 protocols myself, and it's not that > hard. VUSB has achieved the same with USB, but its a *huge* project (and > can barely achieve HID use). > > > If you (or someone else) plug a malicious USB device that will exploit > > some bug in one of million USB device drivers, it can do whatever it > > want with the other USB devices on the same bus. And if that USB > > controller live in dom0, it's game over even without injecting malicious > > keystrokes. > > Yikes. USB really needs to get out of dom0 all together, just as > networking has. I'd also like to see the sound card in its own VM. With > Pulse's networkability, it shouldn't be that hard. One could use the > Pulse network ability instead of virtualization of the sound card. Actually our VM audio solution is based on something like this: passing raw samples (similar to pacat + module-simple-protocol-unix) over vchan link - socket-like inter-VM connection. See here: https://github.com/QubesOS/qubes-issues/issues/1590 > That might also be the best route to getting sound working in Windows > HVM's, although some work is needed on Windows Pulse clients: > > https://freedesktop.org/wiki/Software/PulseAudio/FAQ/#index15h3 I've looked at it few years ago and it was outdated/unmaintained at that time already. I gave up on setting this on Win 7. I bet now it's even harder. > When I assign a single USB drive to a VM, is dom0 still really in charge > of the USB bus, and just shuffling stuff back and forth to the VM(s)? If you assign a single USB device to VM (using qvm-usb or qvm-block), then yes - all the nasty USB stuff is still handled in dom0/sys-usb. Only assigning the whole USB controller (PCI device) to a VM will move USB processing out of dom0. > > PS/2 is much better, because you can't connect anything else than input > > devices there, and attack surface is much smaller. > > Agreed. It's all I use for mouse/keyboard. > > > Some mitigation would be to use separate USB controller for USB > > keyboard/mouse and have it in dedicated VM (separate form all-purposes > > sys-usb). > > Another possibility is some built-in Qubes support for building udev rules > (similar to how the firewall makes iptables rules), or perhaps adding > USBGuard to dom0 (or any USB Qube). A good comparison of the two options > is here: > > https://dkopecek.github.io/usbguard/blog/2015/USBGuard-vs-UDev Very interesting project indeed. And it is packaged in Fedora! But as you've noted below, if all we need can be done using udev rules, it's better to not introduce another complexity. > Seems like a great idea for Qubes in mitigating USB dangers, since in > practice it is so hard to avoid USB all together. And that problem is > only getting worse. > > One dodgy USB device from the dollar store, and your pwned. Or an > NSA/syndicate-implanted commercial hard drive with alternate identities > lurking. The whole idea of having separate USB VM is to not care about USB related compromise. It isn't fully possible with all kind of devices (like USB camera - compromised USB VM will be able to sniff the traffic), but it is surely an improvement. It would make sense to have Disposable USB VM - I hope we'll manage to have it in Qubes 4.0. > Some discussions online argue that USB white-listing isn't helpful, since > a BADUSB could just emulate your actual keyboard. Well, it would have to > know the device ID's first. Yes. But then, such device would be able to communicate with only one driver - of that keyboard. Not arbitrary chosen one of hundreds of them -> large reduction of attack surface. Of course, if it hit unlocked system (or locked, but know the password), controlling keyboard means controlling
Re: [qubes-users] QubesOS under VMware - I know I know ...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-01 07:31, p.@.com wrote: > Hi all, > > I am thinking of installing Qubesos on my laptop but before that I > would like to play with it before installation. The only option I > know is to install it under Vmware. I know this solution is not > supported but for educational and learning purposes it would be > good to be able to do that. Does anybody know if this is possible ? > I tried to install it under Vmware but it failed. Any workarounds ? > I can even lower the security of QubesOS (if this is somehow > possible) to achieve it - this is just for educational purposes. > Any help ? > > Best regards Przemek > Note that Qubes can be installed to a portable USB drive. It will run more slowly from such a device, but it can make testing more accessible, since it doesn't disturb your existing OS. At least one user has reported success with booting Qubes under VMware, but others have not been able to replicate these results: https://github.com/QubesOS/qubes-issues/issues/2249 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXyHFsAAoJENtN07w5UDAwFLoQAJ4Xajn/HiOWEpNvYi9awl9e 5tFJmTptC45E5T7OV4sh1gnlZc1M8Ctmg2MQ5Z2XwSQDzxa3IXW/ZJHvpK/oiyKu ME4zjsBJU+Kpi27q4/SfwZN16/KnbnHObM/rhRvX9W8K8B0aGAQD8s8hW0kkeiQV 6wFGpgujBsl+Jie/XcQX9r2cfAt7H5I8TnT9ZLGnmU4WJY+I3O6+WLXGvF0UyLQy TJfp9h0kYy3IhwvtGWxanEQ8geN6wPUZUchtcUNJ1TZ9/qZjEkGV31VXTMp8d+a3 b/cLGF8k/0FV4rkoHfa5odbIQIrwf4bkdN6LWEfy6kSxcYl6OCHWHZLWGzubqoTd AHL0b0EBeCti/BHXCWUMhnLIC0zue6LLxXhzZrdHB0b+lAlTZ62Na9oq4uC7APGf oMCIiWMLqsiuyouS2dxdKTK7PY1CKnyVw+G+SlU/l7y9bKLRR8p0HzsDp1EJquni S7pxuvQLlR4MlpRY18B8KwOBAwfbYtJOW87DxPl5GfMDwvV7fXiRNUXQJerXJFsG uaSMNXfj//TkU8Ryb+7tXbSiIwl/Q3qjUSvdJgciSBlwlfcG1eVKJCoQP4ae++W0 wbVFR7aBrfZ/tr/7BG8ZEyp4poW6FE8xxc6RIedLH2D55kZpNG8lwl37ykPhSEyS +WgZr8WoHHBbdCr3jJc7 =IhAj -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9fe390c4-5f37-7156-4dc0-ecfa07970099%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] ASUS ZenBook 3 + Qubes OS
https://www.asus.com/Notebooks/ASUS-ZenBook-3-UX390UA/ ;) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b2bee74a-4baa-4271-91f9-270a1ad00924%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] ASUS ZenBook 3 + Qubes
;) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ad1b784e-4af6-4027-83c3-4e0694749969%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QubesOS under VMware - I know I know ...
On Thursday, September 1, 2016 at 4:31:15 PM UTC+2, p.@.com wrote: > Hi all, > > I am thinking of installing Qubesos on my laptop but before that I would like > to play with it before installation. The only option I know is to install it > under Vmware. I know this solution is not supported but for educational and > learning purposes it would be good to be able to do that. > Does anybody know if this is possible ? I tried to install it under Vmware > but it failed. Any workarounds ? I can even lower the security of QubesOS (if > this is somehow possible) to achieve it - this is just for educational > purposes. > Any help ? > > Best regards > Przemek I have managed to do this once but I wasn't able to repeat it for some reason... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/faa0207e-a285-4dc2-b1bc-86e82ce1b626%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Display Calibration and Audio Equalizer for Dom0 ?
how can I calibrate my display in qubes ? my display is quite yellow what good program should I install into qubes, dom0 to calibrate it ? is there any good audio equalizer like dell waves maxx audio & windows sound settings, that modifies the sound output ? like virtual surround, noise cancellation, bass/trebble modifier... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/08c3ca4d-1ede-4759-91e9-61c3d2546a2d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] QubesOS under VMware - I know I know ...
Hi all, I am thinking of installing Qubesos on my laptop but before that I would like to play with it before installation. The only option I know is to install it under Vmware. I know this solution is not supported but for educational and learning purposes it would be good to be able to do that. Does anybody know if this is possible ? I tried to install it under Vmware but it failed. Any workarounds ? I can even lower the security of QubesOS (if this is somehow possible) to achieve it - this is just for educational purposes. Any help ? Best regards Przemek -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b5c87957-1599-46c0-8273-60e14b896f96%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: OSError: [Errno 2] while reinstalling a TemplateVM
This as just been solved by creating this folder in dom0 : mkdir /var/lib/qubes/vm-templates/dummy/apps.templates Then I was able to get a menu in Qubes VM Manager to switch from "dummy" to "debian-8" template. All is working fine now. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/98607c33-b847-48a1-8824-73eb486d7b23%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] R3.2 rc2 blank screen - screenlock issue?
Happened again overnight - kill -HUP xsettingsd got it useable again. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e471416e-84b1-420f-8b84-15ff6fc5c48c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] installing Signal on Qubes mini-HOWTO
On Thu, Sep 1, 2016 at 2:21 AM, Andrew David Wongwrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-08-31 15:50, IX4 Svs wrote: > > On Wed, Aug 24, 2016 at 11:10 PM, Andrew David Wong > > wrote: > > > >> > >> On 2016-08-15 14:43, IX4 Svs wrote: > >>> On Mon, Aug 15, 2016 at 10:19 AM, Andrew David Wong > >>> wrote: > >>> > > On 2016-08-14 15:22, IX4 Svs wrote: > > Just spent a few minutes to figure this out so I thought I'd > > share. > > > > Thanks, Alex! Would you mind if we added this to the docs at some > point? > > > >>> Not at all - especially if you improve my clumsy way of creating the > >> custom > >>> shortcut (steps 7-12) and use the proper Qubes way that Nicklaus > >>> linked to. > >>> > >>> Cheers, > >>> > >>> Alex > >>> > >> > >> Added: > >> > >> https://www.qubes-os.org/doc/signal/ > >> > >> > > Andrew, thanks for adding this to the documentation. > > > > I'm afraid my DIY shortcut kludge does not survive some(potentially boot > > time) script and is wiped away from the taskbar, only to be replaced by a > > default "Chrome browser" shortcut. I admit I don't quite comprehend what > > the actual implementation of > > https://www.qubes-os.org/doc/managing-appvm-shortcuts/#tocAnchor-1-1-1 > > should be. > > Neither do I. I've always make my custom shortcuts the same general way > you do. > > Ah, we have a usability issue here then. > > A worked example that replaces all but the first step of the " Creating a > > Shortcut in KDE" section of https://www.qubes-os.org/doc/signal/ would > be > > very much welcome. > > > > Agreed. > Can someone who has figured out how to create one-click buttons to launch arbitrary applications in AppVMs chime in with an example please? I'll then test it and Andrew can stick it in the wiki for all Qubes users to benefit. Thanks, Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAEe-%3DTecrTrJ20i73xC2nQFqcnGY17fPNuNR1Xs0A%3Dern2FeoA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: epoxy on ram to prevent cold boot attacks?
> This is scary: > > https://hakshop.myshopify.com/collections/usb-rubber-ducky/products/usb-rubber-ducky-deluxe?variant=353378649 Related, and (disturbingly) informative: https://github.com/brandonlw/Psychson JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c2872d8b7c663d10b867f7b43b735ad3.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: epoxy on ram to prevent cold boot attacks?
> On Wed, Aug 31, 2016 at 10:05:59PM -, johnyju...@sigaint.org wrote: >> I'm curious to some mentions-in-passing about Andrew's hate for USB >> keyboards. USB-anything isn't good for security, but what in particular >> so much worse about USB? Both USB and PS/2 can keylog, or play >> predefined >> scripts to try and exploit the system. One of the dangers of rogue USB >> devices is that they can suddenly pretend to be a keyboard (which Linux >> will accept without confirmation, something I'm not thrilled about). > > It is mostly not about the keyboard itself, but other devices on the > same bus. Anything that can control the bus to which keyboard is > connected, can control the keyboard / pretend to be a keyboard. I can understand pretending to be the keyboard, but seeing the keyboard's traffic, controlling the keyboard is really possible from another device on the bus? If so, what a fatal flaw in the design of USB. > In addition, USB is quite complex and as with all complex code there are > bugs. I hear you. I've bit-banged PS/2 protocols myself, and it's not that hard. VUSB has achieved the same with USB, but its a *huge* project (and can barely achieve HID use). > If you (or someone else) plug a malicious USB device that will exploit > some bug in one of million USB device drivers, it can do whatever it > want with the other USB devices on the same bus. And if that USB > controller live in dom0, it's game over even without injecting malicious > keystrokes. Yikes. USB really needs to get out of dom0 all together, just as networking has. I'd also like to see the sound card in its own VM. With Pulse's networkability, it shouldn't be that hard. One could use the Pulse network ability instead of virtualization of the sound card. That might also be the best route to getting sound working in Windows HVM's, although some work is needed on Windows Pulse clients: https://freedesktop.org/wiki/Software/PulseAudio/FAQ/#index15h3 When I assign a single USB drive to a VM, is dom0 still really in charge of the USB bus, and just shuffling stuff back and forth to the VM(s)? > PS/2 is much better, because you can't connect anything else than input > devices there, and attack surface is much smaller. Agreed. It's all I use for mouse/keyboard. > Some mitigation would be to use separate USB controller for USB > keyboard/mouse and have it in dedicated VM (separate form all-purposes > sys-usb). Another possibility is some built-in Qubes support for building udev rules (similar to how the firewall makes iptables rules), or perhaps adding USBGuard to dom0 (or any USB Qube). A good comparison of the two options is here: https://dkopecek.github.io/usbguard/blog/2015/USBGuard-vs-UDev Seems like a great idea for Qubes in mitigating USB dangers, since in practice it is so hard to avoid USB all together. And that problem is only getting worse. One dodgy USB device from the dollar store, and your pwned. Or an NSA/syndicate-implanted commercial hard drive with alternate identities lurking. I'm always tempted, but ultimately avoid, unusually low-priced USB devices, lol. I've been passed USB keys from some rather suspect individuals in the past; I've quarantined them, and should (carefully, on a non-critical system) take a more detailed peek someday, lol. Some discussions online argue that USB white-listing isn't helpful, since a BADUSB could just emulate your actual keyboard. Well, it would have to know the device ID's first. Even if it gloms my keyboard's USB vendor/device ID's and tires to imitate it, the system could spot the fact that there's a second similar device but on another USB port, no? Or is USB so stupid that the system couldn't differentiate the two (or the fact that there is two)? While the USBGuard project looks admirable, I'm guessing the more attractive option would be for Qubes to add support for creating custom udev whitelists, as the less software in dom0, the better. Although USBGuard isn't a huge project (the tarball is <1M) and if you're going to otherwise have to write the code yourself, it might be better to just audit USBGuard and include it in some form. If someone else has already put in much of the required thought and effort . . . Even a pop-up notification when a new HID device is added could be useful. The fact that keyboard/mice are silently accepted is a bit scary. I might add some scripts to watch dmesg for such events, and more actively warn me. All just food for thought. I'll be adding udev whitelist rules to dom0 very shortly. Another idea I saw was restricting HID devices to *one* keyboard and *one* mouse, so if a BADUSB comes along trying to be another keyboard, it doesn't work. Or even better, alarm bells go off. I was thinking earlier that some form of a "USB Firewall" hardware device might be cool to create; one that goes into each USB port in between each device and the PC, and only passes a specific device, or only a HID device (and doesn't