Re: [qubes-users] Re: Screen recorder for Qubes..?
On Tuesday, 8 November 2016 12:49:53 UTC, Eva Star wrote: > It's not hard to integrate video capturing to my qubes screenshot tool What is the command name for your screenshot tool...? Can it be run on the command line..? Because I'd be willing to just write a script to run it multiple times per second, and then view the JPG / PNG images individually I'd be willing to write that script myself right now and not even integrate it into Qubes or anything... To just do it for myself. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a87c04b2-6e0e-46d3-9162-243b78a4795c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Screen recorder for Qubes..?
None of this makes any sense to me. There is already a screenshot tool This would just be multiple screenshots per second. I don't see why it isn't possible -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8f43a994-6238-4a04-9336-0193cec44d2d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Screen recorder for Qubes..?
I see that dom0 has a screenshot tool, but how about a screen recorder tool..? I.e. one that would record video. Sound is not needed, but I certainly need to record many screenshots per second.. Many frames per second. Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/57173cf7-8ad4-4d6a-aa35-6bed93d77aaf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] A list of computers that do not "hold state"..?
Does anyone have a list of computers with no writable firmware..? If you get hacked, hackers can deeply infect the BIOS, GPU, WiFi and other components that "hold state". Then, even if you wipe your hard drive after getting infected, you can still just get re-infected again, due to the deep firmware infections. The Raspberry Pi is an example of a device that does not "hold state". Every component on the Raspberry Pi has its firmware and drivers loaded in from an SD card. Thus, if you wipe the SD card, you have truly wiped the device, and can be sure that it is totally clean. Does anyone have a list of similar devices to the Pi, that do not "hold state" on ANY of the components...? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f00af64b-c89e-4451-bec5-8667bc52a5ab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Restart sound card "state"..?
OK. Solved. It was muted in "output devices". -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cfc78921-8b88-45e5-8b14-11d28051b864%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Restart sound card "state"..?
When I first installed Qubes, my webcam/mic was plugged in. I have since removed the webcam/mic physically. Since doing this, the sound no longer works on Qubes. I tried booting Ubuntu live disc, and sound works. So it's not a physical problem. I feel like Qubes initially detected a certain "state" or some kind of hardware detection. And now, it's different hardware, so it doesn't play sound anymore. Speakers, headphone sockets.. Simply no sound. How do I re-detect the sound hardware.. or restart the state.. or something along these lines..? Something like what Qubes would do when first installing.. Detecting the hardware..? Something like that. How do I do this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/265bd410-a892-46bf-9b14-811dde0ecc55%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
OK, so how about using PIO purely..? A device which can do PIO and PIO only. Would this then be more secure..? Or would the attack just be carried out by the CPU rather than RAM..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3e9f6d8d-901f-42dc-9571-58f832f23a33%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
DMA allows network card to read/write RAM. DMA attack allows one already-compromised VM to read the RAM of another VM, thus breaching Qubes isolation... unless you use VT-D, although flaws in VT-D have been shown. Remote DMA attack allows packets sent to the network card directly over the web, not even having to compromise your VM first... as demonstrated in the paper by the French intel agency. That is what I understand so far. Hence, why I am asking if using PIO rather than DMA would prevent such attacks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8d3ffc8d-8658-4a32-b3aa-7c486b653e15%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
I've been going through some of the networking modules on my Qubes system. Some of them would indicate that DMA can be switched off entirely, and PIO used instead. For example: b43.ko modinfo -F parm /lib/modules/4.4.14-11.pvops.qubes.x86_64/kernel/drivers/net/wireless/b43/b43.ko pio:Use PIO accesses by default: 0=DMA, 1=PIO (int) --- so.. PIO here would suggest that it's possible to use non-DMA. --- I guess my real question is... would switching off DMA make you safer anyway..? For example, PIO is just going to transfer it to the CPU. At this point, couldn't the CPU just infect your device rather than DMA..? So I'm not even entirely convinced that uaing PIO would make you safer anyway. What do people think..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4d79b94e-2180-4ff5-95e7-6f01ecec14ab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
This paper suggests it is definitely possible to attack a network card remotely This is written by the French intelligence agency, "ANSSI - French Network and Information Security Agency" http://www.ssi.gouv.fr/uploads/IMG/pdf/paper.pdf " In [8], we demonstrated how it is possible for an attacker to take full control of a computer by exploiting a vulnerability in the network adapter. This proof of concept shows how it is possible for an attacker to take full control of the adapter and to add a backdoor in the OS kernel using DMA accesses. The vulnerability was unconditionally exploitable when the ASF function was enabled on the network card to any attacker that would be able to send UDP packets to the victim. " -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a6da0988-1749-4b72-adb7-2e87f6df68ea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
OK, so we've gone from not do-able remotely, to "may or may not be possible", and "this is hard" Are there any proven such attacks on Ethernet? Any proof of concepts? Also, would USB Ethernet make this attack any easier..? Something like a USB Ethernet dongle? http://i.imgur.com/l5ntqFe.jpg -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bcdf1789-0d36-4fd7-bc1c-4dbfb930beb4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
OK, so we've gone from not do-able remotely, to "may or may not be possible", and "this is hard" Are there any proven such attacks on Ethernet? Any proof of concepts? Also, would USB Ethernet make this attack any easier..? Something like a USB Ethernet dongle? http://i.imgur.com/l5ntqFe.jpg -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6c874d29-01ff-462b-8dde-6d37dec9cbda%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
OK. This is getting confusing. So you are now saying that you can't do a DMA attack over the web..? If I had one computer connected to another via Ethernet crossover, could one computer infect the other via DMA by sending the DMA attack over the crossover cable..? Or can a computer only launch a DMA attack on itself? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6a7e0a00-72a4-4939-804b-0687e08bad4f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
Another question... Are DMA attacks on Ethernet are even plausible? WiFi seems much more vulnerable than Ethernet, due to more complexity. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/999d2ee0-f6aa-4617-80de-9264d87be87e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
" The original cards, the NE1000 (8-bit ISA; announced as "E-Net adapter" in February 1987 for 495 USD) and NE2000 (16-bit ISA), and the corresponding use of limited 8-bit and later 16-bit DMA in the NE2000 " That seems to say that DMA is in fact used in the NE2000. By the way, will these cards support modern Ethernet cables, like cat5e...? Do they support Ethernet crossover? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a4eb75f1-3a78-48f5-addf-063e014f79fe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
On Friday, 7 October 2016 19:37:50 UTC+1, Achim Patzner wrote: > I think I’ve still got a bunch of NE2000 and early RealTekNICs somewhere in > the cellar – how much do you want to offer? Are you saying that these devices are non-DMA...? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e30f1d83-efa0-468d-a1a0-6032f70d7f0a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Switch of DMA altogether..?
So are you saying that VT-D does not actually depend on Xen...? With a Xen bug, couldn't a hacked WiFi device just break out of sys-net..? Or not..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0e9712cf-5c52-41d4-92bd-7a5853add4c1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Switch of DMA altogether..?
Presumably through the CPU. We know this option exists for hard drives for a facts. So I see no reason you couldn't get Ethernet + WiFi chips without DMA. Not all devices support switching off DMA, so I can see why Qubes decided to use VT-D + Xen instead. But certainly, I think there are devices out there without DMA. I think you just need to search the market for a Ethernet/WiFi that supports non-DMA. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1dfba313-0f8f-4ddd-83fe-1e61c684ccd2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Switch of DMA altogether..?
Qubes uses VT-D and a Net VM to attempt to isolate buggy WiFi adapters from the
rest of the Qubes system.
But this isolation still depends on Xen not having bugs... And we know that Xen
has bugs, and will likely continue to have more going forward.
So, instead of VT-D, why not just switch off DMA altogether..?
In Debian, you can edit "/etc/hdparms.conf", and do stuff like this:
/dev/hdc {
dma = on
}
Why not just do this for WiFi and Ethernet chips in Qubes, and thus, not have
to rely on Xen for isolation?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/7da00a1d-df99-46fd-8f22-efb638d4f463%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Detach a USB mic from sys-usb into dom0
OK, here is the solution. I solved it myself. You install "pavucontrol" in the internal VM. Then ,if you look at it, you will see that the USB mic is actually detected automatically. So in fact, no need to detach anything, or disable any USB qube. You just simply install "pavucontrol" inside the App VM. The USB mic doesn't show up in dom0's pavucontrol But it does show up in pavucontrol of the internal VM Solved. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dab90fec-8bbb-4738-a6c4-ed009977d21a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Detach a USB mic from sys-usb into dom0
I remember, before I had Qubes with the USB qube, my USB mic seemed to be in dom0. To the point where I could see the USB mic as an option in "Volume Control"/ pavucontrol in dom0. In the volume control mixer, I would be able to select the VM from there, and choose the USB mic as the input device for a particular VM. But now, because I have sys-usb, the USB mic is in sys-usb, and thus, I cannot select it from the dom0 volume mixer. How do I get the USB mic to detach from sys-usb and go back into dom0...? Or is there some way to direct a mic to a certain VM using sys-usb instead? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e486d232-1713-4c80-817c-0e8bda112aad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Would USB Ethernet be more secure than WiFi..?
There is talk that Ethernet is more secure than WiFi, due to the complexity of WiFi. So, my laptop only has WiFi. If I were to remove the WiFi chip, and use a USB Ethernet adapter, do you think that would be more secure..? Something like this: https://www.amazon.co.uk/Network-Adapter-TechRise-Ethernet-Supporting/dp/B01JS7U3GQ/ref=cm_cr_arp_d_product_top?ie=UTF8 Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5ec8c014-c00b-4cf8-98da-05415037f466%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] A computer with read-only firmware..?
Does anyone know of any computer that has read-only firmware..? I'm talking, just about anything that could have a virus written to it. Stuff like 1. BIOS 2. GPU 3. Ethernet 4. Mouse 5. Keyboard etc I want this system because then if it is infected, then all I need to do is wipe the HDD and then it's clean again. Ideally the system should only have HDD as persistently writable. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/10d3da1d-030b-4230-9c07-e08c3a12f114%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Failed to add USB controller to App VM
OK this works. For anyone reading this in the future.. yes, it works. You'll notice that sys-usb has False as its setting for this, hence how sys-usb is able to boot without this error message. So yes, set it to False and now USB WiFi networking devices work. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/13b0f61e-650c-4795-ac1e-db4cc73f17e8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Failed to add USB controller to App VM
OK, this seems to be what I need. One further question... https://www.qubes-os.org/doc/dom0-tools/qvm-prefs/ " pci_strictreset Accepted values: True, False Control whether prevent assigning to VM a device which does not support any reset method. Generally such devices should not be assigned to any VM, because there will be no way to reset device state after VM shutdown, so the device could attack next VM to which it will be assigned. But in some cases it could make sense - for example when the VM to which it is assigned is trusted one, or is running all the time. " --- So... if you were to shut down and restart your entire computer (not just VMs), would the device state be reset to a safe state...? Or is this just going to make it unsafe forever..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11078d82-5423-4e52-96ce-a7cc5b766490%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Failed to add USB controller to App VM
I am using Qubes 3.2 rc2 I need to use an external USB WiFI device. I was told in a previous thread that I need to attach the entire USB controller, rather than just using qvm-usb -a https://groups.google.com/forum/#!msg/qubes-users/o8zUPDdA0Vs/8LkwfalPCAAJ;context-place=topic/qubes-users/o8zUPDdA0Vs However, when I do this, I get the following error message: " Error starting VM 'anon-whonix': internal error: Unable to reset PCI device :00:14.0: no FLR, PM reset or bus reset available " What is the solution here..? I'm adding a USB controller to anon-whonix. Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b520cc8f-3d7f-4707-b8f8-9636c3712ce0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] sys-firewall no longer works after creating new Net VM
I created a new Net VM, in order to use Debian, and it works fine. But now I want to revert back to sys-net. The problem is that my sys-firewall no longer works. How do I get sys-firewall to work again? It starts up fine, but simply doesn't work. Other App VMs are not getting data through it. Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5f2dfb2a-597a-4fc8-81e9-76dec90187dd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Set different NetVM for dom0
How do I change the NetVM used by dom0..? I have sys-firewall as does everyone. But I actually set up a new NetVM a while back, and sys-firewall no longer works for me. Call it "NetVM2". So I want to set the NetVM used by dom0 to "NetVM2", or whatever replace "NetVM2" with the name of the NetVM. Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c474d179-f406-41be-9ac6-1c6524a5b84b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to get NetworkManager in anon-whonix..?
I would like to get NetworkManager to open up for anon-whonix. How do I achieve this..? I am trying to share an Internet connection that is Tor-only. Thus, I need to open the NetworkManager system tray applet thing in Whonix. Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dbe2f93d-79c1-4197-b4c0-13e290bb2aa7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Physical isolation using Whonix and Qubes..?
I am looking to use Qubes/Whonix as a dedicated Tor router. And then route a laptop through my Qubes/Whonix system. Main router => Qubes/Whonix computer that acts as a Tor-only router => My laptop for browsing web I want to know how to share the connection of Whonix/Tor in Qubes, with a laptop that connects into the machine physically. I tried asking this question on Whonix forums, but they told me to ask on qubes-users instead, because it is "unsupported". -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6be60815-54a4-47de-90b7-fa92052597f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Anything else to wipe other than HDD and BIOS..?
Yeah, Joanna is seriously epic. How about Raspberry Pi..? That seems to have very few components. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b628b960-618f-41da-b0ae-3b15282af050%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Anything else to wipe other than HDD and BIOS..?
How about Google Chromebooks which have a system to auto-restore the OS if it thinks it's been tampered with..? Or what about a read-only BIOS in the first place..? Is there any reason BIOS can't be read-only..? I basically want a computer which is most easy to wipe/reinstall and then it's truly wiped. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a98dee7a-e27e-4ef9-8036-877f536fa7c9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Anything else to wipe other than HDD and BIOS..?
If I think a computer has been infected, is there anything else I should wipe/re-install other than 1. Hard Drive / Operating System 2. BIOS Is there anything else that a hacker could possibly infect that needs to be wiped/re-installed..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/43647750-ce02-45db-b745-865ffee84df3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
Wow. Not even 4 GB of compiled drivers for the WiFi. You are saying it's 4 GB of raw plaintext source code..? WOW That's INSANELY complex. A bit like how people have said phone basebands are incredibly complex, not to mention, closed source. All this wireless stuff in general seems to be super super complex, and thus, prone to security problems. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/32cf14ad-eeb5-4557-b9c6-a26460eef5e3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
Very useful info, but what I meant is whether the Ethernet drivers/firmware etc are more secure than the WiFi ones. I wasn't really talking things like RF leakage etc. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ecbd7136-a6f1-4bcf-b7c5-8a830ee3c7fa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
And yes, by all means, I will use Whonix's system rather than my own custom script. I originally created my own, because I saw that Whonix didn't have VT-D. But then I learned that VT-D is nowhere near as good as I thought. I originally thought VT-D isolates the devices from the Net VM itself. But in fact, VT-D only keeps the devices inside of Net VM... and the security of Net VM itself is still dependent on Xen. So... yes I will definitely look into using Whonix for this rather than my own script. But just to re-iterate my previous question.. do you think Ethernet is any more secure than WiFi. In your answer, you explicitly say to get rid of WiFi, due to security problems... But how about Ethernet..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9774f4fb-2cfd-4848-887e-1a8dcce18c62%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
Well, entr0py, you are correct. It does indeed come down, to either Xen, or my networking stack. Let me ask... what is the security like for Ethernet..? Let's say I connected to my home router via Ethernet, and also served out the Tor connection to a 2nd laptop, over Ethernet. In this setup, there is no WiFi at all. Would that make things more secure..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7fc44baf-ea60-485d-93c9-faa06fb04bde%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
You should realise, I don't actually care if the 2nd laptop is hacked. I'm only trying to protect WHO I am, and not WHAT I'm doing. So I don't care about DMA attacks on the 2nd laptop. I only aim to protect the Tor hotspot thing that is set up in the Qubes system. And for this, I think the solution is to use a safe WiFi/Ethernet device, if these things even exist. Of course, this means that I don't even really need Qubes at all, which you pointed out in an earlier post. I originally thought I needed Qubes for this system but in fact, VT-D simply doesn't do what I originally thought it did. I originally thought VT-D isolated the networking devices themselves. But in fact, VT-D simply allows networking devices to be inside the Net VM. The Net VM still relies on Xen to separate itself from the rest of the Qubes system. Hence, it all comes back to Xen. Maybe Qubes 4.0 and SLAT will make Xen secure. But for now, I think using 2 laptops is more secure, so long as we can be sure there are no bugs in the networking drivers. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8b38d7e7-090b-4935-a9ab-4766ef475134%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
I guess the only other thing I would add is. With Firefox, you have a page "Security Advisories", which lists the history of Firefox exploits. I wonder if such a thing exists for WiFi drivers + firmware. Or even a list of any major audits of WiFi drivers + firmware. If there is some really easy way to see which WiFi devices are the most secure. Something like "security advisories", but for WiFi devices. But I guess if no eyeballs are even looking at the code, then no one will find any bugs. Ultimately, what's needed is a Truecrypt-style major audit. If we could crowd-fund an audit of a major WiFi chip(s), that may be the key. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6848617d-b373-48f5-b103-eb3b634dde65%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
OK, so the main takeaway from your answer: "The card doesn't have a host CPU and so it doesn't require a firmware source" that seems like the most interesting the driver would still need to be bug-free though who knows whether any of these have even been audited thanks for your replies though... very detailed and very useful -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/91ed9119-b5dd-49bd-9152-f141d126c3ce%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
You said: " Now, if the compromised sys-net can somehow otherwise breach other AppVM's or dom0, you're screwed. " -- Yeah... and surely this is exactly what can happen, no..? We had 2 Xen exploits in the last 1 year. Surely a compromised sys-net can just run a Xen exploit, and can then breach into any other VM, including dom0. This is the whole reason why I decided to use 2 laptops.. because Xen is not secure. So, I think the solution is to simply use a WiFi and Ethernet that do NOT have any bugs in the first place. As far as I can tell, networking firmware in Linux is actually implemented in Linux, and not installed on the actual device itself. Therefore, so long as the driver was open source, then surely it can be audited for any DMA bugs. Here is a comparison of open source wireless drivers https://en.wikipedia.org/wiki/Comparison_of_open-source_wireless_drivers Are there any particular WiFi chips on this list that anyone recommends..? Are certain ones known to be more secure than others..? Because to me, this is where this thread has now ended up. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4f9b3201-8fc7-49aa-a457-88afe789596f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
OK, but I have already built the script. I have it running in Net VM. It works. I am NOT asking you to make an alternative system. I am simply asking whether an attack on the WiFi/Ethernet in the Net VM could also end up messing up my Tor script. Look at the question again: http://imgur.com/a/CTbLk -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eab8a1ac-0a6f-43c5-b4e4-b905609d1189%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
In terms of "hotspot" terminology, what it does is, quote from author of the script: "it bridges the two interfaces but uses NAT to achieve it" -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6b5e42ea-e2dc-420d-933a-3c591b75639d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
NET VM -- -- - WiFi device- -- - Ethernet device- -- - Tor ethernet hotspot script- -- -- - - -Ethernet crossover cable - - LAPTOP 2- --- - - - - - - - Web browser, apps etc - - - - - - - - - --- Question: Could a DMA attack on WiFi device or Ethernet device then take over the entire Net VM, modify my Tor script, and then do whatever, like, leak my real IP, pass all data to the hacker, etc? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c53c0456-5878-43d3-93cf-3fc692cd5ea8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
OK.. here we go This is my question with a DIAGRAM to help you visualise it: http://imgur.com/a/CTbLk -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e5651253-3453-4fa4-8795-1639d599e62f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
OK, it's the original poster here. The consensus so far is that anything I run inside sys-net should be vulnerable, and that it is advised not to run programs in sys-net. So, in this case, how am I supposed to run my Ethernet Tor hotspot..? I had somebody write me a script that lets Qubes connect by WiFi to my home router, and then serve out an Ethernet hotspot that runs everything through Tor. The program works fine, but yes, it does run within sys-net. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/62d3ca97-2e26-41a8-90e3-4b50f28be1d6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] "Carrying forward" a DMA attack..?
Let's say I have a Qubes machine connected to a 2nd laptop by Ethernet. The Qubes machine is sharing its Internet connection. Let's say the Qubes machine gets hit with a DMA attack. The 2nd laptop is not a Qubes machine, and therefore doesn't have VT-D for DMA protection. Can the DMA attack be "carried forward" to the 2nd laptop... or is it killed for good by the Qubes machine..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ec267260-3504-4533-bb2a-057c30bf653c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] What is the purpose of sys-firewall..?
What is the purpose of sys-firewall..? I noticed that every App VM has its own "Firewall Rules" inside of VM Settings. So therefore, what is the purpose of sys-firewall..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3709cdc5-4d09-47e0-b59b-40a188c3908f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Why are Ethernet and WiFi in sys-net..?
Simple question: Why are Ethernet and WiFi in sys-net..? Is it (A) Just for easy access to the same network for all App VMs..? (B) Because this is isolating Ethernet and WiFi from the rest of the system, to stop DMA attacks..? It's not clear to me whether the VT-D protection is occurring because you are putting these devices in sys-net. Or whether the VT-D is implemented regardless of which VM the Wifi/Ethernet are in. I ask this because I want to run some programs in sys-net, and wonder whether a DMA attack could screw up these programs. Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3b37e397-f889-48fa-8a1d-cbe201e4acdf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to add a "sys-firewall" to a NetVM..?
I created a new NetVM to use debian8, rather than fedora-23 It all works fine. But I noticed that the original "sys-net" has a "sys-firewall" tied to it. Do I need to add something like this for my new Net VM, and if so, how do I do it..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/88743796-2866-4900-8ec6-3ced381fc0fc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Is it possible to have 2 Net VMs - one for Ethernet, another for WiFi..?
I want to have 2 Net VMs running at the same time. One would hold Ethernet in "Devices" The other would hold WiFi in "Devices" Is this possible? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1825a2b3-2e29-4df1-89e5-20c57c37595b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?
OK. You need to install the jessie-backports verison of the Intel driver in order for it to work in Debian 8. See my post here where I solved it: https://groups.google.com/forum/#!topic/qubes-users/BJRnCNcDtoo -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/88c5921d-c26f-4b8f-a8d5-82226611bd18%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Can't get WiFi driver to work in Debian 8
Obviously restart the Template VM and Net VM afterwards. All solved. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f4fb56b1-52c2-4c46-a883-76e19be13746%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Can't get WiFi driver to work in Debian 8
OK. I solved it. The solution is to get the jessie-backports .deb file and install it in the "debian-8" template VM: Go here https://packages.debian.org/jessie-backports/firmware-iwlwifi Then here https://packages.debian.org/jessie-backports/all/firmware-iwlwifi/download Copy the file to debian-8 run dpkg -i firmware-iwlwifi_20160110-1-bpo8+1_all.deb Solved -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/07a73682-4b96-4d45-9532-f4d523aea9c1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Can't get WiFi driver to work in Debian 8
I am on Qubes 3.2 rc2. I have an Intel 3165 WiFi driver. It simply does not work. It works fine in Fedora, but not Debian. According to this: https://github.com/QubesOS/qubes-issues/issues/1526 There is something where Debian no longer recognises WiFi in Qubes Net VMs..? Is this true..? If so, it says to downgrade to 3.18 kernel. So I follow these instructions: https://www.qubes-os.org/doc/managing-vm-kernel/ But then I try going to dom0, and running: "sudo qubes-dom0-update grub2-xen" and it returns: "Cannot download rpm/grub2-xen-2.02beta2-3.fc23.x86_64.rpm: All mirrors were tried" So I just don't get it. Do I need to downgrade the kernel or not..? Does anyone have WiFi drivers working in a Debian8 Net VM..?? And if I do, why is this failing in dom0..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/86779166-8c7b-4f76-b87b-554c5a34dbb8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?
Yeah, what actually happened to me, is that Ethernet DOES work just fine. But WiFi doesn't. So this is actually I think related to this issue: https://github.com/QubesOS/qubes-issues/issues/1526 Wifi no longer recognised in Debian-based sys-net VM after 3.0 -> 3.1 upgrade I have an Intel 3165 WiFi chip. There is something where Debian in Qubes no longer works with WiFi or something. They say to downgrade to a lower kernel.. Errgh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ccb14b4a-149c-4f72-92ba-1119f9fb04a3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?
OK, now, I had real problems trying to switch to debian8. I shut down sys-net and sys-firewall Switched them both over to debian8 First thing, it said "Internet disconnected" in network manager, and simply wouldn't show any WiFi networks at all. Second thing, it wouldn't even open the terminal for "sys-net". So, this really did not work for me. Chris Laprise, what did you do, other than shutting down VMs and changing to debian..? Did you have to shut down sys-usb as well..? Or do I have to do a bunch of other VMs or other stuff..? This certainly didn't work smoothly for me at all. I've switched back over to Fedora just to type this. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7bacb435-a9d7-466e-a4f3-30c21f7ee570%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to install DHCP in "sys-net"
I am doing a project with someone. I need to install DHCP in "sys-net". I did: sudo dnf install dhcp and sudo dnf install dhcpcd --- After this, I was asked to look for this file: /usr/lib/dhcpcd/dhcpcd-hooks/70-ipv4-nat --- But it just hadn't been created. I don't understand how to install DHCP in sys-net -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/927f22bd-e0f2-4246-a478-7e2143c68e59%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Can TeamViewer or similar work with Qubes..?
OK, that's pretty useless, because I want someone to connect to my PV, not to a win7 HVM. Are there any other options at all..? I guess I could let someone SSH into my VM..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9e58efa9-0465-4811-8e34-bf914db566ee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?
Can I also ask Is it true to say "enp0s1" is the sys-net equivalent of "eth0" and "wlp0s0" is the sys-net equivalent of "wlan0" Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ec853dd6-b6fa-4d6d-8b8f-b06134cbb8b4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Can TeamViewer or similar work with Qubes..?
I am working on a project with someone. And they want to remote into Qubes with TeamViewer. Will this work at all... or is there any alternative software..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1ebd7725-5155-48b2-8539-9ae40f5e4986%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?
I may need to change "sys-net" from the Fedora template VM, to the Debian template VM. If I did this, would it break anything..? Or does it simply have to be Fedora..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9a2414f8-a548-419d-92bf-2a7c4bcdcc39%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How do you install external USB WiFi adapters..?
When you say "restart", do you mean the entire OS, or just restart sys-net..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/85586023-cabe-4e6b-87b5-f8aaecb6faa0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How do you install external USB WiFi adapters..?
I plug in a USB WiFi adapter. I go to sys-usb, and run "lsusb". It shows up there as, "Bus 002 Device 028: ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter" What happens next..? How do I get this to the point where it can be used..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d824fe21-3423-449c-8dd4-57ad18fc24d4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] WHERE is VT-D implemented..?
Quick question. WHERE is VT-D protection against DMA attacks implemented..? Is it implemented at a particular VM, such as "sys-net" or "sys-firewall" Or is this just built-in to the entire Qubes system regardless of which VM you are using..? If I were to run something like wget google.com within "sys-net" terminal Would that be protected by VT-D..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/28354a3a-a7bc-4d91-8d21-76f4201f30e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to attach Ethernet to a VM other than sys-net..?
Alright. I came to the conclusion that this is all a waste of time. A hacker (especially nation state) would hack your main home router. Then hack your endpoint laptop. Then they can see that both are connected to a dedicated Tor router in the middle, through its MAC address or other identifier, such as device name. So they can see that both are connected to the same dedicated Tor router, and thus, they can see who you are that way. So unless you are confident that you can secure your main home router, then this idea of a dedicated Tor router is hopeless. You would be better off using a QUBES live disc and ONLY use Tor from the very start. As the internal NSA Snowden documents say, "one page request" is all it takes to hack you.. but note, they can only do this page request if you are actually connecting via your real IP address. Therefore, use a QUBES live disc, use TOR ONLY (never mix it up with clearnet), and make sure your BIOS is freshly installed, and then just cross your fingers and hope you don't get hacked while using Tor browser. By all means, use NoScript etc. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/37ad9472-69d0-46fa-9502-73c4d3f9c8b8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to attach Ethernet to a VM other than sys-net..?
If I type "ifconfig" in "sys-net", it's clear that Ethernet is attached to the "sys-net" VM. I would like to attach the Ethernet to the Whonix VM, so that I can use it as a Tor router to route the Tor connection into a 2nd laptop. How do you attach Ethernet to a particular VM..? Does anyone know..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/15d9a451-e007-4f87-86bb-91f634488dc2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to set up Internet Connection Sharing over USB..?
Alternatively, I could do this with Ethernet. I know that you can right-click the network icon, click "edit connections", go to IPV4 settings, and edit it as network sharing for the WIRED connection. However, this is only going to share the overall connection. I am looking to explicitly share the Whonix/Tor connection only. thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d825c8f-a563-4bfd-8785-b0f5731117fd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Is there any way to mount a Qubes volume from an external drive..?
I'm not trying to mount the external HDD itself. I'm trying to mount the Qubes installation it. The encrypted Qubes OS that I have installed on the drive. I want to somehow decrypt and read the data from that itself. It's not a VM backup format. It's the actual hard drive for Qubes itself on an external HDD. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/18e995c3-fd41-49c8-b2b9-99076e8aa774%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to set up Internet Connection Sharing over USB..?
Is there any way to set up Internet Connection Sharing using USB..? For example, with an Android phone, you can share its connection with a computer using so-called "tethering". But I want to "tether" the Whonix VM's internet connection to another computer, using USB. The purpose is to use Qubes as a dedicated Tor router, to take advantage of the VT-D protection, but then to use a separate computer to do web browsing, seeing as web browsers are so vulnerable, and I don't want Qubes to be hacked due to a web browser flaw. All I want to run on Qubes is Whonix VM and some kind of Internet sharing over USB. How do I do this..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/67657be0-a884-4b0e-8cc9-9ccc8ee7f5c4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Is there any way to mount a Qubes volume from an external drive..?
I have an external HDD with a Qubes installation on it, i.e Qubes installed direct to an external HDD. I want to be able to get the data from it, but my laptop won't boot up the drive for some reason. Maybe it's a problem with my laptop, but either way, I can't seem to get it to boot. However, when I plug in the HDD, I can see that the files are very much still on it... It has the EFI folder, and the main Qubes encrypted drive on there. So, is there any way of mounting this HDD in Qubes..? I have Qubes running now, but it's installed on the local disk. I want to mount a Qubes installation from an external HDD. Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6c606b47-bdc1-4c13-8e28-1ae6b71b0ee0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Can DMA attacks work against Ethernet... or just WiFi/wireless...?
1. Timezone doesn't matter much. You can change that. 2. With typing, you would keep that to a minimum. I'd mostly use it for web lookups. I could also use a special keyboard system that sends all keys in a consistent speed, so it's more like robotic typing than human typing. 3. With audio, you just disconnect the mic, and webcam. Easy. 4. With abusing WiFi, that's why I said I would use a WIRED connection. The only point I agree with you is the WiFi. That's why I say, use Ethernet. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/977ed19f-7a5a-407c-8453-ca9c4751f602%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Can DMA attacks work against Ethernet... or just WiFi/wireless...?
jkitt Yeah, I know that Ethernet is capable of DMA. But DMA is different from a DMA Attack A DMA attack is when a hacker exploits a software error in the Ethernet firmware, and uses that to take over the device and issue malicious DMA attacks. So I guess I'm asking whether any such software errors have been found in Ethernet firmware before. Things like you could get with ordinary software, like buffer overflow, heap overflow etc. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/753a71d6-451f-4b58-95f4-880f828d2b1e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Can DMA attacks work against Ethernet... or just WiFi/wireless...?
Qubes uses VT-D to protect against DMA attacks on things such as WiFi chip.
But are there any proven DMA attacks against wired networking, i.e. Ethernet..?
Hackers can exploit a buffer overflow on the network card's firmware, and use
that to take control of the network card, and issue a DMA attack to take
control of the entire host computer.
I previously posted a thread about this on qubes-users ("Question on DMA
attacks")
... and Marek mentioned WiFi when speaking of DMA attacks.
Is Ethernet also vulnerable...? Or just WiFi..?
I say this because I wanted to build a Tor router that sits between Qubes and
my main router... so that even if Qubes gets hacked, they can only see what I'm
doing, and not WHO I am. The theory being, that there are no exploits for Tor
itself, and only for the Firefox browser. Thus, the IP address is always
obscured behind the Tor router.
So my router box is going to have Ethernet only, because if my Qubes is hacked,
then it could just use WiFi to scan for nearby routers, including my own WiFi
router, and thus identify me.
So, wired networking is a must.
And thus, I wanted to know if Ethernet is vulnerable to DMA attacks, because if
it is, then I would have to use Qubes for the Tor box in the middle.. or at
least, use some OS that supports VT-D, even if it's not Qubes.
Qubes has high system requirements, thus I'd prefer to have a cheap computer as
the Tor router in the middle.. But if there truly are exploits against
Ethernet, then I'll just have to use Qubes.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/5db2fc77-ecfe-446e-8ee1-80309bf3b05c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Does anyone use a dedicated Tor router box..?
It's true that MOST don't affect Qubes. But just in the last 1 year, 2 Xen exploits have directly affected Qubes. Hence, why they switched over to SLAT for QUBES 4.0. So no.. Xen really is a very big issue for Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/525a6d90-50e5-4dd0-9a2a-ec9ab4ed6fef%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Do Linux browser exploits exist..?
I've seen some dispute that a Linux browser exploit even exists. Like, could you take Chrome or Firefox to a page, and then have a remote shell, that loads a file onto the hard drive to monitor everything? I can do this with Metasploit on Windows, but I've actually seen a lot of people saying that it's not even possible on Linux. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4f493648-b51b-4459-aee2-c2d80881913d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Does anyone use a dedicated Tor router box..?
Qubes is insecure due to Xen exploits. Qubes tends to quickly patch the exploits, but we know how it works in the real world... nation states and other people buy up the exploits before they can get to the market. I would also suggest that if you are using Qubes, this may even be a flag at somewhere like the NSA to target you for surveillance. I could be wrong, but see the NSA Snowden documents mentioning "extremist" Tails OS. So if you assume that simply using Qubes puts you on a nation state's attention list... then, at this point, the question is.. do you think the NSA has Xen exploits before everyone else finds out about them...? Considering that Snowden is literally advertised on the Qubes home page, I would suggest the answer is "Yes" The NSA is now very likely spending money buying up Xen exploits and developing them themselves. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6947f09a-c605-417c-b591-ec2a2d85f90e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Does anyone use a dedicated Tor router box..?
The big fear is that a hacked workstation could then be hacked to pick up WiFi hotspots in the area. I just thought though... maybe use an all-wired network. You would have a wire from Router => Tor router => Workstation If it's all wired, then surely the workstation can never see the regular Router, or in fact, any routers at all. So what do people think..? Could an all-wired solution solve this problem..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/486a645a-39dc-4973-bb31-6b2e61e5d1cf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Does anyone use a dedicated Tor router box..?
After thinking about my idea a bit more... I have concluded that it doesn't work. Once they hack the computer, they simply start scanning for nearby non-tor routers, and they can identify you by which non-tor router you connect to. Even if they don't have your router's WPA2 password, they have your router's NAME. I am talking about a nation-state quality hacker here. They will have a database of every house in the country (and world?) and the name and addresses of every router... Therefore, they just hack in, and figure out who you are by which router is the core router. They just skip the Tor router altogether, and find out the nearest non-Tor routers. Unless... there is some way to make a router hidden from the outside world somehow. But I don't think that's possible. If you have an ISP, then the nation state can correlate router to person. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5819ca40-6ec9-443e-b854-5e7a6a8b94de%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Does anyone use a dedicated Tor router box..?
Does anyone use a dedicated Tor router..? The theory is, Tor is secure, but Firefox is not. Therefore, you have 1 computer that runs Tor only, and a WiFi hotspot... Another computer runs Firefox and any other programs. So long as the other computer connects to the Tor computer for network access, it doesn't matter if it gets hacked, because your real IP address never leaks. Qubes implements this somewhat by separating the Whonix Net VM and App VM. However, the problem with Qubes, of course, is all the Xen exploits which make it insecure. If you were hacked in Qubes, the hacker could easily then leak out your real IP address. But if you were hacked behind a physical Tor box, your real IP can never leak, unless the Tor box itself can be compromised... And as far as we know, there are no exploits for the Tor network itself, only for Firefox. I would use Qubes for the Tor box and the other box, if only for the VT-D protection, although maybe there are other free Linux OSs that have VT-D protection. What do you think...? Has anyone tried doing this..? How did it work out...? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/99f09226-7eb1-48db-8927-a1809a4a0db1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: What would a BIOS exploit mean for QUBES users..?
Does the BIOS have access to the network directly though, or does it have to push an exploit into Qubes itself, which then sends it through the network? That was one of my main questions. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2201b3a0-5bee-455d-9acf-614db4792c3e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] What would a BIOS exploit mean for QUBES users..?
What would a BIOS exploit mean for QUBES users..? 1. Can the BIOS directly access the network? For something like sending keystrokes directly to the network card, bypassing QUBES OS..? 2. Or does it just inject something into the OS upon boot, and then it's an infected QUBES OS itself which transmits keystrokes? 3. Or can keystrokes and data be stored in the BIOS for retrieval for retrieval if someone has physical access to the computer? 4. Or something else altogether? I want to know as much about what a BIOS exploit could do for QUBES users. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6473d97d-3566-4deb-9f57-5d8590a39249%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Why does Qubes default to 2 VCPUs..?
According to VM Settings, I have a maximum of 4 VCPUs that I can use on any VM. When I installed Qubes though, it put 2 VCPUs on each VM. Is there any particular reason why I shouldn't be using all 4 VCPUs..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f696d79b-2e28-48a0-be2f-2795952f60e1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] QUBES Windows Tools won't install
I remember when I first installed Windows Tools, I accidentally double-clicked it and it was installing 2 versions of it at the same time. This may have been what screwed up network access. It may not be a glitch with Windows Tools at all. Can Windows Tools be removed and re-installed in Windows "Add/Remove Programs" or something like that..? If not, I'll re-install my entire win7 again, and maybe this time it will work. What Windows Tools may need... is a system to prevent the user accidentally installing it multiple times at the same time. I had 2 installations of the exact same thing going at the same time. That's all I can remember doing wrong. This may not even be the reason at all. It's just my theory. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/72bec03a-33c8-4c38-9525-57de96f9f488%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] QUBES Windows Tools won't install
I installed it. Networking was working prior to Windows Tools. After installing it, the network no longer works. "no network access" when you click the network icon in the taskbar. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/48fc8ee9-b59d-4069-a853-4e4b3090649d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] QUBES Windows Tools won't install
I have a Win7 machine running, but I need to install Windows Tools. in dom0, I run sudo qubes-dom0-update qubes-windows-tools I get "no package qubes-windows-tools available" I am running QUBES 3.2-rc2 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9a2848f8-da8b-45af-8175-7e9f09a53f15%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Why does QUBES recommend SSD drives..?
The Qubes website recommends SSD drives. Is there any particular reason..? Does Qubes use read/write to the hard drive any more than Windows... to the point where it's going to cause drive failure a lot earlier..? Or is it simply a speed thing..? Or what.? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b674086e-3c4d-4adf-9b5a-d7da5a888cfa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] QUBES 4.0 release date...?
Does anybody have any rough idea of the Qubes 4.0 release date...? Obviously Qubes has not yet lived up to its security promises, with 2 Xen exploits in less than 1 year. Qubes 4.0 promises a big security improvement with SLAT. What about the release date..? Also, what would it take for Qubes 4.0 to come out faster..? Does Qubes simply need more donations and money..? Would money greatly speed up the development of Qubes..? If so, how much money are we talking about..? I look at things like the budget of the NSA, and the budget of Microsoft, and these are some huge budgets. If the NSA could just ditch their dual mission of attack and defense, and do purely defense only... then they could probably develop Qubes in like 1 week or something.. Anyway... I'd like some more insight on this topic. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8a25bd6f-aef1-431b-9da2-fe3c0902eaa6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What exactly is stored in an App VM backup..?
OK, that's really nice to know that startup scripts are not saved. Really nice. The thing about having to shut down the VM is still annoying though. The other thing is, the progress bar for Qubes backups is very bad.. It stays at 0% for a long time, and then hours later, gets to 100%... There is not the kind of progressive movement that lets you know how long this is going to take. Apart from that though.. at least it's secure. That's the main thing I care about. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/797de76c-76ee-44fb-8917-6a29ce3652a4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What exactly is stored in an App VM backup..?
But presumably this private.img is going to include things like: folder: /etc/init.d/ file: /etc/rc.local things like this, which are used to do start-up scripts. So anyone who hacked the VM might place some start-up scripts which link to malware stored on the machine. So these are going to be backed up by the Qubes backup system. This is why I thought it would be better to use an internal Fedora system to do the backup. Doing this would also prevent you from having to shut down your VM in order to do the backup, which is a drain on productivity. --- Or am I wrong here..? Would this somehow not back up any start-up scripts...? Because that's what I'm worried about. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c45479a8-c541-47cc-a427-34d8d3379e3f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] What exactly is stored in an App VM backup..?
I want to know.. what exactly is stored in an App VM backup..? When you back it up, and you have your single backup file, what is in that file? Obviously, your personal files, like folder structure, Documents, Downloads, Music etc. But how about programs..? Are programs stored in there, or are they only stored in the template VM..? How about things like startup scripts, for example, a startup script that may load up a virus..? Or are those just in the template VM..? I say this in terms of security... as to whether it is safe to back up an App VM... or whether it's safer to back up the files from within the App VM using some sort of Fedora tool... Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2cf22885-9220-41e2-9a4a-5b6d529cf43e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Tool to record Whonix / Tor browsing history..?
I would like to be able to do something like: 1. Use Whonix/Tor as a disposable VM 2. Record browsing history using an external software One of the reasons I don't use Tor that much (other than slow speed, captchas etc) is because I actually want to have a record of the websites I have visited. We know that it could be risky to have the Tor browser itself record history, if it gets hacked. But to have some tool running outside of the VM would be useful.. Is that possible..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/72cae3bb-8359-49b3-91db-12e3b9e12c2a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Attach a sound card to a VM.. so I can manually switch over to HVM.
I have been reading through security advisories from the Xen website: https://xenbits.xen.org/xsa/ I haven't gone through them all yet... but so far, not a single one involves breaking into dom0 with HVMs. I think for this reason, QUBES 4.0 is switching over to HVMs. I don't know when QUBES 4.0 is being released. Presumably not soon. So in the mean time, I'd like to manually switch over to HVMs myself using QUBES 3.2-rc2. As far as I can tell, the only thing stopping me is the lack of sound support. I saw over on qubes-devel that you can pass the entire sound card to your HVM, and therefore, you can actually get sound within an HVM. So, I'd like to know how to attach a sound card to a VM. Also let me know if there are any others issues, other than sound, stopping me from manually moving over to HVMs myself. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1993a667-ce87-4ea5-9a10-006fe79436e6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Question about Whonix / Tor Browser / exploits
So you're saying that you can run an entire Xen exploit without installing anything to the hard drive at all... Just purely run it in the RAM itself. Wow. And what do you think about Selfrando..? Is this going to fix browser exploits once and for all, or will it just fall to hackers..? https://blog.torproject.org/blog/selfrando-q-and-georg-koppen "Selfrando randomizes Tor browser code to ensure that an attacker doesn't know where the code is on your computer. This makes it much harder for someone to construct a reliable attack--and harder for them to use a flaw in your Tor Browser to de-anonymize you." http://news.softpedia.com/news/tor-browser-integrates-tool-to-fend-off-deanonymization-exploits-505418.shtml "While ASLR takes code and shifts the memory location in which it runs, Selfrando works by taking each code function separately and randomizing the memory address at which it runs. If the attacker cannot predict the memory position at which pieces of code execute, then they cannot trigger memory corruption bugs that usually allow them to run rogue code inside the Tor Browser" -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d402e4ba-03b6-45b8-a0e8-381198bedbfd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Question about Whonix / Tor Browser / exploits
I have a question about Whonix/Tor Browser exploits. I have played around a bit with Metasploit to see how browser exploits work. They basically rig a web page with exploits, and then it does what's known as "arbitrary code execution", to open up a "remote shell". As far as I can tell.. the remote shell is running in the browser's RAM. They are essentially hi-jacking the browser's RAM, and using it to run their own remote shell. The hacker then usually loads a file from the remote shell, onto the computer's hard drive, in order to obtain persistence... As soon as the browser tab closes, the remote shell is gone, hence why they need persistence. So my question is about persistence. Is it possible to simply remove the hard drive altogether from Whonix, to prevent them achieving persistence...? I know that TAILS simply doesn't have a hard drive at all. Would this be useful to have in Whonix..? To remove the hard drive altogether, perhaps in VM Settings in QUBES...? Or is it possible to run a Xen exploit purely in the browser's RAM anyway...? Thus, they don't even need a hard drive because they can just run the exploit in RAM anyway...? So the main question is really whether they can run the Xen exploit in RAM anyway or not If not, then surely removing the hard drive itself would be useful...? Hopefully you understand my question. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6738a699-2afb-4a73-ade2-203608f142a8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes VM Manager crashes on USB un-plug, "Houston, we have a problem"
Qubes VM Manager crashes on USB un-plug, "Houston, we have a problem" I plug in a USB, then attack it as a block device to a VM. Then I remove the USB device without first unmounting from within the VM And then USB no longer works at all, and if I try to detach the block device, the VM manager crashes and we get "Houston, we have a problem" error message. Sure, I can go into the VM in the first place, unmount it, and then detach the block device. But sometimes I forget to do that Other than restarting the entire OS... what can I do.? It's really annoying having to restart the OS whenever I screw up and accidentally remove it without unmounting first. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0eee95c7-5321-4a08-9a0f-89a7b15bd351%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 3.2 rc2 has been released!
The QUBES website incorrectly lists the file size for 3.2-rc2 It still lists: "4.8 GB (4,816,109,568 bytes)" It's actually now small enough to fit within a DVD disc now. 3.92 GB -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3d427595-f9e7-4f4c-99d6-87346a41c898%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Will SLAT / EPT truly make QUBES 4.0 more secure..?
Based on 2 Xen exploits in just the last 1 year, QUBES 4.0 is moving over to using SLAT / EPT for memory isolation, and to using HVM/PVH rather than PV. Certainly, in the last 2 Xen exploits, it has only affected PV and not HVM. However, is it possible that using Intel's EPT is even riskier..? Intel ME is said to be insecure by Joanna Rutkowska due to its insecure implementation, and not being able to look at the code, because it is closed-source. Well, couldn't the same be said for Intel's EPT..? Surely this is closed-source too..? No..? At least with Xen, we can actually see the code and fix the bugs, whereas surely with Intel we have no chance. Or am I missing something here..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fb61e544-740e-4e7a-a837-898e507d2711%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Question on creating USB qube
Yeah, I'm not talking about WiFi USB dongles. I'm simply talking about the INTERNAL WiFi. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4285d8b5-83b5-4acb-8c9c-84f64009769b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Question on creating USB qube
OK thanks for the explanation. Let me follow up with another question. Do I need to create a USB qube in order to take advantage of the VT-D/IOMMU protection for my internal WiFi chip... or is sys-net OK in that regard..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5dc5207a-ac2d-4360-935e-66f8ee07ae21%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
