Re: [qubes-users] Re: Quick question please, need help!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/07/2019 3.11 AM, Sphere wrote: > I'm not particularly knowledgeable about the verification process > being done by dnf on the signature of packages so the question > still lies on me: Is downloading packages from plaintext http > susceptible to MITM? > Suppose an attacker intercepts a package with a valid signature, modifies it, then passes it along to you. When you receive it, dnf (technically gpgv) will not be able to verify the signature (since the package has been modified), so the package won't be installed. In this sense, the MITM attempt will fail. Of course, there's no such thing as perfect security, so an MITM is technically possible if the attacker were find some way to defeat this system, e.g., obtain a copy of the signing key or craft malicious input that exploits a vulnerability in gpgv. (This is why signing keys are closely guarded and gpgv is intentionally simpler and harder to exploit than gpg.) > Even if that is not the case, I believe we can't be for sure that > there's no exploitable vulnerability on dnf involving packages > poisoned either from the source itself or in transit through > plaintext http. > Correct. We can never be sure that there isn't some security flaw that we haven't discovered yet. This is, in fact, a fundamental tenet of the Qubes philosophy: All software has bugs, and we can't fix them all. As we speak, bug software is being written around the world. Even if we tried, we couldn't fix them quickly enough to keep up with the rate at which they're being produced. Instead, we compartmentalize. Separate things in their own boxes so that when bugs inevitably bite, the damage is limited. For the software we can't compartmentalize, keep it as minimal as possible. In any case, it would better to have both signed packages _and_ transit via HTTPS. If I had to choose just one, I'd pick signed packages, since it wouldn't be difficult for an attacker to serve malicious packages over HTTPS. But, again, both would be better. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl0dlZMACgkQ203TvDlQ MDA2XhAAkvv5gxEvQa+D1hgN0eyFeptmNV2ze1NkZrd979ZOC2vnTGNKefRyzcQ+ obBwKOUv8w3czdxRlKx1JJ7gthJYyEukWYIv3mxqYG8ZLx8ZMIvQBU4G7445nrtY S2FaeVrLH6useEUUhpWRQQxWQnLJfuQseEYaS+8i4db9KhslBEcVUlp4BkUVnjcA oCfSSiSjUX6YUP0wcq44dZKQBlzf1V9QYR+K/y+r0B5qngrFF2QyAsUy5fXNQPvA NKbq5tKOU2zOHsuNVSCxokHI1uZkS5pU/hdNxEDslSBM3SiL+numYnrREamgdg9q w0SPCXptJagD/EI3U9jk2CmTYt8kMajiHgDttSqEvG32rp+z1IZwJ0Ku6DTgk7O1 ce3GqD3b1NERjM8VDVdDor0T+4rEnPPfznvEHHcOzdXzS93rU4wxiCjLy4nXK0Ah FqXHAu64u3Z+CKw05WbprcL3xJ1DVULJtPOnrwiiZ88UV327OFZwRJUSS22DrPsC kkvHkJ6kUuM9IFNyXLjrWQnTbFCl+KFhGXDWPS3px8dQwK+l/3idQL4gnxAa8Ygy Dv7ttr9OGqfSLmuZco+nU5KqJ44hgvvpRS/Y/0amumpbsxKJizKn34nLXSQjODc/ CPqDZCQOskKIMaUyD71r81Vj+/iCj21iZLv9Gh4POK0WrHdZXVY= =fWbd -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/efeda109-da60-cbcf-d2b9-759803ecc2d8%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Quick question please, need help!
I'm not particularly knowledgeable about the verification process being done by dnf on the signature of packages so the question still lies on me: Is downloading packages from plaintext http susceptible to MITM? Even if that is not the case, I believe we can't be for sure that there's no exploitable vulnerability on dnf involving packages poisoned either from the source itself or in transit through plaintext http. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/689626e9-dad6-4efa-a615-57add8280147%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Quick question please, need help!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/07/2019 10.15 PM, Sphere wrote: > [...] > > 5. Picking only update sources that you could trust. IDK about > debian but in fedora, by default, all updates are grabbed from > mirrors and alot of those only support http which is bloody > insecure thanks to being just plaintext and susceptible to MITM > attacks. > > [...] Fedora packages are digitally signed. dnf checks the signature by default. If the signature is not valid, the package will not be installed. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl0cPUIACgkQ203TvDlQ MDAn3g//fuZSym+J6RDgO6/gNBL2P+73EAZ9lRaiFc66ozwF0+fQsRqrGQgZz1TB M8QA7h1Tp71JPNnXGRzZHe0XvWNLazZmr3hBiZ3fSpZelEgHUAdROUY+zAJg1J+L ub87MFpTqqUxn/d+jp52OXbFNP2jy7mY3/aMypuI0R+y9K8uaNhwUoSJGLSLb6+r jHFn9LIrG4txqCoCcSGMSi4/tppt12/g6c4EpRNGKbf556Iaxtikv8ar0WbLc7ke AQRaP4Rbm9rLksiKx8n4fhMnF8jhBJ/7Obn/sLMYRy7n/gFqoVTECeB5KMW2Syqe EZHz954rItZRJPyiwpsa0TmZ018K0kN3CSgxPqXVqIQdK2aq9xhUqxUtE8zg3B7Q 7TW1Aqv81Gif1Y0UFfCUKxMoQzSWD7FfhVVr6reZL2pSHFQ/rt8JbgG2XkYSM/IO UFf8+HUzxhmbiq68MA50zhJ7mPp9KTw3RaG19CviBxNrS5PgjYIBTbpykhE2/Qho Sv5x46l640MUgBGhnQyVCJunlAAOOyCDe8JaHnfqYmenw8abTe3REWxUa+04Qt31 U+xtVV9/CmEW3qTw9qUFxytUSsy3Xkd5l8pbuqBHlUbuNDtbd95NZhc7wc7Xr7OE ABtfT6WzwbdbsWdc/67/Ry8VdXkIQKPoczeNMgzadLIQ1Ww6+Mw= =Gxzq -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/476e4a1b-2689-d4f8-d124-34ea290ba733%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Quick question please, need help!
@Jon deps: Proper hardening involves: 1. Proper use of firewall rules using qvm-firewall 2. Reducing the attack surface by only installing what is needed. Refer to usage of debian-minimal and fedora-minimal template in Qubes documentation. 3. Drop INPUT and OUTPUT in sys-net(only do this if you have proper DNS resolving mechanisms in place that are not reliant on sys-net, Qubes is reliant on sys-net for proper DNS resolutions by default. If you're interested then you can start by knowing how to use DNSCrypt proxy made by jedisct1 or using Stubby to make a sys-dns qube to do DNS over TLS resolutions. 4. Implementing the use of a VPN in qubes or highly relying on sys-whonix to torify your connections. 5. Picking only update sources that you could trust. IDK about debian but in fedora, by default, all updates are grabbed from mirrors and alot of those only support http which is bloody insecure thanks to being just plaintext and susceptible to MITM attacks. This can be changed by modifying /etc/yum.repos.d/fedora.repo and fedora-updates.repo If you're interested in doing this then you can search up a thread I made about this here in qubes-users. Just put "Sphere" in search and you will definitely find it among the threads I have made. 6. Frequently updating your qubes after making sure you picked a source of updates that you can really trust. "Since the majority of networks assign the actual IP address to you, you likely won't have much control over that address, and logically the IP address belongs to the network, not you. Chances are that with a different MAC address you will not likely be getting the same IP address each time either, depending of course on how they actually allocate their addresses. " @steve.coleman: I would like to add that IP address allocation from the ISP to you entirely depends on whether they provisioned you a Modem or a Modem + Router combo. For the case of a Modem, you will be allocated a random IP address from a pool of IP addresses the ISP provides on the subnet that you, as a client, was allocated to. Some ISPs do not provide it by random and in the case of statically assigning you an IP address, they use your modem's MAC address and bind it to a specific IP address which effectively becomes your public IP address. This is exactly why VPN is very essential for privacy because any internet activity that does not go through a VPN could effectively be traced back to you by your ISP. Do note that there has been wide confusion that's still happening about Modems and Routers thanks to some devices actually being labelled Modems but in reality they are Modem + Router combos that has a DHCP server which provides you your private IP addresses (Private IP addresses are IP addresses you use to access devices within your local network). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/65c5caa6-2482-48e8-b3a8-362b6864293d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Quick question please, need help!
On 6/27/19 10:01 AM, Sphere wrote: The general idea is correct If dom0 gets pwned then everything else can be pwned and stolen, including your data pwning dom0 properly and successfully however, is not trivial because dom0 has no direct access to network hardware to communicate in the first place and malicious actors would need malware to communicate directly to the C2 server for commands. What's great about qubes is the fact that with proper hardening, it becomes very resilient thanks to the fact that it follows a 0-trust model. just curious what "proper hardening" you do (Sphere) maybe the argument is are you "safer" using hypervisors , because 'qubes' isn't really an traditional OS of course -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3938aafb-d997-d535-9031-d23091f59481%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Quick question please, need help!
The general idea is correct If dom0 gets pwned then everything else can be pwned and stolen, including your data pwning dom0 properly and successfully however, is not trivial because dom0 has no direct access to network hardware to communicate in the first place and malicious actors would need malware to communicate directly to the C2 server for commands. What's great about qubes is the fact that with proper hardening, it becomes very resilient thanks to the fact that it follows a 0-trust model. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9ce9472f-8c36-44c8-b513-424c591f2b63%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Quick question please, need help!
On 6/21/19 10:37 PM, ljul8047-re5jqeeqqe8avxtiumw...@public.gmane.org wrote: So I’m still learning about Qubes but I have a question please. I was told that if dom0 gets infected, everything in the laptop can be found and read. The ip is not a problem but I’m not sure about the MAC address? If they found out the latter by infecting dom0, what are the possibilities to trace that MAC address to the laptop owner? https://www.qubes-os.org/intro/ I would guess no different than any other operating system / probably your question is not specific to Qubes or this forum the selling point for Qubes seems to be tied to Xen Hypervisor being "bare metal" vs. other efforts at virtualization safety, which I hear even windows is using to some extent now -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e9ca3a6d-cf0a-b278-c84e-a67c9e2a4d32%40riseup.net. For more options, visit https://groups.google.com/d/optout.