Re: [qubes-users] Re: How to backup an iPhone under Qubes

2016-12-07 Thread Vít Šesták
Good point, but it is not the exactly same risk.

First, the qrexec goes directly (maybe  trusted dom0), while network gores 
typically through sys-firewall. Maybe a minor difference for some, but still 
worth noting. The VM can not only sniff the traffic, but it can also modify it, 
maybe in order to attack some other VM.

Second, the Windows implementation does not look to be updated, so there can be 
unpatched known vulnerabilities. Moreover, it might be easier to find unknown 
vulnerabilities for such unmaintained software.

Both of them might be justifiable, but it is good to know when considering it.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba15183e-6f4b-4656-97cd-0ee4c50ecdaa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: How to backup an iPhone under Qubes

2016-12-07 Thread Jean-Philippe Ouellet
On Sun, Dec 4, 2016 at 11:27 AM, Vít Šesták

wrote:
> Alternatively, you can forward USB to Windows using usbip. Again, you need 
> iptables rules. I did this in older Qubes version with Linux machines, but it 
> should work the same with Windows.
>
> Security concerns when using usbip this way:
>
> * You trust the VMs where the network goes through (usually sys-firewall).
> * The host VM could be attacked if USBIP is vulnerable.
> * The guest VM could be attacked if USBIP is vulnerable. I am not sure how 
> much is the guest software maintained, since the last release is about 5Y ago.
> * Other general threats related to USB (BadUSB, USB sniffing etc.)

Note that the new qvm-usb functionality is built using USBIP, just
over qrexec rather than IP, so you may or may not be meaningfully
increasing what you already trust by using it here.

https://github.com/QubesOS/qubes-app-linux-usb-proxy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_A8%2BLhLn-rc%3D%3DYjqjJxUYuiV%2BKtfqyK2jZrD9P1JPboOA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: How to backup an iPhone under Qubes

2016-12-04 Thread Vít Šesták
What bridge do you need for network? With Qubes, you can use iptables to route 
a trafic on a specific port to a specific AppVM.

You need to do this on all VMs that are in the path. Usually, you forward a 
port from sys-net to sys-firewall and then from sys-firewall to the AppVM you 
need. Would this solve your problem?

Alternatively, you can forward USB to Windows using usbip. Again, you need 
iptables rules. I did this in older Qubes version with Linux machines, but it 
should work the same with Windows.

Security concerns when using usbip this way:

* You trust the VMs where the network goes through (usually sys-firewall).
* The host VM could be attacked if USBIP is vulnerable.
* The guest VM could be attacked if USBIP is vulnerable. I am not sure how much 
is the guest software maintained, since the last release is about 5Y ago.
* Other general threats related to USB (BadUSB, USB sniffing etc.)

Maybe none of those concerns is a thread for you, but you have been warned.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3449f6d1-13c3-4e8c-8c95-e5a642805f20%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: How to backup an iPhone under Qubes

2016-12-03 Thread raahelps
cause i can assign single device to a linux appvm no probs,  but not to the 
windows hvm.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bdedeb90-52e0-4b84-83de-d4d3809a73cd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: How to backup an iPhone under Qubes

2016-12-03 Thread raahelps
On Thursday, October 6, 2016 at 1:54:14 PM UTC-4, qu...@posteo.de wrote:
> Hi ,
> 
> thx for your reply.
> 
> On 06.10.2016 10:13, Grzesiek Chodzicki wrote:
> > W dniu środa, 5 października 2016 22:23:28 UTC+2 użytkownik
> > qu...@posteo.de napisał:
> > USB passthrough for HVM is currently broken, You need to either use a
> > Linux AppVM or do it over the network.
> 
> Is there a possibility to run iTunes on Linux in an AppVM? At least I am 
> not aware of it without a virtual machine with Windows.
> 
> Network would work in theory, but it would require a bridge, which is 
> not possible without patching in Qubes OS afaik.
> 
> Network backups also need to be setup for the first time via USB which I 
> can workaround atm by copying over the iTunes configuration from the 
> other VM but this still requires a bridge network device.
> 
> Regards

what about making an appvm from a win7 templatevm?  or prolly all still 
considered hvm which I think is the prob.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9b58537a-b185-4aff-b8c8-325d8de7489d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: How to backup an iPhone under Qubes

2016-10-06 Thread qubes

Hi ,

thx for your reply.

On 06.10.2016 10:13, Grzesiek Chodzicki wrote:

W dniu środa, 5 października 2016 22:23:28 UTC+2 użytkownik
qu...@posteo.de napisał:
USB passthrough for HVM is currently broken, You need to either use a
Linux AppVM or do it over the network.


Is there a possibility to run iTunes on Linux in an AppVM? At least I am 
not aware of it without a virtual machine with Windows.


Network would work in theory, but it would require a bridge, which is 
not possible without patching in Qubes OS afaik.


Network backups also need to be setup for the first time via USB which I 
can workaround atm by copying over the iTunes configuration from the 
other VM but this still requires a bridge network device.


Regards

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ec5b5e897ba5416a19b86ae63a5dd1c%40posteo.de.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: How to backup an iPhone under Qubes

2016-10-06 Thread Grzesiek Chodzicki
W dniu środa, 5 października 2016 22:23:28 UTC+2 użytkownik qu...@posteo.de 
napisał:
> Hi,
> 
> how can I back up my iPhone without a separate Os?
> 
> I have installed Windows 10 in an HVM and tried to add both USB 
> controller devices but then the VM does not start.
> 
> Backing up via Wifi does not work because the HVM is behind a NAT.
> 
> I have not tried WIndows 7 because I have not access to it.
> 
> So is there any solution which does not require another os or another 
> computer?
> 
> Thx in advance

USB passthrough for HVM is currently broken, You need to either use a Linux 
AppVM or do it over the network.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f376cbac-62e2-4a9b-b3c9-d816e743d5c7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.