-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/07/2019 3.11 AM, Sphere wrote:
> I'm not particularly knowledgeable about the verification process
> being done by dnf on the signature of packages so the question
> still lies on me: Is downloading packages from plaintext http
> susceptible to
I'm not particularly knowledgeable about the verification process being done by
dnf on the signature of packages so the question still lies on me:
Is downloading packages from plaintext http susceptible to MITM?
Even if that is not the case, I believe we can't be for sure that there's no
exploit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/07/2019 10.15 PM, Sphere wrote:
> [...]
>
> 5. Picking only update sources that you could trust. IDK about
> debian but in fedora, by default, all updates are grabbed from
> mirrors and alot of those only support http which is bloody
> insecur
@Jon deps: Proper hardening involves:
1. Proper use of firewall rules using qvm-firewall
2. Reducing the attack surface by only installing what is needed. Refer to
usage of debian-minimal and fedora-minimal template in Qubes documentation.
3. Drop INPUT and OUTPUT in sys-net(only do this if you
On 6/27/19 10:01 AM, Sphere wrote:
The general idea is correct
If dom0 gets pwned then everything else can be pwned and stolen, including your
data
pwning dom0 properly and successfully however, is not trivial because dom0 has
no direct access to network hardware to communicate in the first pla
The general idea is correct
If dom0 gets pwned then everything else can be pwned and stolen, including your
data
pwning dom0 properly and successfully however, is not trivial because dom0 has
no direct access to network hardware to communicate in the first place and
malicious actors would need m
On 6/21/19 10:37 PM, ljul8047-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:
So I’m still learning about Qubes but I have a question please. I was told that
if dom0 gets infected, everything in the laptop can be found and read. The ip
is not a problem but I’m not sure about the MAC address? If