Re: [qubes-users] Re: How to backup an iPhone under Qubes
Good point, but it is not the exactly same risk. First, the qrexec goes directly (maybe trusted dom0), while network gores typically through sys-firewall. Maybe a minor difference for some, but still worth noting. The VM can not only sniff the traffic, but it can also modify it, maybe in order to attack some other VM. Second, the Windows implementation does not look to be updated, so there can be unpatched known vulnerabilities. Moreover, it might be easier to find unknown vulnerabilities for such unmaintained software. Both of them might be justifiable, but it is good to know when considering it. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ba15183e-6f4b-4656-97cd-0ee4c50ecdaa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How to backup an iPhone under Qubes
On Sun, Dec 4, 2016 at 11:27 AM, Vít Šesták wrote: > Alternatively, you can forward USB to Windows using usbip. Again, you need > iptables rules. I did this in older Qubes version with Linux machines, but it > should work the same with Windows. > > Security concerns when using usbip this way: > > * You trust the VMs where the network goes through (usually sys-firewall). > * The host VM could be attacked if USBIP is vulnerable. > * The guest VM could be attacked if USBIP is vulnerable. I am not sure how > much is the guest software maintained, since the last release is about 5Y ago. > * Other general threats related to USB (BadUSB, USB sniffing etc.) Note that the new qvm-usb functionality is built using USBIP, just over qrexec rather than IP, so you may or may not be meaningfully increasing what you already trust by using it here. https://github.com/QubesOS/qubes-app-linux-usb-proxy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_A8%2BLhLn-rc%3D%3DYjqjJxUYuiV%2BKtfqyK2jZrD9P1JPboOA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
