On 2016-08-11 18:50, Andrew David Wong wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-08-11 05:08, amad...@riseup.net wrote:
My understanding is that by default Qubes Dom0 is protected from USB
attacks by disallowing access to USB's. To the contrary,on my system,
USB's
have direct access to Dom0 - I plug in a usb -popup shows it's
connected to
dom0 - i have direct access via dom0 to the files on the usb.
Is it just me? or it it a system failure?
Pleas read this page:
https://www.qubes-os.org/doc/usb/
Without a USB qube, the USB controllers are left in dom0, which sounds
like
your situation. Depending on the version of Qubes you're using and
whether
you're using a USB keyboard and/or mouse, you should have been prompted
during
installation to create a USB qube. However, you can also create one
yourself
by following the instructions on that page.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXrMkGAAoJENtN07w5UDAw2SkQAKE230GVdVVTj6ds7dH2m7ua
LJfdrLATMfXiCc8ua0GCPB/LFlBHua39LJDowL0okeX7UZfh6mPS+iQ51wEDVHU1
Mox/PaEqkKpv7QnIj/6XSV3sIhwYqTIL+5HFBhd3IE8Psj2NCb30fYFJgoOdcpR6
/8Y2huXCxCIvlsuTnxaa9/xvwZXKaN7eB00OMrk2pzRBfNOTedMIONzy5pPOvF2Q
X0cOln+U7s2iu0s+WmZWtcgX82qKpTWa07r96WcTU262e8+TXvH8umZZtIlJLwLU
eJxucUJFaNOGYGUL9dx6zaFiQ5WmOpCQ37Awh/3m/iVgL6FrpUlX+z66ZCpC6UZG
pwjHKcv3jRyxNIXTu6ROwjPzjjuHx8xuKAP1cIhU/EsQi+k6goWXeIalwO2lmDy1
+lZwm3oHN1w2BEtPBthB+GDEsVjCzlUKnZSPZzj9rSMNW5CkYuw/KLXtKKhm2jcy
7sSAk8zZ320NA0OeLcMR485QFaQ3HPtVoWdaA2aHjV/bTtMQMR72rgUZGXI3jntB
kFnQfa255+IQN8+WH6goHypuunSz3od3HH1ChlSnO2slzykMRiy51bHvLGnyNILN
TuKSTBTzqHxeV242NoqJye+zVTm5Ka1V43MTjIO6vhLCFz5HN6ezViT3GX/Eehah
nrDdi2shrGFOzLwP7Zea
=ZISO
-----END PGP SIGNATURE-----
Thanks all for your input.
I do not recall being prompted to create a USB VM during installation of
3.2 rc2. However, I've now successfully created one and it works fine.
But I'm jittery that my system's integrity has been comprised by a
compromised USB Flash stick.
I guess the only solution is to ditch my current VM's [including
backups] and reinstall qubes?
It would be really good if the developers could modify their code to
prevent users from accidentally falling into this unfortunate trap.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/f3841092408e675f540d60d26f102907%40riseup.net.
For more options, visit https://groups.google.com/d/optout.
