Re: [qubes-users] Advantage of connecting through a mobile router in public?

Wed, 01 Feb 2017 09:36:10 -0800 

On 02/01/2017 01:16 AM, Franz wrote:




On Wed, Feb 1, 2017 at 2:13 AM, Chris Laprise <tas...@openmailbox.org 
<mailto:tas...@openmailbox.org>> wrote:


    On 01/31/2017 10:47 PM, Gaiko Kyofusho wrote:

        I keep reading examples where people are using something like
        mobile routers between thier phone/computer and public wifi
        spots, example like the blackholecloud
        <https://blackholecloud.com/>device or apparently Mike Perry
        of the tor project told arstechnica
        
<https://arstechnica.com/security/2016/11/tor-phone-prototype-google-hostility-android-open-source/
        
<https://arstechnica.com/security/2016/11/tor-phone-prototype-google-hostility-android-open-source/>>that
        "He suggests leaving the prototype in airplane mode and
        connecting to the Internet through a second, less-trusted
        phone, or a cheap Wi-Fi cell router."


    This is pretty dubious advice. What is to stop an attacker from
    breaking into the mobile router and using that as an attack
    platform to break into your main device? A few minutes...?



But doesn't a firewall add some additional security? Otherwise which 
is the purpose of having a firewall?


A layer 3 service cannot protect you against a layer 2 attack.


Now, if we're going to pretend that NIC-DMA attacks are not a part of 
the threat model, then we can just run a regular OS instead of Qubes.



Router firewalls were a "good" option in 2002, and the word "firewall" 
itself is powerful and insists we place trust in it. But it was folly to 
place trust in network infrastructure in the first place and now 
router-firewalls are popular targets. They contain NICs with imperfect 
and obscure hardware and firmware.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/da9a3d80-ebc2-b43f-a479-681a1f91ec54%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.






















					Reply via email to