Well, since the issue was finally closed I will reply here. On 3/6/21 1:39 AM, unman wrote: > I don't understand this example - if the destination is compromised, then > why would there be a need to modify the clipboard? They just capture the > data as is and exfiltrate it - you are hosed, and the Qubes clipboard is > the least of your problems.
At destination there is nothing useful to steal (at least not bitcoins) the bitcoin address is not useful for the attacker, it is a public address and private keys are in other uncompromised offline vm. What the attacker tries to do is replace your address in the clipboard to other address (controlled by him), in the hope that you paste it to someone who wants to send funds for you. I'm agree that the attacker could do a lot of additional things but many of them are more difficult, prone to fail, prone to cause detection. So I don't think it is a justification for not having a more secure clipboard and also easier to use which was the main objective. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/69a9b85a-0602-591b-dd7c-5c3912f2a91b%40riseup.net.
OpenPGP_signature
Description: OpenPGP digital signature
