Re: Mozilla (was: Re: [qubes-users] Password security/disposable vm security)
On Thursday, December 28, 2017 at 6:55:46 AM UTC-5, Tom Zander wrote: > On Thursday, 28 December 2017 03:49:07 CET cooloutac wrote: > > chrome doesn't have a good track record either. > > Not to be confused with the project “Chromium” which is based on the open > source version of google-Chrome. > > -- > Tom Zander > Blog: https://zander.github.io > Vlog: https://vimeo.com/channels/tomscryptochannel Even chromium has had black box issues in the past. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3ee73185-bd72-49ae-b2cf-a84dea3e2547%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Mozilla (was: Re: [qubes-users] Password security/disposable vm security)
On Wednesday, December 27, 2017 at 1:33:55 PM UTC-5, Tom Zander wrote: > On Wednesday, 27 December 2017 00:34:38 CET Leo Gaspard wrote: > > > I'm more concerned that they tried then how they failed. > > > It leaves a bad taste in my mouth. > > > tl;dr: please do google for “looking glass” and “mozilla” > > Its good we agree on all the technical details, and I agree intent is tricky > to guess about. > > I definitely will not advice people either way, my opinion is irrelevant and > browsers are not my specialty. > > The situation left a bad taste in my mouth, I had to conclude that their > priorities are not aligned with mine. Your millage may vary. > -- > Tom Zander > Blog: https://zander.github.io > Vlog: https://vimeo.com/channels/tomscryptochannel chrome doesn't have a good track record either. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/27b6e79a-a91c-44bf-98c9-8ce561447c23%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Mozilla (was: Re: [qubes-users] Password security/disposable vm security)
On Wednesday, 27 December 2017 00:34:38 CET Leo Gaspard wrote: > > I'm more concerned that they tried then how they failed. > > It leaves a bad taste in my mouth. > tl;dr: please do google for “looking glass” and “mozilla” Its good we agree on all the technical details, and I agree intent is tricky to guess about. I definitely will not advice people either way, my opinion is irrelevant and browsers are not my specialty. The situation left a bad taste in my mouth, I had to conclude that their priorities are not aligned with mine. Your millage may vary. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11327008.TsmdWpZAG9%40strawberry. For more options, visit https://groups.google.com/d/optout.
Mozilla (was: Re: [qubes-users] Password security/disposable vm security)
On 12/26/2017 03:25 PM, 'Tom Zander' via qubes-users wrote:>> "Personally, I' d avoid thunderbird and anything from mozilla, but thats >> just me." >> Do they have a bad track record(I planned on researching my apps later >> =p). > > Just last month they added an invisible plugin in their binary builds which > was programmed to not show up in the 'add-on' screen and had the ability to > alter page content. > Someone didn't actually program it well enough and the whole thing got > leaked and after a lot of heat, a lot of bad press they eventually > apologised. > > I'm more concerned that they tried then how they failed. > It leaves a bad taste in my mouth. > > Google for "looking glass" and "mozilla" if you want to know more. (disclaimer: I once was an intern for Mozilla, though I do not have any bond with Mozilla right now) tl;dr: please do google for “looking glass” and “mozilla” Erhm. This is a *really* biased way of putting things. They did push an (opt-out) study through the (opt-out, iirc) studies subsystem, that did have the ability to alter page content. That said, the add-on was not programmed to not show up in the ‘add-on’ screen (that I know of), it was just a regular opt-out shield study. Now, the handling of this particular instance has indeed been stupid: this study was actually no study, but a promotional event organized with the Mr. Robot series (which explains the ability to alter page content, though I'm obviously not saying anyone wanted it), and in addition to this it appeared with the suspicious “My reality is different than yours” message, which made some users think they had been infected by some virus. So I'm not saying this was not a particularly stupid action and that they did not end up with woefully bad press (especially damaging given they had just outed Firefox 57 and its long-awaited changes), but it's nowhere near as bad as what you imply, ie. that they would already have willingly pushed a malicious add-on. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/421f892b-2758-d853-1bea-33b9e1bc24f1%40gaspard.io. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password security/disposable vm security
Kk, thanks for all the information as long as that AppVM thing is true I'm happy enough. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f8bf2c54-a135-486b-b9f1-dd0cfd6fd896%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password security/disposable vm security
On Tuesday, 26 December 2017 00:56:30 CET mmm...@gmail.com wrote: > "So make sure your software is from a trusted source." > Right but even if it is trusted at one point it can become less > trustworthy later(infection) so I wanted to keep it perfectly "fresh" by > using disposables. Aha. In Qubes you *use* AppVM based virtual machines. Those are unable to change software because the actual software is owned by a TemplateVM. As such this idea of keeping it fresh is already done by normal daily usage of Qubes. The disposable VM concept goes one step up by isolating changes to your private data (downloaded files, config, etc). For your goal the dispVM doesn't add anything, AppVMs already do what you want. > "Personally, I' d avoid thunderbird and anything from mozilla, but thats > just me." > Do they have a bad track record(I planned on researching my apps later > =p). Just last month they added an invisible plugin in their binary builds which was programmed to not show up in the 'add-on' screen and had the ability to alter page content. Someone didn't actually program it well enough and the whole thing got leaked and after a lot of heat, a lot of bad press they eventually apologised. I'm more concerned that they tried then how they failed. It leaves a bad taste in my mouth. Google for "looking glass" and "mozilla" if you want to know more. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2452051.NKi2Ta5ZWQ%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password security/disposable vm security
>> ...switch to cookie authentication and forget the password, that way when >> the zero-day >> happens you only lose your cookie which is probably not as powerful as >> the actual password(ie I dont think you can change your password with >> just the cookie) plus the zero day can't "permanently" compromise >> thunderbird cause you opened it in a disposable yes, it can't probably change the password. but this is useless, is again like "admin vs not". stealing a cookie *ONCE* and you: -can't change password -CAN impersonate user -CAN read all mails in other words can do everything someone does with his mail... and mails works in other way so... i think that Qubes way is much better than any other thing, use it and don't worry about some impractical scenarios. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/247e0dfe-3c2d-3a1f-fedb-d65df200feea%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password security/disposable vm security
"The protection you want is against the evil software leaking the password. A disposable VM would not help in this case as you enter the password, or you let it remember your site passwords, then it would just send it out t the evil website immediately. " Looks like the post got double posted somehow, and I'm not interested in just evil software rather good software that gets corrupted through evil input. "So make sure your software is from a trusted source." Right but even if it is trusted at one point it can become less trustworthy later(infection) so I wanted to keep it perfectly "fresh" by using disposables. "Personally, I' d avoid thunderbird and anything from mozilla, but thats just me." Do they have a bad track record(I planned on researching my apps later =p). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/474bcb69-c175-4be0-a4a5-f0191e879f43%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password security/disposable vm security
On Sunday, 24 December 2017 23:14:21 CET mmm...@gmail.com wrote: > Okay so I read all of that lol, and I understood it all but what if there > was an e-mail client that used the browser method? You get logged in to > all your emails without retrieving anything then switch to cookie > authentication and forget the password, that way when the zero-day > happens you only lose your cookie which is probably not as powerful as > the actual password(ie I dont think you can change your password with > just the cookie) plus the zero day can't "permanently" compromise > thunderbird cause you opened it in a disposable , just only after this > odd login method over and over again =p. Maybe that's overdoing it > butI don't want to change my passwords ever so laziness commands me > to want such a thing XD. I think you may have misunderstood the idea behind the initial post you quoted; > "there is absolutely no point in not allowing e.g. Thunderbird to remember the password – if it got compromised it would just steal it the next time I manually enter it" The thought behind that quote is that you have to trust your open software running on your machine and there is no way around that. As the quote says, feel free to let it remember your password. No point in trying to be smart. So if you run thunderbird in a qube that has (access to) password and/or emails, you better trust that open source software with that information. So make sure your software is from a trusted source. Personally, I' d avoid thunderbird and anything from mozilla, but thats just me. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2283324.qrAAk4daPN%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password security/disposable vm security
On Sunday, 24 December 2017 01:58:36 CET mmm...@gmail.com wrote: > Can't we just create disposable thunderbirds to protect the password? The protection you want is against the evil software leaking the password. A disposable VM would not help in this case as you enter the password, or you let it remember your site passwords, then it would just send it out t the evil website immediately. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2233978.iWJVDZlCSV%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password security/disposable vm security
Okay so I read all of that lol, and I understood it all but what if there was an e-mail client that used the browser method? You get logged in to all your emails without retrieving anything then switch to cookie authentication and forget the password, that way when the zero-day happens you only lose your cookie which is probably not as powerful as the actual password(ie I dont think you can change your password with just the cookie) plus the zero day can't "permanently" compromise thunderbird cause you opened it in a disposable , just only after this odd login method over and over again =p. Maybe that's overdoing it butI don't want to change my passwords ever so laziness commands me to want such a thing XD. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/08bc87f4-c999-47d0-ac60-5c1f6aa450b0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password security/disposable vm security
> "there is absolutely no point in not allowing e.g. Thunderbird to remember > the password – if it got compromised it would just steal it the next time I > manually enter it" Correct! > So this was written 6 years ago but it's the latest one I think. > > Can't we just create disposable thunderbirds to protect the password? > Or is disposable not true security? I mean maybe a custom thunderbird would > be needed so it never used the password again/instantaneously forgets it > after login >.> no, this is not possible. let me try to explain: This is going to be long thing, i hope anyone will read it, i was quite inspired; qubes is A-W-E-S-O-M-E-!-!-! the main reason is that you want to be able to read your mails, so you can't just drop/delete/forget every received mail on shutdown. you also can't drop/forget/don't store the password after login because the way any email work is: login->check if there are new mails->download->logout and if you keep it open like me so that it check for new mails every 10 minutes it can't work. websites with a login works in a different way: you fill the password and if it is correct they give you a cookie that your browser store and automatically give back to website every time you open. as you can see if you want to be logged in a moment of time you have to present to the remote side some kind of "secret thing" in that moment of time. is not that "you login once and the remote side automagically know that you are logged". so for the whole time you use the service you must keep in memory a secret to prove that you are logged. So where is the difference between Qubes and a normal os? how Qubes improve the security? let's think about a normal windows/linux computer: you have many programs and every program can control the whole pc. yes, there is admin vs not admin but on windows this means that a not admin process can't mess with admin processes or can't write in c:\programs or c:\windows. but this is useless! a virus can do all the damage it wants also running as not admin; it can: -delete all your files (cryptolocker) -run at boot (persistence) -spy you from mic/webcam -steal/upload all your files in internet -keylogging all what you write -steal saved passwords for me this is comparable to "full control of the pc" the problem with this model is that any single exe that you open can do pretty much what it want, and you can only hope/hava a bit of trust that it will not do it. in such security model it might be good not store passwords because when you will get a virus it will steal instantly all your saved password (bad). while if you don't save them it will only steal the one that you will write while the virus is present for example mail password because you use it often. so if we suppose that antivirus delete it after a few days you can hope that you have used only a few passwords on the compromised pc, and not all your passwords. TL;DR: any program you open/have opened in the past might have read/stealed all your mails/passwords NOW QUBES OS: On qubes your pc is splitted in more parts, every part works the way i said above (in fact they are normal windows/linux os) and is isolated. the only (important) difference is that only home in linux and c:\users in windows is preserved if you reboot; this is good because it limits the places in which a virus can hide (but still there is persistence=run at boot). suppose that you get a virus, downloaded from your browser. your mail is safe because it runs in another vm. simple, isn't? same for every other action you can do on your pc: play games, reading documents, ... because all these actions happens in a different vm, not in the mail vm. now suppose that you get a virus exactly the mail vm: the first question is how this can happen? it's not that virus pop up automagically, most of the time is the user that open them. so how can you open a virus from the email? you can open an attachment or a link, thats all you can do to open a virus from email. but on qubes this should not be possible because you should not open attachments and links in the mail vm, but in a disposable vm! (here is where the disposable thing became useful!!!) you can also automate this, so you can't forget to open a link in dispvm. if the attachment was something bad you simply don't care, close dispvm and virus is gone. but sometimes (smaller that always!) you need to store attachments, because they are work documents, photos, or something important. but again mail can't be compromised because you save photos and documents in work vm or somewhere different. the final question is: can mail vm be compromised? yes, but since the user can't be tricked to open something bad in the mail vm the only thing left is a zeroday: some bug in thunderbird that when it receive the bad email it is instantly compromised because *for example* the bad guy send 500 attachments and thunderbird can manage only up to 255 attachments, and this thing lead to code
[qubes-users] Password security/disposable vm security
So I was reading one of the guides and I came across this: "there is absolutely no point in not allowing e.g. Thunderbird to remember the password – if it got compromised it would just steal it the next time I manually enter it" So this was written 6 years ago but it's the latest one I think. Can't we just create disposable thunderbirds to protect the password? Or is disposable not true security? I mean maybe a custom thunderbird would be needed so it never used the password again/instantaneously forgets it after login >.> -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/68bba524-d934-4ca0-8935-ea4693b16fcc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Password security/disposable vm security
So I was reading one of the guides and I came across this: "there is absolutely no point in not allowing e.g. Thunderbird to remember the password – if it got compromised it would just steal it the next time I manually enter it" So this was written 6 years ago but it's the latest one I think. Can't we just create disposable thunderbirds to protect the password? Or is disposable not true security? I mean maybe a custom thunderbird would be needed so it never used the password again/instantaneously forgets it after login >.> -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7d47dce4-0225-4b96-a823-603ebc656a96%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.