[qubes-users] SSD+malicious HDD?
Hi guys 1. I have installed and update Qube-os on my SSD and after i connect to motherboard HDD.SSD- primary, HDD-secondary. It attached directly to Dom0. If my HDD - malicious, is it a threat? 2.Is Debian 9 safer than Debian 8, or Fedora 24 more safer than Fedora 23? Thanks - ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170404230242.Horde.QgMez2hkStdk3mjZZhQzag2%40www.vfemail.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] SSD+malicious HDD?
On 04/05/2017 12:02 AM, g...@vfemail.net wrote: |Hi guys 1. I have installed and update Qube-os on my SSD and after i connect to motherboard HDD.SSD- primary, HDD-secondary. It attached directly to Dom0. If my HDD - malicious, is it a threat? Future versions of Qubes may be able to protect against a malicious HDD, but not currently. Even an AEM-enabled Qubes could be vulnerable to a DMA attack. 2.Is Debian 9 safer than Debian 8, or Fedora 24 more safer than Fedora 23? Thanks| The first three are receiving security updates, but the fourth is not because its at end-of-life. Chris -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/355bb172-aa56-f946-5b0d-9176b2050bf7%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] SSD+malicious HDD?
On Sat, Apr 08, 2017 at 12:22:05AM -0400, Chris Laprise wrote: > On 04/05/2017 12:02 AM, g...@vfemail.net wrote: > >|Hi guys > >1. I have installed and update Qube-os on my SSD and after i connect to > >motherboard HDD.SSD- primary, HDD-secondary. It attached directly to > >Dom0. If my HDD - malicious, is it a threat? > > Future versions of Qubes may be able to protect against a malicious HDD, but > not currently. Even an AEM-enabled Qubes could be vulnerable to a DMA > attack. > > >2.Is Debian 9 safer than Debian 8, or Fedora 24 more safer than Fedora 23? > >Thanks| > > The first three are receiving security updates, but the fourth is not > because its at end-of-life. > > Chris Debian-8 is somewhat more secure then Debian-9, in that the priority is to release security updates for stable(8). Updates for unstable may be delayed for assorted reasons, sometimes weeks after a fix for stable. Note too that for Debian systems there are no security updates for packages from the contrib and non-free repositories. I am fairly certain that a default install has those repositories enabled - you can disable them by removing the names from /etc/apt/sources.list, but this will restrict the software that is available to you. It's a clear trade off. (This is an oversimplification in that some packages may get updates, but there isn't a systematic security update process for these packages.) (It's one of those cases where Qubes trades convenience against security - this one is a mistake imo.) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170408132427.GA31048%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.