Le jeudi 31 janvier 2019 à 14:21 +0100, Maillist a écrit :
> INTEL_CHIPSET_LOCKDOWN
Nice feature. This makes impossible to update BIOS without physical
access to the chip. I was unaware of this feature, thanks.
--
You received this message because you are subscribed to the Google Groups
"qubes-
Le mercredi 30 janvier 2019 à 12:38 +0100, Maillist a écrit :
> Only if you configure it that way.Also, even if you do, you wanna
> make
> sure it only accepts updates signed by your personal key.
Interesting. Could you point out the documentation explaining how.
Thanks.
--
You received this mes
Le mercredi 30 janvier 2019 à 15:50 +0700, Frank Beuth a écrit :
> Apologies again if this is offtopic, but it sounds like there is a
> way to
> disable software reflashing of Coreboot entirely? Or am I
> misinformed?
https://doc.coreboot.org/flash_tutorial/index.html
Quoting : "Updating the fir
Le mercredi 30 janvier 2019 à 13:07 +0630, Frank Beuth a écrit :
> Apologies if this is getting offtopic, but: one author suggested that
> modern
> versions of Coreboot could (in absence of Intel ME or AEM) reduce
> Evil Maid
> attacks to physical attacks requiring the attacker to open the laptop
Le mardi 29 janvier 2019 à 02:24 -0800, goldsm...@riseup.net a écrit :
> To Alexandre
> So you found this stuff on the internet and were gullible enough to
> swallow it, hook line and sinker, without first verifying its
> authenticity. I suppose your allegations against the Debian Team's
> security
Le mardi 29 janvier 2019 à 09:51 +0200, Ilpo Järvinen a écrit :
> Yeah yeah, the only modification was that chip as claimed in the
> article?
> Magically all the necessary signal pins were routed to its location
> but nothing else was changed (and you cannot have that many pins in
> that sized ch
Le mardi 29 janvier 2019 à 00:59 +0200, Ilpo Järvinen a écrit :
> There are many technical reasons raising from plain
> physics/electronics
> which make an attack chip of that size with the described
> capabilities to
> seem quite utopistic (and the article therefore bogus). ...But of
> course
>
Le lundi 28 janvier 2019 à 13:08 -0800, goldsm...@riseup.net a écrit :
> I'm intrigued how you know can catagorically state "CAs and GNU/Linux
> distributions are #1 targets for national
China:
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate
Le lundi 28 janvier 2019 à 13:08 -0800, goldsm...@riseup.net a écrit :
> To Alexandre Belgrand
>
> I'm intrigued how you know can catagorically state "CAs and GNU/Linux
> distributions are #1 targets for national
> intelligence agencies". This is classified in
ly store valuable documents on a computer when
connected to a network. Companies that care about security should have
a complete process to manage workstations and internal networks,
without access to the Internet. We are back to ancien times.
Kind regards,
Alexandre Belgrand
--
You received this
Le dimanche 27 janvier 2019 à 16:47 +, unman a écrit :
> I'd be interested to know what system has been graced with your
> approval.
> If you believe all this, then what makes you think that national
> intelligence agencies haven't infiltrated *bsd, coreboot and any
> other
> system you can nam
Le dimanche 27 janvier 2019 à 13:11 +, Holger Levsen a écrit :
> I *believe* they probably misunderstood evil32.com and it's fallout.
CAs and GNU/Linux distributions are #1 targets for national
intelligence agencies.
Debian developers are not using smartcards to store their GPG keys,
includin
Le samedi 26 janvier 2019 à 04:39 -0800, goldsm...@riseup.net a écrit :
> If "apt-transport-https" is the magic bullet, why in the past hasn't
> it
> been implemented by default? And, why for the future, is it not being
> implemented immediately by Qubes, Debian et al?
Furtermore, very few Debian
Le mercredi 23 janvier 2019 à 18:05 +0100, Marek Marczykowski-Górecki a
écrit :
> We have just published Qubes Security Bulletin (QSB) #46:
> APT update mechanism vulnerability.
Keep in mind that all PGP Debian/Ubuntu signing keys have been stolen
and injection may occur during apt-get install/upd
Le lundi 14 janvier 2019 à 07:16 -0500, Chris Laprise a écrit :
> Check out Joanna's blog at Invisible Things Lab. Lots of Qubes' DNA
> is
> there.
Got it, thanks: Intel x86 considered harmful
https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf
--
You received this message because you
Le lundi 14 janvier 2019 à 03:26 -0800, Foppe de Haan a écrit :
> can the IME really talk to any NIC? Or just the ones that it has
> drivers for (e.g., other intel products)? If the latter, wouldn't an
> add-in card (or USB dongle) solve that issue?
It seems that the IME is a complete computer wit
> So in theory you would plug your scanner which should appear in sys-
> usb,
> and you'd attach ("proxy") it to a VM where you have your scanning
> software installed. If you're lucky it will work that way but not
> every
> USB device works well with proxying and scanners aren't know to be
> ver
Hello,
I am still brooding over before installing Qubes.
My first thinking is that since Intel ME backdoors provide full access
to authorities, there is no way we can stop government agencies. Recent
research (read 1) shows that Intel ME has access to all parts of a
computer, even switched-off.
Le lundi 14 janvier 2019 à 01:52 +, js...@bitmessage.ch a écrit :
> It sounds like you've already looked at the docs but here's the link:
> https://www.qubes-os.org/doc/usb/
> You have to have sys-usb to attach a usb device like a scanner to an
> appvm (unless you can just attach the whole usb
Le lundi 14 janvier 2019 à 00:35 +, unman a écrit :
> You can find some notes that may help here:
> https://github.com/unman/notes/blob/master/openBSD_as_netvm
Thanks. This seems very interesting.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" gro
Dear all,
Pardon my ignorance, is it possible to use OpenBSD to provide firewalling to
Qubes?
I have nearly zero confidence in GNU/Linux although I use it everyday.
Kind regards,
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe f
Dear all,
This is my first post, so I would like to thank the community for the hard
work around Qubes.
Here are some questions before I consider replacing my system with Cubes.
1) OpenSC smartcards
I would like to use OpenSC smartcard with pinpad reader to secure my SSH key.
The pinpad read
22 matches
Mail list logo