On Tue, Sep 08, 2020 at 09:13:47PM +0200, Qubes wrote: > On 9/7/20 2:12 AM, unman wrote: > > On Sun, Sep 06, 2020 at 06:55:01PM +0200, Qubes wrote: > > > On 9/6/20 5:32 PM, unman wrote: > > > > On Sun, Sep 06, 2020 at 11:12:31AM -0400, Demi M. Obenour wrote: > > > > > In all of my time using QubesOS, I have never had reason to believe > > > > > that a qube was compromised. Has anyone here had a qube compromised? > > > > > > > > > > Sincerely, > > > > > > > > > > Demi > > > > > > > > > > > > > I have had occasion to set a honeypot and use Qubes as a classic > > > > Internet-inna-box - ideal for such use, and very instructive. But I > > > > guess that wasn't what you were interested in. > > > > In normal use, both myself and colleagues have seen compromised qubes. > > > > > > > Hi Unman > > > > > > How did you know you're qube was compromised, can you give some details? > > > > > > > snort and tripwire. > > > > Other IDS are available. > > > Hi Unman > > What I mean is what made you suspicious to use a tripwire and snort?
I run them on most of my Qubes installs, almost out of habit. Because I salt my qubes, its relatively easy to run tripwire against network connected qubes But the way in which Qubes allows one to separate out activities really does minimise risk. Example: read email in mutt in offline qube with minimal template - any attachments are opened in offline disposableVM. Anything I want to keep is transferred to an offline storage qube , again with no significant programs installed. In this sense, it doesn't matter if attachments have malware because the infection risk is minimised. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200909004740.GA5118%40thirdeyesecurity.org.
