unman: > On Tue, Sep 08, 2020 at 09:13:47PM +0200, Qubes wrote: >> On 9/7/20 2:12 AM, unman wrote: >>> On Sun, Sep 06, 2020 at 06:55:01PM +0200, Qubes wrote: >>>> On 9/6/20 5:32 PM, unman wrote: >>>>> On Sun, Sep 06, 2020 at 11:12:31AM -0400, Demi M. Obenour wrote: >>>>>> In all of my time using QubesOS, I have never had reason to believe >>>>>> that a qube was compromised. Has anyone here had a qube compromised? >>>>>> >>>>>> Sincerely, >>>>>> >>>>>> Demi >>>>>> >>>>> >>>>> I have had occasion to set a honeypot and use Qubes as a classic >>>>> Internet-inna-box - ideal for such use, and very instructive. But I >>>>> guess that wasn't what you were interested in. >>>>> In normal use, both myself and colleagues have seen compromised qubes. >>>>> >>>> Hi Unman >>>> >>>> How did you know you're qube was compromised, can you give some details? >>>> >>> >>> snort and tripwire. >>> >>> Other IDS are available. >>> >> Hi Unman >> >> What I mean is what made you suspicious to use a tripwire and snort? > > I run them on most of my Qubes installs, almost out of habit. > Because I salt my qubes, its relatively easy to run tripwire against > network connected qubes > But the way in which Qubes allows one to separate out activities really > does minimise risk. Example: read email in mutt in offline qube with > minimal template - any attachments are opened in offline disposableVM. > Anything I want to keep is transferred to an offline storage qube , > again with no significant programs installed. In this sense, it doesn't > matter if attachments have malware because the infection risk is > minimised. >
This is interesting. Can you be more specific in regards of settings you use? How do you set the tripwire for to run against network connected qubes? You also mentioned using mutt in an offline qube. Can you elaborate more on this too please? Is the mutt PGP friendly and more safer option than Thunderbird? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ba27d2bc-2660-6308-d5d6-754fca5fda6d%40mailbox.org.
0xA664B90BD3BE59B3.asc
Description: application/pgp-keys
