On Sat, Mar 06, 2021 at 01:16:45AM +0100, donoban wrote: > Well, since the issue was finally closed I will reply here. > > On 3/6/21 1:39 AM, unman wrote: > > I don't understand this example - if the destination is compromised, then > > why would there be a need to modify the clipboard? They just capture the > > data as is and exfiltrate it - you are hosed, and the Qubes clipboard is > > the least of your problems. > > At destination there is nothing useful to steal (at least not bitcoins) > the bitcoin address is not useful for the attacker, it is a public > address and private keys are in other uncompromised offline vm. > > What the attacker tries to do is replace your address in the clipboard > to other address (controlled by him), in the hope that you paste it to > someone who wants to send funds for you. > > I'm agree that the attacker could do a lot of additional things but many > of them are more difficult, prone to fail, prone to cause detection. So > I don't think it is a justification for not having a more secure > clipboard and also easier to use which was the main objective. >
Again, I don't understand your example. You say, "At destination there is nothing useful to steal", and then you exactly indicate what is useful to steal, i.e the bitcoin address. In any case, this is where we disagree. Most of those "additional things" seem to me to be far easier to implement, and have far wider application, than an attack on the Qubes clipboard. I haven't seen anything in the discussion on GitHub which would provide "a more secure clipboard", and which would be "easier to use". I think what is needed are some concrete proposals, and perhaps poc -then we'd actually have something to consider. Until I see that I'm bowing out. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20210307141431.GA14041%40thirdeyesecurity.org.
