←back to thread

QubesOS – A reasonably secure operating system

(www.qubes-os.org)
176 points TheFreim | 4 comments | 11 Jul 23 18:11 UTC | HN request time: 0s | source
Show context
weinzierl ◴[11 Jul 23 18:54 UTC] No.36685626[source]
I used it when I worked as a hiring manager. For this task it is ideal. All the behavioral security measures, like only to open attachments from people you trust, break down when your job description is basically to figure out who you can trust.

Qubes comes with a "Convert to trusted PDF" out of the box. Joanna Rutkowska explained how it works under the hood pretty nicely[1]. The tldr is that it is very thorough. With Qubes it is convenient too.

I used Qubes to open the application mails and their attachments and converted the interesting ones to trusted PDFs which I then forwarded to the relevant people. All further communication was only with the trusted versions.

[1] https://blog.invisiblethings.org/2013/02/21/converting-untru...

replies(1): >>36685941 #
neodypsis ◴[11 Jul 23 19:17 UTC] No.36685941[source]
You can use something similar on macOS, Windows or Linux, based on Docker containers, see Dangerzone: https://github.com/freedomofpress/dangerzone
replies(4): >>36686179 #>>36686191 #>>36688631 #>>36691492 #
1. Syonyk ◴[11 Jul 23 19:35 UTC] No.36686191[source]
The problem is that containers rely on the OS kernel to enforce separation, and kernel exploits are an awful lot less rare than anyone would prefer.

If someone is delivering targeted malware to a company through HR channels, it's safe to assume that if they can escape the document viewer, they can probably also try for a local root/kernel exploit and escape the container.

Containers are separation of convenience - not a hard security boundary.

replies(1): >>36686735 #
2. davidandgoliath ◴[11 Jul 23 20:23 UTC] No.36686735[source]
And container escape exploits are getting burned by sending them out via email? Doubtful.
replies(2): >>36686928 #>>36690300 #
3. Syonyk ◴[11 Jul 23 20:41 UTC] No.36686928[source]
It depends on who you're targeting and what you want.

But the history of computers security can largely be summed as:

"What? You're just paranoid. Nobody would possibly X!"

Someone gets their asses handed to them by someone Xing.

"What? Why didn't you tell us X was a risk we needed to be concerned about???"

Iterate.

4. adgjlsfhk1 ◴[12 Jul 23 03:55 UTC] No.36690300[source]
well if you bother to send an email that breaks out of the container, you might as well make it retrospectively delete the email to hide the evidence :)