On 2015-01-30 1:19 am, secretsocket at nym.hush.com wrote:
> Thank-you. I have plenty of reading to do. I have read a little and
> have been aware of Qubes (and the invisible things).
>> I do have a little question though, and I would be VERY interested to
> read any and all considered opinions on the matter but...does it not
> concern anyone that the NSA is one of the top 10 contributors to the
> Xen project? Also, more generally, what about SElinux? or any other
> project that gets worked on by those who do everything possible to
> have full visibility of everyone. For me NSA code running on my
> computer makes me very unhappy. I don't want *any* of it. I wish I
> had a better understanding of the motivations of both this contributor
> as well as why anyone would accept anything from them.
>> I have a real hard time buying the line that they are trying to
> protect American business interests when it's been shown they work
> very hard to *comprimise* it. I am refereing to the shenanigans
> revolving request for backdoors in commercial products and trying to
> weaken encryption standards.
>> Being a Qubes, developer I am hoping you have wrestled with this and
> have some insight.
>> Anyway thanks again for this helpful reply. Please give me a little
> time to review this material. I don't want to polute the board.
>> Regards,
> Rick
Good question, Rick.
And, no problem, please do take your time to get well oriented. :)
I look at it like this...
Could Xen be compromised? Yes.
Could Linux be compromised? Yes.
Could Debian or other distros be compromised? Yes.
Could pretty much any other widely used code be compromised? Yes.
Their infiltration and exploit programs go so far, including corrupting
human beings, that no publicly available code is out of the question.
However, with that in mind, then I segment my perspective like this...
1.
Where do they get the most return on investment?
I think the *higher* priority systems targeted for backdooring/etc are
going to align with market share.
So I think that Windows, Mac, iOS, Android, Linux, etc are all notably
*higher* priority targets for infiltration than Xen or Qubes, due to
getting to then own many orders of magnitude more systems/humans
throughout the world.
Broad return on investment for compromising Xen or Qubes is much much
lower, by comparison. And so Xen or Qubes is likely *less* of a target
for compromise.
2.
Where do they effectively hide the bad code?
In the Linux kernel, there are tens of millions of lines of code to hide
a compromise in.
Xen only has ~1% of the LOC footprint of Linux to hide bad code in, so
it is much more auditable for security than most other operating
systems.
3.
Even though they publicly contribute code to Xen, Linux, etc, I think
that they are *more likely* to do their fundamental exploits covertly
under alternative identities.
Because if multiple major compromises came out under their official
name, then they would completely ruin their name and public acceptance
of their publicly contributed code attached to their official identity.
So I think it is *more likely* that they use alternative identities when
compromising code in such systems.
And, thus, *EVERY* major system, especially those with the highest
market share and overgrown footprints are likely being "contributed to"
with bad code, specifically using covert identities.
So, I don't see Xen as being a special target, just because of the fact
that they also openly and publicly contribute code to it under their
official name.
They do have a dual mission to protect and infect, so I would expect
them either way to be contributing clean code to systems as well. But,
IMO, likely have a policy of typically not linking their fundamental
code exploits to their official public reputation. And they have more
than enough resources to establish and build false trust through many
alternative long-term code contributor identities.
4.
Another key mode of attack is through secondary software packages or
drivers beyond the kernel.
With a monolithic system like Linux, etc, why not also just target
widely installed software packages that get escalated system privileges?
By design, with Qubes, the core system components are further broken up
into separate isolated security domains.
So it is a fundamentally tougher architectural challenge to compromise
software in the Qubes system that will then compromise the entire
system.
5.
The Qubes team hand picks each software component that goes into Qubes
Dom0. They keep the software profile extra lean by comparison, and I
think they probably compile all software packages from source, and offer
them via their own signed update repository.
Compare this lean profile of software and trust to the massive software
and maintainer organizational chart of other, especially monolithic
kernel distros, where there are tons more open doors to easily
infiltrate.
6.
Qubes is slow to update Xen on purpose.
I've read that Joanna believes that, except for critical security
patches, Xen should not be frequently updated.
I think part of this is so that there is time for vetting and trust to
be established for the Xen code base underlying Qubes.
7.
The Qubes team, along with other Xen devs, are generally on top of Xen
security and personally rely upon it themselves.
The ITL devs personally have a history with exposing exploitable code in
Xen (ironically one of them in a disabled by default NSA module -- I
haven't looked into if it was suspected to be intentional or not).
See the following:
Good 2011 interview with Joanna, where she answers this question on page
3:
"What happens if there’s a vulnerability in Xen and you can break out of
the hypervisor?"
-
http://www.tomshardware.com/reviews/qubes-os-joanna-rutkowska-windows,3009.html
2008 ITL Blackhat presentations:
- http://invisiblethingslab.com/resources/bh08
2008 Blog: Our Xen 0wning Trilogy Highlights:
-
http://theinvisiblethings.blogspot.com/2008/08/our-xen-0wning-trilogy-highlights.html
Some other good information contained here:
- http://invisiblethingslab.com/resources
So these are some of the perspectives I hold that still makes me at
least as, if not more, confident in using Qubes compared to something
like Linux, where any garden variety hacker, not to mention
state-sponsored, can own me through something as simple as a Firefox
0day or malformed document. Or, with state-sponsored, probably right out
of the box with all the massive amount of software and code in typical
bloated Linux distros.
To me, for the list of reasons mentioned, Linux distros, VirtualBox, etc
look much more risky than Xen or Qubes. And forget about commercial
OSes.
Though I'd love to learn of an even better alternative than Qubes or
understand why Linux, etc is likely *not* or *less* compromised than
Xen.
I'm just unaware of a better alternative.
Cheers,
WhonixQubes
More information about the Whonix-devel
mailing list
“Look here!” Dick began to chuckle. “We’ve got a queer combination to work with—our Sky Patrol has! Suspicious Sandy—and—Superstitious Jeff!” Sandy grinned ruefully, a little sheepishly. Larry smiled and shook his head, warning Dick not to carry his sarcasm any further, as Jeff frowned. 52 "You do doubt me. If you did not, it would never occur to you to deny it. You doubt me now, and you will doubt me still more if you don't read it. In justice to me you must." "That same. She was part Mescalero, anyway." This Act, as disgraceful as any which ever dishonoured the statute-book in the reigns of the Tudors or Stuarts, was introduced into the Commons, on the 12th of May, by Sir William Wyndham, and was resolutely opposed by the Whigs, amongst whom Sir Peter King, Sir Joseph Jekyll, Mr. Hampden, Robert Walpole, and General Stanhope distinguished themselves. They did not convince the majority, which amounted to no less than two hundred and thirty-seven to one hundred and twenty-six. In the Lords, Bolingbroke himself moved the second reading, and it was ably opposed by the Lords Cowper, Wharton, Halifax, Townshend, Nottingham, and others. The greatest curiosity was displayed regarding the part which Oxford would take, as it was known that in the Council he had endeavoured to soften the rigorous clauses; but in the House he followed his usual shuffling habit, declaring that he had not yet considered the question; and, having induced the Opposition to let the second reading pass without a division, he absented himself from the final voting, and thus disgusted both parties and hastened his own fall. The battle of Falkirk, which in itself appeared so brilliant an affair for Prince Charles, was really one of his most serious disasters. The Highlanders, according to their regular custom when loaded with plunder, went off in great numbers to their homes with their booty. His chief officers became furious against each other in discussing their respective merits in the battle. Lord George Murray, who had himself behaved most bravely in the field, complained that Lord John Drummond had not exerted himself, or pursuit might have been made and the royal army been utterly annihilated. This spirit of discontent was greatly aggravated by the siege of the castle of Stirling. Old General Blakeney, who commanded the garrison, declared he would hold out to the last man, in spite of the terrible threats of Lord George Murray if he did not surrender. The Highlanders grew disgusted with work so contrary to their habits; and, indeed, the French engineer, the so-called Marquis de Mirabelle, was so utterly ignorant of his profession, that the batteries which he constructed were commanded by the castle, and the men were so much exposed that they were in danger of being destroyed before they took the fortress. Accordingly, on the 24th of January they struck to a man, and refused to go any more into the trenches. "Haint we bit off more'n we kin chaw. Shorty?" asked Si, as he looked over the increasing gang. "Hadn't we better ask for some help?" "How far would it carry?" Corpril, Company Q, 2 Hundsrdth Injiamiy Volintear "He d?an't care much. F?ather, he likes to be comfortable, and this Inclosure w?an't make much difference to that. 'T?un't as if we wanted the pasture badly, and F?ather he d?an't care about land." "Byles," interrupted Calverley, speaking rapidly, "you are poor—you are in arrear with your rent; a distress will be levied, and then what will become of you—of your wife and the little one? Listen to me! I will give you money to keep a house over your head; and when I am steward, you shall have the first farm at my lord's disposal, if you will only aid me in my revenge! Revenge!" he repeated, vehemently—"but you hesitate—you refuse." "Yes, yes, there is little doubt of that: but how can we come at the truth? Sudbury still retains his wrath against us, and would oppose an arrest; and even could he be waylaid, and brought hither, he is stubborn, and might refuse to answer." HoME一级做人爱c视正版免费
ENTER NUMBET 0017 www.metrc.com.cn www.daiwo9.com.cn yaodia.com.cn www.jute6.net.cn geibu3.com.cn hebei7.net.cn 158zyz.com.cn www.qdbqys.com.cn www.juxin9.com.cn www.yueba6.com.cn