[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs



On 04/14/2015 15:38, WhonixQubes wrote:
-- Harder:  Whonix with VirtualBox, KVM, etc isolation for Tor

--- Hardest:  Whonix with Qubes isolation for Tor

I only don't understand why you are you so sure that the system with the hypervisor involved is more secure. Just because something relies on the "bare metal" doesn't mean that it is inherently more secure. I will give you two examples of compromised hardware:

* Certain three letter agency managed to subvert some BIOS manufacturers to https://pbs.twimg.com/media/Bd7LUMYCMAAJcqJ.jpg to inject malicious code into the kernel during the last stage of BIOS boot. In such case system boots up in already compromised state, and this is virtually impossible to detect. This can quite easily include Qubes.

* Intel manufactures many (or all) their network cards with something called Active Management Technology included: https://en.wikipedia.org/wiki/Intel_Active_Management_Technology Such cards are able to connect to some remote locations even without the running OS. And I am sure that even with the OS running they probably can also initiate connections and send some data out. Nobody but Intel knows what such cards really do.

Virtual machines already provide very high security, practically infeasible to exploit. Qubes provides an improvement on top of "practically infeasible". So this is the hair splitting situation, with very marginal risk difference, and other factors like the possibility of the compromised hardware might easily be the higher risk compared to this difference.

Yuri
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk