brl | 8 years ago | on: The Google memo isn’t sexist or anti-diversity, it’s science
Why would anybody censor the viewpoint of a woman scientist in this particular debate? How much cognitive dissonance is too much?
brl's comments
brl | 9 years ago | on: When ‘he’ll be kept on payroll, somewhere’ is where you are
> I would love to hear his side of the story.
Some of his side of the story has been told in the leaked emails:
brl | 9 years ago | on: Subgraph OS: Adversary resistant computing platform
I'm answering a comment chain about how Subgraph OS does not 'isolate' the network or USB stacks which is frequently brought up as an important deficiency in comparison to Qubes OS. My point is that this isn't a significant advantage of Qubes because such attacks are rare and difficult, and because they're even harder to perform against Subgraph OS.
I wasn't talking about AppVMs at all, but you can of course persistently backdoor Qubes AppVMs in numerous ways by writing to the user home directory. In Subgraph OS we design our application sandboxes to prevent exactly this.
brl | 9 years ago | on: Subgraph OS: Adversary resistant computing platform
> I don't think there are any amnesic features like in Tails nor strong isolation between gateway and workstation to prevent IP leaks like in Whonix.
Subgraph sandboxes run in a network namespace with no direct access to the network or ability to view any of the physical network interfaces on the system. There is no way for an attacker to send network traffic directly or to discover the real IP address of the system without breaking out of the sandbox.
brl | 9 years ago | on: Subgraph OS: Adversary resistant computing platform
I'm from Subgraph and I disagree.
On Qubes OS the networking VM runs a standard Linux kernel with no special security hardening at all apart from the simple fact that it runs in a separate Xen VM. If an attacker is able to compromise NetVM, they may not have direct access to user data, but they have dangerous access to perform further attacks:
- Attacks against hypervisor to break isolation
- Side channel attacks against other Qubes VMs to steal cryptographic keys
- Interception and tampering with networking traffic
- Attacks against any internal network this Qubes OS computer connects to.
Subgraph OS hardens the Linux kernel with grsecurity, which includes many defenses against exploitation which have historically prevented local exploitation of most security vulnerabilities against the kernel. Exploiting kernel vulnerabilities locally is so much easier, probably never less than an order of magnitude easier. It's so rare to reliably exploit kernel vulnerabilities remotely even against an unhardened kernel that teams present papers at top security conferences about a single exploit:
https://www.blackhat.com/presentations/bh-usa-07/Ortega/Whit...
I know it's contentious to say so, but I don't believe that anybody will ever remotely exploit a kernel vulnerability against a grsecurity hardened Linux kernel, especially since RAP was introduced:
https://grsecurity.net/rap_announce.php
The threat of remotely attacking the Linux kernel through the networking or USB stack was always low in my opinion, but as the threat approaches zero it raises some questions about how justifiable the system VMs are in Qubes OS considering the system complexity and usability impairment they introduce.
brl | 9 years ago | on: Subgraph OS: Adversary resistant computing platform
> imho the qubes approach is more viable and exposes far less attack surface.
I don't know what you base that opinion on since it's not an easy comparison to reason about. One metric you could use would be actual vulnerabilities. In the last year there have been several hypervisor escape vulnerabilites that compromised Qubes OS VM isolation completely, most (all?) of which have been present in Xen for the entire lifetime of the Qubes project.
By contrast during the same period only one Linux kernel vulnerability (DirtyCow) affected Subgraph sandboxed applications, and it would only have been exploitable using techniques which have not been disclosed in any public exploit so far.
brl | 9 years ago | on: Jacob Appelbaum: What Has This Man Done?
Two people published open letters resigning from their involvement in Tor yesterday:
brl | 10 years ago | on: Show HN: Subgraph OS, the secure os
Sandbox implementation is described here:
brl | 10 years ago | on: Refugees Welcome
Well there was this survey:
https://en.wikipedia.org/wiki/Syrian_presidential_election,_...
Also surveyed at that time were the million Syrian refugees living in Lebanon:
https://www.washingtonpost.com/news/worldviews/wp/2014/05/28...
brl | 10 years ago | on: Let Snowden Come Home
http://www.voltairenet.org/en is a good site with many essays on these themes.
brl | 11 years ago | on: Bad Notes on Venture Capital
Check out the 'more details on Convertible Notes' link for the answer to your question.
brl | 11 years ago | on: Debian Security Advisory: DSA-3025-1 apt
Escalation to root from an active admin user account is trivial. Use your imagination.
brl | 11 years ago | on: Email encryption in transit
Even if you validate certificates an active attacker can return false MX records and direct the sending MTA to connect to an attacker-controlled server which presents a perfectly valid certificate.
brl | 11 years ago | on: Notch programming a Doom-like in Dart
I would love for this to exist. I've thought about streaming on twitch before but it is apparently against their ToS to stream anything which isn't video games.
brl | 11 years ago | on: Nyms Identity Directory
You can copy your private keys to another device obviously, and eventually Nyms can help you do this by brokering an end-to-end encrypted tunnel between devices to transfer keys securely.
brl | 11 years ago | on: Nyms Identity Directory
Maintenance of public keys is automated, by which I mean the user does not need to do anything manually for them to be published and recertified before they expire.
Private keys don't need maintenance after generation since they are simply stored on the user's computer.
brl | 11 years ago | on: Nyms Identity Directory
The user only needs to install a Nyms supporting email client or webmail browser extension and they're good to go for transparent communication with any other Nyms user.
Registration and maintenance of keys is entirely automated. Making everything as easy as possible for users without compromising on strong guarantees about key authenticity is the whole point of this project.
brl | 11 years ago | on: Nyms Identity Directory
I'll be pushing some initial code to github soon for the first stage of the project which is a locally running agent that provides encryption service to email clients over a json-rpc interface. We're also building our own email client, however the agent is designed to facilitate easy integration into any other client.
brl | 11 years ago | on: Nyms Identity Directory
Hi, I'm the author of this document and principal developer of the project. This is a somewhat detailed design overview for a proposed alternative to the PGP keyserver system that I'm building and I didn't really write it for a general audience to avoid cluttering it up with too much background information.
Sometime soon we're going to improve the website with a friendlier high-level description of the goals of the project and the problems that it solves. For now, I apologize that this rather dense document is the only information available.
It might be easier to understand what I'm trying to achieve by reading a post I made yesterday to the modern crypto mailing list which summarized the important features of Nyms:
https://moderncrypto.org/mail-archive/messaging/2014/000602....
brl | 11 years ago | on: How to take over the computer of a Maven Central user
Yawn. Let me know when you're ready to announce a project to competently sign and verify artifacts.
page 1