Micah Lee 🫡

Micah Lee 🫡 @micahflee

@femmetasm @isislovecruft @subgraph @QubesOS https://t.co/XCdyG0Somr — PolitiTweet.org

Micah Lee 🫡 @micahflee

@femmetasm @isislovecruft @subgraph @QubesOS I think the difference is Qubes brings new types of security engineeri… https://t.co/btCA0ZVDwZ — PolitiTweet.org

Micah Lee 🫡 @micahflee

RT @isislovecruft: @micahflee Amazing that @Subgraph even pretends to be at all in league with @QubesOS, when Subgraph's architecture is ba… — PolitiTweet.org

Micah Lee 🫡 @micahflee

@movrcx @rootkovska I'm not a founder of a competing OS. And I responsibly disclosed the issues and gave them time… https://t.co/28XGhCeK3d — PolitiTweet.org

Micah Lee 🫡 @micahflee

RT @AnneFrankCenter: .@POTUS @realDonaldTrump MUST FIRE SEAN SPICER NOW FOR ENGAGING IN HOLOCAUST DENIAL. OUR STATEMENT BELOW. #Antisemiti… — PolitiTweet.org

Micah Lee 🫡 @micahflee

@BradyDale @mjg59 That would be the X60, but probably too old for Qubes. You can get a used X1 Carbon for pretty cheap — PolitiTweet.org

Micah Lee 🫡 @micahflee

RT @AstroKatie: On average, every cubic centimeter of space contains ~400 photons that are there because the Universe is still cooling off… — PolitiTweet.org

Micah Lee 🫡 @micahflee

@BradyDale @mjg59 I've had great success on ThinkPads — PolitiTweet.org

Micah Lee 🫡 @micahflee

@BradyDale @mjg59 Hmm, maybe? You'll need a PC (won't run on a Mac) with lots of RAM (at least 8gb). If it's relati… https://t.co/UZ2nAYTR4f — PolitiTweet.org

Micah Lee 🫡 @micahflee

Sean Spicer Justifies Syria Strike By Claiming Hitler—Who Gassed Millions—Didn’t Use Chemical Weapons https://t.co/QsL6uG1EDY — PolitiTweet.org

Micah Lee 🫡 @micahflee

@BradyDale @mjg59 Qubes comes with a Thunderbird add-on that does this, but it's only possible within Qubes. I wrot… https://t.co/SIZQt2ryLS — PolitiTweet.org

Micah Lee 🫡 @micahflee

RT @kylerankin: @micahflee @mjg59 Each release more usable too, attracts next level of users, feedback loop. Today it's not that huge a UX… — PolitiTweet.org

Micah Lee 🫡 @micahflee

@femmetasm @subgraph Yup. It basically means you'd need social engineering to hop AppVMs. Know your target and thei… https://t.co/m5x2pbtYJh — PolitiTweet.org

Micah Lee 🫡 @micahflee

@josephfcox lol thanks — PolitiTweet.org

Micah Lee 🫡 @micahflee

@femmetasm @subgraph But that is indeed a way to spread malware across AppVMs. One of the reasons DispoableVMs are so nice! — PolitiTweet.org

Micah Lee 🫡 @micahflee

@femmetasm @subgraph You can share data, but you have to manually approve every request from dom0, so malware can't do it automatically — PolitiTweet.org

Micah Lee 🫡 @micahflee

@mjg59 However _some_ of it is automatic, e.g. the build-in Thunderbird add-on opens attachments in DispVMs. And ob… https://t.co/Nt2AlilvPZ — PolitiTweet.org

Micah Lee 🫡 @micahflee

@mjg59 Yeah, Qubes gives you the tools to compartmentalize your computer. I haven't seen another OS that provides those tools — PolitiTweet.org

Micah Lee 🫡 @micahflee

@femmetasm @subgraph All of the data in that AppVM gets compromised. But the attacker can't record from webcam or m… https://t.co/5Mi8R3qgqV — PolitiTweet.org

Micah Lee 🫡 @micahflee

@femmetasm @subgraph Let's say the user is using a Whonix AppVM, they download doc in Tor Browser, and then double-… https://t.co/CNkSYJJp9A — PolitiTweet.org

Micah Lee 🫡 @micahflee

@femmetasm @subgraph It wouldn't be the same, you'd hack the sandbox, but couldn't escalate. The only way to escape… https://t.co/neSRiWJEX5 — PolitiTweet.org

Micah Lee 🫡 @micahflee

@femmetasm @subgraph Hah. Well, then it's game over for the Qubes user, of course. But it's hard to open untrusted… https://t.co/BctZ3WeDhA — PolitiTweet.org

Micah Lee 🫡 @micahflee

@kylerankin @mjg59 I actually think that wouldn't help with this attack -- you open-in-dvm for PDFs, but not for .desktops :) — PolitiTweet.org

Micah Lee 🫡 @micahflee

@mjg59 Totally. But even if you open it in a domain full of personal data, attacker still doesn't get data in other AppVMs, or dom0 — PolitiTweet.org

Micah Lee 🫡 @micahflee

@femmetasm @subgraph I'd love to! The problem is, "Qubes is flexible, so how much the attack succeeds depends on the user’s choices." — PolitiTweet.org

Micah Lee 🫡 @micahflee

@mjg59 You think? There isn't data on how people use Qubes, but I make temporary AppVMs for viewing docs, and use D… https://t.co/UOMWWIRh14 — PolitiTweet.org

Micah Lee 🫡 @micahflee

RT @ananavarro: Happy Passover. https://t.co/sMFgr7aPcR — PolitiTweet.org

Micah Lee 🫡 @micahflee

RT @matthew_d_green: End-to-end encryption doesn't help if one of the "ends" is your wife's iPad. (Also, ick.) https://t.co/yzxsVOraCI http… — PolitiTweet.org

Micah Lee 🫡 @micahflee

@bleidl That said, right-clicking on the doc and choosing "Open in DisposableVM", which is also normal Qubes behavior, thwarts the attack — PolitiTweet.org

Micah Lee 🫡 @micahflee

@bleidl This is the usability issue with Qubes: Managing AppVMs is just how you use the OS. It's not modified behav… https://t.co/nrizG3SZR3 — PolitiTweet.org