Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-07-25 07:35:32 -04:00
Code Issues Projects Releases Packages Wiki Activity

improve install instructions

Browse source
This commit is contained in:
anarsec 2024-04-11 16:31:59 +00:00
parent 9a06111d64
commit 4abe74a188
No known key found for this signature in database
12 changed files with 24 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

6
content/posts/qubes/index.md
View file

@ -75,9 +75,7 @@ Qubes OS includes Whonix by default (Qubes-Whonix) for when you want to force al
>
>Whonix virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device. By design, Tails is meant to completely reset itself after each reboot. Encrypted persistent storage can be configured to store some data between reboots.
If an adversary hacks your Tails system to get [initial access](https://attack.mitre.org/tactics/TA0001/), such as through [phishing](/posts/tails-best/#phishing-awareness), they need to achieve [privilege escalation](https://attack.mitre.org/tactics/TA0004/) in order to bypass Tor. The [most recent Tails audit](https://tails.net/news/audit_by_ROS/index.en.html) found several privilege escalation bugs.
If an adversary hacks your Qubes-Whonix system to get [initial access](https://attack.mitre.org/tactics/TA0001/), they need to achieve [lateral movement](https://attack.mitre.org/tactics/TA0008/) to the Whonix Gateway, and then achieve privilege escalation from there in order to bypass Tor.
For more information on how Whonix compares to Tails against different types of deanonymization attacks, see the [Whonix documentation](https://www.whonix.org/wiki/Comparison_with_Others#Circumventing_Proxy_Obedience_Design).
In order to recover data from a Qubes OS system when it is turned off, an adversary would still need to successfully [bypass](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html) the [Full Disk Encryption](/glossary#full-disk-encryption-fde) (e.g. by seizing the computer when it is turned on, or cracking a weak password). In order to recover data from a Tails system when it is turned off, **the situation is the same if any data is saved to Persistent Storage or an encrypted USB** - this saved data is no longer protected by anti-forensic features but by Full Disk Encryption.
@ -339,7 +337,7 @@ Occasionally, a new version of the Tor Browser will be available before it can b
Manage passwords by using KeePassXC from the `vault` App qube. If you are not familiar with KeePassXC, you can learn about it in [Tails for Anarchists](/posts/tails/#password-manager-keepassxc). This approach requires you to memorize three passwords:
1. [LUKS](/glossary/#luks) password (first boot password)
2. User password (second boot password, which is much less important than LUKS)
2. User password (second boot password, which is [much less important than LUKS](https://forum.qubes-os.org/t/recommended-length-of-linux-user-account-password/19337/3))
3. KeePassXC password
Shutdown Qubes OS whenever you are away from the computer for more than a few minutes. For advice on password quality, see [Tails Best Practices](/posts/tails-best/#passwords).