[prev in list] [next in list] [prev in thread] [next in thread]
List: qubes-devel
Subject: Re: [qubes-devel] Re: Qubes Security Bulletin #23
From: VÃt_Å esták <groups-no-private-mail--contact-me-at--co
Date: 2015-12-22 20:36:41
Message-ID: 1d4376ee-0a60-4df8-9d7f-5475dc4853f7 () googlegroups ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Monday, December 21, 2015 at 6:56:42 PM UTC+1, Eric Shelton wrote:
>
> Both of the above comments seem to be saying: "if you do not have an
> IOMMU, you're already burned, because you are open to DMA attacks." I
> disagree with the situation being quite that binary, and it assumes a DMA
> attack is easy to come by. They are two distinct attack vectors.
OK, that's true. For targeted attacks by powerful-enough attackers, it does
not matter. For mass attacks or attack by not so powerful attacker, using
long time known DMA attacks (that are not patchable on some systems) would
be probably more economical than using an exploit known for short time and
likely to be patched very soon.
Regards,
VÃt Å esták 'v6ak'
--
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/1d4376ee-0a60-4df8-9d7f-5475dc4853f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Attachment #5 (text/html)]
<div dir="ltr"><br><br>On Monday, December 21, 2015 at 6:56:42 PM UTC+1, Eric Shelton \
wrote:<blockquote class="gmail_quote" style="margin: 0;margin-left: \
0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;">Both of the above comments seem \
to be saying: "if you do not have an IOMMU, you're already burned, because \
you are open to DMA attacks." I disagree with the situation being quite that \
binary, and it assumes a DMA attack is easy to come by. They are two distinct \
attack vectors.</blockquote><div><br>OK, that's true. For targeted attacks by \
powerful-enough attackers, it does not matter. For mass attacks or attack by not so \
powerful attacker, using long time known DMA attacks (that are not patchable on some \
systems) would be probably more economical than using an exploit known for short time \
and likely to be patched very soon.<br><br></div>Regards,<br>VÃt Å esták \
'v6ak'<br> </div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group.<br /> To unsubscribe from this group and stop \
receiving emails from it, send an email to <a \
href="mailto:qubes-devel+unsubscribe@googlegroups.com">qubes-devel+unsubscribe@googlegroups.com</a>.<br \
/> To post to this group, send email to <a \
href="mailto:qubes-devel@googlegroups.com">qubes-devel@googlegroups.com</a>.<br /> To \
view this discussion on the web visit <a \
href="https://groups.google.com/d/msgid/qubes-devel/1d4376ee-0a60-4df8-9d7f-5475dc4853 \
f7%40googlegroups.com?utm_medium=email&utm_source=footer">https://groups.google.com/d/ \
msgid/qubes-devel/1d4376ee-0a60-4df8-9d7f-5475dc4853f7%40googlegroups.com</a>.<br /> \
For more options, visit <a \
href="https://groups.google.com/d/optout">https://groups.google.com/d/optout</a>.<br \
/>
------=_Part_1024_276874979.1450816601887--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic