I really wish macOS implemented something like @QubesOS' usbvm(s) at some point...
/cc @radian @XenoKovahhttps://twitter.com/_MG_/status/949684949614907395 …
-
-
1:02Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
would that actually help? wouldn't a netvm still be able to trigger this kind of attack surface in connected VMs?
-
Even if -- I'd rather have my netvm exploiting a bunch of connected VMs, while still preserving those which are non-connected, or connected to other netvms (not to mention dom0/GUI), than having my whose system being pwnd/crashed. Don't you agree?
-
well - yeah, but that's only really useful if the user actually separates their data into multiple VMs already
-
I agree it's tricky to make full use of netvms, while preserving seamless UX.
-
But then again, if you're Apple you don't need to run full VMs -- rather you could containerize just parts of the stacks into VT containers, so no replication of attack vectors downstream.
-
i.e. in the "VM" connected to your "netvm" you don't need to replicate the whole low-level networking stack which you have in your world-facing "netvm" (like 802.11, lower parts of TCP/IP).
End of conversation
New conversation -
-
-
Netvm would not prevent attack to reach other network-connected VMs as those runs the same kernel.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
They hired Rafal so maybe .... :-)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Regarding the T2 chip, I get an Intel ME feeling from it. Also, why only disconnect when lid is closed?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.