networking and qubes-convert-pdf
57 views
Skip to first unread message
Andrew Clausen
Sep 28, 2015, 12:43:12 PM9/28/15
to qubes-devel
Hi all,
I have two related questions:
(1) Would it be possible for qubes-convert-pdf to use a Disposable VM
in which networking is disabled? This is quite important for
protecting anonymity. I quote from the Tor web page:
"Don't open documents downloaded through Tor while online
... You should be very careful when downloading documents via Tor
(especially DOC and PDF files) as these documents can contain Internet
resources that will be downloaded outside of Tor by the application
that opens them. This will reveal your non-Tor IP address. If you must
work with DOC and/or PDF files, we strongly recommend ... downloading
the free VirtualBox and using it with a virtual machine image with
networking disabled"
I am happy to elaborate on the rationale if it is unclear.
(2) In order to implement (1), is there any easy way to create a
Disposable VM in which networking has been disabled? (i.e. 1-line
command?) If not, can we please make this easy?
Thanks,
Andrew
I have two related questions:
(1) Would it be possible for qubes-convert-pdf to use a Disposable VM
in which networking is disabled? This is quite important for
protecting anonymity. I quote from the Tor web page:
"Don't open documents downloaded through Tor while online
... You should be very careful when downloading documents via Tor
(especially DOC and PDF files) as these documents can contain Internet
resources that will be downloaded outside of Tor by the application
that opens them. This will reveal your non-Tor IP address. If you must
work with DOC and/or PDF files, we strongly recommend ... downloading
the free VirtualBox and using it with a virtual machine image with
networking disabled"
I am happy to elaborate on the rationale if it is unclear.
(2) In order to implement (1), is there any easy way to create a
Disposable VM in which networking has been disabled? (i.e. 1-line
command?) If not, can we please make this easy?
Thanks,
Andrew
Marek Marczykowski-Górecki
Sep 28, 2015, 1:16:25 PM9/28/15
to Andrew Clausen, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Generally (in R3.0) DispVM inherit connected network from the calling
VM. If the calling VM is connected through Tor, the DispVM will also use
it. If the calling VM is network-isolated, same for DispVM. This doesn't
fully solve the problem, but at least will not disclose your IP when
you're using Tor.
It isn't easy to _create_ a single network-isolated DispVM. Generally
it's part of this task:
https://github.com/QubesOS/qubes-issues/issues/866
But once the DispVM is started, it may be _changed_ to be
network-isolated. At least using those methods:
1. From dom0, by calling qvm-prefs -s dispX netvm none (not really
practical here)
2. From the VM itself by shutting down the interface (sudo ip link set eth0
down) - this is reversible change
3. From the VM itself by manually removing the interface from xenstore
(sudo ip link set eth0 down; xenstore-rm device/vif/0) - not reversible, hacky
Adding #2 or #3 to qvm-convert-pdf (before parsing any PDF data, of
course) should be trivial.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJWCXXhAAoJENuP0xzK19csT74H/RBDVXlGwsOan57As44GI3ho
/HGR/72cjJMYs4eB1rRZg3EmovG2mxZysc8i/F2XrPf3pc8vLVnlkR522hGXpH54
pTLJvZLW37bOpq8EenHZ/4WBqqpC3UlB8xhmOHEYz9OMYdD0opdvCnaHmMUbHQV9
ELUeFgx9UaT8i8TJfV7NhjXzATjSfli/DN64Qgub0mx3zpwJfFzSrDqBl/Pxyt1y
dgbUBaSQ/ZOggxLqPy4MWAvQPMKwTsJoGDuAX2JaijX+CWvEW+Dk4vdCIS6eY5Dj
FFmpaztoDJo+Wl5IToTSTL2mkLOGBolVRcLHGPntMCEsUVAOV/v7f2cowsqgzwI=
=/0/O
-----END PGP SIGNATURE-----
Hash: SHA256
VM. If the calling VM is connected through Tor, the DispVM will also use
it. If the calling VM is network-isolated, same for DispVM. This doesn't
fully solve the problem, but at least will not disclose your IP when
you're using Tor.
It isn't easy to _create_ a single network-isolated DispVM. Generally
it's part of this task:
https://github.com/QubesOS/qubes-issues/issues/866
But once the DispVM is started, it may be _changed_ to be
network-isolated. At least using those methods:
1. From dom0, by calling qvm-prefs -s dispX netvm none (not really
practical here)
2. From the VM itself by shutting down the interface (sudo ip link set eth0
down) - this is reversible change
3. From the VM itself by manually removing the interface from xenstore
(sudo ip link set eth0 down; xenstore-rm device/vif/0) - not reversible, hacky
Adding #2 or #3 to qvm-convert-pdf (before parsing any PDF data, of
course) should be trivial.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJWCXXhAAoJENuP0xzK19csT74H/RBDVXlGwsOan57As44GI3ho
/HGR/72cjJMYs4eB1rRZg3EmovG2mxZysc8i/F2XrPf3pc8vLVnlkR522hGXpH54
pTLJvZLW37bOpq8EenHZ/4WBqqpC3UlB8xhmOHEYz9OMYdD0opdvCnaHmMUbHQV9
ELUeFgx9UaT8i8TJfV7NhjXzATjSfli/DN64Qgub0mx3zpwJfFzSrDqBl/Pxyt1y
dgbUBaSQ/ZOggxLqPy4MWAvQPMKwTsJoGDuAX2JaijX+CWvEW+Dk4vdCIS6eY5Dj
FFmpaztoDJo+Wl5IToTSTL2mkLOGBolVRcLHGPntMCEsUVAOV/v7f2cowsqgzwI=
=/0/O
-----END PGP SIGNATURE-----
Joanna Rutkowska
Sep 30, 2015, 2:22:13 AM9/30/15
to Marek Marczykowski-Górecki, Andrew Clausen, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Sep 28, 2015 at 07:16:17PM +0200, Marek Marczykowski wrote:
> On Mon, Sep 28, 2015 at 05:43:09PM +0100, Andrew Clausen wrote:
> > Hi all,
> >
> > I have two related questions:
> >
> > (1) Would it be possible for qubes-convert-pdf to use a Disposable VM
> > in which networking is disabled? This is quite important for
> > protecting anonymity. I quote from the Tor web page:
> >
> > "Don't open documents downloaded through Tor while online
> >
> > ... You should be very careful when downloading documents via Tor
> > (especially DOC and PDF files) as these documents can contain Internet
> > resources that will be downloaded outside of Tor by the application
> > that opens them. This will reveal your non-Tor IP address. If you must
> > work with DOC and/or PDF files, we strongly recommend ... downloading
> > the free VirtualBox and using it with a virtual machine image with
> > networking disabled"
> >
> > I am happy to elaborate on the rationale if it is unclear.
> >
> > (2) In order to implement (1), is there any easy way to create a
> > Disposable VM in which networking has been disabled? (i.e. 1-line
> > command?) If not, can we please make this easy?
>
IIUC, on Qubes OS you don't need to be so concerned about not opening
Tor-downloaded files in a (Disp)VM with networking, because on Qubes OS, thanks
to its networking architecture, all the connections can be forced through Tor
even if the file you're opening is malicious and just managed to exploit the
app.
joanna.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJWC39rAAoJEDOT2L8N3GcYIF4P/jfm/BuRWjXh5QVFDUUiawde
w19CzS7mSltzeZ8eL3i1xUsQCjUOdlDrdgsBIY8SgWMp6BFaL/O3pKD2IXJJeQ90
Z4NBlb7vcmynS2licy9fK3N/Gk0AcqtSSmH5EbJ10tz4aSVRJPuzttuEMLZXWGLG
Pg6xEAXaXRnZofY4g2c5XJpcSilTMsSIaZa0XzKIgYp/wNkRwafZDoDGWxnpj7dy
Gm5/HPUFnyvytqj85By0WUDTC3ZUD2Nad4USfrqFTKtLVZyaq+yHAH1Qv7ToIYQa
Q757oHEetUCbjTb7ISfY1NVFzYNwip8n1yTWpxp1b/wvimuPI9sN5kyuqcjEgLpp
ab7WrhNJS9vhiYRGC17ijfdd3cJrAt2i9vCfFgo2Z28wjNiKNh2+HUNoDHS1T/GL
MVujwpaKw4vPeIzWm6ZoLXc4RxZJKZ4dGWyJKgAQsqF5TmSuYd59D1yUvnJU1IYm
sulEGdvhPrU73wzzP0mRBsBnioNsnUDz/Nqzmea3fGUBQkTkp1uTGwFxW/HLWAum
wJZsuPq79nWbI+zzhZ5p2rrOBfb9HiNb2++HYn+VTVvOU3m1lZQnsnyB6C61eaRW
2Nuxp+lx293ZYanQxKux/YLGwybwmkgqYiseAJeHSaUy3mMaSo0D70Nt53wx+WBR
l2+RWAsYeFOq3umZCNpJ
=bW9M
-----END PGP SIGNATURE-----
Hash: SHA1
On Mon, Sep 28, 2015 at 07:16:17PM +0200, Marek Marczykowski wrote:
> On Mon, Sep 28, 2015 at 05:43:09PM +0100, Andrew Clausen wrote:
> > Hi all,
> >
> > I have two related questions:
> >
> > (1) Would it be possible for qubes-convert-pdf to use a Disposable VM
> > in which networking is disabled? This is quite important for
> > protecting anonymity. I quote from the Tor web page:
> >
> > "Don't open documents downloaded through Tor while online
> >
> > ... You should be very careful when downloading documents via Tor
> > (especially DOC and PDF files) as these documents can contain Internet
> > resources that will be downloaded outside of Tor by the application
> > that opens them. This will reveal your non-Tor IP address. If you must
> > work with DOC and/or PDF files, we strongly recommend ... downloading
> > the free VirtualBox and using it with a virtual machine image with
> > networking disabled"
> >
> > I am happy to elaborate on the rationale if it is unclear.
> >
> > (2) In order to implement (1), is there any easy way to create a
> > Disposable VM in which networking has been disabled? (i.e. 1-line
> > command?) If not, can we please make this easy?
>
Tor-downloaded files in a (Disp)VM with networking, because on Qubes OS, thanks
to its networking architecture, all the connections can be forced through Tor
even if the file you're opening is malicious and just managed to exploit the
app.
joanna.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJWC39rAAoJEDOT2L8N3GcYIF4P/jfm/BuRWjXh5QVFDUUiawde
w19CzS7mSltzeZ8eL3i1xUsQCjUOdlDrdgsBIY8SgWMp6BFaL/O3pKD2IXJJeQ90
Z4NBlb7vcmynS2licy9fK3N/Gk0AcqtSSmH5EbJ10tz4aSVRJPuzttuEMLZXWGLG
Pg6xEAXaXRnZofY4g2c5XJpcSilTMsSIaZa0XzKIgYp/wNkRwafZDoDGWxnpj7dy
Gm5/HPUFnyvytqj85By0WUDTC3ZUD2Nad4USfrqFTKtLVZyaq+yHAH1Qv7ToIYQa
Q757oHEetUCbjTb7ISfY1NVFzYNwip8n1yTWpxp1b/wvimuPI9sN5kyuqcjEgLpp
ab7WrhNJS9vhiYRGC17ijfdd3cJrAt2i9vCfFgo2Z28wjNiKNh2+HUNoDHS1T/GL
MVujwpaKw4vPeIzWm6ZoLXc4RxZJKZ4dGWyJKgAQsqF5TmSuYd59D1yUvnJU1IYm
sulEGdvhPrU73wzzP0mRBsBnioNsnUDz/Nqzmea3fGUBQkTkp1uTGwFxW/HLWAum
wJZsuPq79nWbI+zzhZ5p2rrOBfb9HiNb2++HYn+VTVvOU3m1lZQnsnyB6C61eaRW
2Nuxp+lx293ZYanQxKux/YLGwybwmkgqYiseAJeHSaUy3mMaSo0D70Nt53wx+WBR
l2+RWAsYeFOq3umZCNpJ
=bW9M
-----END PGP SIGNATURE-----
Marek Marczykowski-Górecki
Sep 30, 2015, 3:36:09 AM9/30/15
to Joanna Rutkowska, Andrew Clausen, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
But you may want to not announce to the world (or at least the file creator)
that the file was opened at all - even if it doesn't reveal your
location.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJWC5DjAAoJENuP0xzK19cs3bIH/1UUUt2kCAu7JQXrOj/H5kdD
AKrjn1pIR5IWSW0jSjBwDnrQw24bDzauTg6O2OJg5dUV6JFCYR6yQhi6MHHGgWJj
OAsCOU0Mt1TNiUuByheoAED+/UQo9ad38RRFeOwCpB7cWseSIJm3Nohwpie71xLp
xXb7T2ZgJCwcBbWQGEgEL1MYpkKoMS+pkP/6NuhDM70Gk/fnUlow9Ow4zreZPf8s
nyb0ARD+7TuQSOREYOvRiDUFeSgzhN/9gZM+iGSkTUVTbNFB/l2AmLpo3XyCyK1u
uyGxXJjm7IHoJHg8fkxR7gECwzxlG34CrzVpuY2aRIDctENeCCOo/lNDV0cIfA4=
=ko8n
-----END PGP SIGNATURE-----
Hash: SHA256
that the file was opened at all - even if it doesn't reveal your
location.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
AKrjn1pIR5IWSW0jSjBwDnrQw24bDzauTg6O2OJg5dUV6JFCYR6yQhi6MHHGgWJj
OAsCOU0Mt1TNiUuByheoAED+/UQo9ad38RRFeOwCpB7cWseSIJm3Nohwpie71xLp
xXb7T2ZgJCwcBbWQGEgEL1MYpkKoMS+pkP/6NuhDM70Gk/fnUlow9Ow4zreZPf8s
nyb0ARD+7TuQSOREYOvRiDUFeSgzhN/9gZM+iGSkTUVTbNFB/l2AmLpo3XyCyK1u
uyGxXJjm7IHoJHg8fkxR7gECwzxlG34CrzVpuY2aRIDctENeCCOo/lNDV0cIfA4=
=ko8n
-----END PGP SIGNATURE-----
Joanna Rutkowska
Sep 30, 2015, 3:46:15 AM9/30/15
to Marek Marczykowski-Górecki, Andrew Clausen, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I would argue that's a different threat model, which I'm not sure I full buy
into. If you just downloaded the file, that means you just announced "to the
world" (or at least some server(s)) that... you just downloaded it. Not sure why
would it make much of a difference whether you actually opened it later, or not?
j.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJWC5MaAAoJEDOT2L8N3GcYCHQP/A+2cS53DSh8/swS/9P6DfXM
3VH/iuH05gNgjwtoSYsOD50cyDjJY+3BctbwQ8ljMNJjZ9rBit1BabLi/L0akDK+
GOWF1nnRS/MOL5H4UtKwtZF+XZq89NBMPiG+WSfBV+xH40eJrQCgG1xSxfYcYtOr
FeA9PDSRa3KsBK5eevwvuravkkCu8AyWdP8Xzt3RTPYj1cpZ0nDNZrEvhNgIwaFR
DSm/sg9XQwIgg1OmRwk7HBzRIRu+UM9rQ/dkFuUT7H9suWFn+gtVPL72bsHnnum2
zO+Cti7RebT7TYizBA7B7QywtG/8LblKcsSjSWKnMC27UNEk/AMdbg7lvqzr+tIb
79+QGzRA352BZsPhFPkBg3mpo/YpZ4YJBmquBDYnMEA0TNjnP4hpTbN2Y4wmY6+m
KijSpksvAi4kbDOq9micqamxuxjiOSN/dCtv+6ag/MO18WJ+EIobSmiPwE/eSwtl
DukN28IqF3I64ahoF8r4ctWT240rHIgGu7pAEQappLfhNqm2b9eMFkJ31I93ftOA
bdQHrWxTkiw3yJGqN1yqwrSZB0NPDGTTSB2Hl7REHn28WQPNGh0xj9B7p8HUkQ3I
VrsWgdUaDa2aeOZ+iodkGnNvh6rufdgEPFTyNWddKDvncy36e4BZs7eXmZ1WrY+P
Uz1zOi47XwvR2sWhX6Rg
=YNOn
-----END PGP SIGNATURE-----
Hash: SHA1
into. If you just downloaded the file, that means you just announced "to the
world" (or at least some server(s)) that... you just downloaded it. Not sure why
would it make much of a difference whether you actually opened it later, or not?
j.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJWC5MaAAoJEDOT2L8N3GcYCHQP/A+2cS53DSh8/swS/9P6DfXM
3VH/iuH05gNgjwtoSYsOD50cyDjJY+3BctbwQ8ljMNJjZ9rBit1BabLi/L0akDK+
GOWF1nnRS/MOL5H4UtKwtZF+XZq89NBMPiG+WSfBV+xH40eJrQCgG1xSxfYcYtOr
FeA9PDSRa3KsBK5eevwvuravkkCu8AyWdP8Xzt3RTPYj1cpZ0nDNZrEvhNgIwaFR
DSm/sg9XQwIgg1OmRwk7HBzRIRu+UM9rQ/dkFuUT7H9suWFn+gtVPL72bsHnnum2
zO+Cti7RebT7TYizBA7B7QywtG/8LblKcsSjSWKnMC27UNEk/AMdbg7lvqzr+tIb
79+QGzRA352BZsPhFPkBg3mpo/YpZ4YJBmquBDYnMEA0TNjnP4hpTbN2Y4wmY6+m
KijSpksvAi4kbDOq9micqamxuxjiOSN/dCtv+6ag/MO18WJ+EIobSmiPwE/eSwtl
DukN28IqF3I64ahoF8r4ctWT240rHIgGu7pAEQappLfhNqm2b9eMFkJ31I93ftOA
bdQHrWxTkiw3yJGqN1yqwrSZB0NPDGTTSB2Hl7REHn28WQPNGh0xj9B7p8HUkQ3I
VrsWgdUaDa2aeOZ+iodkGnNvh6rufdgEPFTyNWddKDvncy36e4BZs7eXmZ1WrY+P
Uz1zOi47XwvR2sWhX6Rg
=YNOn
-----END PGP SIGNATURE-----
Andrew Clausen
Sep 30, 2015, 4:33:03 AM9/30/15
to Joanna Rutkowska, Marek Marczykowski-Górecki, Andrew Clausen, qubes-devel
Hi Joanna,
On 30 September 2015 at 07:21, Joanna Rutkowska
only if they are using a TorVM. (This is a good reason to encourage
the TorVM, in fact.)
However, there are other situations where this might be important.
For example, journalists often receive documents via USB stick.
On reflection, I think the best advice to users would be: only ever
use qvm-convert-pdf from a (client) VM without any networking. If you
have networking in a VM, then you probably shouldn't trust that VM
very much.
Kind regards,
Andrew
On 30 September 2015 at 07:21, Joanna Rutkowska
<joa...@invisiblethingslab.com> wrote:
> IIUC, on Qubes OS you don't need to be so concerned about not opening
> Tor-downloaded files in a (Disp)VM with networking, because on Qubes OS, thanks
> to its networking architecture, all the connections can be forced through Tor
> even if the file you're opening is malicious and just managed to exploit the
> app.
Yes, I agree that this is a significant mitigation for Tor users, but
> IIUC, on Qubes OS you don't need to be so concerned about not opening
> Tor-downloaded files in a (Disp)VM with networking, because on Qubes OS, thanks
> to its networking architecture, all the connections can be forced through Tor
> even if the file you're opening is malicious and just managed to exploit the
> app.
only if they are using a TorVM. (This is a good reason to encourage
the TorVM, in fact.)
However, there are other situations where this might be important.
For example, journalists often receive documents via USB stick.
On reflection, I think the best advice to users would be: only ever
use qvm-convert-pdf from a (client) VM without any networking. If you
have networking in a VM, then you probably shouldn't trust that VM
very much.
Kind regards,
Andrew
Joanna Rutkowska
Sep 30, 2015, 4:41:57 AM9/30/15
to Andrew Clausen, Marek Marczykowski-Górecki, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hash: SHA1
mounting the volume from such an USB stick, is not network-connected. Then,
depending on your needs, just use "Open in DispVM", or "Convert to trusted PDF"
from within this network-disconnect VM. This should ensure the DispVM started
for these actions also to be offline.
Note, BTW, that I wrote: "VM where you're mounting the volume", rather than:
"VM which has USB controller assigned", as these could be two different VMs.
This especially makes sense when you use encryption for the USB stick's volume (or fs) and
terminate it in another VM (more trusted, because not needing to deal with all the
USB subsystems, drivers).
joanna.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJWC6AsAAoJEDOT2L8N3GcYXXAP/2FkfkC+LmYnnLQlp6wDc2v4
74wmnpnvROcBGq+r3pmIYSlvDIcurDN1ePSkwxP2GMIo2buKcAJijDZTq4VQLeMw
80xhuDgsaYYTcjHOVx6E2LjyEsB6pKlHPiTuQYXtYrGOvxufI3BUeW9nSHlvwyKD
cH0SMI52NpxWmlh70VP4/pI71Wl6eLv0pDfPlar/ni1WOFxwEwBCZyQKzneVRRJc
p43FzWbJm9nes8RP8hI0IOxBs1hWnScoSVzg978SGDSL5Q5W4j2FZd7A2qjK/D7Q
qW4NFflccy6ZhAgkMg4uyUAI6TL1JAsmzO2QHVtAcuu4BolvM7MSvxzWcPbCHQIP
k9I/jCAz7x7Bp5j16/n4fOyQmNwsfemGxO+4xQlnzW+h0+bIPXsR9pAMEe3ChB3y
mqHuj5U2/D9VHFDR3/gAOr3oJK5001zR14lSyyI7N3Fxetoogq1kCSGYTldv5BEJ
RhknEBflszcNlfwAu8pOq9p6qeYL3/MEWMZ6EoaiZdOyHusiIrl3rxQ4ue447vZk
3nRpvIuKOf5fr1bwmzP5j6KalqZ2M5I7Z7mm1MpKa7kY3LAlLLXUs7rJPUow8oan
hH0/H6f7hK0tV1ToOjHfIozBZEljcXjDEvEAIIfDKluAI7HhCtsSCRZvFMpquKJ9
Avefcr+shHeISPJi3huS
=DOoj
-----END PGP SIGNATURE-----
Marek Marczykowski-Górecki
Sep 30, 2015, 5:27:57 AM9/30/15
to Joanna Rutkowska, Andrew Clausen, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Because the document may be "personalized" - for example sent using
email and then attacker can observe _when_ the document would be opened.
But yes, much smaller problem.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJWC6sYAAoJENuP0xzK19cs4gUH/2N6L26kO0w3Tg6pHFakJu+4
VryCKguE7aV5QgXjbaTQYzX61tfl46oQlKdy++YcAIXkDh4umr6wKJcxYoZ9brZk
T0ZCN6geGCIrMoDRXJuSJgGhe0EwbC+fvZpBq4PSyOKJzs8Skwa9shpjE8ui/dTG
E7TNbMnU4r9mjP4YXBK7JQVDXSvjBZ4se2AXzKpncWxqEQGYiF00XHi8jsUotcc+
eQveVyBxUWNeakK5dYW2lI2cxA8Thx4gSG+We2Lx5ODjziATVq2cUD0vAi9MijJ+
yz7QbRtvZnZ0MFL1eAmaD45wbsmxq2EI+tgOpYbeLK8rCRq+6Xk1vpb9G9wNaWA=
=qjw2
-----END PGP SIGNATURE-----
Hash: SHA256
email and then attacker can observe _when_ the document would be opened.
But yes, much smaller problem.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
VryCKguE7aV5QgXjbaTQYzX61tfl46oQlKdy++YcAIXkDh4umr6wKJcxYoZ9brZk
T0ZCN6geGCIrMoDRXJuSJgGhe0EwbC+fvZpBq4PSyOKJzs8Skwa9shpjE8ui/dTG
E7TNbMnU4r9mjP4YXBK7JQVDXSvjBZ4se2AXzKpncWxqEQGYiF00XHi8jsUotcc+
eQveVyBxUWNeakK5dYW2lI2cxA8Thx4gSG+We2Lx5ODjziATVq2cUD0vAi9MijJ+
yz7QbRtvZnZ0MFL1eAmaD45wbsmxq2EI+tgOpYbeLK8rCRq+6Xk1vpb9G9wNaWA=
=qjw2
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages