> > Do those VMs have access to the internet?
Yes they do. And, if you don't run sensitive processes on the main machine while the > VM is running and testing, then there is no sensitive data for any > malicious attack to gather. What about OS encryption keys related to LUKS ? And other things that are in memory, like Thunderbird obviously stores my Gmail username and password. To put your mind to rest, you will have to read the description of the > exploit, determine for yourself the conditions that allow it, and > prevent those conditions from occurring on your system. I am truing to learn as much as I can about the problem. On Fri, May 15, 2020 at 7:01 PM stan via users < users@lists.fedoraproject.org> wrote: > On Fri, 15 May 2020 17:29:31 +0530 > Sreyan Chakravarty <sreya...@gmail.com> wrote: > > > On 5/15/20 1:03 AM, stan via users wrote: > > > If you are the only user on your machine, you almost certainly don't > > > have to worry about this. > > That is good to hear. > > > The main threat of this attack was on cloud servers where many > > > different users are running under virtual machines. > > > > This is the problem. I do some CTF practice from Kali Linux and I > > also have a Windows 10 VM to try out various untrusted or malicious > > software. > > Do those VMs have access to the internet? If they don't, they can't > communicate their results even if they do perform the attack. When the > VM closes, they lose all their results. > > > > think for single use systems, Tom's response is the correct one, > > > but you can worry if you want. > > Yeah, but what about single user systems that run a fair number of > > VMs ? > > Well, unless you are the malicious attacker, they are still contained. > You have control of the VM. > > And, if you don't run sensitive processes on the main machine while the > VM is running and testing, then there is no sensitive data for any > malicious attack to gather. > > It can only gather data from a process running on the same core at the > same time. If your main system is idle while you are testing in the > virtual machine, there is nothing for it to gather. > > To put your mind to rest, you will have to read the description of the > exploit, determine for yourself the conditions that allow it, and > prevent those conditions from occurring on your system. The simplest > way is to do as I describe above, only run software that might be > malicious in a VM (or on the main OS) while you are not doing sensitive > operations on the main OS or on another VM on the same core; sensitive > will primarily be surfing the web where you enter passwords for access. > _______________________________________________ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > -- Regards, Sreyan Chakravarty
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
