Qubes. a Fedora-based OS that aims to improve desktop security through virtualised isolated environments, has released two fixes for “security problems” and its first statement confirming that it hasn’t been ordered by a government to install a backdoor.
Running a highly secure desktop OS that’s difficult to manage might not be everyone’s cup of tea, but in a world where there are reasons to fear government-ordered backdoors, such an OS could be useful.
Qubes OS was launched in 2012 by Polish security firm Invisible Things Lab, led by virtualisation buff Joanna Rutkowska, offering users a way to run applications inside separate Xen-based virtualised “security domains”. In practice, that means, for example, running different instances (VMs) of the same browser for personal, work and banking security domains.
While the design allows users to run activities which have different risk profiles in a different domain, in the name of usability, Qubes lets users copy and paste data from one domain to another.
Security researcher Jann Horn recently found that this process, handled in Qubes’ clipboard feature — which lets users move data between “AppVMs” — is vulnerable to timing attacks that could allow an attacker to surreptitiously inject false contents in the clipboard or steal data that has been pasted to the clipboard.
Read More: Link