[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Fri, 9 Aug 2013, I wrote:
This is true, but for this to happen the trojan needs to already be sitting somewhere from where it can access your VM, so that would have to be on the host machine, or somewhere else on the local network. It also needs to find a way to make it to the VM and once there to interact with your network traffic. And all this within the five minutes you're using the system.
Note that is important here that you're connecting to a known service, of which you can assume it has not been compromised.* There's been some stuffin the news about an exploit in Firefox 17 being used to send the real email address of those browing with Tor to the FBI/NSA. This was done by compromising the site(s) they were visiting. Using a live CD, or VM with a basic snapshot, wouldn't have prevented it.
* if your bank's website is compromised, then they'll have to refund allmoney you'll lose as a consequence, so that's not a scenario you'll have to be overly worried about.
Martijn -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq