On this page[1] there's the text "ls -lat" which if you copy then paste in your
terminal, you're actually pasting this whole thing instead:
ls ; clear; echo 'Haha! You gave me access to your computer with sudo!'; echo
-ne 'h4cking ## (10%)\r'; sleep 0.3; echo -ne 'h4cking ### (20%)\r'; sleep 0.3;
echo -ne 'h4cking ##### (33%)\r'; sleep 0.3; echo -ne 'h4cking #######
(40%)\r'; sleep 0.3; echo -ne 'h4cking ########## (50%)\r'; sleep 0.3; echo -ne
'h4cking ############# (66%)\r'; sleep 0.3; echo -ne 'h4cking
##################### (99%)\r'; sleep 0.3; echo -ne 'h4cking
####################### (100%)\r'; echo -ne '\n'; echo 'Hacking complete.';
echo 'Use GUI interface using visual basic to track my IP'
ls -lat
I guess one mitigation would be setting a sudo password, even in VMs?.
Qubes has no password for sudo by default.
What else can be done? Thoughts?
If using uMatrix, uBlock Origin and NoScript, all with blocking all by default, the page
only requires allowing (2 pieces of) CSS from www.blogger.com for this to be completely
hidden: ie. you think you copied "ls -lat", but assuming you don't Ctrl+Shift+C
it too AND look at the size of the copied text in the notification(575 bytes instead of
7), you won't notice anything abnormal, until pasted in the terminal.
If not allowing even the CSS, then there's something visible on the left when "ls
-lat" is selected(actually when the space in-between is selected) which gives it
away. I attached the 3 pictures for this case.
(Not attaching screenshot for when allowing (only) CSS from www.blogger.com
because it's obvious that it looks normal and you can't see the hidden text.)
[1]
https://lifepluslinux.blogspot.com/2017/01/look-before-you-paste-from-website-to.html
Well, one mitigation (albeit rather annoying one) would be to type the visible
command manually instead of copying and pasting it into the terminal
If you use the "qubes hardening" ideas develloped by Chris (here on the
list), you should still be reasonably protected, even when you are
"caught" like this. See
https://github.com/tasket/Qubes-VM-hardening/issues/2 Additionally, to
my point of view you should use a "browser-VM" that is used for nothing
else than (unsafe) browsing, separated from an online-banking-vm with
limited internet acces (via firewall rules). etc. Bernhard
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/68227ec7-89fa-5782-63eb-9513bd60dd7f%40web.de.
For more options, visit https://groups.google.com/d/optout.
