On 10/25/20 10:24 PM, 'J.M. Porup' via qubes-users wrote:
One morning last week, I launched a disposable Debian 10 template with my preset defaults of no netvm and a blank page preset--but instead a default page of "https://www.youtube.com/"; appeared. It only happened once, but it was enough.
So to clarify, you launched a dispVM with no networking, and a youtube page was loaded and rendered on screen?
That seems highly unlikely to be an accidental input or glitch.
Does this rise to the standard of journalist proof I'm accustomed to? Of course not. Would I risk my reputation by writing this email to the qubes-users list if I was not confident in my assessment? What do you think? So why am I writing this message? First, and most importantly, there is clearly a great Qubes 0-day floating around that needs to be found and squashed. But also, if Five Eyes are prepared to risk a Qubes 0-day on a clown, who would they *not* risk it on? There must be dozens, if not hundreds, of active Qubes implants out there right now.
Maybe there are other explanations, but you won't know for sure unless you saved the contents of your system in that state.
However, if you're looking for plausible explanations and attack vectors, you should look at side-channels first (I don't think exploiting a side-channel against Qubes would count as a 0-day).
-- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8135cadb-7a16-9a8a-51c4-494b929aed1c%40posteo.net.
