On Mon, Oct 26, 2020 at 04:04:30PM -0400, Chris Laprise wrote:
On 10/25/20 10:24 PM, 'J.M. Porup' via qubes-users wrote:
One morning last week, I launched a disposable Debian 10 template with my preset
defaults of no netvm and a blank page preset--but instead a default page of
"https://www.youtube.com/"; appeared. It only happened once, but it was enough.

So to clarify, you launched a dispVM with no networking, and a youtube page was loaded and rendered on screen?

That seems highly unlikely to be an accidental input or glitch.

No, he's saying the Firefox homepage in his Debian-10 template was changed from about:blank to youtube.com, leading the debian-10 template-based DispVM to launch Firefox with youtube.com as the default page.

Ergo someone compromised his Debian-10 template and changed the Firefox homepage... or, there was an error in the template configuration leading to him accidentally changing the hompeage in what sounds like a stressful situation.

J.M., assuming you are indeed correct about a major attack, most of the major Xen vulnerabilities that threaten a Qubes full compromise involve sys-net. Since Five Eyes may get advance notice of Xen holes, if your machine was indeed fully rooted it could be you were hit by the PCI vulnerability from a while back.

Due to precisely these kinds of issues, there is discussion for using the much-harder-to-exploit OpenBSD as an operating system for the sys-net VM:

You may want to give it a go (after buying a new laptop, of course).

Additionally, if a sys-net based attack is indeed a concern for your threat model, consider disabling wi-fi entirely and using an ethernet cable, wi-fi drivers are generally terrible.

Nevertheless if you are really up against serious Five Eyes type adversaries then it's unlikely you'll be able to keep *any* computer secure for long and should probably buy that cabin in the Rockies you always wanted...

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Reply via email to