On Mon, Oct 26, 2020 at 04:04:30PM -0400, Chris Laprise wrote:
On 10/25/20 10:24 PM, 'J.M. Porup' via qubes-users wrote:
One morning last week, I launched a disposable Debian 10 template with my preset
defaults of no netvm and a blank page preset--but instead a default page of
"https://www.youtube.com/"; appeared. It only happened once, but it was enough.
So to clarify, you launched a dispVM with no networking, and a youtube
page was loaded and rendered on screen?
That seems highly unlikely to be an accidental input or glitch.
No, he's saying the Firefox homepage in his Debian-10 template was
changed from about:blank to youtube.com, leading the debian-10
template-based DispVM to launch Firefox with youtube.com as the default
page.
Ergo someone compromised his Debian-10 template and changed the Firefox
homepage... or, there was an error in the template configuration leading
to him accidentally changing the hompeage in what sounds like a
stressful situation.
J.M., assuming you are indeed correct about a major attack, most of the
major Xen vulnerabilities that threaten a Qubes full compromise involve
sys-net. Since Five Eyes may get advance notice of Xen holes, if your
machine was indeed fully rooted it could be you were hit by the PCI
vulnerability from a while back.
Due to precisely these kinds of issues, there is discussion for using
the much-harder-to-exploit OpenBSD as an operating system for the
sys-net VM:
https://github.com/QubesOS/qubes-issues/issues/5294
You may want to give it a go (after buying a new laptop, of course).
Additionally, if a sys-net based attack is indeed a concern for your
threat model, consider disabling wi-fi entirely and using an ethernet
cable, wi-fi drivers are generally terrible.
Nevertheless if you are really up against serious Five Eyes type
adversaries then it's unlikely you'll be able to keep *any* computer
secure for long and should probably buy that cabin in the Rockies you
always wanted...
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20201105222013.GA1107%40danwin1210.me.
