On Mon, Oct 26, 2020 at 04:04:30PM -0400, Chris Laprise wrote:
On 10/25/20 10:24 PM, 'J.M. Porup' via qubes-users wrote:
One morning last week, I launched a disposable Debian 10 template with my preset
defaults of no netvm and a blank page preset--but instead a default page of
"https://www.youtube.com/" appeared. It only happened once, but it was enough.
So to clarify, you launched a dispVM with no networking, and a youtube
page was loaded and rendered on screen?
That seems highly unlikely to be an accidental input or glitch.
No, he's saying the Firefox homepage in his Debian-10 template was
changed from about:blank to youtube.com, leading the debian-10
template-based DispVM to launch Firefox with youtube.com as the default
Ergo someone compromised his Debian-10 template and changed the Firefox
homepage... or, there was an error in the template configuration leading
to him accidentally changing the hompeage in what sounds like a
J.M., assuming you are indeed correct about a major attack, most of the
major Xen vulnerabilities that threaten a Qubes full compromise involve
sys-net. Since Five Eyes may get advance notice of Xen holes, if your
machine was indeed fully rooted it could be you were hit by the PCI
vulnerability from a while back.
Due to precisely these kinds of issues, there is discussion for using
the much-harder-to-exploit OpenBSD as an operating system for the
You may want to give it a go (after buying a new laptop, of course).
Additionally, if a sys-net based attack is indeed a concern for your
threat model, consider disabling wi-fi entirely and using an ethernet
cable, wi-fi drivers are generally terrible.
Nevertheless if you are really up against serious Five Eyes type
adversaries then it's unlikely you'll be able to keep *any* computer
secure for long and should probably buy that cabin in the Rockies you
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To view this discussion on the web visit