I would make a full forensic image and then start investigating. Otherwise 
the evidence is very fragile.

On Friday, November 6, 2020 at 12:20:32 AM UTC+2 tetra...@danwin1210.me 
wrote:

> On Mon, Oct 26, 2020 at 04:04:30PM -0400, Chris Laprise wrote:
> >On 10/25/20 10:24 PM, 'J.M. Porup' via qubes-users wrote:
> >>One morning last week, I launched a disposable Debian 10 template with 
> my preset
> >>defaults of no netvm and a blank page preset--but instead a default page 
> of
> >>"https://www.youtube.com/"; appeared. It only happened once, but it was 
> enough.
> >
> >So to clarify, you launched a dispVM with no networking, and a youtube 
> >page was loaded and rendered on screen?
> >
> >That seems highly unlikely to be an accidental input or glitch.
>
> No, he's saying the Firefox homepage in his Debian-10 template was 
> changed from about:blank to youtube.com, leading the debian-10 
> template-based DispVM to launch Firefox with youtube.com as the default 
> page.
>
> Ergo someone compromised his Debian-10 template and changed the Firefox 
> homepage... or, there was an error in the template configuration leading 
> to him accidentally changing the hompeage in what sounds like a 
> stressful situation.
>
> J.M., assuming you are indeed correct about a major attack, most of the 
> major Xen vulnerabilities that threaten a Qubes full compromise involve 
> sys-net. Since Five Eyes may get advance notice of Xen holes, if your 
> machine was indeed fully rooted it could be you were hit by the PCI 
> vulnerability from a while back.
>
> Due to precisely these kinds of issues, there is discussion for using 
> the much-harder-to-exploit OpenBSD as an operating system for the 
> sys-net VM:
> https://github.com/QubesOS/qubes-issues/issues/5294
>
> You may want to give it a go (after buying a new laptop, of course).
>
> Additionally, if a sys-net based attack is indeed a concern for your 
> threat model, consider disabling wi-fi entirely and using an ethernet 
> cable, wi-fi drivers are generally terrible.
>
> Nevertheless if you are really up against serious Five Eyes type 
> adversaries then it's unlikely you'll be able to keep *any* computer 
> secure for long and should probably buy that cabin in the Rockies you 
> always wanted...
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b70d4e94-7e63-4da1-819c-c72cf2a085e7n%40googlegroups.com.

Reply via email to