Resetting hardware state after nation state level attack

Emily · March 8, 2023, 5:09pm

off-topic banter

cayce:

“There is a possibility a ran a dom0 update in the background, and just forgot to note it.”

FINALLY, the most plausible “event” in this entire thread …

This statement ought read:

“There is a likelyhood a(sic) ran a dom0 update in the background, and just forgot to note it thus, borking my system to an unknown/understood state which confuses me and, I don’t know how to repair it.”

There’s so much to unpack with the type of paranoid bull this thread represents …

A) OP is more than likely NOT so important that an APT would waste a valuable 0/n-day

B) OP is essentially clueless about networking and, network computing concepts in general

C) OP would like others to care more about their privacy than they do themselves

D) OP is SO scur’d they would prefer to imagine they live in a world where someone/some group is “out to get them” before recognizing simple technical ineptitude

From my perspective, privacy is a “voice” ( <insert_irony> ) of freedom and, fear != freedom. In this light, when one allows the media/governments/hollywood or any other hallucination to convince themself they’re being attacked, prompting them to possibly “destroy” a perfectly fine commodity, it’s “game over”

If you’re not joking, then you’re severely naive at how things run outside your little cloister.
Tell this nonsense to 2 of my colleagues who are dead. Tell it to my other colleague who was wrongfully committed to an insane asylum, and kept pumped up with drugs to keep him silent.

And for someone you might even be able to relate to, tell that to Assange.

Like most good obedient slaves, you’re severely ignorant to how the world runs. Try traveling a bit. Try stepping outside those lines painted for you by the good old USSA. Try working on anything beneficial to humanity, that directly confronts the cartels that run this prison planet.

If you have something useful to offer the problem at hand, I’m all ears, and I do appreciate it. If you have another string of derogatory comments, well… in the words of a mentor of mine, “you can go $%^& ______”.

Re: Security and privacy.
No, I hate this shit. I hate having to dedicate so much hashing power for this shit, that in the end does not create anything of value. It only prevents the destruction of value.
I would love to leave this shit up to other people, and instead focus on creation. But in this dystopian world you seem to be completely naive to, we don’t have that luxury.

Re: network
This was the string. All qubes connect to the firewall via sys-net first:
sys-net → sys-firewall → sys-vpn1 → sys-vpn1 → sys-whonix

And for that particular application it gave the other side the perception exactly what I was looking for. And if it hadn’t we wouldn’t be talking now.

Re: dom0 update. I cannot rule it out. But whenever I update I’m fastidious about noting it down, rebooting, and checking the hashes when the updates are done. It was a long computing session thru the night. I can’t rule out that I just missed something in a tired state. That’s the only vector I can imagine unless there was some zero-day that could break the vm sandbox.

Re: A bad update:
No, qubes were taken down in a coordinated attack. Likely Flatpak was the security hole.

Re: Security hold: Security hole (but you knew that).

Cheers

Emily · March 8, 2023, 5:59pm

You guess wrong.

It was assumed all qubes connect with sys-net as a starting point and then go thru the firewall. Who wouldn’t? That would have been redundancy to restate that.

comments about style of discourse

And I appreciate where you have something useful to offer. If you’re going to be derogatory, well, the Law of Correspondence is pretty universal. With that lead in… you’re not that special. There’s plenty of others more technically competent than you who are happy to help, free of the attitude.

But thanks for your help when you were actually being helpful.

SteveC · March 8, 2023, 6:19pm

Since you specified sys-net originally, but didn’t specify sys-firewall (comment 14), I can’t fault cayce for assuming you’d left sys-firewall out. Far from default-assuming both were there, you specified one and not the other.

comment about style of discourse

But I do agree his attitude later on has been abysmal.

cayce · March 8, 2023, 6:41pm

off-topic banter

I thought it’s been made abundantly clear by now that I’m NOT posting on this forum to make “friends” nor bother much with social nicieties. Rather, to share any insight I may have gained from decades of experience in an effort to try and be helpful to others. Take it or leave it …

As OP is busy feighning about being in a “life or death” situation, spewing about “how the world runs” because they feel as though their position as some social-justice warrior somehow makes them a superior individual with respect to other’s, attitude ought be low on the list of “demands”. If my “attitude” is too much to bear, wonder what the reaction would be should an actual threat present it’s self (as the OP is SO scur’d of).

cayce · March 8, 2023, 6:50pm

off-topic banter

GREAT, I being wrong, really aids the learning process. Highly recommended, you really ought try it sometime!

So, call HQ right NOW and have them send the forensics team to your location or, at least ask them what the documentation of your org’s incident response plan dictate your “next steps” will be.

Ass-umptions are always key ingredients to sound DFIR processes!

I dunno, maybe a user who stated otherwise?

Not so much if something in direct contradiction to “that” which had previously been stated.

SteveC · March 8, 2023, 7:12pm

side discussion about doubting the OP

Talk about assuming…you’re assuming OP’s description of her own situation is false.

On the basis of what?

cayce · March 8, 2023, 7:22pm

Answer to @SteveC

I don’t doubt that the OP is scur’d but, for starters:

Being too lazy too take the steps necessary to ensure the “safety” of their endangered life?

Or, maybe to take a step back:

Being too lazy to provide accurate information to those they’re asking for help during a time of crisis resulting in squandered time/effort? This always goes over well and is appreciated during disaster recover/incident response “drills”.

Or, maybe:

Spending too many years in the SOC having to explain to management how a paranoid just just burned up two weeks of external consulting resource budget and as a result, now the team can no longer attend the con/training?

Or maybe, maybe:

It’s the trail of confusion left in the litter of their posts?

But, probably:

Because I’ve never met an operator who “brags” about the EOW of their team members for the sake of personal sympathy/attention. Full f*cking .

renehoj · March 8, 2023, 8:22pm

It’s not impossible, but if you follow recommendations and don’t install software in dom0 it becomes very difficult to use an update attack against dom0.

I don’t think it’s easy to backdoor a package in eg. the Debian repo, but maybe for a state sponsored actor could do it if they picked something rarely used, but trying to backdoor the Linux kernel or Xen is on a completely different level, it wouldn’t go unnoticed.

Sven · March 9, 2023, 1:07am

Moderation note

I tried to restore the readability of this thread by liberal use of the “details” tag.

We encourage to read about staying safe, our discussion guidelines, and our code of conduct to help keep things positive and on-track. We welcome newcomers and returning users wanting to discuss Qubes and seeking to contribute.

Everything that is not a direct answer to the question posed in this thread belongs into Forum Feedback.

Sven · March 11, 2023, 5:39am

A post was merged into an existing topic: Level of discourse

Sven · March 11, 2023, 7:15pm

2 posts were merged into an existing topic: Level of discourse