I want this video on my GU1100 phone.

Thanks for making Linux more secure and me a bit smarter. Good talk.

This is cool

Interesting talk... I am curious, though, when I was last using Debian, killing the screensaver caused the entire session to get killed, giving you a nice new login prompt, on a fresh X server. Doesn't that happen any more in modern installs?

Hi :-) Many linux users don't run the user level tools (nautilus..) in the exploit, completely removing this vector. The older xlock program would wipe the access list, and so when killed would leave the X11 server unusable (obviously the modern screensavers need to be updated to the same destroy-access mentality). The TCP port mentioned in the demo in disabled by default in Xorg (the X11 server). And lastly, remember these exploits only grant user access, not root (although closer to root)

@siodhe This could lead to pretty easy root access just by replacing the screensaver with a fake login window then stealing the users password; perhaps it would be a better idea to have the screen saver ran as root so the user can only invoke it, not dismiss it.

@tomdwright The problem with that plan with regards to xlock, namely killing the xlock and then putting up a fake one with a fake login window (if I'm interpreting your correctly) is as I said: The access list has been wiped from the X server - *nothing* could access it at that point, the X server had to be killed to continue, logging out the user's session in the process. And TheMegentus mentioned that killing the screensaver would kill off the session directly, an even more direct approach.

The key word in this is "If" And sequences of more then ten ifs. Three ifs can cause a plane crash ... It is simply ridiculous.

@TheDanLascu you suck, three ifs can cause your mom to smd

@mrjohnnybond

Your comment is very intelligent and documented. I happened to your mother?

@TheDanLascu happy you liek it. I read three books just to write that up.

also, when talking about technology, complexity and vulnerabilities your are sure to get many ifs, so don't be surprised, it doesn't mean all the ifs aren't satisfied on a *lot of systems*

John Larimer's not wearing any pants! (You can't tell because the podium's in the way.)

@Lustmord19 Actually, I am lying. :-( Give me thumbs up for honesty.

Does not compute (I have a girlfriend)

zZzZzzZZz Wow man... Too much slides...

blah blah blah...Sure if your Linux/Ubuntu system is not patched then sure you would be in trouble otherwise nothing to see here move on folks. Linux/Ubuntu is still way more secure than any windows version by default. So lets simmer down windows fanboys. Also Ubuntu is secure with app armor, hence is one of the main things Ubuntu emphasizes on in their advertisement of Ubuntu. Also if and when this suppose attack would happen it wont affect the actual system at the root level.

@reya10276

yeah, that's it! your're right mate ;-)

blah blah blah...Sure if your Linux/Ubuntu system is not patched then sure you would be in trouble otherwise nothing to see here move on folks. Linux/Ubuntu is still way more secure than any windows version by default. So lets simmer down windows fanboys. Also Ubuntu is secure with app armor, hence is one of the main things Ubuntu emphasizes on in their advertisement of Ubuntu.

blah blah blah...Sure if your Linux/Ubuntu system is not patched then sure you would be in trouble otherwise nothing to see here move on folks. Linux/Ubuntu is still way more secure than any windows version by default. So lets simmer down windows fanboys.

Interesting research and well presented. Thank you

herp

It does look at the file magic to get MIME types in case the the extension is unknown.

So when is auto-scan with Clam-AV prior to opening for file viewing going to be built into HAL?

This is by far the best SchmooCon talk on USB Autorun attacks I've seen this morning.

@kyuznum1 Indeed, the thumb nailer attacks for the other file types hasn't even been expanded on. AppArmour and AMSR are useless when they aren't even used to defend from corrupt video and image files.

The X11 attacks are particularily frightening.