[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Desktop Environment

Dear Jason Fergus,
Dear Subscribers of the Debian Security List,

I am ready to share some more data about the incident and its circumstances as soon as you would contact me via gpg-mail as described under https://www.elstel.org/Contact.html. Anyone who is interested and reading this mail is welcome! Just email-me gpg-ed including your public key for response describing or giving me reference to who your are / what you are doing in the community (if not exuberantly returned by Google). As any gpg-key may either be lost or get in touch with an infected computer any time I would highly prefer if you were ready to incur the work of generating an own throw-away key for the communication.

Best Regards,
Elmar Stellnberger

On 27.10.2015 17:36, Jason Fergus wrote:
I'm curious about how you were infected by a rootkit, which one it was,
and what you did to discover it?  Using a Sandbox is a great idea for
those two, except of course those are generally the applications with
the most sensitive data as well.  I always try to disable html email,
but people insist on using it...

On Tue, 2015-10-27 at 16:25 +0100, Elmar Stellnberger wrote:
I would believe that it will heavily depend on how you configure your
desktop environment:
* One feature I do always turn off is desktop auto indexing because
otherwise even storing an email attachement just for invoking it with
online view-as-jpeg service could cause an infection. Note that you
have to do this twice (once for Gnome and once for KDE) if you have
installed according programs of both environments.
* select starting a new session on every bootup (the session
can be used as a hook for ephemeral and home directory rootkits)
* under KDE there is a list of background services that always run;
may reduce it to what you really need (invokable via systemsettings)
* likely there are other important configuration options (ask for
your env.)
* get some understanding of what your X-server does (f.i.
http://www.elstel.org/xchroot : problems with a pure chroot, trying
resolve these problems by hand)
* double check the security of the underlying system (netstat -atupn)
* note that your email program and your browser are the two most
vulnerable parts of your desktop environment; consider running them
under qemu in a virtual machine

Once you would comply with all these hints you may likely discover a
rootkit inside the virtual machine for emailing or browsing as I did
lately. The KDE environment of the host system did not appear to have
compromised the security of the whole system so far at me.


On 27.10.2015 12:29, Mateusz Kozłowski wrote:
Could You tell me which debian desktop environment is the most
security and the best privacy and which You recommned for debian
users? (KDE, XFCE, GNOME etc.)?

Reply to: