Security: No system is 100% hacker-proof

[karlchen]

Hello, folks.

Some of you will have read the linked article already. It is the result of this year's Pwn2Own competition:
Pwn2Own 2021 - Schedule and Live Results

As this is the Linux Mint forum and as the main Linux Mint edition is based on Ubuntu, you might like to watch out specifically for the successful privilege escalation attacks executed against Ubuntu, when reading the article.

Best regards,
Karl

[Pjotr]

as the main Linux Mint edition is based on Ubuntu, you might like to watch out specifically for the successful privilege escalation attacks executed against Ubuntu, when reading the article.

You mean to say that those attacks will be carried out when reading that article?

[karlchen]

Pjotr, you know pretty well that reading the article will not trigger any attacks on our machines. Karl

[rene]

But the attacks will still happen simultaneously with us reading the article?! Waaah! Don't read it!

[DAMIEN1307]

As this is the Linux Mint forum and as the main Linux Mint edition is based on Ubuntu, you might like to watch out specifically for the successful privilege escalation attacks executed against Ubuntu, when reading the article.

At my age now, i realise i could have missed something in the reading of this article, but in order to do these "privilege escalation attacks" as described, don't the "perpertrators" need to have "physical access" to the machines in question to accomplish this feat ???...Just asking...DAMIEN

[rene]

Not necessarily physical but "local escalation of privilege" does mean having access as a regular user already.

[t42]

It is quite insulting:

SUCCESS - Ryota used an OOB access bug to go from a standard user to root on Ubuntu Desktop. He earns $30,000

SUCCESS - The DEVCORE team combined an authentication bypass and a local privilege escalation to complete take over the Exchange server. They earn $200,000

[rene]

I'd say. As if latter would not have much bigger impact than twenty-thirds former...

[t42]

Mentioned in the article Ubuntu OOB (out-of-bounds) access bugs are the kernel vulnerabilities, which allows local attacker to escalate privileges on affected kernels. in case of Ryota Shiga it affects any distribution with non-patched kernels from 4.9 to 4.13. ZDI-20-1440

[karlchen]

Hi, t42.

As I understand, the pre-requisite within the pwn2own competition is that the teams have found and use vulnerabilities, so far unknown.
Provided my understanding is correct, it is unlikely that the way how they escalated their privileges and gained root access on Ubuntu during the competition has already been disclosed before the competition in the linked article.
Or did I just misunderstand and the article was only meant to give an example that such vulnerabilities exist and have already been exploited successfully in the recent past?

Karl

[t42]

... so far unknown

It's all zero-day by definition and not publicly disclosed. So unlucky guy Billy doesn't received any money as the bug was known to the vendor (but not to public) already.

[Portreve]

I have a solution:

Karlchen can type up a post here which recounts in detail every salient point made in the Pwn2Own article. That way, there's no chance that a news-bearing attack vector web site can affect us.

Well, that's so long as he doesn't also decide to unleash the Irish Virus on us and someone here is susceptible to it.

[Hoser Rob]

But the attacks will still happen simultaneously with us reading the article?! Waaah! Don't read it!

Dang! I'm sitting in a cafe right now and forgot my tinfoil hat!

[Hoser Rob]

Here's the answer, the only foolproof way to avoid being hacked. Buy a computer. Take it home. Never ever take it out of the box. Anything else, on any OS, entails some risk.

[RollyShed]

It sounds a bit like the phone call a day ago from India, though they said they were "just up the road". My computer was upsetting the nation wide local phone company, 7000 instances they said. We don't use that provider. Please press the Win key an "r".
This of course does nothing on Linux. They are too stupid to ask what system you are using.

As this didn't do anything I was passed to a supervisor and asked to search for a website providing software for remote computer control. The third Google option down was an article about how someone had got hacked. I should have told him I'd installed it and carried on having my cup of coffee and reading my book.

As it was I only managed to waste 25 minutes of their time.

Somewhere it was reported that the record is an hour and a half keeping them on a call. I've not managed that.... yet.

[gittiest personITW]

It sounds a bit like the phone call a day ago from India, though they said they were "just up the road". My computer was upsetting the nation wide local phone company, 7000 instances they said. We don't use that provider. Please press the Win key an "r".
This of course does nothing on Linux. They are too stupid to ask what system you are using.

As this didn't do anything I was passed to a supervisor and asked to search for a website providing software for remote computer control. The third Google option down was an article about how someone had got hacked. I should have told him I'd installed it and carried on having my cup of coffee and reading my book.

As it was I only managed to waste 25 minutes of their time.

Somewhere it was reported that the record is an hour and a half keeping them on a call. I've not managed that.... yet.

I had a long conversation with a pleasant gentleman who rang me (I suspect from far away).
We chatted about a virus on my window.
A good 20 minutes we spent trying to find it. Then for some reason he just put the phone down.
I hope he finds a virus on someone else's window one day. What a nice chat.

[Moem]

Dang! I'm sitting in a cafe right now and forgot my tinfoil hat!

What an odd reason to dig up an old topic.

[RollyShed]

I had a long conversation with a pleasant gentleman who rang me (I suspect from far away).

I had one recently on my cell phone while riding home on my bicycle. He wanted the email address. I told him to get it off the website (not naming the site). Where was he? Darwin he said. I presume tunnelled through Darwin from India so anyone who blocks calls from outside Australia and New Zealand will still get his calls.

After telling him to look on the website, I next told him the batteries were going flat on the cell phone and hung up.

A while ago, having trouble making out what was being said, I asked for someone who spoke English. They hung up after that request.

NOTE - this is all 100% hacker-proofing a system.

[antikythera]

Embedded Realtek chips in routers and IoT devices are vulnerable to remote attack, they can be patched via firmware updates but you are reliant on the manufacturers getting their backsides in gear to release such updates.

https://www.realtek.com/images/safe-rep ... -27255.pdf