Likely KDE exploit on 4.1 - BSD

This is a discussion on Likely KDE exploit on 4.1 - BSD ; I now consider it extremely likely that there is a new KDE exploit which can be exploited on release 4.1. After having trouble with the mouse cursor having a mind of its own on my system upgraded to 4.1, I ...

+ Reply to Thread
Results 1 to 12 of 12

Thread: Likely KDE exploit on 4.1

  1. Likely KDE exploit on 4.1

    I now consider it extremely likely that there is a new KDE exploit
    which can be exploited on release 4.1. After having trouble with
    the mouse cursor having a mind of its own on my system upgraded to
    4.1, I reinstalled all of 4.1 + packages from scratch. I then created
    a test user and started kde from that user. The cursor immediately
    and repeatably started moving counter to my own motion and away
    from a button I wanted to click on. Other evidence suggests to me
    that an intruder has a control over my desktop, possibly via a
    duplicate display. This problem with the mouse makes the entire
    X/kde graphics interface unusable for me. Fortunately I can do
    almost everything I need to in console mode, although operating
    without konqueror is painful.

    Dave Feustel

    --
    Kurt Godel - The GOD of indecisiveness

  2. Re: Likely KDE exploit on 4.1

    dave wrote:
    > I now consider it extremely likely that there is a new KDE exploit
    > which can be exploited on release 4.1. After having trouble with
    > the mouse cursor having a mind of its own on my system upgraded to
    > 4.1, I reinstalled all of 4.1 + packages from scratch. I then created
    > a test user and started kde from that user. The cursor immediately
    > and repeatably started moving counter to my own motion and away
    > from a button I wanted to click on. Other evidence suggests to me
    > that an intruder has a control over my desktop, possibly via a
    > duplicate display. This problem with the mouse makes the entire
    > X/kde graphics interface unusable for me. Fortunately I can do
    > almost everything I need to in console mode, although operating
    > without konqueror is painful.
    >

    Can you actually see traffic coming in that represents remote display
    connections? Can you trust all your internal users? That is, if this
    is a lab, do you know if someone local is doing something. If someone
    was coming over the wire (or wireless) you should be able to see the
    traffic. An easy test is to pull the network connection, or down the
    net devices and see if the problem persists.

    Otherwise, this sounds like X having trouble understanding your mouse.
    Sometimes X/Y motion is seen backwards when the device was setup funny.
    At least this is what I used to see on Linux when I used X.
    --
    clvrmnky

    Direct replies will be blacklisted. Replace "spamtrap" with my name to
    contact me directly.

  3. Re: Likely KDE exploit on 4.1

    Clever Monkey wrote:
    > dave wrote:
    >> I now consider it extremely likely that there is a new KDE exploit
    >> which can be exploited on release 4.1. After having trouble with
    >> the mouse cursor having a mind of its own on my system upgraded to
    >> 4.1, I reinstalled all of 4.1 + packages from scratch. I then created
    >> a test user and started kde from that user. The cursor immediately
    >> and repeatably started moving counter to my own motion and away
    >> from a button I wanted to click on. Other evidence suggests to me
    >> that an intruder has a control over my desktop, possibly via a
    >> duplicate display. This problem with the mouse makes the entire
    >> X/kde graphics interface unusable for me. Fortunately I can do
    >> almost everything I need to in console mode, although operating
    >> without konqueror is painful.
    >>

    > Can you actually see traffic coming in that represents remote display
    > connections? Can you trust all your internal users? That is, if this


    I am the only user of this computer. I have not installed any wireless
    connection. The problems was resolved not by replacing the mouse,
    disconnecting the keyboard, or disconnecting the internet, or reinstalling
    OpenBSD(all of which I tried), but by turning the computer off. Since I turned
    the computer back on 5 minutes later the mouse has been rock solid. That is a
    very big relief to me. I think I need to accelerate my plans to get an
    air conditioner.

    > is a lab, do you know if someone local is doing something. If someone
    > was coming over the wire (or wireless) you should be able to see the
    > traffic. An easy test is to pull the network connection, or down the
    > net devices and see if the problem persists.


    > Otherwise, this sounds like X having trouble understanding your mouse.
    > Sometimes X/Y motion is seen backwards when the device was setup funny.
    > At least this is what I used to see on Linux when I used X.


    That's an interesting observation. what does 'funny' mean in this context.

    Thanks,
    Dave

    --
    Kurt Godel - The GOD of indecisiveness

  4. Re: Likely KDE exploit on 4.1

    dave wrote:
    > Clever Monkey wrote:
    >> dave wrote:
    >>> I now consider it extremely likely that there is a new KDE exploit
    >>> which can be exploited on release 4.1. After having trouble with
    >>> the mouse cursor having a mind of its own on my system upgraded to
    >>> 4.1, I reinstalled all of 4.1 + packages from scratch. I then created
    >>> a test user and started kde from that user. The cursor immediately
    >>> and repeatably started moving counter to my own motion and away
    >>> from a button I wanted to click on. Other evidence suggests to me
    >>> that an intruder has a control over my desktop, possibly via a
    >>> duplicate display. This problem with the mouse makes the entire
    >>> X/kde graphics interface unusable for me. Fortunately I can do
    >>> almost everything I need to in console mode, although operating
    >>> without konqueror is painful.
    >>>

    >> Can you actually see traffic coming in that represents remote display
    >> connections? Can you trust all your internal users? That is, if this

    >
    > I am the only user of this computer. I have not installed any wireless
    > connection. The problems was resolved not by replacing the mouse,
    > disconnecting the keyboard, or disconnecting the internet, or reinstalling
    > OpenBSD(all of which I tried), but by turning the computer off. Since I turned
    > the computer back on 5 minutes later the mouse has been rock solid. That is a
    > very big relief to me. I think I need to accelerate my plans to get an
    > air conditioner.
    >

    So, something is flaky in X, the mouse, the hardware or the OS that
    manifests as occasional weirdness. This seemed the likelier explanation.

    >> is a lab, do you know if someone local is doing something. If someone
    >> was coming over the wire (or wireless) you should be able to see the
    >> traffic. An easy test is to pull the network connection, or down the
    >> net devices and see if the problem persists.

    >
    >> Otherwise, this sounds like X having trouble understanding your mouse.
    >> Sometimes X/Y motion is seen backwards when the device was setup funny.
    >> At least this is what I used to see on Linux when I used X.

    >
    > That's an interesting observation. what does 'funny' mean in this context.
    >

    X can be a pain to setup. Sometimes big differences can be seen in
    subtle changes to the config files. It used to be pretty typical for
    the occasional install (of X; I have no experience with X on a recent
    release of OBSD) to behave exactly as you describe here.
    --
    clvrmnky

    Direct replies will be blacklisted. Replace "spamtrap" with my name to
    contact me directly.

  5. Re: Likely KDE exploit on 4.1

    Clever Monkey wrote:

    > So, something is flaky in X, the mouse, the hardware or the OS that
    > manifests as occasional weirdness. This seemed the likelier explanation.


    Actually, it seems to have been something in the serial interface for the mouse
    port that got messed up and was only cleared by turning off the power for
    a few minutes. It occurred to me that this behavior could be produced by an
    exploit implemented in SMM.

    --
    Everyone thinks that Lincoln freed the slaves. What actually happened was that
    Congress created a new class of slaves known as U.S. citizens and then declared
    the slaves to be U.S. citizens. Natural-born citizens of the USA have to
    voluntarily elect the status of U.S. citizen and, in so doing, give up the
    Constitutional rights with which they are born.

  6. Re: Likely KDE exploit on 4.1

    dave wrote:
    > Clever Monkey wrote:
    >
    >> So, something is flaky in X, the mouse, the hardware or the OS that
    >> manifests as occasional weirdness. This seemed the likelier explanation.

    >
    > Actually, it seems to have been something in the serial interface for the mouse
    > port that got messed up and was only cleared by turning off the power for
    > a few minutes. It occurred to me that this behavior could be produced by an
    > exploit implemented in SMM.
    >

    Sure, though I don't know what "SMM" is. I suggest ruling out the
    common, benign reasons for observed behaviour, first, before moving onto
    the more difficult and less common causes.

    There are a whole class of X interface issues that stem directly from
    good, old-fashioned flakiness, and many of them look like "my pointer is
    misbehaving in an odd way." Thus, has it been since the mists of time
    when giants walked the earth.

    Jumping right to an unlikely /and/ unfounded conclusion is not working
    from the known to the unknown in a logical manner. Just because it is
    within the slimmest realm of possibilities that some nefarious hacker
    could have come up with a clever attack just to remotely move your mouse
    pointer around in an annoying way does not mean that this is necessarily
    the case. It is also an assumption that is easily tested.

    I suggest this only because posting to this newsgroup about some exploit
    without providing either a logical case (that cannot be explained by
    some other, more benign cause) or obvious steps proving the obvious has
    been ruled out will only get you killfiled and/or ignored.

    So, unless you just want to waste your own time, practise a little due
    diligence and hold off on posting until you think you have a real case.
    --
    clvrmnky

    Direct replies will be blacklisted. Replace "spamtrap" with my name to
    contact me directly.

  7. Re: Likely KDE exploit on 4.1

    SMM stands for System Maintenance Monitor. SMM is hardware/software that
    runs invisibly on most, if not all x86 architectures. SMM code controls
    the fans and some other hardware. All sorts of interesting things can
    be done in SMM mode.

    Clever Monkey wrote:
    > dave wrote:
    >> Clever Monkey wrote:
    >>
    >>> So, something is flaky in X, the mouse, the hardware or the OS that
    >>> manifests as occasional weirdness. This seemed the likelier explanation.

    >>
    >> Actually, it seems to have been something in the serial interface for the mouse
    >> port that got messed up and was only cleared by turning off the power for
    >> a few minutes. It occurred to me that this behavior could be produced by an
    >> exploit implemented in SMM.
    >>

    > Sure, though I don't know what "SMM" is. I suggest ruling out the
    > common, benign reasons for observed behaviour, first, before moving onto
    > the more difficult and less common causes.
    >
    > There are a whole class of X interface issues that stem directly from
    > good, old-fashioned flakiness, and many of them look like "my pointer is
    > misbehaving in an odd way." Thus, has it been since the mists of time
    > when giants walked the earth.
    >
    > Jumping right to an unlikely /and/ unfounded conclusion is not working
    > from the known to the unknown in a logical manner. Just because it is
    > within the slimmest realm of possibilities that some nefarious hacker
    > could have come up with a clever attack just to remotely move your mouse
    > pointer around in an annoying way does not mean that this is necessarily
    > the case. It is also an assumption that is easily tested.
    >
    > I suggest this only because posting to this newsgroup about some exploit
    > without providing either a logical case (that cannot be explained by
    > some other, more benign cause) or obvious steps proving the obvious has
    > been ruled out will only get you killfiled and/or ignored.
    >
    > So, unless you just want to waste your own time, practise a little due
    > diligence and hold off on posting until you think you have a real case.


    --
    Everyone thinks that Lincoln freed the slaves.
    What actually happened was that Congress created
    a new class of slaves known as U.S. citizens and
    then declared the slaves to be U.S. citizens.

  8. Re: Likely KDE exploit on 4.1

    dave wrote:
    > Clever Monkey wrote:
    >> dave wrote:
    >>> Clever Monkey wrote:
    >>>
    >>>> So, something is flaky in X, the mouse, the hardware or the OS that
    >>>> manifests as occasional weirdness. This seemed the likelier explanation.
    >>> Actually, it seems to have been something in the serial interface for the mouse
    >>> port that got messed up and was only cleared by turning off the power for
    >>> a few minutes. It occurred to me that this behavior could be produced by an
    >>> exploit implemented in SMM.
    >>>

    >> Sure, though I don't know what "SMM" is. I suggest ruling out the
    >> common, benign reasons for observed behaviour, first, before moving onto
    >> the more difficult and less common causes.
    >>

    > SMM stands for System Maintenance Monitor. SMM is hardware/software that
    > runs invisibly on most, if not all x86 architectures. SMM code controls
    > the fans and some other hardware. All sorts of interesting things can
    > be done in SMM mode.
    >

    [Please don't top-post. I've corrected that here.]

    I'm sure this SMM stuff was created with no security in mind and is
    completely exploitable. This does not change the fact that it is
    unlikely that any such exploit just happened to affect you. Humans are
    very, very bad at risk assessment, and we tend to over-emphasize certain
    types of risk.

    I still stress that one should consider the facts first (which requires
    collecting them in a reasonable manner) before enumerating all the
    possible causes and ranking them starting at the least likely and most
    newsworthy. This is a skill worth learning.

    It makes no sense jumping to unfounded conclusions in the security
    world, since it adds to the noise and actually lessens security. By
    focusing on the possibility of an exploit rather than the reality, we
    actually lessen overall system security by making it harder to determine
    where the real risks lie.
    --
    clvrmnky

    Direct replies will be blacklisted. Replace "spamtrap" with my name to
    contact me directly.

  9. Re: Likely KDE exploit on 4.1

    Clever Monkey wrote:
    > dave wrote:
    >> Clever Monkey wrote:
    >>> dave wrote:
    >>>> Clever Monkey wrote:
    >>>>
    >>>>> So, something is flaky in X, the mouse, the hardware or the OS that
    >>>>> manifests as occasional weirdness. This seemed the likelier explanation.
    >>>> Actually, it seems to have been something in the serial interface for the mouse
    >>>> port that got messed up and was only cleared by turning off the power for
    >>>> a few minutes. It occurred to me that this behavior could be produced by an
    >>>> exploit implemented in SMM.
    >>>>
    >>> Sure, though I don't know what "SMM" is. I suggest ruling out the
    >>> common, benign reasons for observed behaviour, first, before moving onto
    >>> the more difficult and less common causes.
    >>>

    >> SMM stands for System Maintenance Monitor. SMM is hardware/software that
    >> runs invisibly on most, if not all x86 architectures. SMM code controls
    >> the fans and some other hardware. All sorts of interesting things can
    >> be done in SMM mode.
    >>

    > [Please don't top-post. I've corrected that here.]
    >
    > I'm sure this SMM stuff was created with no security in mind and is
    > completely exploitable.


    You are sure, but wrong about SMM being created with no security in mind.
    See the SMM documentation in the Intel and AMD docs. Also see the paper
    "Using CPU System Management Mode to Circumvent Operating System Security
    Functions" by Loic Duflot.

    I suspect that you are correct that SMM is exploitable.

    > This does not change the fact that it is
    > unlikely that any such exploit just happened to affect you. Humans are
    > very, very bad at risk assessment, and we tend to over-emphasize certain
    > types of risk.


    Now that is an assertion worth backing up with proof.

    > I still stress that one should consider the facts first (which requires
    > collecting them in a reasonable manner) before enumerating all the
    > possible causes and ranking them starting at the least likely and most
    > newsworthy. This is a skill worth learning.
    >
    > It makes no sense jumping to unfounded conclusions in the security
    > world, since it adds to the noise and actually lessens security. By
    > focusing on the possibility of an exploit rather than the reality, we
    > actually lessen overall system security by making it harder to determine
    > where the real risks lie.


    --
    Everyone thinks that Lincoln freed the slaves.
    What actually happened was that Congress created
    a new class of slaves known as U.S. citizens and
    then declared the slaves to be U.S. citizens.

  10. Re: Likely KDE exploit on 4.1

    dave wrote:
    > Clever Monkey wrote:
    >> dave wrote:
    >>> Clever Monkey wrote:
    >>>> dave wrote:
    >>>>> Clever Monkey wrote:
    >>>>>
    >>>>>> So, something is flaky in X, the mouse, the hardware or the OS that
    >>>>>> manifests as occasional weirdness. This seemed the likelier explanation.
    >>>>> Actually, it seems to have been something in the serial interface for the mouse
    >>>>> port that got messed up and was only cleared by turning off the power for
    >>>>> a few minutes. It occurred to me that this behavior could be produced by an
    >>>>> exploit implemented in SMM.
    >>>>>
    >>>> Sure, though I don't know what "SMM" is. I suggest ruling out the
    >>>> common, benign reasons for observed behaviour, first, before moving onto
    >>>> the more difficult and less common causes.
    >>>>
    >>> SMM stands for System Maintenance Monitor. SMM is hardware/software that
    >>> runs invisibly on most, if not all x86 architectures. SMM code controls
    >>> the fans and some other hardware. All sorts of interesting things can
    >>> be done in SMM mode.
    >>>

    >> [Please don't top-post. I've corrected that here.]
    >>
    >> I'm sure this SMM stuff was created with no security in mind and is
    >> completely exploitable.

    >
    > You are sure, but wrong about SMM being created with no security in mind.
    > See the SMM documentation in the Intel and AMD docs. Also see the paper
    > "Using CPU System Management Mode to Circumvent Operating System Security
    > Functions" by Loic Duflot.
    >
    > I suspect that you are correct that SMM is exploitable.
    >
    >> This does not change the fact that it is
    >> unlikely that any such exploit just happened to affect you. Humans are
    >> very, very bad at risk assessment, and we tend to over-emphasize certain
    >> types of risk.

    >
    > Now that is an assertion worth backing up with proof.
    >

    This is pretty much an accepted fact. See Schneier, et al. There are
    many, many studies suggesting this very thing. There is lots of good
    stuff out there on this very subject.
    --
    clvrmnky

    Direct replies will be blacklisted. Replace "spamtrap" with my name to
    contact me directly.

  11. Re: Likely KDE exploit on 4.1

    Clever Monkey wrote:
    > dave wrote:
    >> Clever Monkey wrote:
    >>> dave wrote:
    >>>> Clever Monkey wrote:
    >>>>> dave wrote:
    >>>>>> Clever Monkey wrote:
    >>>>>>
    >>>>>>> So, something is flaky in X, the mouse, the hardware or the OS that
    >>>>>>> manifests as occasional weirdness. This seemed the likelier explanation.
    >>>>>> Actually, it seems to have been something in the serial interface for the mouse
    >>>>>> port that got messed up and was only cleared by turning off the power for
    >>>>>> a few minutes. It occurred to me that this behavior could be produced by an
    >>>>>> exploit implemented in SMM.
    >>>>>>
    >>>>> Sure, though I don't know what "SMM" is. I suggest ruling out the
    >>>>> common, benign reasons for observed behaviour, first, before moving onto
    >>>>> the more difficult and less common causes.
    >>>>>
    >>>> SMM stands for System Maintenance Monitor. SMM is hardware/software that
    >>>> runs invisibly on most, if not all x86 architectures. SMM code controls
    >>>> the fans and some other hardware. All sorts of interesting things can
    >>>> be done in SMM mode.
    >>>>
    >>> [Please don't top-post. I've corrected that here.]
    >>>
    >>> I'm sure this SMM stuff was created with no security in mind and is
    >>> completely exploitable.

    >>
    >> You are sure, but wrong about SMM being created with no security in mind.
    >> See the SMM documentation in the Intel and AMD docs. Also see the paper
    >> "Using CPU System Management Mode to Circumvent Operating System Security
    >> Functions" by Loic Duflot.
    >>
    >> I suspect that you are correct that SMM is exploitable.
    >>
    >>> This does not change the fact that it is
    >>> unlikely that any such exploit just happened to affect you. Humans are
    >>> very, very bad at risk assessment, and we tend to over-emphasize certain
    >>> types of risk.

    >>
    >> Now that is an assertion worth backing up with proof.
    >>

    > This is pretty much an accepted fact. See Schneier, et al. There are


    It is also an accepted 'fact' that U.S. citizens have Constitutional rights.
    That is provably false, no matter how many people believe it.

    > There are
    > many, many studies suggesting this very thing. There is lots of good
    > stuff out there on this very subject.


    So you ought to be able to cite at least one study supporting your assertion.

    --
    Everyone thinks that Lincoln freed the slaves.
    What actually happened was that Congress created
    a new class of slaves known as U.S. citizens and
    then declared the slaves to be U.S. citizens.

  12. Re: Likely KDE exploit on 4.1

    dave wrote:
    > Clever Monkey wrote:
    >> dave wrote:
    >>> Clever Monkey wrote:
    >>>> dave wrote:
    >>>>> Clever Monkey wrote:
    >>>>>> dave wrote:
    >>>>>>> Clever Monkey wrote:
    >>>>>>>
    >>>>>>>> So, something is flaky in X, the mouse, the hardware or the OS that
    >>>>>>>> manifests as occasional weirdness. This seemed the likelier explanation.
    >>>>>>> Actually, it seems to have been something in the serial interface for the mouse
    >>>>>>> port that got messed up and was only cleared by turning off the power for
    >>>>>>> a few minutes. It occurred to me that this behavior could be produced by an
    >>>>>>> exploit implemented in SMM.
    >>>>>>>
    >>>>>> Sure, though I don't know what "SMM" is. I suggest ruling out the
    >>>>>> common, benign reasons for observed behaviour, first, before moving onto
    >>>>>> the more difficult and less common causes.
    >>>>>>
    >>>>> SMM stands for System Maintenance Monitor. SMM is hardware/software that
    >>>>> runs invisibly on most, if not all x86 architectures. SMM code controls
    >>>>> the fans and some other hardware. All sorts of interesting things can
    >>>>> be done in SMM mode.
    >>>>>
    >>>> [Please don't top-post. I've corrected that here.]
    >>>>
    >>>> I'm sure this SMM stuff was created with no security in mind and is
    >>>> completely exploitable.
    >>> You are sure, but wrong about SMM being created with no security in mind.
    >>> See the SMM documentation in the Intel and AMD docs. Also see the paper
    >>> "Using CPU System Management Mode to Circumvent Operating System Security
    >>> Functions" by Loic Duflot.
    >>>
    >>> I suspect that you are correct that SMM is exploitable.
    >>>
    >>>> This does not change the fact that it is
    >>>> unlikely that any such exploit just happened to affect you. Humans are
    >>>> very, very bad at risk assessment, and we tend to over-emphasize certain
    >>>> types of risk.
    >>> Now that is an assertion worth backing up with proof.
    >>>

    >> This is pretty much an accepted fact. See Schneier, et al. There are

    >
    > It is also an accepted 'fact' that U.S. citizens have Constitutional rights.
    > That is provably false, no matter how many people believe it.
    >

    Seems a little off-topic but, as always, there is design and there is
    practise. Certainly there is a fair amount of dialogue around
    Constitutional Rights, and the expression or curtailment of same. The
    supreme courts of most constitutional democracies are always busy
    interpreting legislation. A constitution is just a framework, and the
    implementation or expression of those "rights" are balanced with other
    criteria.

    Since we are on the subject of US constitutional law, the executive
    branch is certainly happy to curtail constitutional rights to appeal to
    security theatre hysteria, but it isn't like this has not happened in
    the US before. John Adams, Wilson and FDR can all be criticized for the
    same sorts of constitutional jiggery-pokery, and all with the best of
    all misguided reasons.

    It is American citizens who have responded in the past to rescind
    unconstitutional amendments, and it will be American citizens who will
    /eventually/ have to fix this latest executive branch gaffe.

    Attempting to prove a negative is not exactly the best way to practise
    empiricism.

    >> There are
    >> many, many studies suggesting this very thing. There is lots of good
    >> stuff out there on this very subject.

    >
    > So you ought to be able to cite at least one study supporting your assertion.
    >

    In an informal setting like this, I expect you to be able to STFG. I
    gave you an excellent starting place, but this is a /very/ well studied
    area of human perception. If you have made up your mind to disagree,
    then it is unlikely that any link I provide will ever satisfy you.

    There is all kinds of evidence that people overestimate the dangers
    associated with plane-crashes, school shootings, shark and terrorist
    attacks, while minimizing the dangers from risks they are statistically
    more likely to run into:

    - car crashes
    - dog attacks
    - accidents in the home and at work
    - etc.

    On the whole, we tend to overestimate the dangers associated with highly
    visible or newsworthy events (by definition, something is newsworthy if
    it is more unusual than everyday occurrences; cars kill more people
    every day than some disease do in a year, and yet you rarely hear about
    fatal car crashes except as a traffic report, or if the crash involves
    someone famous, or the time or setting is novel [e.g., a family around
    Christmas time]) and have a hard time ranking and assessing risk in a
    dispassionate manner.

    The same sorts of trends affect decisions, attitudes and understandings
    of computer security. The fact is that a clever exploit is rarely
    leveraged to any serious degree, but is often perceived as more common
    or important than the truly common sorts of attacks that we should be
    more concerned with. "Phishing" and identity theft for the purposes of
    fraud are, by far, more common dangers in this age than some platform-
    or system-specific potential exploit.

    I invite you to do your own research, as this is a fascinating area of
    human psychology.
    --
    clvrmnky

    Direct replies will be blacklisted. Replace "spamtrap" with my name to
    contact me directly.

+ Reply to Thread