Page MenuHomePhabricator

researchExperimental
ActivePublic

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Aug 13 2020

Patrick updated the task description for T540: Advanced Attacks Meta Ticket.
Aug 13 2020, 10:33 AM · VirtualBox, KVM, Qubes, security, Whonix, research
Patrick closed T542: Keyboard/Mouse Fingerprinting Defense, a subtask of T540: Advanced Attacks Meta Ticket, as Resolved.
Aug 13 2020, 10:32 AM · VirtualBox, KVM, Qubes, security, Whonix, research

Aug 12 2020

HulaHoop closed T530: CPU-induced latency Covert Channel Countermeasures as Invalid.

After running a bunch of tcp ping tests, the conclusion is this attack
is not really effective against TCP like ICMP. The latency is much lower
for TCP pings and though it slightly decreases with cpu stress it is not
consistent. Reloading pages in TBB with cpu stress
on/off does not impact latency readings while doing so with tc
attached has massive latency foot prints - implying it will ironically make such attacks much easier in addition to degrading performance.

Aug 12 2020, 6:30 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
HulaHoop closed T530: CPU-induced latency Covert Channel Countermeasures, a subtask of T540: Advanced Attacks Meta Ticket, as Invalid.
Aug 12 2020, 6:30 PM · VirtualBox, KVM, Qubes, security, Whonix, research

Aug 7 2020

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Cyrus recommends adding delays per packet to disrupt inter-packet patterns that remain. The command can be fine tuned as such:

Aug 7 2020, 6:54 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Aug 1 2020

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

The good news is I think I've figured out the equivalent tc-netem command looking the slot parameter in the manual:

Aug 1 2020, 5:42 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

May 30 2020

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Ticket above closed and convo moved to tails-dev.

May 30 2020, 4:33 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Apr 23 2020

Patrick updated subscribers of T961: fix USB auto mounting bug / document.
Apr 23 2020, 4:59 PM · research, bug, Whonix, Whonix 15

Feb 14 2020

Patrick updated the task description for T547: add user documentation for Remote Administration, Keystroke Fingerprinting, Stylometry.
Feb 14 2020, 12:49 PM · research, user documentation, Whonix
Patrick added a project to T547: add user documentation for Remote Administration, Keystroke Fingerprinting, Stylometry: research.
Feb 14 2020, 12:49 PM · research, user documentation, Whonix
Patrick triaged T961: fix USB auto mounting bug / document as Normal priority.
Feb 14 2020, 7:12 AM · research, bug, Whonix, Whonix 15

Dec 23 2019

Patrick triaged T948: /tmp etc. separation through polyinstantiation by using namespaces.conf as Normal priority.
Dec 23 2019, 2:09 PM · research, Whonix, security-misc

Dec 11 2019

marmarek added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

It looks like bpfilter is in rather early stages, and it's few years until we'll see it in Debian.

Dec 11 2019, 3:35 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research
Patrick renamed T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables from Consider nftables as a replacement for iptables to Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.
Dec 11 2019, 2:11 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research
Patrick added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

Or skip nftables and use Berkeley Packet Filter (BPF)?

Dec 11 2019, 2:10 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research
Patrick updated the task description for T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.
Dec 11 2019, 2:09 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Nov 21 2019

Patrick closed T621: Combatting sclockadj's log spam as Resolved.

Not a problem anymore.

Nov 21 2019, 8:54 PM · Debian version 10 codename Buster, Whonix, research

Nov 6 2019

Patrick closed T444: test if Ricochet IM instructions are functional as Invalid.

https://www.whonix.org/wiki/Chat#Ricochet_IM

Nov 6 2019, 3:33 AM · onion-grater (Control Port Filter Proxy), research, Whonix

Oct 21 2019

Patrick added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

NonaSuomy:

Added requested NFTables example from duclicsic #netfilter freenode.

Oct 21 2019, 7:33 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Oct 17 2019

HulaHoop added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

Starting with Bullseye nftables will be the default:

Oct 17 2019, 7:29 PM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Oct 15 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

https://redmine.tails.boum.org/code/issues/17156

Oct 15 2019, 9:26 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Oct 13 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Analysis by Cyrus cited here for completion:

Oct 13 2019, 4:18 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Oct 6 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.
Oct 6 2019, 10:53 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
Patrick updated subscribers of T530: CPU-induced latency Covert Channel Countermeasures.
Oct 6 2019, 9:50 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Reported build failures:

Oct 6 2019, 9:47 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

When an implementation is decided, let's decide if we can include this in security-misc for use on Linux hosts and Kicksecure. We would need some way in detecting the active NIC since on wireless systems wlan0 is the interface of choice and not eth0

Oct 6 2019, 9:01 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

tc-netem is a utility that is part of the iproute2 package in Debian. It leverages functionality already built into Linux and userspace utilities to simulate networks including packet delays and loss.

Oct 6 2019, 6:04 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Aug 11 2019

Patrick updated the task description for T215: install electrum bitcoin thin client by default?.
Aug 11 2019, 2:13 PM · anon-meta-packages, research, Whonix

Aug 9 2019

Patrick added a comment to T215: install electrum bitcoin thin client by default?.

install electrum appimage by default:
https://github.com/Whonix/anon-meta-packages/commit/71d40f5316ee7eb38eb04142d80d23c56a48407b

Aug 9 2019, 11:50 AM · anon-meta-packages, research, Whonix

Jul 6 2019

Patrick added a comment to T600: Integrating Guix/Nix Package Manager.

Any update?

Jul 6 2019, 12:40 PM · Whonix, packaging, research

Jun 27 2019

Patrick updated the task description for T215: install electrum bitcoin thin client by default?.
Jun 27 2019, 12:59 PM · anon-meta-packages, research, Whonix
Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Will keep watching what Tails is doing.

Jun 27 2019, 10:33 AM · Whonix 16, research, Whonix
Patrick edited projects for T582: revisit handling of /var/lib/dbus/machine-id, added: Whonix 16; removed Whonix 15.
Jun 27 2019, 10:33 AM · Whonix 16, research, Whonix

May 12 2019

Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Maybe there is no need. It's just when Tails has a ticket, we should
check it at Whonix too. Thank you for looking into this, too!

May 12 2019, 5:36 PM · Whonix 16, research, Whonix
madaidan added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

The way it is now looks fine. Why would it need to be changed?

May 12 2019, 2:36 PM · Whonix 16, research, Whonix
Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

madaidan (madaidan):

madaidan added a comment.

> https://lists.ubuntu.com/archives/apparmor/2016-February/009371.html says it is used for various things so it might break some things.

Wouldn't using a fake machine-id e.g. a bunch of zeroes fix this?
May 12 2019, 3:21 AM · Whonix 16, research, Whonix

May 11 2019

madaidan added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

https://lists.ubuntu.com/archives/apparmor/2016-February/009371.html says it is used for various things so it might break some things.

May 11 2019, 7:27 PM · Whonix 16, research, Whonix
Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Would it cause any issues if the machine-id was just deleted or replaced with a bunch of 0s?

May 11 2019, 9:57 AM · Whonix 16, research, Whonix

May 10 2019

madaidan added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Would it cause any issues if the machine-id was just deleted or replaced with a bunch of 0s?

May 10 2019, 7:27 PM · Whonix 16, research, Whonix

Apr 6 2019

Patrick closed T801: use libresolv-wrapper rather than functional Whonix-Gateway system DNS resolver? as Invalid.

Unfortunately, not possible.

Apr 6 2019, 8:32 PM · Whonix, Whonix 16, research, anon-gw-dns-conf

Feb 2 2019

HulaHoop closed T567: research: Single Tor-Gateway with Multiple Workstations vs Multiple Tor-Gateways mapped 1:1 to Workstation VMs as Resolved.

The concept was documented for operational use. Auto Guard de-duplication considered too complex to deploy and manual checking is enough.

Feb 2 2019, 3:47 AM · research, Whonix, user documentation

Jan 16 2019

Patrick closed T523: document identity correlation attacks and defenses / Removing Apache Recommendation as Resolved.
Jan 16 2019, 1:20 PM · Whonix 14, Whonix, user documentation, research

Jan 13 2019

HulaHoop added a comment to T523: document identity correlation attacks and defenses / Removing Apache Recommendation.

Done

Jan 13 2019, 1:56 AM · Whonix 14, Whonix, user documentation, research

Jan 6 2019

Patrick added a comment to T523: document identity correlation attacks and defenses / Removing Apache Recommendation.

https://www.whonix.org/wiki/Onion_Services#Step_1:_Install_Server_Software needs update.

Jan 6 2019, 8:24 AM · Whonix 14, Whonix, user documentation, research

Jan 4 2019

HulaHoop added a comment to T523: document identity correlation attacks and defenses / Removing Apache Recommendation.

Done. You can close this ticket once you agree with edits.

Jan 4 2019, 5:58 PM · Whonix 14, Whonix, user documentation, research

Jan 2 2019

Patrick added a comment to T523: document identity correlation attacks and defenses / Removing Apache Recommendation.

Sounds good!

Jan 2 2019, 1:54 PM · Whonix 14, Whonix, user documentation, research

Dec 28 2018

HulaHoop added a comment to T523: document identity correlation attacks and defenses / Removing Apache Recommendation.

From this size comparison on Debian wiki, I think the best and most secure option is the smallest and most minimal one: micro-httpd

Dec 28 2018, 8:31 PM · Whonix 14, Whonix, user documentation, research

Dec 22 2018

Patrick reopened T523: document identity correlation attacks and defenses / Removing Apache Recommendation as "Open".

We still have the warning on https://www.whonix.org/wiki/Onion_Services.

Dec 22 2018, 12:01 PM · Whonix 14, Whonix, user documentation, research

Dec 9 2018

Patrick lowered the priority of T389: make sure Qubes-Whonix has no access to clocksource=xen from High to Normal.
Dec 9 2018, 6:53 AM · mgmt, research, security, Qubes, Whonix

Dec 7 2018

Patrick removed a project from T530: CPU-induced latency Covert Channel Countermeasures: Whonix 15.
Dec 7 2018, 12:06 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix