When X11 came to my attention, in the 1980's, it was called X11. "What," I wondered back then, "could that mean?"
Back then, we would get to know new software long before version 11, so it seemed an odd name. Back then.
It's been X11 for millennia. I discovered Exfiltrator (or Exfiltration, 'ex'+10) about a year ago. LOL.
I actually did not know about the vulnerability. Thanks, Matthew.
And yes, I was voicing the untested theory of precisely what you articulated, Luke.
I live in post-2016 USA and have essentially given up hope of any sort of computer security.
The mantra I developed, as my coworkers insisted on using (for instance) the React JS package
that had "Exfil" as a dependency, was:
"When in Rome."
On Fri, Mar 29, 2024 at 4:44 PM <chohag@jtan.com> wrote:
Luke A. Call writes:
>
> On 2024-03-29 09:01:07-0400, James Huddle <james.r.huddle@gmail.com> wrote:
> > Exfiltrator. There's an 11-letter word that starts with "ex". X11.
>
> After a quick web search, I'm not sure I follow. Is that a reference to
> a program that exfiltrates data after a computer is compromised? Can you
> elaborate a little? I realize this is an ignorant question.
In short, there is a well known shortcoming or feature depending
on who you ask inherent in the X protocol's design where any
application which uses the X server (ie. can access the tcp port
or unix socket and has the correct xauth key, which is to say all
of them) can request (and get) the ability to read all of the X
events, which includes every key press and mouse movement in every
application.
Exfiltrator is 11 letters and we are at X protocol version 11.
There are common mitigations against this problem, such as not
giving strangers the ability to run unknown programs on your console.
Matthew
No comments:
Post a Comment