http://blogs.iss.net/archive/Shmoocon2011.html Very interesting. Some improvements in various AppArmor profiles have already been implemented for Ubuntu - see https://bugs.launchpad.net/ubuntu/ source/apparmor/ bug/698194 BTW: I didn't know this interesting overview site mentioned in above posting.
Thanks for sharing. However I have to say labeling this as "autorun attacks against Linux" is a bit sensationalist. In contrast to older Windows the autorun behaviour in Linux is by design secure and sound: It will never execute code from the external device. This presentation deals with exploiting vulnerabilities through automounting. This is quite different: It only works against unpatched OSs, is costly for the attacker (as he has to work around several mitigations and 0days are especially expensive) and can be defeated for a large part by simply running a 64bit OS. The other thing we can take home is that the default Apparmor configuration is only offering a false sense of security, it needs to be enabled for far more processes in order to offer any tangible benefit.
I know this is the Linux forum but this was just released today and it's very relevant to what I just said: https://www.wilderssecurity.com/showthread.php?t=292632 http://blogs.technet.com/b/msrc/arc...into-the-security-advisory-967940-update.aspx It's about the Autorun hardening in Windows 7 being backported to older version with an update that was made available through the update channel today:
I've never been too interested in (or worried about) autorun vulnerabilities. They require the attacker to have physical access to the machine. In most cases physical access = root access, no matter the OS. Just don't give untrustworthy people physical access to your machine and the problem is solved.
It was a good video (I skipped a few parts of it) explaining the weaknesses in Nautilus' thumbnail generation, recommending it be disabled, how it and totem gnome is not protected by AppArmor (though maybe this is/has changed with regards to tlu's link??) and how he mentions the Linux locked screensaver is not as difficult to defeat as Windows' locked screensaver. Also interesting to me are the cached thumbnails in ~./thumbnails/normal. I never knew that. It could be a good idea for some to clean that out once in a while
There are some other related fixes in the making: https://bugs.launchpad.net/ubuntu/ source/nautilus/ bug/714958 https://bugs.launchpad.net/ubuntu/ source/gnome-control-center/ bug/715874 https://bugs.launchpad.net/ubuntu/ source/linux/ bug/717412