For anyone interested in this thread I have continued things over on the
MozillaZine Firefox bugs forum:
Another perhaps clue:
- I mentioned above that I had experienced flash sites (just once so far,
and not all of the them, just flash on some pages, e.g., BBC iPlayer)
crashing flash. Now usually flash works fine (and it is at the moment), so
assuming this is a hack, all it took was for me to reboot the PC to fix it.
Logging out and logging back in (resetting X) did not fix it, nor (I don't
think) running flash as another user.
On 4 June 2011 09:15, GSO <gsowww(a)yahoo.co.uk> wrote:
> One additional clue to this perhaps:
>
> - Chromium does not run in a sandbox (I'll look into this at some point),
> however if I run chromium (or chrome) outside of a sandbox on a page that,
> e.g., is giving an invalid SSL cert. when it shouldn't in firefox, and that
> I hence want to check in another browser, the result is chromium invariably
> crashes the page with the 'something has gone wrong' and silly emoticon
> error (not very helpful) that chromium uses. This in the past I have found
> can happen that often that chromium is more or less unusable (all the
> standard pages, twitter, etc., can go down in this manner).
>
>
> G.
>
>
> On 2 June 2011 17:08, GSO <gsowww(a)yahoo.co.uk> wrote:
>
>> The executive summary is that I seem to be experiencing browser hacking
>> even with a completely locked down install (i.e., shouldn't be any malware
>> involved) and an encrypted VPN - in the first instance the X mouse pointer
>> was periodically getting stuck in a firefox sandbox (duly described over on
>> the Fedora Security forum
>>
http://forums.fedoraforum.org/showthread.php?t=263947 - in a nutshell
>> though the mouse pointer will not cross the window border to the desktop;
>> Alt+Tab to cycle windows also fails, the only way out is to switch into
>> another virtual terminal). Firefox also intermittently shows other signs of
>> being hacked - flash video crashing the player when it was previously
>> working fine - BBC iPlayer being one such site, the mouse pointer
>> disappearing hovering over links, etc. For anyone with their Sherlock hats
>> on the details are as follow:
>>
>> - I know for sure that I do have a MITM hacker - if I surf without
>> encrypting the Internet connection very quickly invalid site SSL certificate
>> errors follow and pages are rewritten. With iVPN (
http://ivpn.net) at
>> least (and probably the other VPNs if their procedures for setting the
>> openvpn passphrase/cert were as bulletproof as iVPN's) the only problem I
>> have is with the SELinux sandbox and firefox. Also it is more than a
>> co-incidence that as I write this email this hack occurs (the mouse is
>> locked into the sandbox window at this moment), or likewise when I post to
>> the
unix.com or fedora security forums (having worked fine all day
>> otherwise).
>>
>> - It looks like there possibly is a correlation between entering text
>> into a textbox and this happening, mostly after I have posted the text to
>> the Internet, but sometimes as I am typing. The mouse will sometimes and
>> somewhat less frequently unlock itself from the sandbox (i.e., the pointer
>> can freely move around the desktop again). (Something also that might be
>> related and that has just started today, the mouse pointer vanishes when
>> over a button or link - but not in all sandbox windows, just the odd one.)
>>
>> - I've done my damnedest to rule out any kind of malware on the install
>> (ref. link above to the fedora forum post).
>>
>> - The same problem occurs with metacity and openbox window managers, the
>> former both as the X wm and sandbox '-W' wm.
>>
>> - I will at some point do a backup and run the browser out of the
>> sandbox, I've a feeling that whatever this is allows this hacker into root
>> and to trash the install.
>>
>> - I will at some point rule an openvpn bug out by trying a L2TP
>> connection.
>>
>> - Any malicious code surely has to run through the browser, chromium
>> unfortunately will not run in a default sandbox so I can't at the moment
>> compare the security of this browser.
>>
>> - I'm working on the basis at the moment that local crime -- this is very
>> much a local crime problem -- can 'see' my browser, but it could equally
be
>> a TEMPTEST problem as a browser hack (I will make some checks on the former
>> sometime, but I can't be absolutely conclusive on this).
>>
>> Not being a network engineer I can't really go much further than the
>> above - I have some long dead Netware skills but otherwise was essentially
>> trained as a programmer.
>>
>>
>> G.
>>
>
>