zlacker

[parent] [thread] 7 comments
1. neodyp+(OP)[view] [source] 2023-07-11 19:17:15
You can use something similar on macOS, Windows or Linux, based on Docker containers, see Dangerzone: https://github.com/freedomofpress/dangerzone
replies(4): >>weinzi+Q3 >>Syonyk+24 >>mike_d+oH >>no_tim+xr1
2. weinzi+Q3[view] [source] 2023-07-11 19:34:23
>>neodyp+(OP)
I didn't know about that but that looks really nice. From a quick glance I understand that they can even utilize OCR to make the trusted PDF into more than an image container. Back in the day when I used Qubes it could not do that. (I haven't used it for a while so I don't know if it can now)

I still think security-wise Qubes is a bit better because it relies on VMs instead of containers.

3. Syonyk+24[view] [source] 2023-07-11 19:35:22
>>neodyp+(OP)
The problem is that containers rely on the OS kernel to enforce separation, and kernel exploits are an awful lot less rare than anyone would prefer.

If someone is delivering targeted malware to a company through HR channels, it's safe to assume that if they can escape the document viewer, they can probably also try for a local root/kernel exploit and escape the container.

Containers are separation of convenience - not a hard security boundary.

replies(1): >>davida+Oc
◧◩
4. davida+Oc[view] [source] [discussion] 2023-07-11 20:23:44
>>Syonyk+24
And container escape exploits are getting burned by sending them out via email? Doubtful.
replies(2): >>Syonyk+Vf >>adgjls+j81
◧◩◪
5. Syonyk+Vf[view] [source] [discussion] 2023-07-11 20:41:07
>>davida+Oc
It depends on who you're targeting and what you want.

But the history of computers security can largely be summed as:

"What? You're just paranoid. Nobody would possibly X!"

Someone gets their asses handed to them by someone Xing.

"What? Why didn't you tell us X was a risk we needed to be concerned about???"

Iterate.

6. mike_d+oH[view] [source] 2023-07-11 23:39:12
>>neodyp+(OP)
Dangerzone is an implementation of a concept known as CDR (Content Disarm & Reconstruction), where you convert anything to an image inside a sandbox, and then convert the raw pixel data back into an image inside a different sandbox.

It is a common workflow inside the government or other places where you need to move data across airgaps, or view content that is highly untrusted.

Shameless plug, I wrote my own that supports over 200 file formats: https://preview.ninja/

◧◩◪
7. adgjls+j81[view] [source] [discussion] 2023-07-12 03:55:56
>>davida+Oc
well if you bother to send an email that breaks out of the container, you might as well make it retrospectively delete the email to hide the evidence :)
8. no_tim+xr1[view] [source] 2023-07-12 07:40:42
>>neodyp+(OP)
Is this really a good idea? Won't the pdf thumbnail generator pwn you by merely navigating into the folder that contains the infected file?
[go to top]