Why Failing the Xprobe Matters
Why Does It Matter if I Failed the Test?
The test we conduct could be conducted from any system anywhere on the Internet. This means that if we can display something on your screen, so can anyone else. Beyond the inconvenience of having any remote person able to display a window on your screen there is an even more dangerous problem. Anyone who can connect to your display in this fashion may do any of the following:
- Open new X windows (which is what the probe does)
- Close any (or all) of your X windows
- View the contents of your existing X windows remotely
- Log your mouse movements keystrokes, including capturing your passwords as you type them.
- Generate any X event, including moving the cursor, clicking on items, injecting keystrokes, resizing windows, and many other things.
In short, if they can display something on your screen they can control your X display and eavesdrop on your communications.
What sort of events can be eavesdropped on?
Everything from mouse movements to keystrokes are sent to the X11 display so that X11 applications can determine if a user is interacting with them. Further, X11 applications do not need to display anything in particular, they can change the color of a single pixel on your screen and still eavesdrop on your keystrokes.
This means that once a successful connection is made to your X11 server, the intruder can eavesdrop on everything you type: emails, passwords, system and account names, etc. Further, it may be used as an avenue to gain great access, steal files, and compromise your system.