{"id":20770,"date":"2009-12-16T12:40:55","date_gmt":"2009-12-16T16:40:55","guid":{"rendered":"http:\/\/www.bu.edu\/tech\/security\/protect\/auditing\/xprobe\/why-failing-the-xprobe-test-matters\/"},"modified":"2013-03-13T12:05:28","modified_gmt":"2013-03-13T16:05:28","slug":"failure-matters","status":"publish","type":"page","link":"https:\/\/www.bu.edu\/tech\/services\/security\/server\/vulnerability-management\/xprobe\/failure-matters\/","title":{"rendered":"Why Failing the Xprobe Matters"},"content":{"rendered":"<h3>Why Does It Matter if I Failed the Test?<\/h3>\n<p>The test we conduct could be conducted from any system anywhere on the Internet.\u00a0 This means that if we can display something on your screen, so can anyone else.\u00a0 Beyond the inconvenience of having any remote person able to display a window on your screen there is an even more dangerous problem.\u00a0 Anyone who can connect to your display in this fashion may do any of the following:<\/p>\n<ul>\n<li>Open new X windows (which is what the probe does)<\/li>\n<li>Close any (or all) of your X windows<\/li>\n<li> View the contents of your existing X windows remotely<\/li>\n<li> Log your mouse movements keystrokes, including capturing your passwords as you type them.<\/li>\n<li> Generate <em>any<\/em> <a href=\"http:\/\/www.rahul.net\/kenton\/events.html#WhatAre\">X event<\/a>, including moving the cursor, clicking on items, injecting keystrokes, resizing windows, and many other things.<\/li>\n<\/ul>\n<p>In short, if they can display something on your screen they can control your X display and eavesdrop on your communications.<\/p>\n<h3>What sort of events can be eavesdropped on?<\/h3>\n<p>Everything from mouse movements to keystrokes are sent to the X11 display so that X11 applications can determine if a user is interacting with them.\u00a0 Further, X11 applications do not need to display anything in particular, they can change the color of a single pixel on your screen and still eavesdrop on your keystrokes.<\/p>\n<p><strong>This means that once a successful connection is made to your X11 server, the intruder can eavesdrop on everything you type: emails, passwords, system and account names, etc.\u00a0 Further, it may be used as an avenue to gain great access, steal files, and compromise your system.<\/strong><\/p>\n<h3>Next Steps<\/h3>\n<ul>\n<li><a href=\"#correct\">Take Corrective Action<\/a> if you&#8217;ve failed the test.<\/li>\n<li>Understand <a href=\".\/xauth\">How X11 Access Control Works<\/a><\/li>\n<li>Learn how to <a href=\".\/secure\">Secure Your X-Windows Server<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Why Does It Matter if I Failed the Test? The test we conduct could be conducted from any system anywhere on the Internet.\u00a0 This means that if we can display something on your screen, so can anyone else.\u00a0 Beyond the inconvenience of having any remote person able to display a window on your screen there&#8230;<\/p>\n","protected":false},"author":2620,"featured_media":0,"parent":6543,"menu_order":1,"comment_status":"closed","ping_status":"open","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/20770"}],"collection":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/users\/2620"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/comments?post=20770"}],"version-history":[{"count":9,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/20770\/revisions"}],"predecessor-version":[{"id":20889,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/20770\/revisions\/20889"}],"up":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/6543"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/media?parent=20770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}