Return to Question

added 87 characters in body

Source Link

edited May 16, 2022 at 21:43

An issue was recently opened on the GitHub page for the privacy-focused VirtualBox wrapper HiddenVM. The opener posts what he claims to be indication of files from his local cache being sent to an external IP:

When i used dmesg i saw what it did in the background. I picked two messages out of many:
audit: type=1400 audit(1651914430.711:1128): apparmor="DENIED" operation="open" profile="torbrowser_firefox"
name="/home/amnesia/.cache/thumbnails/large/3678dc849747c84908498dd948db8f71.png"
pid=10995 comm="pool-firefox"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

Dropped outbound packet: IN= OUT=wlan0 SRC=i removed the adress DST=i removed the adress LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=762031
PROTO=ICMPv6 TYPE=133 CODE=0 UID=0 GID=0
So it looks like it sent files from my cache to some address. Like why does a script that is supposed to change settings open cache files and sends them somewhere?

The opener doesn't say exactly what commands they used or give any further details.

Do these two messages indicate files being sent from the local machine to an external IP?

When i used dmesg i saw what it did in the background. I picked two messages out of many:
audit: type=1400 audit(1651914430.711:1128): apparmor="DENIED" operation="open" profile="torbrowser_firefox"
name="/home/amnesia/.cache/thumbnails/large/3678dc849747c84908498dd948db8f71.png"
pid=10995 comm="pool-firefox"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

Dropped outbound packet: IN= OUT=wlan0 SRC=i removed the adress DST=i removed the adress LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=762031
PROTO=ICMPv6 TYPE=133 CODE=0 UID=0 GID=0
So it looks like it sent files from my cache to some address. Like why does a script that is supposed to change settings open cache files and sends them somewhere?

Do these two messages indicate files being sent from the local machine to an external IP?

When i used dmesg i saw what it did in the background. I picked two messages out of many:
audit: type=1400 audit(1651914430.711:1128): apparmor="DENIED" operation="open" profile="torbrowser_firefox"
name="/home/amnesia/.cache/thumbnails/large/3678dc849747c84908498dd948db8f71.png"
pid=10995 comm="pool-firefox"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

Dropped outbound packet: IN= OUT=wlan0 SRC=i removed the adress DST=i removed the adress LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=762031
PROTO=ICMPv6 TYPE=133 CODE=0 UID=0 GID=0
So it looks like it sent files from my cache to some address. Like why does a script that is supposed to change settings open cache files and sends them somewhere?

The opener doesn't say exactly what commands they used or give any further details.

Do these two messages indicate files being sent from the local machine to an external IP?

Source Link

asked May 16, 2022 at 21:38

HiddenVM-Asker

Does this dmesg log show files being transferred?

When i used dmesg i saw what it did in the background. I picked two messages out of many:
audit: type=1400 audit(1651914430.711:1128): apparmor="DENIED" operation="open" profile="torbrowser_firefox"
name="/home/amnesia/.cache/thumbnails/large/3678dc849747c84908498dd948db8f71.png"
pid=10995 comm="pool-firefox"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

Dropped outbound packet: IN= OUT=wlan0 SRC=i removed the adress DST=i removed the adress LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=762031
PROTO=ICMPv6 TYPE=133 CODE=0 UID=0 GID=0
So it looks like it sent files from my cache to some address. Like why does a script that is supposed to change settings open cache files and sends them somewhere?

Do these two messages indicate files being sent from the local machine to an external IP?