What are the security risks of running QEMU/KVM as root?

Context: I own a machine; I trust root and all the accounts. I virtualize untrusted guests using KVM, and don’t want them to escape.

When /dev/kvm has the right permissions, non-root users can run KVM guests. Does this bring any security advantages over running guests as root? In case of a qemu or KVM vulnerability, won’t malicious guests gain kernel privilege no matter what user is running qemu?

Going further, assuming accounts of the host can’t be trusted, is it possible to gain root privileges using /dev/kvm?

Security Risks of CID Image Embed?

I am putting together an email and have been asked to embed the images and to reference their ContentID in the HTML so that the email is self contained (no requests out to download the images from our CDN).

This is a process that I’m not very familiar with. In general, would the same security risks as CDN downloads apply to embedded images or are there more/less risks associated with the method?

Risks of mobile printing

I know printers are a security hole. I am trying to get the best setup to minimize risk.

Here’s the risk that I am trying to mitigate : that an attacker remotely access the printer, and use it as a launchpad to infect other computers.

So I decided to do this:

  • do not setup access to wifi to the printer. Since I assume settings could be changed, I will not simply disable wifi, I will purchase a printer that does not have wifi capacity

  • among all the printers that work for my need, they all have ethernet capability. I am planning not to plug the ethernet capable, so I should be fine

  • However, all the printers I saw still had mobile printing capabilities (like airprint). This is most unfortunate, because even though they claim to NOT be wireless, they clearly are (airprint for example requires the printer to generate a local wireless network).

So I am trying to decide whether that’s a security risk I can completely mitigate : if I purchase a printer with mobile printing capabilities, and I assume an attacker somehow revert my settings to disable this capability, what is the worse that can happen ? Via mobile printing, could they update the firmware of the printer ? Could they use it as a launchpad to infect other computers ? Or does mobile printing protocols strictly only allow sending a document for printing, and it cannot be misused?

Risks of Long-life Session

Most “big” websites seem to have enormous sessions. From looking through the cookies, Stack Exchange seems to have a one-week rolling session, GitHub has 45 days, and Gmail seems to have a never-ending session.

What are the security implications for having sessions longer than an a few hours? Apparently, the recommended time for session expiry is just fifteen minutes, but obviously that’s pretty bad for user experience. Is there a nice, happy medium for session expiry that smaller webapps can use? How do major websites manage to get away with such long sessions?

Risks of choosing yes for remembering password for iPads, iPhones not having iCloud Keychain

Our mobile devices(iPhones, iPads) don’t have iCloud Keychain which seems to have AES 256 bit encryption for storing credentials. The mobile browsers in those devices like Safari, Firefox, Chrome ask users if they want to save their Office 365 email password which is used to login to their desktop devices. I know if the phone, tablet is lost anyone who hacks their phone/tablet passcode can view their passwords.

Users want to choose yes so they don’t have to remember the password, but from a security viewpoint if those passwords are stored by the browsers a rogue plugin/extension in the browsers could send it to another place. There is also risk of password breach if the mobile devices are lost.

A. If a user chooses yes to remember his password in a iPhone/iPad on a mobile browser like Safari, Chrome, Firefox, where does the browser store it and how safe is it?

B. How to convince management to not bow to user’s convenience of remembering passwords in the browser?

C. Can asking users to use a free password manager like KeePass so it remembers the password instead of the browser better from a security viewpoint?

D. Any other suggestions for a situation where we can accommodate user convenience but not risk losing enterprise credentials for an employee who lost his iPhone?

What are the security risks with rolling out your own Authorisation server implementation

Even though I’m working within .Net Core, this question is generally applicable to other platforms as well.

My question is to do with: Using a framework (such as IdentityServer) to manage implementation for Auth (Authentication/Authorisation) — Vs — rolling out your own implementation by following protocols. In this scenario, the ‘rolling out your own’ option wouldn’t rely on any middleware to manage auth – all the required endpoints/services/data-access would be self managed.

Specifically, I’d like to know: assuming you have followed the protocol specs, what are the security concerns when rolling out your own implementation?

Risks of photographing sensitive information using Android devices?

Sometimes I have to photograph sensitive documents such as bank checks or tax forms etc. Is it completely safe to do with a smartphone, or can there be security threats?

Notably, the legit apps in our phones seem to have a lot of AI activities, changes, and the phones consume approx 100MB to 500MB data per day even when not in use. This makes me think of if there could be security risks or surveillance threats.

Is there any additional risk if the phone is Chinese-originated?

Concrete example of how can Access-Control-Allow-Origin:* cause security risks?

I have done some research but have not found an absolute answer to my specific question. I understand the basic concept of how this header will allow or disallow website A from sending request and viewing response to resources on website B.

However, suppose website B set the header Access-Control-Allow-Credentials to false, and Access-Control-Allow-Origin: *, can this cause any concrete security risk to the user who is browsing website A (suppose website A is malicious)?