Pipe 3D9 Don't look, Snowden: Security biz chases TAILS with zero-day flaws alert

Don't look, Snowden: Security biz chases TAILS with zero-day flaws alert

by
Anonymous Coward
in security on (#3D9)
"We're happy to see that TAILS 1.1 is being released tomorrow. Our multiple RCE/de-anonymization zero-days are still effective."

via @ExodusIntel: https://twitter.com/ExodusIntel

#$%#

"Exploit Dealer: Snowden's Favourite OS Tails Has Zero-Day Vulnerabilities Lurking Inside"

Thomas Brewster | Security | 7/21/2014 @ 2:14PM

http://www.forbes.com/sites/thomasbrewster/2014/07/21/exploit-dealer-snowdens-favourite-os-tails-has-zero-day-vulnerabilities-lurking-inside/

#$%#

"The flaws work on the latest version of Tails and allow for the ability to exploit a targeted user, both for de-anonymisation and remote code execution," said Loc Nguyen a researcher at Exodus. Remote code execution means a hacker can do almost anything they want to the victim’s system, such as installing malware or siphoning off files.

"Considering that the purpose of Tails is to provide a secure non-attributable platform for communications, users are verifiably at-risk due to these flaws. For the Tails platform, privacy is contingent on maintaining anonymity and ensuring their actions and communications are not attributable. Thus, any violation of those foundational pillars should be considering highly critical," added Nguyen. This affects every user of Tails, who should all "diversify security platforms so as not to put all your eggs in one basket", he added.

All users, including Snowden, should be wary of using Tails with a false sense of security, though it’s still more likely to protect anonymity than Windows. Exodus sells to private and public businesses hoping to use the findings for either offensive or defensive means. Those unconcerned about governments targeting their systems might not be concerned about the Tails zero-days. Others will likely be anxious one of their trusted tools to avoid government hackers contains vulnerabilities that could be exploited to spy on any user of the OS."

#$%#

Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS

By Iain Thomson | 21 Jul 2014

http://www.theregister.co.uk/2014/07/21/security_researchers_chase_tails_with_zeroday_flaw_disclosure/

History

2014-07-22 21:09
Tails Distro update fails to address serious zero-day vulnerabilities
zafiro17@pipedot.org
"We'rThe hTails Linux distro gained a lot of ppublicity when Edward Snowden noted it as his operating system of choice. But while that TAILS 1.1goes to great pains to ensure maximum anonymity when using online services, it is being released tomorrow. Our multiple RCE/de-anonymization zero-days are still effective."

via @ExodusIntel: https://twitter.com/ExodusIntel

#$%#

"Exploi
t Dealer: Snowdimpen's Favourite OS Tails Has Zero-Day Vulnetrabilities Lurking. Inside"

Thomas Brewster | Security | 7/21/2014 @ 2:14PM

http://www.forbes.com/sites/thomasbrewster/2014/07/21/exploit-dealer-snowdens-favourite-os-tails-has-zero-day-vulnerabilities-lurking-inside/

#$%#

"The
flawsct, work on the latest version of Tails and allow for the ability to exploit a twargeted u'ser, both for de-anonymisatiogn andis rsemote code executrionusly flawed," saidys Loc Nguyen, a researcher at Exodus. Remote>Tails is code executmprised of n umeanrous a hacker can do almponentst anythworking in interchange," he said. ... however because there are numerous inter-locking mechanisms in play want ton the victim’s system, it's difficuchlt to readily pinpoint a particular weak area."Nguyen and team had identified a number of zero-day vulnerabilities installing malwarthe or siphoning off files.

"Consi
deringstro that have gone unaddressed and remain open even as TAILS releases an update to the psoftware. Exodus said it would rpoelease details about the zero-days in a series of Tails is to provide a secure non-attributableog platform for communications, userts arne verifiably axt-risk due to these flawseek. For the Tails platform, privacy is contingent on maintaining anonymity and ensuring their actions and communications are not attributable. Thus, any violation of those foundational pillars should be considering highly critical," added Nguyen. This affects every user of Tails, who should all "diversify security platforms so as not to put all your eggs in one basket", he added.

All users, including Snowden, should be wary of using Tails with a false sense of security, though it’s still more likely to protect anonymity than Windows.
Exodus sells to private and public businesses hoping to use the findings for either offensive or defensive means. Those unconcerned about governments targeting their systems might not be concerned about the Tails zero-days. Others will likely be anxious one of their trusted tools to avoid government hackers contains vulnerabilities that could be exploited to spy on any user of the OS."

#$%#

Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's fav
Morite OS

By Iain Thoms
on |the 21 Jvulnerabilities 2014

at the Register and Forbes
.
Reply 0 comments