Don't look, Snowden: Security biz chases TAILS with zero-day flaws alert
"We're happy to see that TAILS 1.1 is being released tomorrow. Our multiple RCE/de-anonymization zero-days are still effective."
via @ExodusIntel: https://twitter.com/ExodusIntel
#$%#
"Exploit Dealer: Snowden's Favourite OS Tails Has Zero-Day Vulnerabilities Lurking Inside"
Thomas Brewster | Security | 7/21/2014 @ 2:14PM
http://www.forbes.com/sites/thomasbrewster/2014/07/21/exploit-dealer-snowdens-favourite-os-tails-has-zero-day-vulnerabilities-lurking-inside/
#$%#
"The flaws work on the latest version of Tails and allow for the ability to exploit a targeted user, both for de-anonymisation and remote code execution," said Loc Nguyen a researcher at Exodus. Remote code execution means a hacker can do almost anything they want to the victim’s system, such as installing malware or siphoning off files.
"Considering that the purpose of Tails is to provide a secure non-attributable platform for communications, users are verifiably at-risk due to these flaws. For the Tails platform, privacy is contingent on maintaining anonymity and ensuring their actions and communications are not attributable. Thus, any violation of those foundational pillars should be considering highly critical," added Nguyen. This affects every user of Tails, who should all "diversify security platforms so as not to put all your eggs in one basket", he added.
All users, including Snowden, should be wary of using Tails with a false sense of security, though it’s still more likely to protect anonymity than Windows. Exodus sells to private and public businesses hoping to use the findings for either offensive or defensive means. Those unconcerned about governments targeting their systems might not be concerned about the Tails zero-days. Others will likely be anxious one of their trusted tools to avoid government hackers contains vulnerabilities that could be exploited to spy on any user of the OS."
#$%#
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
By Iain Thomson | 21 Jul 2014
http://www.theregister.co.uk/2014/07/21/security_researchers_chase_tails_with_zeroday_flaw_disclosure/
via @ExodusIntel: https://twitter.com/ExodusIntel
#$%#
"Exploit Dealer: Snowden's Favourite OS Tails Has Zero-Day Vulnerabilities Lurking Inside"
Thomas Brewster | Security | 7/21/2014 @ 2:14PM
http://www.forbes.com/sites/thomasbrewster/2014/07/21/exploit-dealer-snowdens-favourite-os-tails-has-zero-day-vulnerabilities-lurking-inside/
#$%#
"The flaws work on the latest version of Tails and allow for the ability to exploit a targeted user, both for de-anonymisation and remote code execution," said Loc Nguyen a researcher at Exodus. Remote code execution means a hacker can do almost anything they want to the victim’s system, such as installing malware or siphoning off files.
"Considering that the purpose of Tails is to provide a secure non-attributable platform for communications, users are verifiably at-risk due to these flaws. For the Tails platform, privacy is contingent on maintaining anonymity and ensuring their actions and communications are not attributable. Thus, any violation of those foundational pillars should be considering highly critical," added Nguyen. This affects every user of Tails, who should all "diversify security platforms so as not to put all your eggs in one basket", he added.
All users, including Snowden, should be wary of using Tails with a false sense of security, though it’s still more likely to protect anonymity than Windows. Exodus sells to private and public businesses hoping to use the findings for either offensive or defensive means. Those unconcerned about governments targeting their systems might not be concerned about the Tails zero-days. Others will likely be anxious one of their trusted tools to avoid government hackers contains vulnerabilities that could be exploited to spy on any user of the OS."
#$%#
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
By Iain Thomson | 21 Jul 2014
http://www.theregister.co.uk/2014/07/21/security_researchers_chase_tails_with_zeroday_flaw_disclosure/