Tails live OS affected by critical zero-day vulnerabilities

A researchers at the Exodus Intelligence firm has discovered a series of zero day vulnerabilities in the popular Tails Linux-based distribution.

A researcher at Exodus Intelligence has discovered critical zero-day vulnerabilities in the popular Tails live operating system. Tails is considered by security experts an indispensable tool to preserve the privacy and security of users that intend to avoid surveillance and censorship.

The flaws in the Linux-based operating system Tails could be used by an attacker to reveal users’ identity according to the expert. Tails includes a suite of privacy applications and is designed to ensure users’ privacy while surfing through Tor network.

According to the researcher, the presence of critical flaws in Tails could be exploited by bad actors and law enforcements to de-anonymize Tor users and execute code remotely.

The researcher initially hasn’t provided the details about the vulnerabilities, the company just informed its followers through Twitter of the disconcerting discovery.

The firm didn’t plan to release the details of the exploit until the Tails development team will not fix them, but anyway, it said it would release details about the zero-day flaws in a series of blog posts next week.

But while I’m writing Exodus Intelligence revealed that the flaw lies in the I2P software that is included in the Tails distro and the company has released some details and a video demonstrating the exploitation of the vulnerability.

““The vulnerability we will be disclosing is specific to I2P. I2P currently boasts about 30,000 active peers. Since I2P has been bundled with Tails since version 0.7, Tails is by far the most widely adopted I2P usage. The I2P vulnerability works on default, fully patched installation of Tails. No settings or configurations need to be changed for the exploit to work,” the Exodus team wrote in a post explaining a bit about the flaw.”

Exodus Intelligence is a firm specialized in the identification of zero-day vulnerabilities, defensive guidance and vulnerability research trends. It sells its products to private clients and government entities, including the DARPA, imagine the availability of a Tails zero-day exploit in the hand of Intelligence.

“Our main goalwas to bring attention to the fact that no software is infallible and those seeking anonymity should not blindly trust a software recommendation (even if it is from Snowden),” said Aaron Portnoy, co-founder and vice president of Exodus.

Today a new version of the OS has been released, Tails 1.1, but experts at Exodus warned with a tweet that despite the distribution has been updated, also its latest version is still vulnerable to the zero-day attacks.

Tails 1_1 vulnerable tweet

On the other side the development team of Tails declared that it is unaware of the zero-day vulnerabilities

“We were not contacted by Exodus Intel prior to their tweet. In fact, a more irritated version of this text was ready when we finally received an email from them. They informed us that they would provide us with a report within a week. We’re told they won’t disclose these vulnerabilities publicly before we have corrected it, and Tails users have had a chance to upgrade. We think that this is the right process to responsibly disclose vulnerabilities, and we’re really looking forward to read this report.” is reported in the post published by the Tails dev team.

Tails team also confirmed that it will deploy some extra features to improve the security of the operating system and protect users’s privacy.

Being fully aware of this kind of threat, we’re continuously working on improving Tails’ security in depth. Among other tasks, we’re working on a tight integration of AppArmor in Tails, kernel and web browser hardening as well as sandboxing, just to name a few examples.” the Tails team added.

The discovery Exodus researcher is the confirmation that any software could be potentially affected by a flaw … and every flaw could be exploited by your enemies.

Pierluigi Paganini

Security Affairs –  (Tails, privacy)

52 Trackbacks & Pingbacks

  1. ccn2785xdnwdc5bwedsj4wsndb
  2. xcmwnv54ec8tnv5cev5jfdcnv5
  3. ego vapor pens
  4. Manifestation Miracle Reviews
  5. http://www.flatratecomputerservice.com/desktop-repairs/
  6. pret ecograf
  7. free netflix account 2016
  8. guitar picks
  9. banheira
  10. open skyz
  11. groupon dinosaur prank
  12. chapter 13 bankruptcy hershey
  13. recycle clothes for cash
  14. weight loss
  15. esta
  16. walmart auto services store hours
  17. Best Prostate Supplement
  18. More Bonuses
  19. Dorcas Cereceres
  20. Gertha Conceicao
  21. a knockout post
  22. curso de detetive profissional
  23. Leaflets
  24. paintless dent repair training
  25. bikini luxe coupon
  26. plumbing repair Cherry Creek
  27. league of legends sweatshirt
  28. video competitions
  29. international forex trading
  30. orange county appliance repair
  31. no deposit bonus casino�
  32. computer training
  33. Brand Bangla Eshop
  34. happy valentines day images
  35. goodwill auction shopgoodwill
  36. garcinia cambogia lose weight
  37. llaveros para hoteles
  38. cara mengatasi ejakulasi dini
  39. Escort
  40. seo services minneapolis
  41. minneapolis internet marketing
  42. Toys
  43. Homepage
  44. net video girls app
  45. 2016 frankies bikini
  46. manuel ferrara
  47. Logo design sydney
  48. custom jewelry denver
  49. poker
  50. sacred 3 trainer
  51. Termite Control Perth
  52. history of name

Leave a Reply

Your email address will not be published.