"We're happy to see that TAILS 1.1 is being released tomorrow. Our multiple RCE/de-anonymization zero-days are still effective."

 

via @ExodusIntel: https://twitter.com/ExodusIntel

 

#$%#

 

"Exploit Dealer: Snowden's Favourite OS TAILS Has Zero-Day Vulnerabilities Lurking Inside"

 

Thomas Brewster | Security | 7/21/2014 @ 2:14PM

 

http://www.forbes.com/sites/thomasbrewster/2014/07/21/exploit-dealer-snowdens-favourite-os-TAILS-has-zero-day-vulnerabilities-lurking-inside/

 

#$%#

 

"The flaws work on the latest version of TAILS and allow for the ability to exploit a targeted user, both for de-anonymisation and remote code execution," said Loc Nguyen a researcher at Exodus. Remote code execution means a hacker can do almost anything they want to the victim’s system, such as installing malware or siphoning off files.

 

"Considering that the purpose of TAILS is to provide a secure non-attributable platform for communications, users are verifiably at-risk due to these flaws. For the TAILS platform, privacy is contingent on maintaining anonymity and ensuring their actions and communications are not attributable. Thus, any violation of those foundational pillars should be considering highly critical," added Nguyen. This affects every user of TAILS, who should all "diversify security platforms so as not to put all your eggs in one basket", he added.

 

All users, including Snowden, should be wary of using TAILS with a false sense of security, though it’s still more likely to protect anonymity than Windows. Exodus sells to private and public businesses hoping to use the findings for either offensive or defensive means. Those unconcerned about governments targeting their systems might not be concerned about the TAILS zero-days. Others will likely be anxious one of their trusted tools to avoid government hackers contains vulnerabilities that could be exploited to spy on any user of the OS."

 

#$%#

 

Don't look, Snowden: Security biz chases TAILS with zero-day flaws alert

Exodus vows not to sell secrets of whistleblower's favorite OS

 

By Iain Thomson | 21 Jul 2014

 

http://www.theregister.co.uk/2014/07/21/security_researchers_chase_TAILS_with_zeroday_flaw_disclosure/

 

RE: TAILS: https://tails.boum.org/

 

#$%#

 

Talk on cracking Internet anonymity service Tor withdrawn from conference

 

By Joseph Menn | SAN FRANCISCO, July 21

 

"A heavily anticipated talk on how to identify users of the Tor Internet privacy service has been withdrawn from the upcoming Black Hat security conference.

 

A Black Hat spokeswoman told Reuters that the talk had been canceled at the request of lawyers for Carnegie-Mellon University, where the speakers work as researchers. A CMU spokesman had no immediate comment."

 

http://www.reuters.com/article/2014/07/21/cybercrime-conference-talk-idUSL2N0PW14320140721

http://www.pcworld.com/article/2456700/black-hat-presentation-on-tor-suddenly-cancelled.html

http://www.theguardian.com/technology/2014/jul/22/is-tor-truly-anonymising-conference-cancelled

 

#$%#