pastebin - collaborative debugging tool
kpaste.net RSS


TAILS and Tor vulnerabilities
Posted by Anonymous on Tue 22nd Jul 2014 21:57
raw | new post

  1. "We're happy to see that TAILS 1.1 is being released tomorrow. Our multiple RCE/de-anonymization zero-days are still effective."
  2.  
  3. via @ExodusIntel: https://twitter.com/ExodusIntel
  4.  
  5. #$%#
  6.  
  7. "Exploit Dealer: Snowden's Favourite OS TAILS Has Zero-Day Vulnerabilities Lurking Inside"
  8.  
  9. Thomas Brewster | Security | 7/21/2014 @ 2:14PM
  10.  
  11. http://www.forbes.com/sites/thomasbrewster/2014/07/21/exploit-dealer-snowdens-favourite-os-TAILS-has-zero-day-vulnerabilities-lurking-inside/
  12.  
  13. #$%#
  14.  
  15. "The flaws work on the latest version of TAILS and allow for the ability to exploit a targeted user, both for de-anonymisation and remote code execution," said Loc Nguyen a researcher at Exodus. Remote code execution means a hacker can do almost anything they want to the victim’s system, such as installing malware or siphoning off files.
  16.  
  17. "Considering that the purpose of TAILS is to provide a secure non-attributable platform for communications, users are verifiably at-risk due to these flaws. For the TAILS platform, privacy is contingent on maintaining anonymity and ensuring their actions and communications are not attributable. Thus, any violation of those foundational pillars should be considering highly critical," added Nguyen. This affects every user of TAILS, who should all "diversify security platforms so as not to put all your eggs in one basket", he added.
  18.  
  19. All users, including Snowden, should be wary of using TAILS with a false sense of security, though it’s still more likely to protect anonymity than Windows. Exodus sells to private and public businesses hoping to use the findings for either offensive or defensive means. Those unconcerned about governments targeting their systems might not be concerned about the TAILS zero-days. Others will likely be anxious one of their trusted tools to avoid government hackers contains vulnerabilities that could be exploited to spy on any user of the OS."
  20.  
  21. #$%#
  22.  
  23. Don't look, Snowden: Security biz chases TAILS with zero-day flaws alert
  24. Exodus vows not to sell secrets of whistleblower's favorite OS
  25.  
  26. By Iain Thomson | 21 Jul 2014
  27.  
  28. http://www.theregister.co.uk/2014/07/21/security_researchers_chase_TAILS_with_zeroday_flaw_disclosure/
  29.  
  30. RE: TAILS: https://tails.boum.org/
  31.  
  32. #$%#
  33.  
  34. Talk on cracking Internet anonymity service Tor withdrawn from conference
  35.  
  36. By Joseph Menn | SAN FRANCISCO, July 21
  37.  
  38. "A heavily anticipated talk on how to identify users of the Tor Internet privacy service has been withdrawn from the upcoming Black Hat security conference.
  39.  
  40. A Black Hat spokeswoman told Reuters that the talk had been canceled at the request of lawyers for Carnegie-Mellon University, where the speakers work as researchers. A CMU spokesman had no immediate comment."
  41.  
  42. http://www.reuters.com/article/2014/07/21/cybercrime-conference-talk-idUSL2N0PW14320140721
  43. http://www.pcworld.com/article/2456700/black-hat-presentation-on-tor-suddenly-cancelled.html
  44. http://www.theguardian.com/technology/2014/jul/22/is-tor-truly-anonymising-conference-cancelled
  45.  
  46. #$%#

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

To highlight particular lines, prefix each line with {%HIGHLIGHT}




All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at