Tails, also known as 'Amnesiac Incognito Live System', is a free security-focused Debian-based Linux distribution, which has a suite of applications that can be installed on a USB stick, an SD card or a DVD. It keeps users' communications private by running all connectivity through Tor, the network that routes traffic through various layers of servers and encrypts data.
The operating system came into limelight when the global surveillance whistleblower Edward Snowden said that he had used it in order to remain Anonymous and keep his communications hidden from the law enforcement authorities.
The new version 1.1.2 addresses a single but critical vulnerability which arises because the Network Security Services (NSS) libraries parser used by Firefox and other browsers is capable of being tricked into accepting forged RSA certificate signatures.
"We prepared this release mainly to fix a serious flaw in the Network Security Services (NSS) library used by Firefox and other products allows attackers to create forged RSA certificates," reads the Tails official website.
"Before this release, users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it's coming from a trusted site."
Cyber criminals may use Man-in-the-middle (MitM) attacks by impersonating as a bank or webmail provider and tricking online users into handing over their login credentials that can be then passed on to the legitimate organisation.
Tails 1.1.2 comes with the following security updates:
- Updated TOR version (based on Firefox 24.8.0 ESR+tails3~bpo70+1)
- New Linux kernel has been added, 3.16-1
- Numerous other software upgrades that fix security issues in GnuPG, APT, DBus, Bash, and packages built from the bind9 and libav source packages
Mozilla Firefox also released a quick security patches for its Firefox versions and Thunderbird, as its open source browser is vulnerable to SSL man-in-the-middle attacks due to RSA certificate forgery. The patches are already available.
Firefox ESR 31.1.1, Firefox ESR 24.8.1, Thunderbird 31.1.1, and Thunderbird 24.8.1 have been updated to NSS 3.16.2.1. Also Firefox 32.0.3 and SeaMonkey 2.29.1 have been updated to NSS 3.16.5.
Users can download Tails 1.1.2 latest release from Tails official website.
Firefox ESR 31.1.1, Firefox ESR 24.8.1, Thunderbird 31.1.1, and Thunderbird 24.8.1 have been updated to NSS 3.16.2.1. Also Firefox 32.0.3 and SeaMonkey 2.29.1 have been updated to NSS 3.16.5.
Users can download Tails 1.1.2 latest release from Tails official website.
