Subscribe to our newsletters
Sign Up

The Hacker News — Cyber Security, Hacking, Technology News

Sunday, September 28, 2014 Wang Wei

Privacy-focused Tails 1.1.2 Operating System Released
Tails, a Linux-based highly secure Operating System specially designed and optimized to preserve users' anonymity and privacy, has launched its new release, Tails version 1.1.2.

Tails, also known as 'Amnesiac Incognito Live System', is a free security-focused Debian-based Linux distribution, which has a suite of applications that can be installed on a USB stick, an SD card or a DVD. It keeps users’ communications private by running all connectivity through Tor, the network that routes traffic through various layers of servers and encrypts data.

The operating system came into limelight when the global surveillance whistleblower Edward Snowden said that he had used it in order to remain Anonymous and keep his communications hidden from the law enforcement authorities.

The new version 1.1.2 addresses a single but critical vulnerability which arises because the Network Security Services (NSS) libraries parser used by Firefox and other browsers is capable of being tricked into accepting forged RSA certificate signatures.
"We prepared this release mainly to fix a serious flaw in the Network Security Services (NSS) library used by Firefox and other products allows attackers to create forged RSA certificates," reads the Tails official website.
"Before this release, users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it's coming from a trusted site."
Cyber criminals may use Man-in-the-middle (MitM) attacks by impersonating as a bank or webmail provider and tricking online users into handing over their login credentials that can be then passed on to the legitimate organisation.

Tails 1.1.2 comes with the following security updates:
  • Updated TOR version (based on Firefox 24.8.0 ESR+tails3~bpo70+1)
  • New Linux kernel has been added, 3.16-1
  • Numerous other software upgrades that fix security issues in GnuPG, APT, DBus, Bash, and packages built from the bind9 and libav source packages
Mozilla Firefox also released a quick security patches for its Firefox versions and Thunderbird, as its open source browser is vulnerable to SSL man-in-the-middle attacks due to RSA certificate forgery. The patches are already available.

Firefox ESR 31.1.1, Firefox ESR 24.8.1, Thunderbird 31.1.1, and Thunderbird 24.8.1 have been updated to NSS 3.16.2.1. Also Firefox 32.0.3 and SeaMonkey 2.29.1 have been updated to NSS 3.16.5.

Users can download Tails 1.1.2 latest release from Tails official website.

Tuesday, July 22, 2014 Mohit Kumar

Zero-Day Vulnerabilities Identified in Tails Operating System
The critical zero-day security flaws has been discovered in the privacy and security dedicated Linux-based operating system “Tails” that could be used by an attacker to unmask your identity.

Tails, which is been used and recommended by the global surveillance whistleblower Edward Snowden to remain Anonymous, has a suite of privacy applications and designed to keep users’ communications private by running all connectivity through Tor, the network that routes traffic through various layers of servers and encrypts data.

But unfortunately, the highly secured OS has several critical zero-day vulnerabilities that could help attackers or law enforcements to de-anonymize anyone and allows to perform remote code execution, according to a researcher at Exodus Intelligence who uncovered the flaws but didn't publish the details about it.

The Texas-based security firm, Exodus Intelligence, tweeted on Monday that it had found several remote code execution vulnerabilities in Tails operating system. The firm explained that the architect of the operating system is seriously vulnerable that could leads to put users’ security at risk.

NEW TAILS 1.1 RELEASED, BUT NOT PATCHED
Today tails has launched its big release, Tails version 1.1, but Exodus warned via a tweet that the latest version of the OS is still vulnerable to the zero-day attacks it had identified. The firm don’t want to release the details of the exploit until there is a patch, but it said it would release details about the zero-day flaws in a series of blog posts next week.

Exodus Intelligence usually identifies vulnerabilities in various products and sell them to their clients, including the US agencies and DARPA; but in this case they have decided to do not sell the Tails remote code execution exploit to any of its client.

TAILS DEVS STILL UNAWARE OF THE ZERO-DAYS
Tails OS developers claimed that the company has not yet responsibly disclosed the vulnerabilities details to them.
"We were not contacted by Exodus Intel prior to their tweet. In fact, a more irritated version of this text was ready when we finally received an email from them. They informed us that they would provide us with a report within a week.
I know, Tails is considered to be one of the best options for privacy conscious Internet users, but such revelations indicates that no software or operating system offers complete privacy and security to users even if they are developed by keeping anonymity as the first priority.

The company also assured its users to provide some extra features among improving the security of the operating system.
"Being fully aware of this kind of threat, we're continuously working on improving Tails' security in depth. Among other tasks, we're working on a tight integration of AppArmor in Tails, kernel and web browser hardening as well as sandboxing, just to name a few examples." developers said.
UPDATE

Sunday, June 29, 2014 Wang Wei

Anonymous Operating System 'Tails' Website Hacked
Just a few hours ago, the Official website of the Tails Operating System has been hacked and it appears that a self-proclaimed 17-year old hacker breached and defaced it.

Tails is a Linux-based highly secure Operating System, specially designed and optimized to preserve users' anonymity and privacy. Hacker, who named himself "Sum guy", managed to access the website as administrator and edited the homepage content with the following message:
You has been haxoredeszed by sum dumb 17 year old by accident... Sorry about that please forgive me! I accidentally logged myself in as someone important and changed the site, not knowing that what I was changing would save! So sorry about that... I hope you have a backup, Oh and btw I love your OS! Yours sincerely, Sum guy
And before I leave,
Hi ed...
and zoin
Defaced Link: https://tails.boum.org/index.en.html. However, all other pages on the Tails website are working just fine, but at this moment it is not clear whether the hacker has also modified the OS Image or not. So readers are advised to do not download the Tails OS from the website, at least for a few days.

Tails, also known as 'Amnesiac Incognito Live System', is free software based on Debian GNU/Linux and you install it on a DVD or USB drive, boot up the computer from the drive. This allows you to work on a sensitive file on any computer and prevent the data being recovered after the computer is turned off.

Tails was reportedly used by the NSA Whistle-blower Edward Snowden in discussions with journalists because it includes a range of tools for protecting your data by means of strong encryption.

I will update the story after receiving more details on the hack. Stay Tuned.

Tip Credit: Lauri Soivi.

Newsletter Subscription

Subscribe to our newsletter and get all latest hacking news, free eBooks delivered to your inbox.

Join Over 450,000 Subscribers!