Critical de-anonymization 0-days found in Tails
Posted on 22 July 2014.
Tails, the security-focused Debian-based Linux distribution favoured by Edward Snowden, journalists and privacy-minded users around the world, sports a number of critical vulnerabilities that can lead to the user's identity to be discovered by attackers.

The claim has been made by researchers with vulnerability and exploit research company Exodus Intelligence, who are scheduled to give a talk about it at the Black Hat hacking conference next month.

According to The Register, the company will not (as usual for them) share the details about the vulnerabilities with their clients, but will work with Tails developers to fix it.

The company also plans to release some details in a series of blog posts scheduled for next week.

Tails is backed by the Tor Project, as well as by Debian Project, Mozilla, and the Freedom of the Press Foundation, and is considered to be a must-have tool for anyone who wishes to remain anonymous while being and doing stuff online, and to circumvent censorship.

The system is designed to be booted as a live DVD or live USB, and comes with a myriad of privacy and anonymity software.

While making Tails extremely helpful, the inter-locking of such various components also makes it difficult to spot security weaknesses.

The release candidate for the upcoming Tails version 1.1 has been made available last week, and the final version is set to be released on Wednesday. Unfortunately, the researchers claim, their "multiple RCE/de-anonymization zero-days" are still present.


Email scammers stole $215M from businesses in 14 months

Posted on 29 January 2015.  |  In 14 months there have been nearly 1200 US and a little over 900 non-US victims of BEC scams, and the total money loss reached nearly $215 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jan 30th