Critical de-anonymization 0-days found in Tails
Tails, the security-focused Debian-based Linux distribution favoured by Edward Snowden, journalists and privacy-minded users around the world, sports a number of critical vulnerabilities that can lead to the user’s identity to be discovered by attackers.
The claim has been made by researchers with vulnerability and exploit research company Exodus Intelligence, who are scheduled to give a talk about it at the Black Hat hacking conference next month.
According to The Register, the company will not (as usual for them) share the details about the vulnerabilities with their clients, but will work with Tails developers to fix it.
The company also plans to release some details in a series of blog posts scheduled for next week.
Tails is backed by the Tor Project, as well as by Debian Project, Mozilla, and the Freedom of the Press Foundation, and is considered to be a must-have tool for anyone who wishes to remain anonymous while being and doing stuff online, and to circumvent censorship.
The system is designed to be booted as a live DVD or live USB, and comes with a myriad of privacy and anonymity software.
While making Tails extremely helpful, the inter-locking of such various components also makes it difficult to spot security weaknesses.
The release candidate for the upcoming Tails version 1.1 has been made available last week, and the final version is set to be released on Wednesday. Unfortunately, the researchers claim, their “multiple RCE/de-anonymization zero-days” are still present.