{"id":6071,"date":"2014-07-30T10:00:02","date_gmt":"2014-07-30T14:00:02","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=6071"},"modified":"2014-07-30T10:00:02","modified_gmt":"2014-07-30T14:00:02","slug":"privacy-focused-tails-os-compromised-how-to-stay-safe-until-its-patched","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/30\/privacy-focused-tails-os-compromised-how-to-stay-safe-until-its-patched\/","title":{"rendered":"Privacy-focused Tails OS compromised: How to stay safe until it’s patched"},"content":{"rendered":"

\"\"<\/a><\/p>\n

Vulnerabilities in the Tails operating system could reveal your IP address, but you can avoid trouble by taking a couple of precautions.<\/p>\n

Tails, a portable operating system that employs a host of privacy-focused components, plans to patch flaws contained in I2P, a networking tool developed by the Invisible Internet Project that provides greater anonymity when browsing. It\u2019s similar in concept to Tor.<\/p>\n

On Saturday, I2P developers released several fixes for XSS (cross-site scripting) and remote execution flaws found by Exodus Intelligence, a vulnerability broker that irked some by announcing first on Twitter it knew of flaws but didn\u2019t immediately inform Tails.<\/p>\n

It wasn\u2019t clear when Tails would release an update with I2P\u2019s fixes. It couldn\u2019t be immediately reached Sunday.<\/p>\n

On Friday, Tails advised that users can take steps to protect themselves in the meantime. It recommended that I2P not be intentionally launched in Tails version 1.1 and earlier.<\/p>\n

Luckily, I2P is not launched by default when Tails is started. But Tails warned that an attacker could use some other undisclosed security holes to launch Tails and then try to de-anonymize a user. To be sure that doesn\u2019t happen, the I2P software package should be removed when Tails is launched.<\/p>\n

The danger of hackers using the I2P vulnerabilities is mitigated somewhat by the fact the details of the flaws haven\u2019t been disclosed publicly. But Tails wrote that hackers may have figured them out.<\/p>\n

Even general descriptions of vulnerabilities often give hackers enough information of where to start hunting for flaws, enabling them to figure out the exact problems.<\/p>\n

To execute an attack on I2P, a hacker must also lure someone to a website where they\u2019ve manipulated the content, Tails said. That sort of lure is usually set using social engineering, successfully tricking a person into loading malicious content. Savvy users may spot such a lure, but it\u2019s easy to get tricked.<\/p>\n

Soon after it wrote on Twitter of the flaws, Exodus Intelligence said it would provide the details to Tails and not sell the information to its customers. It wasn\u2019t clear if public pressure influenced Exodus.<\/p>\n

The company wouldn\u2019t say if it would make similar exceptions for privacy-focused software in the future such as Tails, which has been recommended by former National Security Agency contractor Edward Snowden.<\/p>\n

via Privacy-focused Tails OS compromised: How to stay safe until it’s patched | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Vulnerabilities in the Tails operating system could reveal your IP address, but you can avoid trouble by taking a couple […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9],"tags":[778,849,1177],"class_list":["post-6071","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-operating-systems","tag-privacy","tag-vulnerabilities"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1zV","jetpack-related-posts":[{"id":5659,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/02\/flaws-in-popular-seo-plug-in-put-wordpress-websites-at-risk\/","url_meta":{"origin":6071,"position":0},"title":"Flaws in popular SEO plug-in put WordPress websites at risk","author":"NCCT","date":"June 2, 2014","format":false,"excerpt":"Many WordPress websites could be at risk of compromise if their administrators don\u2019t upgrade a popular search engine optimization (SEO) plug-in to a newly released version that fixes serious vulnerabilities. Researchers from Web security firm Sucuri found two flaws in a plug-in called \u201cAll in One SEO Pack\u201d that potentially\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/core5.staticworld.net\/images\/article\/2013\/04\/hacker_internet_web_attack-100033459-large.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/core5.staticworld.net\/images\/article\/2013\/04\/hacker_internet_web_attack-100033459-large.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/core5.staticworld.net\/images\/article\/2013\/04\/hacker_internet_web_attack-100033459-large.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":5710,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/10\/microsoft-pushes-out-massive-security-update-for-internet-explorer\/","url_meta":{"origin":6071,"position":1},"title":"Microsoft pushes out massive security update for Internet Explorer","author":"NCCT","date":"June 10, 2014","format":false,"excerpt":"Microsoft pushes out massive security update for Internet Explorer Six down, six to go. Today is the Microsoft Patch Tuesday for June, and it comes with seven new security bulletins. The good news is that five of the seven are only rated as Important, but one of the two Critical\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8767,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/12\/07\/security-vulnerabilities-found-in-support-software-from-lenovo-toshiba-and-dell\/","url_meta":{"origin":6071,"position":2},"title":"Security vulnerabilities found in support software from Lenovo, Toshiba, and Dell","author":"NCCT","date":"December 7, 2015","format":false,"excerpt":"By Lucian Constantin | PCWorld The number of vulnerabilities discovered in technical support applications installed on PCs by manufacturers keeps piling up. New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.The most serious flaws appear to be in Lenovo Solution Center\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8738,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/11\/09\/surprise-adobes-flash-is-a-favorite-hacking-target-by-far\/","url_meta":{"origin":6071,"position":3},"title":"Surprise: Adobe’s Flash is a favorite hacking target by far","author":"NCCT","date":"November 9, 2015","format":false,"excerpt":"Jeremy Kirk | PCWorld Adobe Systems\u2019 Flash plugin gets no love from anyone in the security field these days. A new study released Monday shows just how much it is favored by cybercriminals to sneak their malware onto computers.It looked at more than 100 exploit kits, which are frameworks planted\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9380,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/07\/22\/security-now-669-cellular-location-privacy\/","url_meta":{"origin":6071,"position":4},"title":"Security Now 669: Cellular Location Privacy","author":"NCCT","date":"July 22, 2018","format":false,"excerpt":"https:\/\/youtu.be\/p6FUiMEq6pA SCOTUS Cell Phone Location Privacy This week we examine some new side-channel worries and vulnerabilities, did Mandiant \"hack back\" on China?, more trouble with browsers, the big Google Firebase mess, sharing a bit of my dead system resurrection, and a look at the recent Supreme Court decision addressing cellular\u2026","rel":"","context":"In "Networking"","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/p6FUiMEq6pA\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":6322,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/29\/does-the-internet-of-things-leave-you-vulnerable-to-cyber-attack\/","url_meta":{"origin":6071,"position":5},"title":"Does the Internet of Things leave you vulnerable to cyber attack?","author":"NCCT","date":"August 29, 2014","format":false,"excerpt":"At the Black Hat security conference in Las Vegas earlier this month, researchers demonstrated how a Nest thermostat can be hacked, to show how easily connected appliances\u2014the household technologies that make up the Internet of Things\u2014can be compromised. When you look beyond the demo's hyperbolic headlines, it turns out the\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6071","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=6071"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6071\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=6071"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=6071"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=6071"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}