Exodus Intelligence Details Zero-Day Vulnerabilities In Tails OS 132
New submitter I Ate A Candle (3762149) writes Tails OS, the Tor-reliant privacy-focused operating system made famous by Edward Snowden, contains a number of zero-day vulnerabilities that could be used to take control of the OS and execute code remotely. At least that's according to zero-day exploit seller Exodus Intelligence, which counts DARPA amongst its customer base. The company plans to tell the Tails team about the issues "in due time", said Aaron Portnoy, co-founder and vice president of Exodus, but it isn't giving any information on a disclosure timeline. This means users of Tails are in danger of being de-anonymised. Even version 1.1, which hit public release today (22 July 2014), is affected. Snowden famously used Tails to manage the NSA files. The OS can be held on a USB stick and leaves no trace once removed from the drive. It uses the Tor network to avoid identification of the user, but such protections may be undone by the zero-day exploits Exodus holds.
Re:FUD? (Score:3, Informative)
> My guess is that someone wants the hole (if there is one) kept open a while longer or the suspicion
> that TOR is somehow ineffective alive. Let your mind run wild with speculation.
Or...
The lawyers are worried that the testing violated wiretap laws and are trying to reduce CMU's legal liability. [techdirt.com]