Tails Linux Still at Risk Despite Security Fixes
Researchers aim to prove a point "that no software is infallible" by finding bugs in a privacy Linux distribution favored by Edward Snowden.The open-source Tails Linux distribution issued its 1.1 update on July 22, providing multiple security fixes, though according to at least one security research firm, vulnerabilities still remain. Tails, which is an acronym that stands for The Amnesic Incognito Live System, is focused on enabling user privacy while online. The Tails 1.0 release debuted on April 29 (check out key features of Tails 1.0 in an eWEEK slide show here) and first gained notoriety as the Linux system used by U.S. National Security Agency whistleblower Edward Snowden. The Tails 1.1 release includes multiple bug fixes, at least four of which are identified as being security-related items. Among those four fixes is a browser update that is based on the latest Firefox ESR (Extended Support Release). There is also an update to the Linux 3.14.12-1 kernel, which provides a fix for a denial-of-service vulnerability identified as CVE-2014-4699. Apparently however, the Tails 1.1 release is still at risk from an as-yet publicly undisclosed zero-day vulnerability that has been found by security firm Exodus Intelligence.
"By bringing to light the fact that we have found verifiable flaws in such a widely trusted piece of code, we hope to remind the Tails userbase that no software is infallible," Exodus wrote in a blog post. "Even when the issues we've found are fixed by the Tails team, the community should keep in mind that there are most certainly other flaws still present and likely known to others."