Forgot your password?
typodupeerror

+ - Flaw in TAILS Privacy OS is in Its I2P Component

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "The critical vulnerability in the TAILS operating system discovered by researchers at Exodus Intelligence lies in the I2P software that’s bundled with the OS and the company has released some details and a video demonstrating an exploit against the bug. Exodus researchers said that the vulnerability can be used for remote code execution as well as de-anonymization of targeted users on TAILS.

I2P is an anonymity network, somewhat analogous to Tor, that encrypts all of its communications from end to end and enables private and anonymous use of the Internet and resources such as email, chat and Web browsing. Unlike Tor, however, I2P is a packet switched network, rather than a circuit switched one, and the communications its users send and receive are message-based. Each I2P node has an identical level of importance in the network and there are no central servers routing traffic.

Exodus researchers said that the flaw they discovered is present in TAILS for several versions, meaning its effect could be quite widespread.

“The vulnerability we will be disclosing is specific to I2P. I2P currently boasts about 30,000 active peers. Since I2P has been bundled with Tails since version 0.7, Tails is by far the most widely adopted I2P usage. The I2P vulnerability works on default, fully patched installation of Tails. No settings or configurations need to be changed for the exploit to work,” the Exodus team wrote in a post explaining a bit about the flaw."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Flaw in TAILS Privacy OS is in Its I2P Component

Comments Filter:

Old programmers never die, they just hit account block limit.

Working...