I Ate A Candle writes: Aaron's Law, named after the late internet activist Aaron Swartz, was supposed to fix US hacking laws, which many deem dated and overly harsh. But the bill looks certain to wither in Congress, thanks to corporate lobbying, disagreements in Washington between key lawmakers and a simple lack of interest amongst the general population for changes to the Computer Fraud and Abuse Act. Representative Zoe Lofgren blamed inactivity from the House Judiciary Committee headed up by Representative Bob Goodlatte, which has chosen not to discuss or vote on Aaron’s Law. There is still an appetite for CFAA reform, thanks to complaints from the security community that their research efforts have been deemed illegal acts, perversely making the internet a less secure place. But with the likes of Oracle trying to stop it and with Congress unwilling to act, change looks some way away.
I Ate A Candle writes: Tails OS, the Tor-reliant privacy-focused operating system made famous by Edward Snowden, contains a number of zero-day vulnerabilities that could be used to take control of the OS and execute code remotely. At least that's according to zero-day exploit seller Exodus Intelligence, which counts DARPA amongst its customer base. The company plans to tell the Tails team about the issues “in due time”, said Aaron Portnoy, co-founder and vice president of Exodus, but it isn’t giving any information on a disclosure timeline. This means users of Tails are in danger of being de-anonymised. Even version 1.1, which hit public release today (22 July 2014), is affected. Snowden famously used Tails to manage the NSA files. The OS can be held on a USB stick and leaves no trace once removed from the drive. It uses the Tor network to avoid identification of the user, but such protections may be undone by the zero-day exploits Exodus holds.