from the patches-for-tails-is-a-great-name-for-a-band dept.
Patches are ready for I2P, the vulnerable component in Tails, but it's not clear when Tails will update.
Tails, a portable operating system that employs a host of privacy-focused components, plans to patch flaws contained in I2P, a networking tool developed by the Invisible Internet Project that provides greater anonymity when browsing. It's similar in concept to Tor.
On Saturday, I2P developers released several fixes for XSS (cross-site scripting) and remote execution flaws found by Exodus Intelligence, a vulnerability broker that irked some by announcing first on Twitter it knew of flaws but didn't immediately inform Tails.
The IT World article continues:
On Friday, Tails advised that users can take steps to protect themselves in the meantime. It recommended that I2P not be intentionally launched in Tails version 1.1 and earlier. Luckily, I2P is not launched by default when Tails is started. But Tails warned that an attacker could use some other undisclosed security holes to launch Tails and then try to de-anonymize a user. To be sure that doesn't happen, the I2P software package should be removed when Tails is launched.
(Score: 2, Funny) by Horse With Stripes on Tuesday July 29 2014, @01:16AM
Until the Tails Privacy Tool is patched ... choose heads instead of tails.
(Score: 2) by hybristic on Tuesday July 29 2014, @05:32AM
I have preferred to use I2P over TOR for years now. Looks like that might have been a poor choice.
(Score: 0) by Anonymous Coward on Tuesday July 29 2014, @12:47PM
Don't you know that using tails turns you into a woman and then you go to prison ... for like forever?
(Score: 0) by Anonymous Coward on Wednesday July 30 2014, @05:16PM
Is there a Tails version with Freenet installed instead of I2P?