The Snowden leaks have taught us much about the tactics employed by the NSA and GCHQ, from brazen malware attacks to more esoteric dark arts, such as infecting low-level pieces of computer code. Correspondingly, research into more surreptitious activities targeting the guts of modern systems has often been overshadowed by studies of more obvious attacks. Yet such high-tech techniques pose a more severe risk. They can, for instance, allow agencies to spy on Tails, the Linux-based secure operating system favored by Snowden. And they’re not as difficult to exercise as many would imagine. They can totally obliterate the privacy of even the most careful computer user.
This week we made mention on Twitter of a zero-day vulnerability we’ve unearthed that affects the popular Tails operating system.
The vulnerability we will be disclosing is specific to I2P. I2P currently boasts about 30,000 active peers. Since I2P has been bundled with Tails since version 0.7, Tails is by far the most widely adopted I2P usage.
ou can help Tails! The MAC address spoofing feature is ready for testing. This feature prevents geographical tracking of your network devices (and by extension, you) by randomising their MAC addresses.
The tails developers have responded to this issue and it seems that its a case of everything gone wrong at once rather than an actual website hack. Sorry to drum up so much alarm but when you have the download website of a privacy based linux distribution resolving to the pirate bay and showing random file modified dates, I still feel that it was worth the visibility.