Tails, a Linux-based highly secure Operating System specially designed and optimized to preserve users’ anonymity and privacy, has launched its new release, Tails version 1.1.2.
Tails, also known as ‘Amnesiac Incognito Live System‘, is a free security-focused Debian-based Linux distribution, which has a suite of applications that can be installed on a USB stick, an SD card or a DVD. It keeps users’ communications private by running all connectivity through Tor, the network that routes traffic through various layers of servers and encrypts data.
The operating system came into limelight when the global surveillance whistleblower Edward Snowden said that he had used it in order to remain Anonymous and keep his communications hidden from the law enforcement authorities.
The new version 1.1.2 addresses a single but critical vulnerability which arises because the Network Security Services (NSS)
libraries parser used by Firefox
and other browsers is capable of being tricked into accepting forged RSA certificate signatures.
“We prepared this release mainly to fix a serious flaw in the Network Security Services (NSS) library used by Firefox and other products allows attackers to create forged RSA certificates,” reads the Tails official website.
“Before this release, users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it’s coming from a trusted site.“
Cyber criminals may use Man-in-the-middle (MitM) attacks by impersonating as a bank or webmail provider and tricking online users into handing over their login credentials that can be then passed on to the legitimate organisation.
Tails 1.1.2 comes with the following security updates:
- Updated TOR version (based on Firefox 24.8.0 ESR+tails3~bpo70+1)
- New Linux kernel has been added, 3.16-1
- Numerous other software upgrades that fix security issues in GnuPG, APT, DBus, Bash, and packages built from the bind9 and libav source packages
보다 자세한 정보는 아래링크를 참조하세요