

Tails 1.3.1 is out - Sami_Lehtinen
https://tails.boum.org/news/version_1.3.1/index.en.html

======
VMG
Don't forget:

[http://daserste.ndr.de/panorama/xkeyscorerules100.txt](http://daserste.ndr.de/panorama/xkeyscorerules100.txt)

    
    
      /*
      These variables define terms and websites relating to the TAILs (The Amnesic
      Incognito Live System) software program, a comsec mechanism advocated by
      extremists on extremist forums.
      */

------
ikeboy
Just saying, if you used Whonix, none of those bugs fixed in an "emergency"
would have hurt you.

Whonix uses two virtual machines, one to run tor and the other only connects
to the first, so you could (in theory) literally run anything as root on the
Workstation one and it couldn't get your IP address. Even Adobe Flash, or
javascript, or a browser with zero days. The only thing that could get you is
a zero day in virtualbox itself, and even that would still need a privilege
escalation first. For more details see
[https://www.whonix.org/wiki/Comparison_with_Others#Attacks](https://www.whonix.org/wiki/Comparison_with_Others#Attacks)

(I may be slightly overselling it, but it is definitely more secure than
tails. Only very advanced extremists use it.)

~~~
tikums
In the same vein, P.O.R.T.A.L.[0] mitigates against leaks by running Tor on a
separate hardware router. In principle, it should reduce the risk of
geolocation, as VM esape to dom0 is not possible. Annual success of pwn2own
should tell you that all browsers are thoroughly compromised. If your
adversary can escape to dom0, they should be able to reveal your real source
IP. Whonix seems to provide this as an option[1], but not by default.

\--

[0] [https://github.com/grugq/portal](https://github.com/grugq/portal)

[1]
[https://www.whonix.org/w/index.php?title=Dev/Build_Documenta...](https://www.whonix.org/w/index.php?title=Dev/Build_Documentation/Physical_Isolation/9)

~~~
ikeboy
Wouldn't any process running as root on the computer be able to re-flash the
router?

This is also an order of magnitude harder than Whonix, while I consider
Whonix, Tails, and TBB to all be the same order of magnitude difficulty. (And
your router's screwed if you mess up.)

This does seem to provide better security, although probably comparable to the
Physical Isolation that you mentioned.

~~~
tikums
> Wouldn't any process running as root on the computer be able to re-flash the
> router?

No, because router's management interface is only available out-of-band. This
is a conscious design decision to mitigate against this threat: "In order to
protect the PORTAL from tampering from malware (or malicious users), it also
requires a third administration interface. This can be either a serial
console, or physical connection."[0]

\---

[0] [http://grugq.github.io/blog/2013/10/05/thru-a-portal-
darkly/](http://grugq.github.io/blog/2013/10/05/thru-a-portal-darkly/)

------
agumonkey
TAILs was just mentioned in a weird cold boot VRAM based attack :
[https://news.ycombinator.com/item?id=9245980](https://news.ycombinator.com/item?id=9245980)

------
gjm11
For the benefit of anyone else who, like me, had no idea what this is, here
are a few quotations from their website:

> The amnesic incognito live system

> Tails is a live system that aims to preserve your privacy and anonymity. It
> helps you to use the Internet anonymously and circumvent censorship almost
> anywhere you go and on any computer but leaving no trace unless you ask it
> to explicitly.

> It is a complete operating system designed to be used from a DVD, USB stick,
> or SD card independently of the computer's original operating system. It is
> Free Software and based on Debian GNU/Linux.

------
dublinben
The most noticeable change with this update is probably the new signing key.
The Tor Project also just updated their signing key for the Tor Browser
Bundle, so this is a great time to update your keyrings.

~~~
tyho
The purpose of the release was to patch bugs found in the recent Pwn2Own
contest.

------
some_furry
I love TAILS :3

Hmm, 1.3.2 is coming out in a week. I think I'm going to avoid TAILS for the
time being then burn a new DVD.

