[Tails-dev] Follow up - 1 last thing

[Dash Press]

Hey guys
this refers to the "Security Paper" i emailed about some days ago
https://dashpay.atlassian.net/wiki/x/CYCHBQ 


can i  ask for future automatic integration of the Debian and Tor signing keys 
in the keyring as emphasized in chapter I.5.5.2.1.1. “[...] Tails already 
heavily relies on Debian GNU/Linux such as Tor.”. This would also help a lot of 
other people not directly interested in that paper as well

Best
Philipp

Dash Press
pr...@dash.org
https://keybase.io/tungfa




___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Faking htpdate user agent worth it?

[intrigeri]

anonym:
> intrigeri:
>> So I hereby propose we stop tweaking the HTTP User-Agent sent
>> by htpdate.

> I agree.

https://labs.riseup.net/code/issues/12023
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] [Secure Desktops] Tails' MAC 'leak prevention' question

[intrigeri]

Hi,

Daniel Kahn Gillmor:
> fwiw, i prefer mac address spoofing at the udev layer since it means the
> first userspace tool to see the device gets a chance to set the mac
> address immediately.

Sure, this way of doing things provides better guarantees than
a NM-based approach. But I think it will be harder, if not entirely
impossible, to integrate it into the upcoming network configuration
workflow:

  https://labs.riseup.net/code/issues/10491
  https://tails.boum.org/blueprint/network_connection
  https://labs.riseup.net/code/attachments/download/1293/network-20160306.odg

… since IIRC the idea is to turn the MAC spoofing decision from being
a per-Tails-session one, into a per-network-connection one; there
seems to be a few remaining open questions about this part of the new
design though, so it might change in the future.

Cheers,
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Fwd: Message Bug Tails 2.4: Origine du Bug Tails 2.4 trouvée !!!

[intrigeri]

Hi,

Diki Hacker:
> Following my mail June 18, 2016 citing a bug in the distribution Tails 2.4,
> I finally managed to find the source of the bug. I inform you that the
> distribution Tails 2.4 generates a serious security flaw at the SSDP and
> UPnP services.

Why is it a serious security flaw?

(This is a real question: I'm not familiar with the security risks
associated with announcing services over SSDP, in a context when no
connection to local services is allowed by the firewall.)

> I discovered on the network analysis (via WHIRESHARK)
> between my host and my virtual machine where Tails than 2.4 calls on the
> UDP multicast stream (IGMPv2 protocol) were performed Tails 2.4 to my host
> machine (Windows )!

Sorry it took us so long to reply!

I did not manage to reproduce this with Tails 2.7.1 running in
libvirt/QEMU. He're what I did:

1. start Tails 2.7.1, and immediately:
2. run tcpdump (vnet0 is the virtual network interface assigned to the
   VM): tcpdump -i vnet0 -w dump --immediate-mode
3. wait for Tails to have started and OnionCircuits to say Tor is
   ready, and open the file manager (in case it's the one triggering
   the problem)
4. shut down the VM
5. kill tcpdump
6. wireshark dump
7. sort lines by protocol, look for NBNS, SSDP and UDP ⇒ nothing
8. sort lines by time, look at what happens after the DHCP
   transaction ⇒ only TLS traffic (presumably Tor)

Can you please provide us with some more guidance to reproduce this?

Just a random guess: maybe you have one additional software package
in your persistent volume configuration, that triggers the behaviour
you've seen?

Cheers,
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.