date:20160218

Re: [Tails-dev] Hacking Team looking at Tails

2016-02-18 Thread Austin English

On Thu, Feb 18, 2016 at 11:37 AM, intrigeri  wrote:
> Austin English wrote (18 Feb 2016 16:56:29 GMT) :
>> I'm not sure what action we should suggest.
>
> Re-installing from scratch is perhaps the only safe option we can
> provide in the current state of our tools.

+1

I filed https://labs.riseup.net/code/issues/11137 to track this. I'll
work on this as time permits. May need some help with the greeter
portion, we'll see.

-- 
-Austin
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Hacking Team looking at Tails

2016-02-18 Thread intrigeri

Austin English wrote (18 Feb 2016 16:56:29 GMT) :
> I'm not sure what action we should suggest.

Re-installing from scratch is perhaps the only safe option we can
provide in the current state of our tools.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Hacking Team looking at Tails

2016-02-18 Thread segfault

> I'm not sure how the user could detect / verify that
> (realistically, you probably can't..). Running a rootkit checker from
> another *nix OS may be helpful, but of unknown effectiveness.

That's work in progress: https://labs.riseup.net/code/issues/7496
I implemented a prototype that's currently being QA checked:
https://gitlab.com/segfault_/tails_verifier
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Hacking Team looking at Tails

2016-02-18 Thread Austin English

On Thu, Feb 18, 2016 at 10:51 AM, intrigeri  wrote:
>> I was thinking about this last night, it likely wouldn't be too hard
>> to write a wrapper for the greeter to detect if those files (or other
>> similar files/directories, like __MACOSX) are present. It should then
>> be possible to pop up a very big warning in the greeter, ideally
>> before the user has a chance to type in their persistence password (if
>> used) or before starting a session.
>
>> [...]
>
>> Thoughts? If there's interest / lack of opposition I'll file a ticket.
>
> Sounds like this could possibly help educate users about a dangerous
> practice, which seems great! Perhaps the proposal could include a part
> about what action this warning would suggest to the user?

I'm not sure what action we should suggest. Purging those files would
get rid of the warning, but doesn't guarantee that the installation is
safe to use. That may only hide the problem since it may be infected
by an attacker. I'm not sure how the user could detect / verify that
(realistically, you probably can't..). Running a rootkit checker from
another *nix OS may be helpful, but of unknown effectiveness.

> 2 more cts: the exact wording should probably not expose the feature
> as a malware detector (since a Tails system can't verify itself
> reliably, the way it's currently designed).

Agreed.

-- 
-Austin
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] [liveusb-creator] [PATCH] Add additional syslinux gptmbr.bin path

2016-02-18 Thread intrigeri

Hi,

Yuval Adam wrote (16 Feb 2016 09:26:54 GMT) :
> Please ignore last patch and use this updated one

> From 65a2b31fa89ff27251ae30ad3bb3a22d4ef6dff0 Mon Sep 17 00:00:00 2001
> From: Yuval Adam 
> Date: Mon, 15 Feb 2016 23:08:00 +0200
> Subject: [PATCH] Add additional syslinux paths

> This path exists on Arch Linux systems, and since liveusb-creator is now
> packaged for Arch we should probably add it

I've applied this patch to Git, thanks!

Cheers,
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Hacking Team looking at Tails

2016-02-18 Thread intrigeri

> I was thinking about this last night, it likely wouldn't be too hard
> to write a wrapper for the greeter to detect if those files (or other
> similar files/directories, like __MACOSX) are present. It should then
> be possible to pop up a very big warning in the greeter, ideally
> before the user has a chance to type in their persistence password (if
> used) or before starting a session.

> [...]

> Thoughts? If there's interest / lack of opposition I'll file a ticket.

Sounds like this could possibly help educate users about a dangerous
practice, which seems great! Perhaps the proposal could include a part
about what action this warning would suggest to the user?

2 more cts: the exact wording should probably not expose the feature
as a malware detector (since a Tails system can't verify itself
reliably, the way it's currently designed).

Cheers,
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Is Tails affected by the CVE-2015-7547 glibc getaddrinfo() vulnerability?

2016-02-18 Thread Jurre van Bergen

Hi,

This is an on-going investigation. Indeed, applications using the Tor
socks port for name resolution are not vulnerable for this attack.

An automated test was ran trying to determine (using the public proof of
concept) whether any application was vulnerable, so far, we're on the
safe side but were investigating a couple of applications which returned
an error.

Even if there was an evil exit node, it should be fine since
getaddrinfo() in torsocks resolves it through Tor on the SocksPort. In
addition, applications which are configured to use socks don't use
getaddrinfo() in this case since the resolving will go through Tor's
DNSPort.

We'll keep the mailinglist up-to-date on any progress regarding this matter.

Best,
Jurre

On 02/18/2016 11:34 AM, intrigeri wrote:
> Hi,
>
> my understanding is that clients that use Tor SOCKS port for name
> resolution are fine.
>
> For clients who use the DNSPort, it's not clear to me if an
> attacker-controlled payload can make it's way from the exit node being
> used for the name resolution to the client. Has anyone looked
> into this?
>
> Cheers,

___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Is Tails affected by the CVE-2015-7547 glibc getaddrinfo() vulnerability?

2016-02-18 Thread intrigeri

Hi,

my understanding is that clients that use Tor SOCKS port for name
resolution are fine.

For clients who use the DNSPort, it's not clear to me if an
attacker-controlled payload can make it's way from the exit node being
used for the name resolution to the client. Has anyone looked
into this?

Cheers,
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Hacking Team looking at Tails

Re: [Tails-dev] Hacking Team looking at Tails

Re: [Tails-dev] Hacking Team looking at Tails

Re: [Tails-dev] Hacking Team looking at Tails

Re: [Tails-dev] [liveusb-creator] [PATCH] Add additional syslinux gptmbr.bin path

Re: [Tails-dev] Hacking Team looking at Tails

Re: [Tails-dev] Is Tails affected by the CVE-2015-7547 glibc getaddrinfo() vulnerability?

Re: [Tails-dev] Is Tails affected by the CVE-2015-7547 glibc getaddrinfo() vulnerability?

8 matches

Site Navigation

Mail list logo

Footer information