On Fri, 25 Jul 2014 11:08:19 +0000 (UTC) intrigeri <[email protected]> wrote:
> Note: what follows is *not* about finding a solution to the last > de-anonymization vulnerability found in I2P 0.9.13. I trust the I2P > team will do a proper job at it. A new release is out that resolves this recent XSS and a few other issues, but it has had very, very little testing. Perhaps there are other problems lurking which haven't been reported yet; people are certainly giving I2P more attention *now*. (Exodus reported *multiple* 0days incl RCE affecting Tails. See also http://www.twitlonger.com/show/n_1s2jibg. Are these others in I2P? Tor? Something else? Will these other 0 days be disclosed or are they to be sold?) WRT to the last I2P release: I do know that the filtering is a little too strict and broke retrieving torrent metainfo, so I think that there will be a point release relatively soon (Perhaps the I2P-users on Tails don't bother with this feature?). I still haven't had a chance to play 'catch-up' with the posts, Redmine, and/or IRC to give the level of detail that they deserve, but a few quick things: apparmor: This was in my plans prior to this bug but of course its priority has been raised. 'router console access': How many on Tails on I2P just visit I2P internal sites? How many look at or change settings here? Should this be disabled by default? greeter or boot option: Seems like a reasonable compromise. I suppose could also allow the "I2P-specific" rules to be set if-and-only-if this option is specified. More will be forthcoming.
signature.asc
Description: PGP signature
_______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
