Re: [Tails-dev] [liberationtech] "uVirtus Linux, encrypted O…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: KheOps
CC: tails-dev
Subject: Re: [Tails-dev] [liberationtech] "uVirtus Linux, encrypted OS for Syria": a security review
Hi,

(a Tails developer here)

KheOps wrote (06 Feb 2014 22:18:07 GMT) :
> The uVirtus live distribution was publicized back in September as a
> secure live OS specifically designed for Syrians. It stems from the idea
> of having a one-click easy to use VPN client that uses OpenVPN over
> Obfsproxy.


> After testing it and discovering a few issues, I spent some more time in
> order to dig a bit more into its security.


> I noticed numerous worrying security issues, and in overall it does not
> appear to me as really responsible to recommend it instead of, say,
> Tails. Issues include for instance holes that may help an attacker
> compromise the user's machine by gaining root access and weak protection
> against data leaking in cleartext out of the VPN.


> I published a report that lists all the issues I could find and tried to
> assess their seriousness. I hope it is detailed and precise enough.


> It is available here in English:
> https://press.telecomix.ceops.eu/en/posts/Review_of_security_issues_in_uVirtus_2.0/


> [...]


Any plans to do a similar review for Tails?
This would be most welcome :)

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc