Linked by Thom Holwerda on Mon 15th Feb 2016 22:38 UTC, submitted by Anonymous
Debian and its clones

Tails (The amnesic incognito live system) is a live OS based on Debian GNU/Linux which aims at preserving the user's privacy and anonymity by using the Internet anonymously and circumventing censorship. Installed on a USB device, it is configured to leave no trace on the computer you are using unless asked explicitly.

As of today, the people the most needy for digital security are not computer experts. Being able to get started easily with a new tool is critical to its adoption, and even more in high-risk and stressful environments. That's why we wanted to make it faster, simpler, and more secure to install Tails for new users.

One of the components of Tails, the Tails Installer is now in Debian thanks to the Debian Privacy Tools Maintainers Team.

On a related note, Tails 2.0.1 was released a few days ago as well.

Order by: Score:
Comment by Trenien
by Trenien on Tue 16th Feb 2016 11:54 UTC
Trenien
Member since:
2007-10-11

Isn't Tails' security supposed to be linked (among other things) to it being a live CD system?
I guess I could be mistaken, but the idea of an installer seems to be somewhat counter-productive.

Reply Score: 1

RE: Comment by Trenien
by patrix on Tue 16th Feb 2016 12:06 UTC in reply to "Comment by Trenien"
patrix Member since:
2006-05-21

"Tails Installer is a graphical tool to install or upgrade Tails on a USB stick from an ISO image. It aims at making it easier and faster to get Tails up and running."

Reply Score: 2

RE[2]: Comment by Trenien
by Trenien on Tue 16th Feb 2016 13:58 UTC in reply to "RE: Comment by Trenien"
Trenien Member since:
2007-10-11

I've seen that, however...
Back when I took an interest in Tails, I remember reading somewhere that using a CD was a much better choice over a USB stick. The reason was that the former can't be modified whereas the latter can.

Especially in matters of security, there is a point where choosing convenience is, in and out of itself, the worst thing you may do.

Reply Score: 1

RE[3]: Comment by Trenien
by darknexus on Tue 16th Feb 2016 14:14 UTC in reply to "RE[2]: Comment by Trenien"
darknexus Member since:
2008-07-15

I think the key is to have a read-only filesystem regardless of media type. ISO9660 is, for example, read-only no matter what media it resides on. If that is encrypted on top of it you can be darn sure, no matter the media, that you've got an unmodified live system running. Obviously you could run the risk of hacked firmware, however that's a risk you deal with no matter the media in any case.

Reply Score: 2

RE[4]: Comment by Trenien
by Alfman on Tue 16th Feb 2016 22:49 UTC in reply to "RE[3]: Comment by Trenien"
Alfman Member since:
2011-01-28

darknexus,

I think the key is to have a read-only filesystem regardless of media type. ISO9660 is, for example, read-only no matter what media it resides on. If that is encrypted on top of it you can be darn sure, no matter the media, that you've got an unmodified live system running.


I wouldn't put much weight in the fact that a FS is designed for R/O media. A ISO9660 FS is trivial to modify (on writable media), even by hand with nothing more than a basic hex editor.

Obviously you could run the risk of hacked firmware, however that's a risk you deal with no matter the media in any case.


There's that risk as well. I agree with Trenien that R/O media is better for security, yet I also agree with jessesmith that it's less available than it used to be.

R/W media can present new persistent privilege escalation attacks that might have been prevented on R/O media. I haven't seen usb thumb drives with a R/O switch in a long time, but many SD cards still seem to have them. It is what it is.

Reply Score: 4

RE[5]: Comment by Trenien
by darknexus on Wed 17th Feb 2016 13:58 UTC in reply to "RE[4]: Comment by Trenien"
darknexus Member since:
2008-07-15

The trouble with r/o media is that a lot of new computers don't have the drives to take it. I've even seen a few that won't boot from optical media even with a drive connected. They do make USB drives with write protect ability, however it's not permanent as it is just a switch on the drive or SD card. The next best thing in these cases is to encrypt a read-only fs, so that it won't be easily hand-modified at the low level.

Reply Score: 2

RE[3]: Comment by Trenien
by jessesmith on Tue 16th Feb 2016 17:13 UTC in reply to "RE[2]: Comment by Trenien"
jessesmith Member since:
2010-03-11

That is true, but many computers do not have optical drives these days. That is why it is nice to have the USB installer.

Reply Score: 3

RE[4]: Comment by Trenien
by Bill Shooter of Bul on Thu 18th Feb 2016 18:10 UTC in reply to "RE[3]: Comment by Trenien"
Bill Shooter of Bul Member since:
2006-07-14

Why use anything safe, when you can make it easy?

I mean doesn't TOR, TLS, https just slow down traffic?

Live a little, send things in plain text! It will be super fast and easy to use!

Reply Score: 2

v 1
by Anonymous on Wed 17th Feb 2016 19:26 UTC
v 1
by Anonymous on Thu 18th Feb 2016 03:25 UTC
v 1
by Anonymous on Thu 18th Feb 2016 10:02 UTC
v 1
by Anonymous on Thu 18th Feb 2016 12:04 UTC
v 1
by Anonymous on Fri 19th Feb 2016 03:01 UTC
v 1
by Anonymous on Sat 20th Feb 2016 06:20 UTC
v 1
by Anonymous on Sun 21st Feb 2016 07:13 UTC