[Tails-dev] Fwd: Announcing the latest security audit of Sec…

Delete this message

Reply to this message
Autor: intrigeri
Data:  
Dla: tails-dev
Temat: [Tails-dev] Fwd: Announcing the latest security audit of SecureDrop
Hi,

if in a hurry, directly search for 'Tails' in there.

Today we’re announcing SecureDrop 0.3.4, the latest release of SecureDrop, and
publishing the results of the accompanying [security audit by iSEC
Partners](https://freedom.press/securedrop-
files/iSEC_OTF_FPF_SecureDrop_Deliverable_v1.1_2.pdf). This is our fourth
audit of SecureDrop and you can read the results of [the previous three audits
here](https://securedrop.org/faq#audits).

We are happy to report that this latest iSEC audit did not turn up any serious
security vulnerabilities. Of the ten vulnerabilities reported, there were no
high severity issues. One was medium severity, two were low, and the rest were
informational. In addition, all of the issues were considered to have a high
level of difficulty for successful exploitation, due to SecureDrop’s security-
first design and defense in depth measures. We have implemented all of iSEC’s
short term solutions from the report in SecureDrop 0.3.4, and have filed
follow-up issues to address their long term recommendations in a future
release. For more information, see the [0.3.4 changelog](https://github.com/fr
eedomofpress/securedrop/blob/0.3.4/changelog.md).

Overall, the iSEC team strongly approved of SecureDrop’s architecture and
hardening measures. We are proud of their conclusion:

> SecureDrop’s extensive hardening places it well above industry standards due

to its emphasis on security and privacy. Overall, the newly introduced
components do not add to the already limited attack surface, as the SecureDrop
architecture remains the same. The addition of a Grsecurity-enabled kernel
significantly raises the bar for attackers who manage to successfully exploit
the application server via various memory corruption style attacks.
Additionally, all interfaces except the one used by sources are only available
over authenticated Tor hidden services. These factors, combined with
SecureDrop’s existing defense in depth measures, make traditional forms of
server compromise significantly difficult.

Our standard release policy for SecureDrop is to have every major release
(0.2, 0.3, ...) audited by an independent security firm before release. Minor
releases (0.3.1, 0.3.2, ...) are meant only to deliver fixes for bugs or
security vulnerabilities.

We decided to get another audit done early because we experienced our first
publicly reported security vulnerability on April 1st, 2015. The vulnerability
was reported in [an email to the Bugtraq mailing
list](http://seclists.org/bugtraq/2015/Apr/8) without any prior notice to the
Freedom of the Press Foundation. We confirmed that the issue was legitimate,
developed a fix, and released it in an automatic upgrade that went out to all
of the production SecureDrop installations within 24 hours of the issue being
reported. Fortunately, the bug did not affect any of the existing production
installations due to the defense-in-depth techniques that are an important
part of the design of SecureDrop. For more information, see the [GitHub
issue](https://github.com/freedomofpress/securedrop/pull/974).

Out of an abundance of caution, we took several additional steps. First, we
did an internal audit of the codebase to make sure there were no other
security issues which were obvious in retrospect. Second, we commissioned
another external security audit, with a focus on the changes that were made
between the last audited release and the current release in order to catch any
similar issues. Since iSEC performed the last SecureDrop audit, was already
familiar with the codebase, and was familiar with the mitigations we had
implemented in response to their last audit, we engaged them again for the
follow-up audit.

We agree with iSec’s conclusion that focus should now turn to improving the
usability and security of the Tails workstations used by journalists to view
and analyze submissions, and on the usability and security of the airgapped
workflow as a whole. That will be our primary goal for the remainder of 2015.

Finally, we want to emphasize that we are always striving to enhance the
security of SecureDrop and protect those who are currently using it. If you
are a security researcher and think you have found a vulnerability in
SecureDrop, please consider responsibly disclosing the issue to us first so we
can take steps to mitigate the issue and update any affected production
installations. You can report security issues to us through our [bug bounty
program](https://bugcrowd.com/freedomofpress) (operated by
[Bugcrowd](https://bugcrowd.com/)), or you can send an encrypted email to
[securedrop@???](mailto:securedrop@freedom.press) (with [our GPG
key](https://freedom.press/sites/default/files/fpf-email.asc), fingerprint:
734F 6E70 7434 ECA6 C007 E1AE 82BD 6C96 16DA BB79).


[iSEC OTF FPF SecureDrop Deliverable v1.1
(PDF)](http://s3.documentcloud.org/documents/2163639/isec-otf-fpf-securedrop-
deliverable-v1-1.pdf)

[iSEC OTF FPF SecureDrop Deliverable v1.1
(Text)](http://s3.documentcloud.org/documents/2163639/isec-otf-fpf-securedrop-
deliverable-v1-1.txt)



URL: https://freedom.press/blog/2015/07/announcing-latest-security-audit-securedrop

--
intrigeri