Firefox, Tails Linux, with its own dnload addon gives unpinning error?
Even going to the Tails Linux site with the Firefox addon for Tails, (Tails Download and Verify) will not let one go to Tails site in Firefox Browser. The error it gives is: "Tails Download and Verify Extension: PINNING MISMATCH"
The error it might give it there is a man in the middle attack.
I also have the proxy settings in Chrome set to network, highest level. Which also talks about restarting Internet Explorer to set feature.
Any of you gurus like to look at the CA on this to tell me what is happening.
I know how to get around the unpinning and get onto the tails.boum website to download whatever it has. Just seems odd that the one thing that the Tails website strongly advocates the user to do for security does not work.
I have auto update set on Firefox browser, and I have already refreshed the Firefox Browser
I am using BitDefender Total Security 2016..
Tất cả các câu trả lời (3)
Hi
Thank you for your question.
Reading through it, it appears that this problem is linked to the add-on that you are using. Add-ons for Firefox are developed and supported by a large community of independent contributors. I strongly recommend that you get in contact with the developer of the add-on (contact details should be on the page you downloaded the add-on from) and they should be able to help fix and support their software.
I hope this helps, but if not, please come back here and we can look into a different solution for you.
I did a bunch of work. As I said before, I could turn off the Firefox Addon, "Tails Download and Verify," and Firefox would allow the webpage for Tails to load. https://tails.boum.org/
Turns out the Tor supplied for "Windows is 6.0.3" and is based upon "Firefox 45.3.0." This combination works to download and Verify "Tails-i386-2.5.iso."
The PGP sig verification sorta seems to match, but I have not established the Web of Trust needed to make it give a total thumbs up message. I do not feel good about the PGP keyset I generated, which I think I need for the WebOfTrust thing to work. That is register my own key as being trustworthy, and then trust their PGP key. https of Tails site gives three Firefox developers signing of Tails key as part of Web of Trust.
Some days ago I wrote to the developer for the Firefox Addon, "Tails Download and Verify," no reply, but he might be on vacation. He says he is in Italy.
The purpose of the Pinning is a second security feature, which I had never heard of before, in addition to verifying the CA, as I understand it. I doubt if Pinning is in the earlier Firefoxused with TOR.. Likely Firefox 48 has the feature Pinning.
The website for Tails is: https://tails.boum.org/ Which will display in Chrome, not Windows 10 Pro, Firefox 48 with the addon "Tails Download and Verify." enabled. If one looks at the Tails site, they seem to be very high on how much added security is added for those who are not highly computer literate, or willing to spend a lot of time with computers.
Stilll comes back to, that my real trust of Tails Linux must be based upon the https of the website tails, as other verification comes out of that. Support comes from directions given on the Tails site, which seems to use riseup as their sponsers. and of course the CA's verified by Firefox. All of this being in the US. Seems like it would be nice to see verification which comes from Servers based outside the US, which other sources can confirm are independent from interference.
I must be seeing the shadow of potential hazards others are wise enough to know do not exist.
Được chỉnh sửa bởi crystal-clear vào
http://murga-linux.com/puppy/viewtopic.php?t=107694
to me this issue is not resolved.