Pastebin

Tails Linux 0.16 - two curious security issues

WTF Tails 0.16 uses an ancient version of OpenSSL!  And has it been crippled somehow?

Look at this (from my Tor client logs):

[notice] No AES engine found; using AES_* functions.
[notice] This version of OpenSSL has a slow implementation of counter mode; not using it.
[notice] OpenSSL OpenSSL 0.9.8o 01 Jun 2010 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
[notice] We weren't able to find support for all of the TLS ciphersuites that we wanted to advertise. This won't hurt security, but it might make your Tor (if run as a client) more easy for censors to block.
[notice] To correct this, use a more recent OpenSSL, built without disabling any secure ciphers or features.

Someone explain this please. This coming from the distro which still uses:

network-manager 0.8.1-6+squeeze2
network-manager-gnome 0.8.1-2

LOL!

===============================

Tails 0.16: DEBsig-verify disabled by default! EXCELLENT so I can get pwned and never know it, thanks guys.

cat /etc/dpkg/dpkg.cfg
# dpkg configuration file
#
# This file can contain default options for dpkg.  All command-line
# options are allowed.  Values can be specified by putting them after
# the option, separated by whitespace and/or an `=' sign.
#

# Do not enable debsig-verify by default; since the distribution is not using
# embedded signatures, debsig-verify would reject all packages.
no-debsig

# Log status changes and actions to a file.
log /var/log/dpkg.log