Is TRUECRYPT Really Dead?
- Details
- Created on Wednesday, 28 May 2014 23:40
The very popular software used by millions for encrypting data has apparently halted development and is advising users to migrate to something different due to "potential security concerns". While this is breaking news, at this time it is hard to believe for many. Some are guessing a defacement of their website www.truecrypt.org has occurred, some suggest a disgruntled developer. An analysis of the software version (mysteriously released yesterday) has shown the same key being used as previous software releases. The latest software release does not allow you to encrypt anything, only decrypt.
Worth noting:
- A $70,000 dollar audit was started last year, the goal is to perform a complete analysis of the source code looking for any major vulnerabilities. Phase 1 of the audit was completed early this year with no major security issues found. Phase 2 was to conclude over this summer. The audit team has reached out to the developer(s) as of today regarding the "news", awaiting a response.
- With the recent Snowden revelations, he mentioned the use of a secure email provider called Lavabit, shortly after he mentioned this publicly, the service shutdown with the explanation of a court order demanding the "keys" thus making the core of his service useless/insecure. Recent news mentions Snowden's use/belief in Truecrypt.
- The Truecrypt team had posted a "roadmap" of sorts outlining the continued development of the software for use on the latest Windows 8.1 platform. This was not a "dead" project. Something bad has happened...
- The Truecrypt developer(s) have always been "anonymous" however the audit team has been in contact with them.
- A popular service called the waybackmachine is an internet website archive, you can view websites as they were in the past, the Truecrypt website has been excluded..hmm.
At this time, it is advised not to download or use the latest version found at truecrypt.org. It is also advised not yet to migrate away from any existing instance you may be running. Until a "tool" is released, or the audit finds a big hole that exploits Truecrypt making it almost useless, it remains one of the best encryption tools out there. If however they were forced to insert a backdoor of sorts (via court order) and this is his/her/their way of letting everyone know (explains the bizarre recommendations), than by all means we will stop using it. Until more info is released, we are staying still.
More info: Arstechnica | Slashdot | Krebs on Security | Reddit | Cory Doctrow
Subscribe to our Newsletter
Search ALL Articles
Managed V. Non-Managed
US-CERT Latest Warnings
Latest US-CERT Released Warnings
-
Drupal Releases Security Updates
Drupal Releases Security Updates
Original release date: April 17, 2019 | Last revised: April 18, 2019Drupal has released security updates to address multiple vulnerabilities in Drupal Core. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.The Cybersecurity[…]
Created on: Apr 17, 2019 | 17:50 pm
Apr 17, 2019 | 17:50 pm -
Cisco Releases Security Updates
Cisco Releases Security Updates
Original release date: April 17, 2019Cisco has released a security update to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA)[…]
Created on: Apr 17, 2019 | 11:22 am
Apr 17, 2019 | 11:22 am -
ICSJWG Spring Meeting April 23–25
ICSJWG Spring Meeting April 23–25
Original release date: April 17, 2019The Industrial Control Systems Joint Working Group (ICSJWG)—a collaborative and coordinating body operating under the Critical Infrastructure Partnership Advisory Council framework—will hold the 2019 ICSJWG Spring Meeting in Kansas City, MO, April 23–25, 2019. ICSJWG[…]
Created on: Apr 17, 2019 | 11:19 am
Apr 17, 2019 | 11:19 am -
Multiple Vulnerabilities in Broadcom WiFi Chipset Drivers
Multiple Vulnerabilities in Broadcom WiFi Chipset Drivers
Original release date: April 17, 2019The CERT Coordination Center (CERT/CC) has released information on multiple vulnerabilities in Broadcom Wi-Fi chipset drivers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure[…]
Created on: Apr 17, 2019 | 08:54 am
Apr 17, 2019 | 08:54 am -
Oracle Releases April 2019 Security Bulletin
Oracle Releases April 2019 Security Bulletin
Original release date: April 16, 2019Oracle has released its Critical Patch Update for April 2019 to address 297 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and[…]
Created on: Apr 16, 2019 | 14:57 pm
Apr 16, 2019 | 14:57 pm -
Apache Releases Security Updates for Apache Tomcat
Apache Releases Security Updates for Apache Tomcat
Original release date: April 14, 2019 | Last revised: April 15, 2019The Apache Software Foundation has released Apache Tomcat versions 7.0.94, 8.5.40, and 9.0.19 to address a vulnerability. A remote attacker could exploit this vulnerability to take control of an[…]
Created on: Apr 14, 2019 | 12:39 pm
Apr 14, 2019 | 12:39 pm -
Multiple Vulnerabilities in WPA3 Protocol
Multiple Vulnerabilities in WPA3 Protocol
Original release date: April 12, 2019The CERT Coordination Center (CERT/CC) has released information on vulnerabilities—referred to as Dragonblood—in WPA3 protocol. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security[…]
Created on: Apr 12, 2019 | 13:55 pm
Apr 12, 2019 | 13:55 pm -
VMware Releases Security Updates
VMware Releases Security Updates
Original release date: April 12, 2019VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to obtain sensitive information.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to[…]
Created on: Apr 12, 2019 | 07:38 am
Apr 12, 2019 | 07:38 am -
Vulnerability in Multiple VPN Applications
Vulnerability in Multiple VPN Applications
Original release date: April 12, 2019The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting multiple Virtual Private Network (VPN) applications. An attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and Infrastructure Security[…]
Created on: Apr 12, 2019 | 05:44 am
Apr 12, 2019 | 05:44 am -
Juniper Networks Releases Multiple Security Updates
Juniper Networks Releases Multiple Security Updates
Original release date: April 10, 2019 | Last revised: April 11, 2019Juniper Networks has released multiple security updates to address vulnerabilities in various Juniper products. An attacker could exploit some of these vulnerabilities to take control of an affected system.The[…]
Created on: Apr 10, 2019 | 12:09 pm
Apr 10, 2019 | 12:09 pm
 |
High Desert Technology is a Complete IT Solution with a Privacy and Security Emphasis!
 |
 |
Copyright © 2017. High Desert Technology.