Is TRUECRYPT Really Dead?
- Details
- Created on Wednesday, 28 May 2014 23:40
The very popular software used by millions for encrypting data has apparently halted development and is advising users to migrate to something different due to "potential security concerns". While this is breaking news, at this time it is hard to believe for many. Some are guessing a defacement of their website www.truecrypt.org has occurred, some suggest a disgruntled developer. An analysis of the software version (mysteriously released yesterday) has shown the same key being used as previous software releases. The latest software release does not allow you to encrypt anything, only decrypt.
Worth noting:
- A $70,000 dollar audit was started last year, the goal is to perform a complete analysis of the source code looking for any major vulnerabilities. Phase 1 of the audit was completed early this year with no major security issues found. Phase 2 was to conclude over this summer. The audit team has reached out to the developer(s) as of today regarding the "news", awaiting a response.
- With the recent Snowden revelations, he mentioned the use of a secure email provider called Lavabit, shortly after he mentioned this publicly, the service shutdown with the explanation of a court order demanding the "keys" thus making the core of his service useless/insecure. Recent news mentions Snowden's use/belief in Truecrypt.
- The Truecrypt team had posted a "roadmap" of sorts outlining the continued development of the software for use on the latest Windows 8.1 platform. This was not a "dead" project. Something bad has happened...
- The Truecrypt developer(s) have always been "anonymous" however the audit team has been in contact with them.
- A popular service called the waybackmachine is an internet website archive, you can view websites as they were in the past, the Truecrypt website has been excluded..hmm.
At this time, it is advised not to download or use the latest version found at truecrypt.org. It is also advised not yet to migrate away from any existing instance you may be running. Until a "tool" is released, or the audit finds a big hole that exploits Truecrypt making it almost useless, it remains one of the best encryption tools out there. If however they were forced to insert a backdoor of sorts (via court order) and this is his/her/their way of letting everyone know (explains the bizarre recommendations), than by all means we will stop using it. Until more info is released, we are staying still.
More info: Arstechnica | Slashdot | Krebs on Security | Reddit | Cory Doctrow
Subscribe to our Newsletter
Search ALL Articles
Managed V. Non-Managed
US-CERT Latest Warnings
Latest US-CERT Released Warnings
-
FTC Reports Scammers Impersonating FTC
FTC Reports Scammers Impersonating FTC
Original release date: January 26, 2021The Federal Trade Commission (FTC) has released information on scammers attempting to impersonate the FTC. The scammers operate an FTC-spoofed website that claims to provide instant cash payments and tries to trick consumers into disclosing[…]
Created on: Jan 26, 2021 | 14:17 pm
Jan 26, 2021 | 14:17 pm -
Cisco Releases Advisories for Multiple Products
Cisco Releases Advisories for Multiple Products
Original release date: January 21, 2021Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco[…]
Created on: Jan 21, 2021 | 04:16 am
Jan 21, 2021 | 04:16 am -
Drupal Releases Security Updates
Drupal Releases Security Updates
Original release date: January 21, 2021Drupal has released security updates to address a vulnerability affecting Drupal. An attacker could exploit this vulnerability to take control of an affected system.CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-001 and apply[…]
Created on: Jan 21, 2021 | 04:15 am
Jan 21, 2021 | 04:15 am -
CERT/CC and CISA Report Multiple Vulnerabilities in Dnsmasq
CERT/CC and CISA Report Multiple Vulnerabilities in Dnsmasq
Original release date: January 21, 2021CISA and the CERT Coordination Center (CERT/CC) are aware of multiple vulnerabilities affecting Dnsmasq version 2.82 and prior. Dnsmasq is a widely-used, open-source software that provides Domain Name Service forwarding and caching and is common[…]
Created on: Jan 21, 2021 | 04:13 am
Jan 21, 2021 | 04:13 am -
Google Releases Security Updates for Chrome
Google Releases Security Updates for Chrome
Original release date: January 21, 2021Google has released Chrome version 88.0.4324.96 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.CISA encourages users and administrators to review the Chrome[…]
Created on: Jan 21, 2021 | 04:12 am
Jan 21, 2021 | 04:12 am -
Oracle Releases January 2021 Security Bulletin
Oracle Releases January 2021 Security Bulletin
Original release date: January 21, 2021Oracle has released its Critical Patch Update for January 2021 to address 329 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.CISA encourages users[…]
Created on: Jan 21, 2021 | 04:10 am
Jan 21, 2021 | 04:10 am -
NSA Releases Guidance on Encrypted DNS in Enterprise Environments
NSA Releases Guidance on Encrypted DNS in Enterprise Environments
Original release date: January 15, 2021The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH).[…]
Created on: Jan 15, 2021 | 13:00 pm
Jan 15, 2021 | 13:00 pm -
Apache Releases Security Advisory for Tomcat
Apache Releases Security Advisory for Tomcat
Original release date: January 15, 2021The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to[…]
Created on: Jan 15, 2021 | 07:43 am
Jan 15, 2021 | 07:43 am -
RCE Vulnerability Affecting Microsoft Defender
RCE Vulnerability Affecting Microsoft Defender
Original release date: January 14, 2021Microsoft has released a security advisory to address a remote code execution vulnerability, CVE-2021-1647, in Microsoft Defender. A remote attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected[…]
Created on: Jan 14, 2021 | 05:30 am
Jan 14, 2021 | 05:30 am -
Cisco Releases Security Updates for Multiple Products
Cisco Releases Security Updates for Multiple Products
Original release date: January 14, 2021Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the[…]
Created on: Jan 14, 2021 | 05:25 am
Jan 14, 2021 | 05:25 am
 |
High Desert Technology is a Complete IT Solution with a Privacy and Security Emphasis!
 |
 |
Copyright © 2020. High Desert Technology.