Is TRUECRYPT Really Dead?
- Details
- Created on Wednesday, 28 May 2014 23:40
The very popular software used by millions for encrypting data has apparently halted development and is advising users to migrate to something different due to "potential security concerns". While this is breaking news, at this time it is hard to believe for many. Some are guessing a defacement of their website www.truecrypt.org has occurred, some suggest a disgruntled developer. An analysis of the software version (mysteriously released yesterday) has shown the same key being used as previous software releases. The latest software release does not allow you to encrypt anything, only decrypt.
Worth noting:
- A $70,000 dollar audit was started last year, the goal is to perform a complete analysis of the source code looking for any major vulnerabilities. Phase 1 of the audit was completed early this year with no major security issues found. Phase 2 was to conclude over this summer. The audit team has reached out to the developer(s) as of today regarding the "news", awaiting a response.
- With the recent Snowden revelations, he mentioned the use of a secure email provider called Lavabit, shortly after he mentioned this publicly, the service shutdown with the explanation of a court order demanding the "keys" thus making the core of his service useless/insecure. Recent news mentions Snowden's use/belief in Truecrypt.
- The Truecrypt team had posted a "roadmap" of sorts outlining the continued development of the software for use on the latest Windows 8.1 platform. This was not a "dead" project. Something bad has happened...
- The Truecrypt developer(s) have always been "anonymous" however the audit team has been in contact with them.
- A popular service called the waybackmachine is an internet website archive, you can view websites as they were in the past, the Truecrypt website has been excluded..hmm.
At this time, it is advised not to download or use the latest version found at truecrypt.org. It is also advised not yet to migrate away from any existing instance you may be running. Until a "tool" is released, or the audit finds a big hole that exploits Truecrypt making it almost useless, it remains one of the best encryption tools out there. If however they were forced to insert a backdoor of sorts (via court order) and this is his/her/their way of letting everyone know (explains the bizarre recommendations), than by all means we will stop using it. Until more info is released, we are staying still.
More info: Arstechnica | Slashdot | Krebs on Security | Reddit | Cory Doctrow
Subscribe to our Newsletter
Search ALL Articles
Managed V. Non-Managed
US-CERT Latest Warnings
Latest US-CERT Released Warnings
-
Threat Actors Targeting Cybersecurity Researchers
Threat Actors Targeting Cybersecurity Researchers
Original release date: April 14, 2021Google and Microsoft recently published reports on advanced persistent threat (APT) actors targeting cybersecurity researchers. The APT actors are using fake social media profiles and legitimate-looking websites to lure security researchers into visiting malicious websites[…]
Created on: Apr 14, 2021 | 07:54 am
Apr 14, 2021 | 07:54 am -
Google Releases Security Updates for Chrome
Google Releases Security Updates for Chrome
Original release date: April 13, 2021Google has updated the stable channel for Chrome to 89.0.4389.128 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome[…]
Created on: Apr 13, 2021 | 17:23 pm
Apr 13, 2021 | 17:23 pm -
SAP Releases April 2021 Security Updates
SAP Releases April 2021 Security Updates
Original release date: April 13, 2021SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the SAP Security[…]
Created on: Apr 13, 2021 | 14:09 pm
Apr 13, 2021 | 14:09 pm -
Apply Microsoft April 2021 Security Update to Mitigate Newly Disclosed Microsoft Exchange Vulnerabilities
Apply Microsoft April 2021 Security Update to Mitigate Newly Disclosed Microsoft Exchange Vulnerabilities
Original release date: April 13, 2021 | Last revised: April 14, 2021Microsoft's April 2021 Security Update mitigates significant vulnerabilities affecting on-premises Exchange Server 2013, 2016, and 2019. An attacker could exploit these vulnerabilities to gain access and maintain persistence on the[…]
Created on: Apr 13, 2021 | 09:41 am
Apr 13, 2021 | 09:41 am -
Adobe Releases Security Updates
Adobe Releases Security Updates
Original release date: April 13, 2021Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the following Adobe Security[…]
Created on: Apr 13, 2021 | 09:30 am
Apr 13, 2021 | 09:30 am -
Updates on Microsoft Exchange Server Vulnerabilities
Updates on Microsoft Exchange Server Vulnerabilities
Original release date: April 12, 2021CISA has added two new Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. MAR-10331466-1.v1: China Chopper Webshell identifies a China Chopper webshell observed in post-compromised Microsoft Exchange Servers. After successfully exploiting[…]
Created on: Apr 12, 2021 | 10:19 am
Apr 12, 2021 | 10:19 am -
Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments
Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments
Original release date: April 8, 2021Aviary is a new dashboard that CISA and partners developed to help visualize and analyze outputs from its Sparrow detection tool released in December 2020. Sparrow helps network defenders detect possible compromised accounts and applications[…]
Created on: Apr 8, 2021 | 12:00 pm
Apr 8, 2021 | 12:00 pm -
Cisco Releases Security Updates for Multiple Products
Cisco Releases Security Updates for Multiple Products
Original release date: April 8, 2021Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the[…]
Created on: Apr 8, 2021 | 07:24 am
Apr 8, 2021 | 07:24 am -
Malicious Cyber Activity Targeting Critical SAP Applications
Malicious Cyber Activity Targeting Critical SAP Applications
Original release date: April 6, 2021SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks. SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply[…]
Created on: Apr 6, 2021 | 06:00 am
Apr 6, 2021 | 06:00 am -
VMware Releases Security Update
VMware Releases Security Update
Original release date: April 2, 2021VMware has released a security update to address a vulnerability in VMware Carbon Black Cloud Workload appliance. A remote attacker could exploit this vulnerability to take control of an affected system.CISA encourages users and administrators[…]
Created on: Apr 2, 2021 | 08:09 am
Apr 2, 2021 | 08:09 am
 |
High Desert Technology is a Complete IT Solution with a Privacy and Security Emphasis!
 |
 |
Copyright © 2020. High Desert Technology.