Is TRUECRYPT Really Dead?
- Details
- Created on Wednesday, 28 May 2014 23:40
The very popular software used by millions for encrypting data has apparently halted development and is advising users to migrate to something different due to "potential security concerns". While this is breaking news, at this time it is hard to believe for many. Some are guessing a defacement of their website www.truecrypt.org has occurred, some suggest a disgruntled developer. An analysis of the software version (mysteriously released yesterday) has shown the same key being used as previous software releases. The latest software release does not allow you to encrypt anything, only decrypt.
Worth noting:
- A $70,000 dollar audit was started last year, the goal is to perform a complete analysis of the source code looking for any major vulnerabilities. Phase 1 of the audit was completed early this year with no major security issues found. Phase 2 was to conclude over this summer. The audit team has reached out to the developer(s) as of today regarding the "news", awaiting a response.
- With the recent Snowden revelations, he mentioned the use of a secure email provider called Lavabit, shortly after he mentioned this publicly, the service shutdown with the explanation of a court order demanding the "keys" thus making the core of his service useless/insecure. Recent news mentions Snowden's use/belief in Truecrypt.
- The Truecrypt team had posted a "roadmap" of sorts outlining the continued development of the software for use on the latest Windows 8.1 platform. This was not a "dead" project. Something bad has happened...
- The Truecrypt developer(s) have always been "anonymous" however the audit team has been in contact with them.
- A popular service called the waybackmachine is an internet website archive, you can view websites as they were in the past, the Truecrypt website has been excluded..hmm.
At this time, it is advised not to download or use the latest version found at truecrypt.org. It is also advised not yet to migrate away from any existing instance you may be running. Until a "tool" is released, or the audit finds a big hole that exploits Truecrypt making it almost useless, it remains one of the best encryption tools out there. If however they were forced to insert a backdoor of sorts (via court order) and this is his/her/their way of letting everyone know (explains the bizarre recommendations), than by all means we will stop using it. Until more info is released, we are staying still.
More info: Arstechnica | Slashdot | Krebs on Security | Reddit | Cory Doctrow
Subscribe to our Newsletter
Search ALL Articles
Managed V. Non-Managed
US-CERT Latest Warnings
Latest US-CERT Released Warnings
-
VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit
VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit
Original release date: September 24, 2021On September 21, 2021, VMware disclosed that its vCenter Server is affected by an arbitrary file upload vulnerability—CVE-2021-22005—in the Analytics service. A malicious cyber actor with network access to port 443 can exploit this vulnerability[…]
Created on: Sep 24, 2021 | 14:49 pm
Sep 24, 2021 | 14:49 pm -
Google Releases Security Updates for Chrome
Google Releases Security Updates for Chrome
Original release date: September 24, 2021Google has released Chrome version 94.0.4606.61 for Windows, Mac, and Linux. This version addresses a vulnerability—CVE-2021-37973—that an attacker could exploit to take control of an affected system. An exploit for this vulnerability exists in the[…]
Created on: Sep 24, 2021 | 11:42 am
Sep 24, 2021 | 11:42 am -
Apple Releases Security Updates
Apple Releases Security Updates
Original release date: September 23, 2021Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild.CISA encourages[…]
Created on: Sep 23, 2021 | 15:11 pm
Sep 23, 2021 | 15:11 pm -
Cisco Releases Security Updates for Multiple Products
Cisco Releases Security Updates for Multiple Products
Original release date: September 23, 2021Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the Cisco[…]
Created on: Sep 23, 2021 | 07:06 am
Sep 23, 2021 | 07:06 am -
CISA Releases Guidance: IPv6 Considerations for TIC 3.0
CISA Releases Guidance: IPv6 Considerations for TIC 3.0
Original release date: September 23, 2021The federal government has prioritized the transition of federal networks to Internet Protocol version 6 (IPv6) since the release of Office of Management and Budget (OMB) Memorandum 05-22 in 2005. In 2020, OMB renewed its focus[…]
Created on: Sep 23, 2021 | 06:45 am
Sep 23, 2021 | 06:45 am -
CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware
CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware
Original release date: September 22, 2021CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks. Malicious cyber actors use Conti ransomware to steal[…]
Created on: Sep 22, 2021 | 10:00 am
Sep 22, 2021 | 10:00 am -
Google Releases Security Updates for Chrome
Google Releases Security Updates for Chrome
Original release date: September 22, 2021Google has released Chrome version 94.0.4606.54 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.CISA encourages users and administrators to review the Chrome[…]
Created on: Sep 22, 2021 | 08:36 am
Sep 22, 2021 | 08:36 am -
NETGEAR Releases Security Updates for RCE Vulnerability
NETGEAR Releases Security Updates for RCE Vulnerability
Original release date: September 21, 2021NETGEAR has released security updates to address a remote code execution vulnerability—CVE-2021-40847—in multiple NETGEAR routers. A remote attacker could exploit this vulnerability to take control of an affected system.CISA encourages users and administrators to review[…]
Created on: Sep 21, 2021 | 11:06 am
Sep 21, 2021 | 11:06 am -
VMware Releases Security Updates
VMware Releases Security Updates
Original release date: September 21, 2021VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators[…]
Created on: Sep 21, 2021 | 09:05 am
Sep 21, 2021 | 09:05 am -
Apple Releases Security Updates for Multiple Products
Apple Releases Security Updates for Multiple Products
Original release date: September 21, 2021Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the Apple security[…]
Created on: Sep 21, 2021 | 08:56 am
Sep 21, 2021 | 08:56 am
 |
High Desert Technology is a Complete IT Solution with a Privacy and Security Emphasis!
 |
 |
Copyright © 2020. High Desert Technology.