Is TRUECRYPT Really Dead?
- Details
- Created on Wednesday, 28 May 2014 23:40
The very popular software used by millions for encrypting data has apparently halted development and is advising users to migrate to something different due to "potential security concerns". While this is breaking news, at this time it is hard to believe for many. Some are guessing a defacement of their website www.truecrypt.org has occurred, some suggest a disgruntled developer. An analysis of the software version (mysteriously released yesterday) has shown the same key being used as previous software releases. The latest software release does not allow you to encrypt anything, only decrypt.
Worth noting:
- A $70,000 dollar audit was started last year, the goal is to perform a complete analysis of the source code looking for any major vulnerabilities. Phase 1 of the audit was completed early this year with no major security issues found. Phase 2 was to conclude over this summer. The audit team has reached out to the developer(s) as of today regarding the "news", awaiting a response.
- With the recent Snowden revelations, he mentioned the use of a secure email provider called Lavabit, shortly after he mentioned this publicly, the service shutdown with the explanation of a court order demanding the "keys" thus making the core of his service useless/insecure. Recent news mentions Snowden's use/belief in Truecrypt.
- The Truecrypt team had posted a "roadmap" of sorts outlining the continued development of the software for use on the latest Windows 8.1 platform. This was not a "dead" project. Something bad has happened...
- The Truecrypt developer(s) have always been "anonymous" however the audit team has been in contact with them.
- A popular service called the waybackmachine is an internet website archive, you can view websites as they were in the past, the Truecrypt website has been excluded..hmm.
At this time, it is advised not to download or use the latest version found at truecrypt.org. It is also advised not yet to migrate away from any existing instance you may be running. Until a "tool" is released, or the audit finds a big hole that exploits Truecrypt making it almost useless, it remains one of the best encryption tools out there. If however they were forced to insert a backdoor of sorts (via court order) and this is his/her/their way of letting everyone know (explains the bizarre recommendations), than by all means we will stop using it. Until more info is released, we are staying still.
More info: Arstechnica | Slashdot | Krebs on Security | Reddit | Cory Doctrow
Subscribe to our Newsletter
Search ALL Articles
Managed V. Non-Managed
US-CERT Latest Warnings
Latest US-CERT Released Warnings
-
Microsoft Warns of Destructive Malware Targeting Ukrainian Organizations
Microsoft Warns of Destructive Malware Targeting Ukrainian Organizations
Original release date: January 16, 2022Microsoft has released a blog post on possible Master Boot Record (MBR) Wiper activity targeting Ukrainian organizations, including Ukrainian government agencies. According to Microsoft, powering down the victim device executes the malware, which overwrites the[…]
Created on: Jan 16, 2022 | 06:13 am
Jan 16, 2022 | 06:13 am -
Ivanti Updates Log4j Advisory with Security Updates for Multiple Products
Ivanti Updates Log4j Advisory with Security Updates for Multiple Products
Original release date: January 14, 2022Ivanti has updated its Log4j Advisory with security updates for multiple products to address CVE-2021-44228. An unauthenticated attacker could exploit this vulnerability to take control of an affected system.CISA encourages users and administrators to review the[…]
Created on: Jan 14, 2022 | 07:18 am
Jan 14, 2022 | 07:18 am -
Juniper Networks Releases Security Updates for Multiple Products
Juniper Networks Releases Security Updates for Multiple Products
Original release date: January 13, 2022Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the Juniper[…]
Created on: Jan 13, 2022 | 08:17 am
Jan 13, 2022 | 08:17 am -
Citrix Releases Security Updates for Hypervisor
Citrix Releases Security Updates for Hypervisor
Original release date: January 13, 2022Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review Citrix Security Update CTX335432 and apply the[…]
Created on: Jan 13, 2022 | 08:16 am
Jan 13, 2022 | 08:16 am -
Apple Releases Security Updates for iOS and iPadOS
Apple Releases Security Updates for iOS and iPadOS
Original release date: January 13, 2022Apple has released security updates to address a vulnerability affecting iOS 15.2.1 and iPadOS 15.2.1. An attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the Apple security[…]
Created on: Jan 13, 2022 | 08:14 am
Jan 13, 2022 | 08:14 am -
Cisco Releases Security Updates for Multiple Products
Cisco Releases Security Updates for Multiple Products
Original release date: January 13, 2022Cisco has released security updates to address a vulnerability affecting Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM). A remote attacker could exploit this vulnerability to take[…]
Created on: Jan 13, 2022 | 08:13 am
Jan 13, 2022 | 08:13 am -
CNMF Identifies and Discloses Malware used by Iranian APT MuddyWater
CNMF Identifies and Discloses Malware used by Iranian APT MuddyWater
Original release date: January 12, 2022U.S. Cyber Command’s Cyber National Mission Force (CNMF) has identified multiple open-source tools used by an Iranian advanced persistent threat (APT) group known as MuddyWater. According to CNMF, “MuddyWater has been seen using a variety[…]
Created on: Jan 12, 2022 | 12:34 pm
Jan 12, 2022 | 12:34 pm -
Adobe Releases Security Updates for Multiple Products
Adobe Releases Security Updates for Multiple Products
Original release date: January 11, 2022Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the following[…]
Created on: Jan 11, 2022 | 16:48 pm
Jan 11, 2022 | 16:48 pm -
Citrix Releases Security Update for Workspace App for Linux
Citrix Releases Security Update for Workspace App for Linux
Original release date: January 11, 2022Citrix has released a security update to address a vulnerability in Workspace App for Linux. An attacker could exploit this vulnerability to take control of an affected system.CISA encourages users and administrators to review Citrix[…]
Created on: Jan 11, 2022 | 14:56 pm
Jan 11, 2022 | 14:56 pm -
SAP Releases January 2022 Security Updates
SAP Releases January 2022 Security Updates
Original release date: January 11, 2022SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the SAP Security[…]
Created on: Jan 11, 2022 | 13:39 pm
Jan 11, 2022 | 13:39 pm
 |
High Desert Technology is a Complete IT Solution with a Privacy and Security Emphasis!
 |
 |
Copyright © 2020. High Desert Technology.