Is TRUECRYPT Really Dead?
- Details
- Created on Wednesday, 28 May 2014 23:40
The very popular software used by millions for encrypting data has apparently halted development and is advising users to migrate to something different due to "potential security concerns". While this is breaking news, at this time it is hard to believe for many. Some are guessing a defacement of their website www.truecrypt.org has occurred, some suggest a disgruntled developer. An analysis of the software version (mysteriously released yesterday) has shown the same key being used as previous software releases. The latest software release does not allow you to encrypt anything, only decrypt.
Worth noting:
- A $70,000 dollar audit was started last year, the goal is to perform a complete analysis of the source code looking for any major vulnerabilities. Phase 1 of the audit was completed early this year with no major security issues found. Phase 2 was to conclude over this summer. The audit team has reached out to the developer(s) as of today regarding the "news", awaiting a response.
- With the recent Snowden revelations, he mentioned the use of a secure email provider called Lavabit, shortly after he mentioned this publicly, the service shutdown with the explanation of a court order demanding the "keys" thus making the core of his service useless/insecure. Recent news mentions Snowden's use/belief in Truecrypt.
- The Truecrypt team had posted a "roadmap" of sorts outlining the continued development of the software for use on the latest Windows 8.1 platform. This was not a "dead" project. Something bad has happened...
- The Truecrypt developer(s) have always been "anonymous" however the audit team has been in contact with them.
- A popular service called the waybackmachine is an internet website archive, you can view websites as they were in the past, the Truecrypt website has been excluded..hmm.
At this time, it is advised not to download or use the latest version found at truecrypt.org. It is also advised not yet to migrate away from any existing instance you may be running. Until a "tool" is released, or the audit finds a big hole that exploits Truecrypt making it almost useless, it remains one of the best encryption tools out there. If however they were forced to insert a backdoor of sorts (via court order) and this is his/her/their way of letting everyone know (explains the bizarre recommendations), than by all means we will stop using it. Until more info is released, we are staying still.
More info: Arstechnica | Slashdot | Krebs on Security | Reddit | Cory Doctrow
Subscribe to our Newsletter
Search ALL Articles
Managed V. Non-Managed
US-CERT Latest Warnings
Latest US-CERT Released Warnings
-
Citrix Releases Security Updates for Hypervisor
Citrix Releases Security Updates for Hypervisor
Original release date: June 24, 2022Citrix has released security updates to address vulnerabilities that could affect Hypervisor. An attacker could exploit one of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review Citrix Security[…]
Created on: Jun 24, 2022 | 07:49 am
Jun 24, 2022 | 07:49 am -
Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
Original release date: June 23, 2022 CISA and the United States Coast Guard Cyber Command (CGCYBER) have released a joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to[…]
Created on: Jun 23, 2022 | 11:00 am
Jun 23, 2022 | 11:00 am -
CISA Releases Cloud Security Technical Reference Architecture
CISA Releases Cloud Security Technical Reference Architecture
Original release date: June 23, 2022CISA has released its Cloud Security (CS) Technical Reference Architecture (TRA) to guide federal civilian departments and agencies in securely migrating to the cloud. Co-authored by CISA, the United States Digital Service, and the Federal[…]
Created on: Jun 23, 2022 | 06:00 am
Jun 23, 2022 | 06:00 am -
Google Releases Security Updates for Chrome
Google Releases Security Updates for Chrome
Original release date: June 22, 2022Google has released Chrome version 103.0.5060.53 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome[…]
Created on: Jun 22, 2022 | 08:00 am
Jun 22, 2022 | 08:00 am -
CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report
CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report
Original release date: June 22, 2022 | Last revised: June 23, 2022CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into[…]
Created on: Jun 22, 2022 | 07:00 am
Jun 22, 2022 | 07:00 am -
Keeping PowerShell: Measures to Use and Embrace
Keeping PowerShell: Measures to Use and Embrace
Original release date: June 22, 2022Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) on PowerShell. The CIS provides recommendations for proper configuration and monitoring of PowerShell, as opposed[…]
Created on: Jun 22, 2022 | 06:00 am
Jun 22, 2022 | 06:00 am -
CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case
CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case
Original release date: June 16, 2022CISA has released Trusted Internet Connections (TIC) 3.0 Cloud Use Case for public comment. TIC is a federal cybersecurity initiative intended to secure federal data, networks, and boundaries while providing visibility into agency traffic, including[…]
Created on: Jun 16, 2022 | 09:00 am
Jun 16, 2022 | 09:00 am -
Cisco Releases Security Updates for Multiple Products
Cisco Releases Security Updates for Multiple Products
Original release date: June 16, 2022Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the[…]
Created on: Jun 16, 2022 | 08:00 am
Jun 16, 2022 | 08:00 am -
Adobe Releases Security Updates for Multiple Products
Adobe Releases Security Updates for Multiple Products
Original release date: June 14, 2022Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe[…]
Created on: Jun 14, 2022 | 17:41 pm
Jun 14, 2022 | 17:41 pm -
SAP Releases June 2022 Security Updates
SAP Releases June 2022 Security Updates
Original release date: June 14, 2022SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review SAP Security Patch[…]
Created on: Jun 14, 2022 | 16:19 pm
Jun 14, 2022 | 16:19 pm
 |
High Desert Technology is a Complete IT Solution with a Privacy and Security Emphasis!
 |
 |
Copyright © 2020. High Desert Technology.