Windows users who rely on TrueCrypt to encrypt their hard drives have a serious security problem: a researcher has discovered two critical flaws in the program.
TrueCrypt may have been abandoned by its original developers, but it remains one of the few encryption options for Windows. That keeps researchers interested in finding holes in the program and its spin-offs. A member of Google’s Project Zero team has recently discovered two vulnerabilities in the driver that TrueCrypt installs on Windows systems. The flaws could allow attackers to obtain elevated privileges on a system if they have access to a limited user account.
Read moreSomething very weird is going on with the popular free whole-disk encryption suite TrueCrypt. The story is still developing, but it does look like the suite ceases to exist right now. The only explanation its creators have provided so far is that using TrueCrypt “is not secure as it may contain unfixed security issues”.
What kind of issues? – This is something people behind TrueCrypt have not disclosed so far. There are some speculations about the possibility of a backdoor in the software code, but it’s guesswork at best. There was also speculation of a possible deface: TrueCrypt’s official site started redirecting people to the suite’s Sourceforge page all of sudden.
Read moreIndependent encryption software TrueCrypt is apparently not as secure as many thought. The TrueCrypt homepage was suddenly replaced with a notification that read "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues."
Moreover, it is reported that since May, 2014 TrueCrypt development is stopped. Significantly, the current version listed on the SourceForge page, version 7.2, was signed with the official TrueCrypt private signing key, the same key used by the TrueCrypt Foundation for as long as two years. This means the warning on the official homepage of TrueCrypt isn't a hoax posted by some hacker or cyber criminal.
Read moreThe first round of results are in, and so far TrueCrypt, the popular open-source encryption program, has a relatively clean bill of health. Security firm iSec Partners recently carried out the first phase of the TrueCrypt audit on behalf of the Open Crypto Audit Project (OCAP).
OCAP is the official name for the group behind istruecryptauditedyet.com, a project inspired by the revelations about the National Security Agency’s surveillance activities. OCAP was created by Matthew Green, a cryptographer and research professor at Johns Hopkins University, and Kenneth White, Principal Scientist at Social & Scientific Systems. For its report, which was released on Monday, iSec took a look at TrueCrypt’s latest Windows edition (version 7.1a).
Read moreAxarhöfði 14,
110 Reykjavik, Iceland