![]() ![]() Okay, deep breath everyone! Firstly Truecrypt was perfectly acceptable less than a week ago and you didn’t lose sleep then (maybe over some other large organisation hack but not Truecrypt). It would be great if the devs were to publish the forum/knowledgebase that has gone with their website as well – someone else mentioned this somewhere – all that knowledge and hours of community work would be valuable if not just for posterity. I hope the project is picked up by some FOSS group as it would be a great loss to the wider internet community. ![]() but I have to admit there does seem to be something “fishy” going on. If it wasn’t for how quick-and-dirty all this went down we probably wouldn’t even be talking about NSL’s etc. I don’t think there is anything wrong with the software and I believe the audit will show that (with the exception of minor coding issues as we have already seen). ![]() 10 years ago I had no family and was young enough to spend all-nighters working on open source projects – this is no longer the case. Although, we have had no activity on the project for over 2 years, so maybe the Dev(s) just don’t have time. This is the only reason I feel even slightly suspicious of the shutdown, the abruptness of it all. TrueCrypt’s private key would not be accessible via a SourceForge compromise, implying that this goes deeper than the Sourceforge-hosted content.ĭo you know anything we don’t? Please tell us if you do – we’d love to get to the bottom of this mystery.įollow on Twitter for the latest computer security news.įollow on Instagram for exclusive pics, gifs, vids and LOLs! → The mysterious decrypt-only version 7.2 is apparently digitally signed with TrueCrypt’s private key, making the most likely explanation either that this is intentional by the developers, or that it is an unlawful hack. If it isn’t true, then it’s going to be tough to re-establish trust in the code, and the project has ended implicitly. If the new web page is true, the project has ended explicitly. It certainly looks as though TrueCrypt is finished. Well, if it is, it’s worked, but not in any positive way. SourceForge recently announced it was boosting the security of its password storage, and would require everyone to choose new passwords as part of the improvement.īut it’s not clear how this could lead to a TrueCrypt shutdown.Įven if crooks had acquired TrueCrypt’s SourceForge passwords in the past, and realised their window of opportunity to abuse those passwords was closing, why take this sort of action now? Is it a side-effect of SourceForge’s recent forced password reset? The results of the first part of the two-stage audit were published last month, apparently finding nothing untoward at all.īut even if the second part of the audit had revealed something terrible, why not simply say so, given that the audit would be published anyway? TrueCrypt announced a big code audit recently, as a way of restoring confidence in encryption software following the many Snowden allegations about government surveillance. Is it a panicked response to a failed audit? Sort of like what happened to Lavabit, but deliberately wrapped in mystery.īut wouldn’t just closing the project with no explanation at all be even cleaner? Some have suggested that there might be legal pressure on TrueCrypt, combined with some sort of gag order that prevents the full story being told, so that this was the only lawfully clean way of closing the project. We don’t yet know, but the unlikely, unprofessional-looking and abrupt download page suggests that you’d be unwise to trust anything about it. If so, no-one from TrueCrypt has yet come forward to suggest so. The 7.2 “decrypt only” version can be downloaded for Windows, OS X and Linux. Yet more curiously, there’s a new version numbered 7.2 that can apparently only decrypt, intended to help you migrate away from the now-defunct TrueCrypt product. The motivation seems to be that on all supported operating systems for which TrueCrypt was available, there’s now some sort of built-in full disk encryption system. Not only that, but the page goes on to state that the project has been closed down, following the end of support for Windows XP: WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues Now, the website of venerable free disk encryption software TrueCrypt is telling us: No-one seems to know how, or why, and (to make things yet weirder) the PayPal address given for payment didn’t actually exist. Webdriver Torso has nothing on this week’s mysteries!įirst we had Apple iDevices in Australia announcing “ Device hacked by Oleg Pliss” and demanding a $50 Moneypak voucher or $100 via PayPal. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |