Page 1 of 5 123 ... LastLast
Results 1 to 10 of 47

Thread: TrueCrypt Has Been Potentially Compromised

  1. #1
    Join Date
    Jan 2007
    Posts
    15,110

    Default TrueCrypt Has Been Potentially Compromised

    Phoronix: TrueCrypt Has Been Potentially Compromised

    The TrueCrypt open-source disk encryption software has been potentially compromised and users are now told to avoid the software...

    http://www.phoronix.com/vr.php?view=MTcwMzY

  2. #2
    Join Date
    Jul 2013
    Posts
    62

    Default

    This seems very fish.

    I'm going to guess it's BS and the page has just been hijacked. The page uses a redirect, rather than actually being on the website, and it has no reasoning.

    The binaries posted on the page also possibly contain malware.
    Last edited by Britoid; 05-28-2014 at 07:05 PM.

  3. #3
    Join Date
    Feb 2008
    Posts
    1,074

    Default

    Inside source package, Readme.txt there is also the same warning:

    WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

    The development of TrueCrypt was ended in 5/2014 after Microsoft terminated
    support of Windows XP. Windows 8/7/Vista and later offer integrated support for
    encrypted disks and virtual disk images. Such integrated support is also
    available on other platforms. You should migrate any data encrypted by TrueCrypt
    to encrypted disks or virtual disk images supported on your platform.

  4. #4
    Join Date
    Apr 2010
    Posts
    99

    Default

    The development of TrueCrypt was ended in 5/2014 after Microsoft terminated
    support of Windows XP.
    There was planned support for Windows 8 as of 2014-05-24, or so says Wikipedia.

  5. #5
    Join Date
    Jun 2013
    Location
    Canada
    Posts
    30

    Default

    Do you have any idea how bad this is? This better be false/FUD because this is no laughing matter. Also my subscription to your premium service will also end. If i cannot trust you and you're just gaining bullshit clicks I'll tell everyone to never trust this sites information again.

  6. #6
    Join Date
    Jul 2013
    Posts
    339

    Default Damn

    So, if that turns out to be legitimate, what other alternatives do we have on Linux that works in a similar way? I need a tool that creates an encrypted file-based virtual drive as I am using it to encrypt USB thumbdrives that I may access on more than one machine.

  7. #7
    Join Date
    Mar 2011
    Posts
    222

    Default

    Quote Originally Posted by HeavensRevenge View Post
    Do you have any idea how bad this is? This better be false/FUD because this is no laughing matter. Also my subscription to your premium service will also end. If i cannot trust you and you're just gaining bullshit clicks I'll tell everyone to never trust this sites information again.
    What? You're ending your phoronix premium subscription because phoronix reports that Truecrypt is potentially compromised and Truecrypt is telling its users to avoid the software? What part of it was bullshit?

  8. #8
    Join Date
    Jun 2011
    Posts
    840

    Default

    Quote Originally Posted by Britoid View Post
    This seems very fish.

    I'm going to guess it's BS and the page has just been hijacked. The page uses a redirect, rather than actually being on the website, and it has no reasoning.

    The binaries posted on the page also possibly contain malware.
    That's a bad assumption to be making; The fact is there has been a group of individuals who wanted TrueCrypt audited, which is exactly what ended up happening, at the beginning of this year [although, it required a lot of work, raising funds, etc to make happen].

    their website[s]; http://opencryptoaudit.org/ && http://istruecryptauditedyet.com/
    indiegogo campaign; https://www.indiegogo.com/projects/the-truecrypt-audit
    Phase one audit report - by iSecPartners; https://opencryptoaudit.org/reports/...Assessment.pdf

    I'm going to guess it's not BS, given that it has already been demonstrated that TrueCrypt is not secure.

  9. #9
    Join Date
    Apr 2010
    Posts
    99

    Default

    https://twitter.com/amidvidy/status/471759299468083200 :
    TrueCrypt signing key was changed 3 hours before latest binaries were released: http://sourceforge.net/p/truecrypt/a...309d5eeee49ebd

  10. #10
    Join Date
    Dec 2011
    Posts
    74

    Default

    Quote Originally Posted by ninez View Post
    I'm going to guess it's not BS, given that it has already been demonstrated that TrueCrypt is not secure.
    LMFAO... this is transparently and obviously BS that a fourth grader could spot.

    When Heartbleed came out last month, was there an amateur-hour scare announcement on the OpenSSL website to abandon OpenSSL in favor of Microsoft(!!???!?)

    Real security vulnerabilities in a program... and Truecrypt might have them, just like practically every complex program in existence has, are handled professionally through a disclosure and patching/mitigation process. Ever see "CVE" numbers? (http://cve.mitre.org/)

    This is basically a hack on a sourceforge website that anyone can see is intended as a bad joke. That host could very well be compromised and any "updated" software that has been through zero vetting process is OBVIOUSLY the malware.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •