Announcement

Collapse
No announcement yet.

TrueCrypt Has Been Potentially Compromised

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DeepDayze
    replied
    Hopefully we'll see a statement from TrueCrypt developers attesting to whether this is true or a dangerous hoax. Right now we don't need lies, hacks and bs to undermine the trust people place in such encryption software.

    So lets not get our panties in a bunch till we get clarification on this.

    Originally posted by Ericg View Post
    ...You're an idiot. Look around. This is being reported in all over. I first saw the story on Arstechnica. No one knows what is going on, everyone's just as surprised as everyone else. Don't hate Michael just because you don't like the news of the day.
    This...we need to get at the truth

    Leave a comment:


  • Ericg
    replied
    Originally posted by HeavensRevenge View Post
    Do you have any idea how bad this is? This better be false/FUD because this is no laughing matter. Also my subscription to your premium service will also end. If i cannot trust you and you're just gaining bullshit clicks I'll tell everyone to never trust this sites information again.
    ...You're an idiot. Look around. This is being reported in all over. I first saw the story on Arstechnica. No one knows what is going on, everyone's just as surprised as everyone else. Don't hate Michael just because you don't like the news of the day.

    Leave a comment:


  • zanny
    replied
    Originally posted by sarmad View Post
    So, if that turns out to be legitimate, what other alternatives do we have on Linux that works in a similar way? I need a tool that creates an encrypted file-based virtual drive as I am using it to encrypt USB thumbdrives that I may access on more than one machine.
    luks for entire disks or partitions.

    ecryptfs for directory hierarchies

    gpg for single files

    Leave a comment:


  • liam
    replied
    Originally posted by sarmad View Post
    So, if that turns out to be legitimate, what other alternatives do we have on Linux that works in a similar way? I need a tool that creates an encrypted file-based virtual drive as I am using it to encrypt USB thumbdrives that I may access on more than one machine.
    ...gpg

    Leave a comment:


  • mhogomchungu
    replied
    Originally posted by sarmad View Post
    So, if that turns out to be legitimate, what other alternatives do we have on Linux that works in a similar way? I need a tool that creates an encrypted file-based virtual drive as I am using it to encrypt USB thumbdrives that I may access on more than one machine.
    TrueCrypt encrypted volume format is well documented and there are FOSS tools that can open and create TrueCrypt volumes.This means the TrueCrypt project may go under but its volume format may still be used by other projects.

    a project called zuluCrypt[1] makes it possible to create and open TrueCrypt volumes as well as luks volumes using a GUI tool.

    [1] https://code.google.com/p/zulucrypt/

    Leave a comment:


  • ninez
    replied
    Originally posted by chuckula View Post
    LMFAO... this is transparently and obviously BS that a fourth grader could spot.

    When Heartbleed came out last month, was there an amateur-hour scare announcement on the OpenSSL website to abandon OpenSSL in favor of Microsoft(!!???!?)

    Real security vulnerabilities in a program... and Truecrypt might have them, just like practically every complex program in existence has, are handled professionally through a disclosure and patching/mitigation process. Ever see "CVE" numbers? (http://cve.mitre.org/)

    This is basically a hack on a sourceforge website that anyone can see is intended as a bad joke. That host could very well be compromised and any "updated" software that has been through zero vetting process is OBVIOUSLY the malware.
    I'm well-aware that this is just a hack on their sf.net account [ it probably isn't a coincidence that SF.net sent out a security notice to all users to reset their passwords just a couple of days ago, due to security / password protection changes in their service ]... But whether or not their account was hacked has NOTHING to do with the audit that has been happening with TrueCrypt... Hell, you even just brought up OpenSSL, having gone through the same thing, after heartbleed [ which was legit.. ie: TrueCrypt is not secure]... and yes, i know what CVE's are - why don't you google "CVE + TrueCrypt + 2014"??? ...

    fourth grader? go fuck yourself, dumb ass.

    Leave a comment:


  • chuckula
    replied
    Originally posted by ninez View Post
    I'm going to guess it's not BS, given that it has already been demonstrated that TrueCrypt is not secure.
    LMFAO... this is transparently and obviously BS that a fourth grader could spot.

    When Heartbleed came out last month, was there an amateur-hour scare announcement on the OpenSSL website to abandon OpenSSL in favor of Microsoft(!!???!?)

    Real security vulnerabilities in a program... and Truecrypt might have them, just like practically every complex program in existence has, are handled professionally through a disclosure and patching/mitigation process. Ever see "CVE" numbers? (http://cve.mitre.org/)

    This is basically a hack on a sourceforge website that anyone can see is intended as a bad joke. That host could very well be compromised and any "updated" software that has been through zero vetting process is OBVIOUSLY the malware.

    Leave a comment:


  • DeiF
    replied
    https://twitter.com/amidvidy/status/471759299468083200 :
    TrueCrypt signing key was changed 3 hours before latest binaries were released: http://sourceforge.net/p/truecrypt/a...309d5eeee49ebd

    Leave a comment:


  • ninez
    replied
    Originally posted by Britoid View Post
    This seems very fish.

    I'm going to guess it's BS and the page has just been hijacked. The page uses a redirect, rather than actually being on the website, and it has no reasoning.

    The binaries posted on the page also possibly contain malware.
    That's a bad assumption to be making; The fact is there has been a group of individuals who wanted TrueCrypt audited, which is exactly what ended up happening, at the beginning of this year [although, it required a lot of work, raising funds, etc to make happen].

    their website[s]; http://opencryptoaudit.org/ && http://istruecryptauditedyet.com/
    indiegogo campaign; https://www.indiegogo.com/projects/the-truecrypt-audit
    Phase one audit report - by iSecPartners; https://opencryptoaudit.org/reports/...Assessment.pdf

    I'm going to guess it's not BS, given that it has already been demonstrated that TrueCrypt is not secure.

    Leave a comment:


  • M1kkko
    replied
    Originally posted by HeavensRevenge View Post
    Do you have any idea how bad this is? This better be false/FUD because this is no laughing matter. Also my subscription to your premium service will also end. If i cannot trust you and you're just gaining bullshit clicks I'll tell everyone to never trust this sites information again.
    What? You're ending your phoronix premium subscription because phoronix reports that Truecrypt is potentially compromised and Truecrypt is telling its users to avoid the software? What part of it was bullshit?

    Leave a comment:

Working...
X