ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    TrueCrypt compromised by ?????

    IT Discussion
    9
    42
    6.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Bill KindleB
      Bill Kindle
      last edited by

      wow, that really blows the big one. I loved TrueCrypt.

      I wonder what happened, there's almost next to zero news out there about it.

      scottalanmillerS 1 Reply Last reply Reply Quote 0
      • Bill KindleB
        Bill Kindle
        last edited by

        Strange indeed after this was just released last month.

        Now to put on my tinfoil hat...........this abrupt revelation smacks of some real spook stuff.......
        http://arstechnica.com/security/2014/04/truecrypt-audit-finds-no-evidence-of-backdoors-or-malicious-code/

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Bill Kindle
          last edited by

          @Bill-Kindle said:

          wow, that really blows the big one. I loved TrueCrypt.

          I wonder what happened, there's almost next to zero news out there about it.

          Right now we only know that the site was hacked. There is no solid news if there is anything wrong with Truecrypt but since it is open source and no information about the exploit has been told, it is relatively safe to assume that it is a scam.

          1 Reply Last reply Reply Quote 2
          • Bill KindleB
            Bill Kindle
            last edited by

            The more I've read about it I'm seeing that the MD5 hashes weren't matching up, so if it's a hoax, it's pretty damn elaborate.

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Bill Kindle
              last edited by

              @Bill-Kindle said:

              The more I've read about it I'm seeing that the MD5 hashes weren't matching up, so if it's a hoax, it's pretty damn elaborate.

              Which checksums weren't matching?

              1 Reply Last reply Reply Quote 1
              • Bill KindleB
                Bill Kindle
                last edited by Bill Kindle

                let me go back and find that article.

                Edit. Apologies, I read part of the article wrong. BILL FAIL

                Reid CooperR 1 Reply Last reply Reply Quote 0
                • Reid CooperR
                  Reid Cooper @Bill Kindle
                  last edited by

                  @Bill-Kindle said:

                  let me go back and find that article.

                  Edit. Apologies, I read part of the article wrong. BILL FAIL

                  LOL

                  1 Reply Last reply Reply Quote 0
                  • Reid CooperR
                    Reid Cooper
                    last edited by

                    Does that mean we don't think that there is anything to this?

                    StrongBadS 1 Reply Last reply Reply Quote 1
                    • StrongBadS
                      StrongBad @Reid Cooper
                      last edited by

                      @Reid-Cooper said:

                      Does that mean we don't think that there is anything to this?

                      Sniff test says that this is a scam to me.

                      1 Reply Last reply Reply Quote 0
                      • T
                        technobabble
                        last edited by

                        Well everyones talking about it on twitter and other websites. Here's what PC World is saying: http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html

                        alexntgA 1 Reply Last reply Reply Quote 0
                        • StrongBadS
                          StrongBad
                          last edited by

                          Not sure that that clears anything up. If the site was hacked that would explain this. Something is very fishy. And what about non-Windows users. XP retirement would mean nothing for them.

                          alexntgA 1 Reply Last reply Reply Quote 0
                          • alexntgA
                            alexntg @technobabble
                            last edited by

                            @technobabble said:

                            Well everyones talking about it on twitter and other websites. Here's what PC World is saying: http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html

                            That makes sense, as Windows has the same functionality built-in.

                            DashrenderD 1 Reply Last reply Reply Quote 0
                            • alexntgA
                              alexntg @StrongBad
                              last edited by

                              @StrongBad said:

                              Not sure that that clears anything up. If the site was hacked that would explain this. Something is very fishy. And what about non-Windows users. XP retirement would mean nothing for them.

                              OS X has had disk encryption for years.

                              1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @alexntg
                                last edited by

                                @alexntg said:

                                @technobabble said:

                                Well everyones talking about it on twitter and other websites. Here's what PC World is saying: http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html

                                That makes sense, as Windows has the same functionality built-in.

                                Sure, but it's closed source.. so it's really not trustworthy!

                                alexntgA 1 Reply Last reply Reply Quote 1
                                • alexntgA
                                  alexntg @Dashrender
                                  last edited by

                                  @Dashrender said:

                                  @alexntg said:

                                  @technobabble said:

                                  Well everyones talking about it on twitter and other websites. Here's what PC World is saying: http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html

                                  That makes sense, as Windows has the same functionality built-in.

                                  Sure, but it's closed source.. so it's really not trustworthy!

                                  Until recently, no one had actually audited TrueCrypt's code, so for a very long time, it could have had massive backdoors that no one cared to look for. Whether it's open source or close source, it doesn't really matter. On one side, you hope the folks that wrote it were trustworthy and that if there were any issues, they or an associate caught it. On the other hand, you hope that the folks that wrote it were trustworthy and that if there were any issues, they or an associate caught it. Unless you're manually auditing the code yourself, what does it matter?

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch
                                    last edited by

                                    This seems too coordinated for a hack IMO. There are way too many pieces being changed at the same time. Yeah if it was just the website or just the source code, but the way back machine has no info? That is abnormal. The new executable being signed with the correct but recently reissued key? Unusual.

                                    This is a lot of stuff to change and would be an unprecedented public hack.

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @alexntg
                                      last edited by

                                      @alexntg said:

                                      @Dashrender said:

                                      @alexntg said:

                                      @technobabble said:

                                      Well everyones talking about it on twitter and other websites. Here's what PC World is saying: http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html

                                      That makes sense, as Windows has the same functionality built-in.

                                      Sure, but it's closed source.. so it's really not trustworthy!

                                      Until recently, no one had actually audited TrueCrypt's code, so for a very long time, it could have had massive backdoors that no one cared to look for. Whether it's open source or close source, it doesn't really matter. On one side, you hope the folks that wrote it were trustworthy and that if there were any issues, they or an associate caught it. On the other hand, you hope that the folks that wrote it were trustworthy and that if there were any issues, they or an associate caught it. Unless you're manually auditing the code yourself, what does it matter?

                                      No one published an audit. Doesn't imply that it wasn't audited.

                                      alexntgA 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @JaredBusch
                                        last edited by

                                        @JaredBusch said:

                                        This seems too coordinated for a hack IMO. There are way too many pieces being changed at the same time. Yeah if it was just the website or just the source code, but the way back machine has no info? That is abnormal. The new executable being signed with the correct but recently reissued key? Unusual.

                                        This is a lot of stuff to change and would be an unprecedented public hack.

                                        True it is seemingly more and more likely to be legit.

                                        It's not really a needed product anymore across any platform. But still very odd.

                                        1 Reply Last reply Reply Quote 0
                                        • alexntgA
                                          alexntg @scottalanmiller
                                          last edited by

                                          @scottalanmiller said:

                                          @alexntg said:

                                          @Dashrender said:

                                          @alexntg said:

                                          @technobabble said:

                                          Well everyones talking about it on twitter and other websites. Here's what PC World is saying: http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html

                                          That makes sense, as Windows has the same functionality built-in.

                                          Sure, but it's closed source.. so it's really not trustworthy!

                                          Until recently, no one had actually audited TrueCrypt's code, so for a very long time, it could have had massive backdoors that no one cared to look for. Whether it's open source or close source, it doesn't really matter. On one side, you hope the folks that wrote it were trustworthy and that if there were any issues, they or an associate caught it. On the other hand, you hope that the folks that wrote it were trustworthy and that if there were any issues, they or an associate caught it. Unless you're manually auditing the code yourself, what does it matter?

                                          No one published an audit. Doesn't imply that it wasn't audited.

                                          Nor does it imply that it was audited.

                                          1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller
                                            last edited by

                                            No. But every company and every individual had the right and the ability to audit. That's important. Companies have coverage tools that they use all the time on this stuff.

                                            alexntgA 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post