RSS Feed

Netsec, comsec, infosec and IA news, research and trends



Latest Kali Linux 1.0.7 offers persistent encrypted partition on USB stick

From Dark Reading,


"The whole situation is very odd, but there are clues to what might be happening," says Mark Bower, vice president at Voltage Security. "The TrueCrypt development team is largely anonymous, and has unclear origins. On the one hand, TrueCrypt is a product that is supposed to be transparent about its security design, yet there have always been unclear aspects to its origins. On the other hand, it was about to be put through a thorough crowd-funded technical audit. Was there something to hide? Maybe so."

Last month, iSEC Partners released a code audit of TrueCrypt and found no backdoors or serious vulnerabilities in the portion of code it reviewed, which included the Windows kernel driver and bootloader.

Tom Ritter, principal security consultant at iSEC Partners, considers the end of TrueCrypt to be a loss to the open-source community.


From Wired,

Snowden’s Crypto Software May Be Tainted Forever

    * By Robert McMillan 
    * 05.29.14  | 
    * 8:19 pm


"This week, a message appeared on the website that offers TrueCrypt, saying that the software “may contain some unfixed security issues” and should not be used. It was a big shock to the millions of people who now use the software to protect their online communications, but not just because it now seemed that the software was full of holes. The message arrived so suddenly–and without explanation–that many security experts are wondering if the message was posted by hackers who had compromised the website.

It’s all a bit of a mystery, because, like a small number of other open-source projects, TrueCrypt is built by anonymous developers. It’s hard to know if the good guys have screwed up or if the bad guys are in control.

That means TrueCrypt is now tainted in a way that may be permanent. The situation shows what can go wrong when software–even open-source software–is offered up by people who don’t identify themselves. Projects like the Tails secure operating-system should take heed. Researchers can still audit the TrueCrypt code, but that may not be enough. Because we don’t know who is in control of TrueCrypt, and how exactly to evaluate their claims, the project is tainted. "

The post itself is on the Truecrypt site,

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

Migrating from TrueCrypt to BitLocker:"

Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation


Google removes NPAPI apps and extensions from Chrome Web Store homepage, search results, and category pagesGoogle hopes that killing of NPAPI support will “improve Chrome’s security, speed, and stability as well as reduce complexity in the code base.”

Apple IDs Compromised: iPhones, iPads, and Macs Locked, Held for Ransom

Spotify, security firm Avast report hacks that spill user data

eBay Fumbles Password Reset Warning


CryptoLocker Goes Spear-Phishing from Lenzy


Critical Internet Explorer zero-day exploit detailed after Microsoft fails to patch it from Zachary


The US Navy was hacked from inside its own aircraft carrier from Mike


Another day, another breach. eBay urging users to change passwords after cyberattack.


George R.R. Martin Tells Conan His Secret Weapon: a DOS Computer - 'Game of Thrones' author admits he writes on an outdated machine without Internet


Serious security flaw in OAuth, OpenID discovered

This page is powered by Blogger.

Site Meter Locations of visitors to this page