NetSec
  corner   



HOME

LINUX

CYBERLAW

VIRTUALIZATION

Bugtraq

Packetstorm

FD

GrokLaw


RSS Feed


Netsec, comsec, infosec and IA news, research and trends

 

5.30.2014

 
Latest Kali Linux 1.0.7 offers persistent encrypted partition on USB stick

 
From Dark Reading, http://www.darkreading.com/endpoint/the-mystery-of-the-truecrypt-encryption-software-shutdown-/d/d-id/1269323?

Excerpt:

"The whole situation is very odd, but there are clues to what might be happening," says Mark Bower, vice president at Voltage Security. "The TrueCrypt development team is largely anonymous, and has unclear origins. On the one hand, TrueCrypt is a product that is supposed to be transparent about its security design, yet there have always been unclear aspects to its origins. On the other hand, it was about to be put through a thorough crowd-funded technical audit. Was there something to hide? Maybe so."

Last month, iSEC Partners released a code audit of TrueCrypt and found no backdoors or serious vulnerabilities in the portion of code it reviewed, which included the Windows kernel driver and bootloader.

Tom Ritter, principal security consultant at iSEC Partners, considers the end of TrueCrypt to be a loss to the open-source community.



5.29.2014

 
From Wired, http://www.wired.com/2014/05/truecrypt/

Snowden’s Crypto Software May Be Tainted Forever

    * By Robert McMillan 
    * 05.29.14  | 
    * 8:19 pm

Excerpt:

"This week, a message appeared on the website that offers TrueCrypt, saying that the software “may contain some unfixed security issues” and should not be used. It was a big shock to the millions of people who now use the software to protect their online communications, but not just because it now seemed that the software was full of holes. The message arrived so suddenly–and without explanation–that many security experts are wondering if the message was posted by hackers who had compromised the website.

It’s all a bit of a mystery, because, like a small number of other open-source projects, TrueCrypt is built by anonymous developers. It’s hard to know if the good guys have screwed up or if the bad guys are in control.

That means TrueCrypt is now tainted in a way that may be permanent. The situation shows what can go wrong when software–even open-source software–is offered up by people who don’t identify themselves. Projects like the Tails secure operating-system should take heed. Researchers can still audit the TrueCrypt code, but that may not be enough. Because we don’t know who is in control of TrueCrypt, and how exactly to evaluate their claims, the project is tainted. "


The post itself is on the Truecrypt site, http://truecrypt.sourceforge.net/

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.


Migrating from TrueCrypt to BitLocker:"

 
Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation



5.27.2014

 
Google removes NPAPI apps and extensions from Chrome Web Store homepage, search results, and category pagesGoogle hopes that killing of NPAPI support will “improve Chrome’s security, speed, and stability as well as reduce complexity in the code base.”

 
Apple IDs Compromised: iPhones, iPads, and Macs Locked, Held for Ransom

 
Spotify, security firm Avast report hacks that spill user data

 
eBay Fumbles Password Reset Warning





This page is powered by Blogger.


Site Meter Locations of visitors to this page