TrueCrypt compromised by ?????
-
truecrypt.org now redicrects to: http://truecrypt.sourceforge.net/
https://news.ycombinator.com/item?id=7812133
Not in wayback machine? wtf?
https://web.archive.org/web/*/http://www.truecrypt.org -
wow.. that's a real blow to security!
-
@Dashrender said:
wow.. that's a real blow to security!
Defacing a web site doesn't really tell us anything about the security. The website isn't protected by truecrypt or likely managed by them.
-
I'm refering to the fact that they have probably canceled the project/product.
-
wow, that really blows the big one. I loved TrueCrypt.
I wonder what happened, there's almost next to zero news out there about it.
-
Strange indeed after this was just released last month.
Now to put on my tinfoil hat...........this abrupt revelation smacks of some real spook stuff.......
http://arstechnica.com/security/2014/04/truecrypt-audit-finds-no-evidence-of-backdoors-or-malicious-code/ -
@Bill-Kindle said:
wow, that really blows the big one. I loved TrueCrypt.
I wonder what happened, there's almost next to zero news out there about it.
Right now we only know that the site was hacked. There is no solid news if there is anything wrong with Truecrypt but since it is open source and no information about the exploit has been told, it is relatively safe to assume that it is a scam.
-
The more I've read about it I'm seeing that the MD5 hashes weren't matching up, so if it's a hoax, it's pretty damn elaborate.
-
@Bill-Kindle said:
The more I've read about it I'm seeing that the MD5 hashes weren't matching up, so if it's a hoax, it's pretty damn elaborate.
Which checksums weren't matching?
-
let me go back and find that article.
Edit. Apologies, I read part of the article wrong. BILL FAIL
-
@Bill-Kindle said:
let me go back and find that article.
Edit. Apologies, I read part of the article wrong. BILL FAIL
LOL
-
Does that mean we don't think that there is anything to this?
-
@Reid-Cooper said:
Does that mean we don't think that there is anything to this?
Sniff test says that this is a scam to me.
-
Well everyones talking about it on twitter and other websites. Here's what PC World is saying: http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html
-
Not sure that that clears anything up. If the site was hacked that would explain this. Something is very fishy. And what about non-Windows users. XP retirement would mean nothing for them.
-
@technobabble said:
Well everyones talking about it on twitter and other websites. Here's what PC World is saying: http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html
That makes sense, as Windows has the same functionality built-in.
-
@StrongBad said:
Not sure that that clears anything up. If the site was hacked that would explain this. Something is very fishy. And what about non-Windows users. XP retirement would mean nothing for them.
OS X has had disk encryption for years.
-
@alexntg said:
@technobabble said:
Well everyones talking about it on twitter and other websites. Here's what PC World is saying: http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html
That makes sense, as Windows has the same functionality built-in.
Sure, but it's closed source.. so it's really not trustworthy!
-
@Dashrender said:
@alexntg said:
@technobabble said:
Well everyones talking about it on twitter and other websites. Here's what PC World is saying: http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html
That makes sense, as Windows has the same functionality built-in.
Sure, but it's closed source.. so it's really not trustworthy!
Until recently, no one had actually audited TrueCrypt's code, so for a very long time, it could have had massive backdoors that no one cared to look for. Whether it's open source or close source, it doesn't really matter. On one side, you hope the folks that wrote it were trustworthy and that if there were any issues, they or an associate caught it. On the other hand, you hope that the folks that wrote it were trustworthy and that if there were any issues, they or an associate caught it. Unless you're manually auditing the code yourself, what does it matter?
-
This seems too coordinated for a hack IMO. There are way too many pieces being changed at the same time. Yeah if it was just the website or just the source code, but the way back machine has no info? That is abnormal. The new executable being signed with the correct but recently reissued key? Unusual.
This is a lot of stuff to change and would be an unprecedented public hack.