OMINOUS WARNING OR HOAX? TRUECRYPT WARNS SOFTWARE ‘NOT SECURE,’ DEVELOPMENT SHUT DOWN

OMINOUS WARNING OR HOAX? TRUECRYPT WARNS SOFTWARE ‘NOT SECURE,’ DEVELOPMENT SHUT DOWN

by Michael Mimoso May 28, 2014 , 5:35 pm

Is it a hoax, or the end of the line for TrueCrypt?

At the moment, there is little more than speculation as to the appearance today of an ominous note greeting visitors to the TrueCrypt page at SourceForge. The text warns that the open source encryption software is not secure and informs users that development has been terminated.

It’s unclear whether the site has been defaced or whether the developers are aware of a critical vulnerability or backdoor that would jeopardize the integrity of the software, which has been downloaded more than 28 million times.

An audit of TrueCrypt was commissioned last year in order to determine if the software had been tampered with in the wake of the Edward Snowden leaks and the depths of surveillance by the National Security Agency. The results of the first phase of the audit were released on April 14 by iSEC Partners on behalf of the Open Crypto Audit Project and no backdoors were found. The first phase focused on the TrueCrypt bootloader and Windows kernel driver. Architecture and code reviews were performed, said Kenneth White, senior security engineer at Social & Scientific Systems, one of the OCAP architects.

A second phase, which has not yet begun, will focus on whether encryption suites, random number generators and critical algorithms have been properly implemented.

Many experts are downplaying the possibility that this is a defacement. Runa A. Sandvik, a privacy and security researcher and advisor on the TrueCrypt audit, told Threatpost that the current version listed on the SourceForge page, version 7.2, was signed yesterday with the same key used by the TrueCrypt Foundation for as long as two years. This was also confirmed by Kaspersky Lab researcher Costin Raiu.

“With a defacement, you would usually just expect to see the website change. In this change, the software seems to have changed as well,” Sandvik said. “The software has been modified to display a warning when you start it, as well as display a warning as part of the standard UI.”

Sandvik said she performed a quick analysis on the installer and saw no network traffic emanating from it.

“If the installer had a keylogger, you would expect the installer to at some point connect to another host and transfer information. Since there is no network traffic, there is no part of the installer that attempts to call home,” Sandvik said. “Note that I just did a very quick analysis, a deeper dive might uncover sketchy bits and pieces.”

Speculation ran amok on Twitter as well that the shutdown had to do with an impending announcement regarding the TrueCrypt audit, which White said, via his Twitter feed, is unfounded and that the announcement has to do with an upcoming OCAP initiative.

“As a general rule, any time a high-profile site gets replaced with a terse static page (much less redirects), I would urge caution,” White told Threatpost, adding that OCAP had reached out to the TrueCrypt developers seeking more information. “But at the moment, I’m afraid I don’t have much to add.”

Here’s What You Need To Master The Tor Network!

Here’s What You Need To Master The Tor Network!

Monday, May 05, 2014: The anonymous Internet, or the Tor network has been attractive to many since it came to mainstream news. The network provides protection from snooping bodies that steal your personal information online.

What is Tor?

Originally known as The Onion Router, the Tor network was meant to protect the US Navy. Currently, it is a software that sends your signal around a network of open connections. These connections come from volunteers all over the world using the network.

1. Use Tor browsers

Just because it is the anonymous network, that doesn’t mean that Tor will protect your system completely. It protects only the applications and programs that are configured correctly. That is why you should use a Tor browser bundle, which is pre-programmed to suit the Tor network.

2. Say goodbye to browser plugins

You would notice that the Tor browser disables things like Quicktime, RealPlayer and Flash. This it does in order to protect your privacy, as these applications have been known to give out your IP address. Similarly, you should avoid installing any add-ons to the Tor browser because they may cause it to malfunction. This can in turn be a hindrance to the browser’s original purpose of protecting your privacy.

3. Avoid opening downloaded files when working on Tor

Opening PDF or other files using a different application can reveal your non-IP address. You should avoid doing so.

4. Tor and Torrent don’t go together

Even though it may seem so, downloading torrents while on Tor is not a good idea. You can use the network but don’t try to download torrents.

5. HTTPS

Yes, use this at all times while you are on the Tor network. It shouldn’t be any trouble, since the network automatically goes for the always HTTPS option.

6. Tor bridges

This is also important since Tor doesn’t protect you from being watched. Someone can still find out that you’re using Tor.

7. Get more people

The more people near you who use Tor, better will be the protection that you get from the network.

Want To Send/Receive Large Files Quickly? Try These 8 Free Websites!

Want To Send/Receive Large Files Quickly? Try These 8 Free Websites!

Monday, May 12, 2014: Are you bogged down by the fact that your regular e-mail client doesn’t let you send/recieve large files, files beyound a certain limit? Well, you’re not the only one. Don’t you always wish you had something, an online tool or a website for that matter that could help you send/receive large data with ease. Afterall breaking your data into little chunks when sending can be a daunting task. Here are 8 free websites that you should try!

1.Mozy Online Backup

More than 6 million individuals and 100,000 businesses back up more than 90 petabytes of information to Mozy data centers globally.

2.ADrive

Founded in 2007 by veterans of the storage and networking industry, ADrive was created to meet the demands of our data-intensive world.

3.Windows Live SkyDrive

Easily store and share photos, videos, documents, and more — anywhere, on any device, free. Plus, get 7 GB when you sign up.

4.file ai

Securely share files that are too big to e-mail for free.

5.Share Send

Share Send is the easiest way to share files online. With no registration required, you simply drag and drop your files and these same files are available online.

6.GigaSize

GigaSize.com allows you to upload large files in just one click.

7.2Big2Send

2Big2Send eliminates the large file headache many people have on a day-to-day basis. Without using 2Big2Send your files clog up your inbox, Exchange Server and makes your recipients wait while you send the email and then download it over slow connections.

8.DropSend

With DropSend you can send 4GB files quickly, securely and without any hassle.

Saurabh Singh, EFYTIMES News Network