Some 16 months after the developers stopped supporting Truecrypt, the first real security hole has been discovered.
According to a post at http://ift.tt/1hbtuqU a Google security researcher has unearthed two bugs that could pose a potential security threat to PC's on which it's installed.
What isn't made abundantly clear in the article is that the problem lies in the Kernel driver that TC uses to interface with the OS, when using whole disk encryption, to create a Privilege Escalation, this can give someone a back door in to the PC to run exploit programs. The actual encryption components of TrueCrypt remain as solid as ever.
If you are using Truecrypt in 'Container' mode then it's believed that you are still safe, only those utilising full disk encryption are vulnerable.
As this bug is in the Kernel driver it also affects all the 'forks' of TrueCrypt that popped up after the original authors ceased support for the project.
Currently the only one of those forked projects to fix these two bugs is VeraCrypt, and is currently being recommended by security experts as a replacement for TrueCrypt.
Neil
According to a post at http://ift.tt/1hbtuqU a Google security researcher has unearthed two bugs that could pose a potential security threat to PC's on which it's installed.
What isn't made abundantly clear in the article is that the problem lies in the Kernel driver that TC uses to interface with the OS, when using whole disk encryption, to create a Privilege Escalation, this can give someone a back door in to the PC to run exploit programs. The actual encryption components of TrueCrypt remain as solid as ever.
If you are using Truecrypt in 'Container' mode then it's believed that you are still safe, only those utilising full disk encryption are vulnerable.
As this bug is in the Kernel driver it also affects all the 'forks' of TrueCrypt that popped up after the original authors ceased support for the project.
Currently the only one of those forked projects to fix these two bugs is VeraCrypt, and is currently being recommended by security experts as a replacement for TrueCrypt.
Neil
Time to retire Truecrypt
Aucun commentaire:
Enregistrer un commentaire