Stories
Slash Boxes
Comments

SoylentNews is people

posted by LaminatorX on Thursday May 29 2014, @04:03AM   Printer-friendly
from the Another-one-bites-the-dust dept.

The TrueCrypt website has been changed it now has a big red warning stating "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues". They recommend using BitLocker for Windows 7/8, FileVault for OS X, or (whatever) for Linux. So, what happened? The TrueCrypt site says:

This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

Did the TrueCrypt devs (or SourceForge?) get a NSL? They are offering a "new" version (7.2), but apparently the signing key has changed and a source code diff seems to indicate a lot of the functionality has been stripped out. What's up?

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by juggs on Thursday May 29 2014, @06:50AM

    by juggs (63) on Thursday May 29 2014, @06:50AM (#48598) Journal

    I'm sorry that post is so ugly. It was formatted better but I fell foul of slaschcode's "Junk Characters" filter on submitting and was to too ired to redo it all so stripped out my lazy underlining.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by aristarchus on Thursday May 29 2014, @07:12AM

    by aristarchus (2645) on Thursday May 29 2014, @07:12AM (#48607) Journal

    But the take-away from your post is that Windows users are hosed. But I repeat myself.

    --
    Die Republikkkanische Partei isst die weissvolken partei.
    • (Score: 5, Interesting) by juggs on Thursday May 29 2014, @07:47AM

      by juggs (63) on Thursday May 29 2014, @07:47AM (#48620) Journal

      Everyone is hosed if that is your take-away. Not just Windows users, Linux users, Apple users, Android users, ChromeOS users, ~everyone~.

      Run encryption atop your OS, well you have to trust the OS provider and the encryption software provider.

      Run OS provided encryption - now you only have one party to trust.

      If the OS is complicit then it matters not a jot what the encryption layers on top of it do, you're hosed.

      The actual take-away is..... file(system) encryption, fine for preventing casual thieves who purloin your mobile devices from gaining access to your files but it's not to be relied on for defeating snooping.

      But then it was never supposed to be a panacea, it does what it says on the tin - encrypts your shit while at rest (for now).

      Which makes me think - say you went to the bother of one of these TrueCrypt encrypted hidden partitions then installed OS of choice on it... what prevents the OS of choice giving away whatever crown jewels? Or the underlying hardware for that matter?

      Maybe this is the take-away... TrueCrypt was over a decade old and pre-dated mass Internet usage, having a deniable OS then was useful. Now not so much, it is our online footprint that betrays us.

      I honestly don't know.

      • (Score: 2) by Yog-Yogguth on Saturday May 31 2014, @04:07PM

        by Yog-Yogguth (1862) Subscriber Badge on Saturday May 31 2014, @04:07PM (#49608) Journal

        You are largely right. The most important thing to grasp is that TILT is the new default courtesy first and foremost of the NSA: if you are running COTS hardware (as nearly everyone does) you can not trust your hardware. This fact is not because the NSA and others have hardware implants (which they have plenty of) and it is not because they could weaken specific logic gates in whatever chips you are using (they could, it's not science fiction), nor is it because of the efforts of the NSA's TAO and their software (which is likely best of the best and amazingly brilliant), it runs deeper and is because it has become more than apparent and verified that the NSA (and any other such organization whom we might not even know about) does not have any kind of apprehension against using their unlimited clout in order to sift and/or record all data in existence using any means possible.

        Sure in exceptional cases that does mean they'll use the aforementioned. It has also been shown that they will use secret courts and secret court orders and "national security letters" and any "legal device" (even if illegal) and influencing industry standards (it doesn't matter all that much whether it strengthens or weakens said standards, since it is clear that what matters to them is that they'll do it to suit whatever they think is in their own interest).

        There is no reason to assume that their efforts stops there! Social hacking is always easier. If one can manipulate the foundations of academic research or industry-wide best practices or technical practical solutions it is worth far more than millions of later weaknesses. If you think you own the rabbit hole you want to make it as deep as possible: all the way down for forever, because it becomes tremendously more efficient the deeper it goes, and they have the resources to do just that.

        One should by now recognize that the NSA was and will always be a "bad faith" [wikipedia.org] actor (personally this is what hurts the most). This very fact is the negative ramification of the Snowden leaks that is almost suspiciously absent from the reports on the damages caused to the US: the leaks have removed any possibility of "good faith" status for the NSA (and also the US government) and this very "good faith" status was one of the most if not the most useful property/tool/attribute they had.

        Why isn't this being spelled out by the reports on the consequences of the leaks? Because they're hoping people won't notice; they're trying to avoid the Streisand effect because they would like to cling on to the incorrect "good faith" status and have as many people as possible continue to assume that they are "good faith" actors.

        They can't broadcast one of the most immediate and profound damages because it would exacerbate the troubling truth: they are not the "good guys", they are evil, and they represent the doom of humanity just like the Nazis and the Commies did only with vastly improved technology.

        The classic solution to the problem of a needle in a haystack is to set fire to the haystack. It won't matter that the initial motivation was to find the needles to remove and/or destroy them in order to save the hay: the solution remains the same.

        --
        Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
  • (Score: 2) by NCommander on Thursday May 29 2014, @09:24AM

    by NCommander (2) Subscriber Badge <mcasadevall@soylentnews.org> on Thursday May 29 2014, @09:24AM (#48641) Homepage Journal

    Which lazy underlining?; tags should "just work" We do at least know what the underlying issue is with UTF-8 support, though we haven't managed to fix it as of yet.

    --
    Still always moving
    • (Score: 2) by maxwell demon on Thursday May 29 2014, @10:30AM

      by maxwell demon (1608) Subscriber Badge on Thursday May 29 2014, @10:30AM (#48660) Journal

      I guess he didn't use proper HTML tags, but used lots of "-" or "=" for "underlining", causing a repetition filter to trigger

      --
      The Tao of math: The numbers you can count are not the real numbers.
      • (Score: 2) by NCommander on Thursday May 29 2014, @11:17AM

        by NCommander (2) Subscriber Badge <mcasadevall@soylentnews.org> on Thursday May 29 2014, @11:17AM (#48674) Homepage Journal

        The entire commenting engine needs a rework. Its on the TODO list, but ENOTIME. THe problem is slashcode basically uses HTML::Validater as its comment engine, and that wasn't really meant to be used in the way we're using it. Ideally, I'd love to rewrite it to use some bbcode based system (something we've gotten requests for), and make it a bit less stupid.

        Still, it does work for 95% of comments but bleh.

        --
        Still always moving
        • (Score: 2) by maxwell demon on Thursday May 29 2014, @11:42AM

          by maxwell demon (1608) Subscriber Badge on Thursday May 29 2014, @11:42AM (#48680) Journal

          I don't get the advantage of bbcode. So you write [ and ] instead of < and >? I don't see the big difference (except that the bbcode keys are harder to type on my QWERTZ keyboard :-)).

          Now if you supported Markdown for comments, that would IMHO be a true improvement. I have no idea whether it would be more work than bbcode, though.

          --
          The Tao of math: The numbers you can count are not the real numbers.
          • (Score: 2) by NCommander on Thursday May 29 2014, @12:51PM

            by NCommander (2) Subscriber Badge <mcasadevall@soylentnews.org> on Thursday May 29 2014, @12:51PM (#48701) Homepage Journal

            I feel like an ID10T for asking, but what is Markdown?

            --
            Still always moving
            • (Score: 4, Interesting) by maxwell demon on Thursday May 29 2014, @01:54PM

              by maxwell demon (1608) Subscriber Badge on Thursday May 29 2014, @01:54PM (#48731) Journal

              It's a way to format texts. Unlike bbcode, it doesn't rely on tags. Some of the syntax will be familiar to people previously on Usenet (e.g. quoting by starting lines with > or emphasizing by enclosing in *asterisks*), other will be familiar to people used to Mediawiki (e.g. preformatted code a la <ecode> through indention).

              See https://en.wikipedia.org/wiki/Markdown [wikipedia.org] for details.

              One site I know using Markdown (with a few extensions) is Stackexchange.

              I seem to remember something about plans of offering SoylentNews over NNTP; in that case, the fact that some of the Markdown syntax matches the syntax traditionally used in email and Usenet posts for the same purpose (as well as Markdown text being very readable by itself) might prove useful.

              --
              The Tao of math: The numbers you can count are not the real numbers.
              • (Score: 2) by NCommander on Thursday May 29 2014, @05:38PM

                by NCommander (2) Subscriber Badge <mcasadevall@soylentnews.org> on Thursday May 29 2014, @05:38PM (#48843) Homepage Journal

                SN over NNTP is a reach goal; definately something I want to do, but no idea when it might happen. I'll look more into Markdown; thanks for the link.

                --
                Still always moving
      • (Score: 2) by juggs on Friday May 30 2014, @02:53AM

        by juggs (63) on Friday May 30 2014, @02:53AM (#48991) Journal

        Exactly right, I used oodles of === for underlining. It was my own laziness that caused the problem rather than a Soylent code issue.