The flaws, which were apparently missed in an earlier independent audit of the TrueCrypt source code, could allow attackers to obtain elevated privileges on a system if they have access to a limited user account.
The original authors of TrueCrypt, who have remained anonymous, abruptly shut down the project in May 2014 warning that "it may contain unfixed security issues" and advised users to switch to BitLocker, Microsoft's full-disk encryption feature that's available in certain versions of Windows.
At that time a crowd-funded effort was already underway to perform a professional security audit of TrueCrypt's source code and its cryptography implementations. The first phase, which analyzed the TrueCrypt driver and other critical parts of the code, had already been completed when TrueCrypt was discontinued. The auditors found no high-severity issues or evidence of intentional backdoors in the program.
It's impossible to tell if the new flaws discovered by Forshaw were introduced intentionally or not, but they do show that despite professional code audits, serious bugs can remain undiscovered
(Score: 2) by dyingtolive on Wednesday September 30 2015, @09:30PM
This just in: SNOWDEN AND AHMED MELTED STEEL BEAMS WITH BREAD AND CIRCUSES UNDER THE INFLUENCE OF GAMEMAKER ON ORDER FROM NSA! 9/11 CONFIRMED!
I think that covers most of the rest.
Don't blame me, I voted for moose wang!
(Score: 0) by Anonymous Coward on Thursday October 01 2015, @06:33AM
What about MyCleanPC?