SoylentNews is people
SoylentNews
The flaws, which were apparently missed in an earlier independent audit of the TrueCrypt source code, could allow attackers to obtain elevated privileges on a system if they have access to a limited user account.
The original authors of TrueCrypt, who have remained anonymous, abruptly shut down the project in May 2014 warning that "it may contain unfixed security issues" and advised users to switch to BitLocker, Microsoft's full-disk encryption feature that's available in certain versions of Windows.
At that time a crowd-funded effort was already underway to perform a professional security audit of TrueCrypt's source code and its cryptography implementations. The first phase, which analyzed the TrueCrypt driver and other critical parts of the code, had already been completed when TrueCrypt was discontinued. The auditors found no high-severity issues or evidence of intentional backdoors in the program.
It's impossible to tell if the new flaws discovered by Forshaw were introduced intentionally or not, but they do show that despite professional code audits, serious bugs can remain undiscovered
(Score: 3, Insightful) by FakeBeldin on Friday October 02 2015, @11:55AM
I'm not saying this should have been caught with 100% certainty.
I am saying that since they specifically claimed to be looking for this type of bug in the windows driver. There was exactly such a bug in exactly the place they looked for it, and they didn't find it. We should take the rest of their findings with a larger dose of salt than expected.
We paid someone to look into things, they said "we can't see everything, we're only looking at these very specific parts for these very specific bugs", and then later we find that they didn't spot exactly such a bug in exactly one of the parts they claimed to look at.
It's like someone in the Independence Day movie saying "we're looking for signs of alien activity" and not noticing the city-sized flying saucers over his head.