Serious security flaws have been discovered in TrueCrypt, placing users who insist on using the legacy encryption system at risk.
The system encryption service, axed last year after Microsoft terminated support for Windows XP, was canned without warning due to "unresolved security issues" in May 2014.
TrueCrypt is still available for download -- but is recommended only if you are migrating data on drives encrypted by TrueCrypt. Instead, PC users who wish to encrypt their hard drives and virtual disk images are asked to download the spin-off Veracrypt or use Microsoft's BitLocker instead.
The need to move on from Truecrypt is now more pressing thanks to the discovery of two severe security flaws in the program by James Forshaw, a member of Google's Project Zero security team.
The vulnerabilities, CVE-2015-7358 and CVE-2015-7359 are deemed critical and allow for local privilege escalation in Microsoft's Windows operating system through the abuse of drive letter handling and incorrect Impersonation Token Handling.
Attackers could leverage the flaws to hijack processes and grant themselves full administrator privileges, and with such keys to a system, havoc could ensue. Malware can be downloaded, surveillance can take place, a PC could be ruined from the root -- there is no end to what a hacker could accomplish.
While the bugs are not the backdoors rumored to be buried within TrueCrypt -- despite the fact an audit has revealed no security flaws -- Forshaw said in a set of tweets:
Read on: Top picks
For those looking to go a step further, TrueCrypt offered full-disk encryptionat least it did until it was abandoned by its developers. Forshaw
TrueCrypt critical flaws revealed: Its time to jump ship ...
TrueCrypt may have been abandoned by its original developers, but it remains one of the few encryption options for Windows. Attackers could leverage the flaws to
TrueCrypt critical flaws revealed: Its time to jump ship ...
TrueCrypt critical flaws revealed: Its time to jump ship critical flaws revealed: It's time to jump security flaws have been discovered in TrueCrypt,
TrueCrypt critical flaws revealed: It's time to jump ship
Recently discovered security flaws should push users hanging on to the encryption system to make the move to a safer option. More
TrueCrypt critical flaws revealed: It's time to jump ship ...
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
TrueCrypt critical flaws revealed: It's time to jump ship ...
Serious security flaws have been discovered in TrueCrypt, placing users who insist on using the legacy encryption system at risk. The system encryption service, axed
"TrueCrypt critical flaws revealed: It's time to jump ship ...
"TrueCrypt critical flaws revealed: It's time to jump ship", via ZDNet - posted in Encryption Methods and Programs: Serious security flaws have been discovered in
TrueCrypt critical flaws revealed: It's time to jump ship ...
This page provides information about 'TrueCrypt critical flaws revealed: It's time to jump ship ' on Broken Controllers.
TrueCrypt critical flaws revealed: Its time to jump ship ...
Recently discovered security flaws should push users hanging on to the encryption system to make the move to a safer option. Read more: TrueCrypt critical flaws
Business News | TrueCrypt critical flaws revealed | It's ...
TrueCrypt critical flaws revealed: It's time to jump ship - ZDNet: ZDNet - Recently discovered security flaws should push users hanging on to the encryption system to