Day: May 28, 2014

TrueCrypt.org May be Compromised

Today, a new version of TrueCrypt (7.2) was pushed to SourceForge, and the TrueCrypt.org website was replaced with an incredibly suspicious page recommending users cease all use of TrueCrypt and use tools such as Bitlocker. The TrueCrypt maintainers have not officially (as of the time of this writing) commented yet on whether the site is compromised, or whether they are (more unlikely) scuttling the project for reasons unknown.

There have been a number of conspiracy theories ranging from a warrant canary (someone tipping off the TrueCrypt team that a secret warrant was issued for information about them) to a massive website compromise, and finally to a terribly sloppy and unprofessional true exit from TrueCrypt.

My take? I don’t know, but most agree it is very suspicious that the TrueCrypt team would lead anyone to use private, proprietary software like BitLocker, when there are plenty of FOSS implementations out there that work well. Usually when someone is lying under duress (or even trolling), one natural way to tip everyone else off to that fact is to state something completely unbelievable that other┬ápeople would see is completely unbelievable. The TC team recommending┬áBitLocker fits that bill, and I think leaves a hint to the public to disregard everything they’re saying about TC. The whole thing smells suspicious, and at the very least, should be approached with caution.

One thing is for certain: You should not download or trust anything from TrueCrypt until this is all sorted out. That doesn’t mean, however, that you should stop using TrueCrypt if you already are.

Here are a few steps on what you should do, however, to protect your content:

Read More