The encryption platform TrueCrypt has been an unsupported application for a while, meaning that its developers no longer provide updates to the system, but unfortunately many consumers are still using this product. As of recently, this was just behavior frowned upon by security professionals. Now that a Google team, specifically Project Zero and James Forshaw (a security researcher) found two holes within the software related to the escalation of privileges, it has been deemed no longer safe. Exploiting this vulnerability would allow an attacker to have full reign of the machine and its data, thus rending the encryption of information unless.
Basically, if an organization is using TrueCrypt to encrypt data, they are not really keeping their information secure. TrueCrypt is a product with a great price tag, but unfortunately is not the product to help lock down a machine. Engadget recommends VeraCrypt and CipherShed as alternatives, due to the fact that their bug has already been patched, and they are also easy on the wallet. These two versions are also open source relatives of TrueCrypt, so they are similar in nature.
Have a question?
If you have any further questions regarding this information or are looking for advice on security best practices, please contact a certified GraVoc employee.
Related articles
Change Healthcare Attack: Ransomware Protection Measures for Healthcare Organizations
In light of the Change Healthcare attack, we explore why hackers target healthcare and how healthcare can defend against ransomware.
GraVoc Recognized on CRN MSP 500 List for Second Year in a Row
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
PCI SAQ Types: Which SAQ is Right for Your Business?
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.