The encryption platform TrueCrypt has been an unsupported application for a while, meaning that its developers no longer provide updates to the system, but unfortunately many consumers are still using this product. As of recently, this was just behavior frowned upon by security professionals. Now that a Google team, specifically Project Zero and James Forshaw (a security researcher) found two holes within the software related to the escalation of privileges, it has been deemed no longer safe. Exploiting this vulnerability would allow an attacker to have full reign of the machine and its data, thus rending the encryption of information unless.
Basically, if an organization is using TrueCrypt to encrypt data, they are not really keeping their information secure. TrueCrypt is a product with a great price tag, but unfortunately is not the product to help lock down a machine. Engadget recommends VeraCrypt and CipherShed as alternatives, due to the fact that their bug has already been patched, and they are also easy on the wallet. These two versions are also open source relatives of TrueCrypt, so they are similar in nature.
Have a question?
If you have any further questions regarding this information or are looking for advice on security best practices, please contact a certified GraVoc employee.
Related articles
Business Email Compromise: Top BEC Tactics & How to Protect Against Them
We take a look at Business Email Compromise, including common BEC tactics and what your business can do to protect against them.
FFIEC CAT Sunset: Why the CRI Profile is a Strong Alternative
With the FFIEC CAT sunset approaching, we explore why the CRI Profile is a strong alternative to the CAT for financial institutions!
FTC Safeguards Rule Compliance for Auto Dealerships
We’ll go over the FTC Safeguards Rule, what it requires, and how a managed service provider can help auto dealerships stay compliant.