The encryption platform TrueCrypt has been an unsupported application for a while, meaning that its developers no longer provide updates to the system, but unfortunately many consumers are still using this product. As of recently, this was just behavior frowned upon by security professionals. Now that a Google team, specifically Project Zero and James Forshaw (a security researcher) found two holes within the software related to the escalation of privileges, it has been deemed no longer safe. Exploiting this vulnerability would allow an attacker to have full reign of the machine and its data, thus rending the encryption of information unless.

Basically, if an organization is using TrueCrypt to encrypt data, they are not really keeping their information secure. TrueCrypt is a product with a great price tag, but unfortunately is not the product to help lock down a machine. Engadget recommends VeraCrypt and CipherShed as alternatives, due to the fact that their bug has already been patched, and they are also easy on the wallet. These two versions are also open source relatives of TrueCrypt, so they are similar in nature.

Have a question?

If you have any further questions regarding this information or are looking for advice on security best practices, please contact a certified GraVoc employee.

Related articles

 

Need-to-Know Privilege Explained

Need-to-Know Privilege Explained

In this blog post and video, we explore need-to-know privilege in cybersecurity and why it’s important for organizations to assign user permissions on a need-to-know basis.

read more

Pin It on Pinterest

Share This