The encryption platform TrueCrypt has been an unsupported application for a while, meaning that its developers no longer provide updates to the system, but unfortunately many consumers are still using this product. As of recently, this was just behavior frowned upon by security professionals. Now that a Google team, specifically Project Zero and James Forshaw (a security researcher) found two holes within the software related to the escalation of privileges, it has been deemed no longer safe. Exploiting this vulnerability would allow an attacker to have full reign of the machine and its data, thus rending the encryption of information unless.
Basically, if an organization is using TrueCrypt to encrypt data, they are not really keeping their information secure. TrueCrypt is a product with a great price tag, but unfortunately is not the product to help lock down a machine. Engadget recommends VeraCrypt and CipherShed as alternatives, due to the fact that their bug has already been patched, and they are also easy on the wallet. These two versions are also open source relatives of TrueCrypt, so they are similar in nature.
Have a question?
If you have any further questions regarding this information or are looking for advice on security best practices, please contact a certified GraVoc employee.
The NSA Cybersecurity Guide for Remote Workers
In this blog post, we cover a few key recommendations for remote workers from the NSA guide, ‘Best Practices for Securing Your Home Network.’
GraVoc Recognized on CRN’s 2023 MSP 500 List
CRN®, a brand of The Channel Company, has named GraVoc to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2023!
The Cybersecurity Implications of ChatGPT
Is ChatGPT a security risk? In this blog post, we explore the cybersecurity implications of ChatGPT, including the benefits and challenges.