[FD] TrueCrypt?

I'm surprised I haven't seen any discussion about the recent issues with TrueCrypt. Links to current discussions follow. /r/sysadmin: http://www.reddit.com/r/sysadmin/comments/26pxol/truecrypt_is_dead/ /r/netsec: http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052

[FD] TrueCrypt

Site http://truecrypt.sourceforge.net/ says "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues" does someone have any information about this? --- Henri Salo signature.asc Description: Digital signature ___ Sent through t

[FD] Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines

Hi @ll, for MANY years now Microsofts own documentation for CreateProcess*() resp. says: | Note: If any element of the command string contains or might contain

[FD] Microsoft DHCP INFORM Configuration Overwrite

Title: Microsoft DHCP INFORM Configuration Overwrite Version: 1.0 Issue type: Protocol Security Flaw Affected vendor: Microsoft Release date:28/05/2014 Discovered by: Laurent Gaffié Advisory by: Laurent Gaffié Issue status:Patch not available ===

[FD] The 2014 Volatility Plugin Contest is now live!

We (the Volatility Team) are happy to announce that the 2014 Volatility Plugin Contest is now live: http://www.volatilityfoundation.org/#!2014/cjpn This contest is modeled after the annual IDA Pro one, and its purpose is to encourage new research in the memory forensics field. Volatility is one o

[FD] How to use the vulnerable flash player plugin installed with Adobe Reader XI (and other Adobe products)

Hi @ll, almost a year ago I wrote in about the vulnerable NPSWF32.DLL and MSVC*.DLL installed with Adobe Reader XI. Others wrote about the vulnerable NPSWF32.DLL before, cf.

[FD] XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance 8.5.1.1516 (Zero-DAY)

I. VULNERABILITY - XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance 8.5.1.1516 II. DESCRIPTION - Has been detected a XSS vulnerability in InterScan Messaging Security Virtual Appliance version 8.5.1.1516. The code injectio

Re: [FD] TrueCrypt?

+ http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/ -Original Message- From: Fulldisclosure [mailto:fulldisclosure-boun...@seclists.org] On Behalf Of Anthony Fontanez Sent: 2014, May, 28 10:21 PM To: fulldisclosure@seclists.org Subject: [FD] TrueCrypt? I'm

Re: [FD] What do you think of Trollc?

So far the thread of discussion here has focused on whether or not Weev's plan would /actually work/. But lets take a step back. If I understand it, the plan is to facilitate "ethical vulnerability disclosure" by 1) Finding security vulnerabilities in live sites 2) Disclosing them to the public be

Re: [FD] TrueCrypt?

There are several strange behaviors. Sitesource is not clean. Just a html that say take now Bitlocker or other built-in tools of your OS !? New Keys got added to SF 3h before release of 7.2 happened. On SF the old versions got removed. For older Versions you've to download them elsewhere (there

Re: [FD] What do you think of Trollc?

On Tue, May 27, 2014 at 3:32 PM, Jeffrey Walton wrote: > On Tue, May 27, 2014 at 3:04 PM, Brandon Perry > wrote: >> Not even sure when the last vulnerability that caused any fluctuation in >> the stock markets was. > +!. I'm not sure it ever hurt Sony, and they've had over 40 documented > problem

Re: [FD] TrueCrypt

Look at this: http://thehackernews.com/2014/05/encryption-tool-truecrypt-shuts-down.html I feel very suspicious the suggestion to use Bitlocker... Regards On 28/05/2014 22:21, Henri Salo wrote: > Site http://truecrypt.sourceforge.net/ says "WARNING: Using TrueCrypt is not > secure as it may conta

Re: [FD] TrueCrypt?

Krebson covered it pretty well here: http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/ And a few more speculations here: http://www.theregister.co.uk/2014/05/29/truecrypt_analysis/ For the most part the general consensus is they're no longer wanting to continue develo

Re: [FD] TrueCrypt?

On Wed, May 28, 2014 at 10:21 PM, Anthony Fontanez wrote: > I'm surprised I haven't seen any discussion about the recent issues with > TrueCrypt. Links to current discussions follow. > > /r/sysadmin: > http://www.reddit.com/r/sysadmin/comments/26pxol/truecrypt_is_dead/ > /r/netsec: > http://ww

Re: [FD] What do you think of Trollc?

> I could distill that to layman's terms: > "Hurting someone else and making money at their expense." Well, kind of, but that's essentially the definition of all short-term stock trading: you're betting that somebody else is wrong and want to profit from their loss. /mz _

Re: [FD] What do you think of Trollc?

On May 28, 2014, at 7:29 PM, Brian M. Waters wrote: > I could distill that to layman's terms: > "Hurting someone else and making money at their expense." Disclosing information that is available to the public is not hurting anyone. If they are hurt in the markets due to poor data security prac

Re: [FD] What do you think of Trollc?

"Ethical" is always a matter of perspective. "Legal" and "effective" are the relevant points of contention. On Wed, May 28, 2014 at 10:29 PM, Brian M. Waters wrote: > So far the thread of discussion here has focused on whether or not > Weev's plan would /actually work/. But lets take a step bac

Re: [FD] TrueCrypt?

http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/comment-page-1/#comment-255908 Le 29/05/2014 22:51, uname -a a écrit : There are several strange behaviors. Sitesource is not clean. Just a html that say take now Bitlocker or other built-in tools of your OS !? New

[FD] Full disk encryption for OS X alternative to TrueCrypt

Greetings. I'm a happy long-time user of TrueCrypt, and was as dismayed as anyone else to see the news. I'm considering starting a full disk image encryption alternative to TrueCrypt that will target OS X (maybe others too, but right now OS X is my priority). Asking here for interest in such

Re: [FD] TrueCrypt?

But why go out in that style? Why not be frank? Why be so careless as to recommend BitLocker? The diff was meticulous but the website and comms were not. It doesn't add up. Sent from mobile. On May 29, 2014 5:13 PM, "secuip" wrote: > http://krebsonsecurity.com/2014/05/true-goodbye-using- > true

[FD] Bizagi BPM Suite contains multiple vulnerabilities

Vulnerability Note VU#112412 Bizagi BPM Suite contains multiple vulnerabilities Overview Bizagi BPM Suite contains a reflected cross-site scripting vulnerability and a SQL injection vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti

Re: [FD] TrueCrypt?

In the various accounts and discussions all around the Internet, I had been baffled by the mention of Windows XP support end-of-life. On reflection, I can see why there might be concern for the vulnerability of TrueCrypt, and user keys, on a platform for which there is no longer any security su

Re: [FD] Full disk encryption for OS X alternative to TrueCrypt

On 2014-05-29 14:23, Jeffrey Groby wrote: > Maybe I am confused here. I thought FileVault was the full disk encryption tool for OS X and TrueCrypt was the Windows solution. Are you writing an alternative to FileVault? > > I am sure I must have misunderstood something. TrueCrypt was availabl

Re: [FD] TrueCrypt?

On 2014-05-29 14:18, Justin Bull wrote: > But why go out in that style? Why not be frank? Why be so careless as to > recommend BitLocker? > > The diff was meticulous but the website and comms were not. It doesn't add > up. The general consensus in some quarters (e.g. encryption and topical I

[FD] US cybercrime laws being used to target security researchers | Technology | The Guardian

HD Moore, creator of the ethical hacking tool Metasploit and chief research officer of security consultancy Rapid7, told the Guardian he had been warned by US law enforcement last year over a scanning project called Critical.IO, which he started in 2012. The initiative sought to find widespread vul

Re: [FD] Full disk encryption for OS X alternative to TrueCrypt

You need to ask yourself a question: How well do you know coding and encryption handling to ensure that your software doesn't have unintentional back doors and/or information disclosure? This is a serious question because it requires serious answers when you're dealing with cryptography. The weake

Re: [FD] TrueCrypt?

http://threatpost.com/of-truecrypt-and-warrant-canaries/106355 On Thu, May 29, 2014 at 5:18 PM, Justin Bull wrote: > But why go out in that style? Why not be frank? Why be so careless as to > recommend BitLocker? > > The diff was meticulous but the website and comms were not. It doesn't add > u

Re: [FD] TrueCrypt?

It's almost as mysterious as the Lavabit shutdown. Interestingly enough there is a recent update on the story of Lavabit and how the company was considered a third party up a crime so they did not have a right to legal counsel. Check it out http://lavabit.com I'm certainly interested to hear more

Re: [FD] TrueCrypt?

I saw this link at #truecr...@irc.freenode.net where they are collecting some facts: http://www.etcwiki.org/wiki/What_happened_to_Truecrypt_-_May_2014 I agree with the comment that secuip linked, is pretty close what I though this morning. El 29/05/14 23:18, Justin Bull escribió: But why go

Re: [FD] Full disk encryption for OS X alternative to TrueCrypt

On 2014-05-29 14:46, Mike Cramer wrote: > You need to ask yourself a question: > > How well do you know coding and encryption handling to ensure that your > software doesn't have unintentional back doors and/or information > disclosure? This is a serious question because it requires serious a

Re: [FD] TrueCrypt?

I think it’s more important to have rational discussions. This isn’t the first time Microsoft has been ‘rumored’ to have backdoors in Windows for the US Government. These rumors have been perpetuated for years. While I don’t know how long you’ve been in the industry, it’s something I recall even

Re: [FD] TrueCrypt?

Closed source and Microsoft is notoriously known to play ball with LEO and government. It's an ill-fitting shoe. Sent from mobile. On May 29, 2014 5:47 PM, "Mike Cramer" wrote: > What is careless about recommending Bitlocker? > > -Original Message- > From: Fulldisclosure [mailto:fulldisc

Re: [FD] Full disk encryption for OS X alternative to TrueCrypt

On 2014-05-29 15:18, CIURANA EUGENE (pr3d4t0r - Full Disclosure) wrote: Greetings. I'm a happy long-time user of TrueCrypt, and was as dismayed as anyone else to see the news. I'm considering starting a full disk image encryption alternative to TrueCrypt that will target OS X (maybe others too

Re: [FD] Full disk encryption for OS X alternative to TrueCrypt

On 2014-05-29 14:39, Jeffrey Walton wrote: > GPL can be a toxic license. Its great if you're OK with being > boxed-in, but its too encumbered to do anything outside of Stallman's > vision. Apache, Boost and {2|3}-clause BSD license will likely be more > useful for those who want to reuse code