Monday, 5 October 2015

Encryption Advice To Journalists After TrueCrypt Leak

Recently discovered a researcher at Google two vulnerabilities in the popular encryption program TrueCrypt will not be stopped, but journalists still have options to encrypt their data. This enables the US Committee to Protect Journalists (CPJ).

The organization works worldwide for press freedom. Last year showed the CPJ that journalists TrueCrypt still safe could use, even though the support stop put by the developers. However, journalists were advised in the medium term, software switch. Programs were not mentioned however. Because of the two leak found, the CPJ expressed themselves on how to use TrueCrypt.

According to Geoffrey King, who through the organization dedicated to the digital rights of journalists, now revealed the vulnerabilities could be used by someone who already has a user account on the computer. The first vulnerability is dangerous because someone with a limited user account can gain full administrative rights. The second vulnerability allows an unauthorized user to disconnect an active use TrueCrypt volume. To use either leak must be able to log into an attacker's computer. In addition, it is not possible to decrypt the information via vulnerabilities.

In the on TrueCrypt-based Vera Crypt Two problems have been resolved. The CPJ has not evaluated the safety and reliability of this program. In addition, according King, no solution without risk. He advises journalists to always encrypt their data as unencrypted data is one of the greatest risks. The CPJ recommends therefore to use encryption software that comes with the operating system. In the case of Mac OS X is that FileVault 2, while BitLocker for Windows and Linux LUKS is recommended. Further, a complex and to remember passphrase must be used for the encryption.

No comments:

Post a Comment