If you’re not familiar with TrueCrypt, it a free utility that you can use to encrypt your data. I’ve used it for years, lots of people in the eDiscovery world have used it for years, among many other tech professionals, and I would imagine they continue to use it.
Given the large user base, and the nature of the tool to begin with, the current state of affairs is a huge concern. As ArsTechnica explains:
One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn’t safe to use.
“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” text in red at the top of TrueCrypt page on SourceForge states. The page continues: “This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”
So has the site been hacked? Is this a hoax? Are they really suggesting that everyone should stop using their software with no further comment or explanation? Who knows? It certainly bears watching for those of us who’ve been using it!Tags: eDiscovery, Microsoft, Security