![]() The systems we have today are incredibly complex. ![]() That’s why we keep finding vulnerabilities all of the time everywhere. Those kinds of vulnerabilities slipped through, which, and again, not to really be too concerned about it, I mean this is really complex software. It clearly focused more on TrueCrypt’s encryption as compared to its interaction with the system but (which is where the vulnerability was found so that the encryption was fine), but the fact is some things slipped through. There was an actual security audit performed on TrueCrypt. Then with or without this particular vulnerability in TrueCrypt, you know malware could be logging your keystrokes, could be reading your data, doing whatever.īut it has got us thinking a little bit, because as we know, about a year ago now, TrueCrypt was unceremoniously dropped by its developer with some very vague notes that had everybody kind of freaking out at the time. You don’t have to worry about your data being exposed somehow, unless of course, you have malware on your machine. The really good news, of course, is that vulnerability has nothing to do with TrueCrypt’s encryption. TrueCrypt’s encryption remains solid. So, naturally, I mean the good news is that it requires the cooperation or the presence of malware to take advantage of or to exploit that vulnerability in TrueCrypt. It is likely that it’s not a huge deal, but as I understand it, the way it works is that the security flaw in TrueCrypt would allow malware on your machine to gain elevated privileges. In other words, become administrator on your machine, and once malware becomes administrator, they can do all sorts of nasty things. As I understand it, it may only apply to TrueCrypt used in a specific way, meaning whole disk encryption. So, TrueCrypt, you probably heard announced a couple of weeks ago that there had been found a security flaw in TrueCrypt itself. LastPass, we just heard a couple of days ago that they’ve been sold to LogMeIn, and then I ran into something that doesn’t portend well for the future of Boxcryptor Classic.Īll three of these are software that I’ve recommended, so I wanted to quickly take a few minutes and talk about what the issue is with each of them why you shouldn’t necessarily panic, of course, but then also what I’m looking into to move forward for each of them, in case we end up needing to make some changes. TrueCrypt, we heard about its security flaw a couple of weeks ago. In the last couple of weeks, we’ve had pieces of news, and I’ve had at least one experience with each of those three pieces of software I just mentioned. ~ IMHO.Boxcrypter, TrueCrypt, LastPass … Oh, my! So, each of these has it’s own problems, costs and advantages ~ but none of them are simple. Which is not something that most users want to bother with. But this requires some tech-fu, takes time and can be messy. Encrypt your DT data yourself using a local protocol such as Knox.There are several options, but DT would have to provide specific encoding for each/any of them. Use a Cloud data service that does not store your passwords & encryption keys.Have DevonThink encrypt the data, as a transparent internal operation, so that it remains private while floating in the cloud.There are some ways to resolve this problem. “Dropbox breach could have been a lot worse – but it’s still time to wake-up-and-smell-the-coffee.” (2012-08). “Dropbox proves to be a security problem for enterprises.” (2012-08).Ĭ.uk/cloud-essenti … nterprises There have been several examples of DropBox breaches (that we know of). And it may never be deleted.Įconomist: “Keys to the cloud castle.” (2011).Į/blogs/babbage/ … t_security Which means that their staff, or anyone else with access, or a skilled hacker or a government agency, or some legal action, (or a random error) etc can immediately gain access all your data (without your knowledge or permission). The problem is that DropBox has access to your encryption keys and holds them with the data. Most online storage systems encrypt your data during transmission.
0 Comments
Leave a Reply. |