Windows users who rely on TrueCrypt to encrypt their hard drives have a security problem: a researcher has discovered two serious flaws in the program.
TrueCrypt may have been abandoned by its original developers, but it remains one of the few encryption options for Windows. That keeps researchers interested in finding holes in the program and its spin-offs.
James Forshaw, a member of Google’s Project Zero team that regularly finds vulnerabilities in widely used software, has recently discovered two vulnerabilities in the driver that TrueCrypt installs on Windows systems.
The flaws, which were apparently missed in an earlier independent audit of the TrueCrypt source code, could allow attackers to obtain elevated privileges on a system if they have access to a limited user account.
The original authors of TrueCrypt, who have remained anonymous, abruptly shut down the project in May 2014 warning that “it may contain unfixed security issues” and advised users to switch to BitLocker, Microsoft’s full-disk encryption feature that’s available in certain versions of Windows.
Read the Full Article: Source – CSO Online
Browsing Privacy: (CSO Online) – Newly found TrueCrypt flaw allows full system compromise