Security Alerts & News
by Tymoteusz A. Góral

#1600 VeraCrypt patches critical vulnerabilities uncovered in audit
An audit of open source file and disk encryption package VeraCrypt turned up a number of critical vulnerabilities that have been patched in the month since the assessment was wrapped up.

The audit, which began Aug. 16, was funded by the Open Source Technology Improvement Fund (OSTIF) and executed by two researchers at Quarkslab.

The examination was carried out against VeraCrypt 1.18; VeraCrypt is a fork of TrueCrypt, the once-popular and de facto standard for free FDE, which was abandoned in 2014 under mysterious circumstances as the project’s maintainers said the code was no longer safe to use. TrueCrypt was soon thereafter audited by the Open Crypto Audit Project and a number of vulnerabilities were uncovered, but no backdoors as was feared in the aftermath of the initial Snowden leaks.
Read more
#1601 5900 online stores found skimming [analysis]
#1600 VeraCrypt patches critical vulnerabilities uncovered in audit
#1599 DSL does 10Gbps over telephone lines
#1598 Why is Java so insecure? Buggy open source components take the blame
#1597 Attackers hiding stolen credit card numbers in images
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12