*NEW* Fraunhofer Truecrypt audit report (via Matt Green on twitter) 11/19/2015

Topics: Technical Issues
Nov 20, 2015 at 1:14 AM
Nov 20, 2015 at 1:58 AM
Nov 20, 2015 at 4:13 AM
Edited Nov 20, 2015 at 4:16 AM
Thanks for posting these links.

I disagree with the statement made below from the press release.
In late September, Google's Project Zero had discovered two previously unknown vulnerabilities in TrueCrypt, one of them classified as critical. The gap allows malicious code that already has access to the running computer system, to acquire expanded system rights. Prof. Dr. Michael Waidner, Director of Fraunhofer SIT, says: "The vulnerability should be closed, but it does not simplify access to encrypted data for the attacker". To exploit the vulnerability, the attacker would have far-reaching access to the computer anyway, for example, via a Trojan.
.
The TrueCrypt driver vulnerability can be exploited without administrator privileges. However, exploiting one of the vulnerabilities (CVE-2015-7358) will allow the attacker to gain administrator privilege.
Nov 20, 2015 at 11:28 PM
Nov 21, 2015 at 8:57 AM