Security
TrueCrypt abruptly shuts down
The TrueCrypt disk-encryption software project has abruptly shut down, leaving only a vague warning message that users should not entrust their data to it and should migrate to another platform. If the shutdown was made in response to a recently-discovered security flaw, then there is indeed cause for concern, but the enigmatic nature of the announcement—and the project itself—make the circumstances more puzzling.
The TrueCrypt project is just over ten years old; the first release was made in February 2004. Its emphasis has always been on full-disk encryption for Windows machines, though it has also offered some features rarely found in competing programs, such as the creation of encrypted "hidden volumes" within other volumes. There have also been third-party projects to support TrueCrypt volumes on Linux and other operating systems. Performance was generally regarded as good, and it supported a range of different ciphers.
But TrueCrypt has always been a peculiar project. It has had licensing issues for many years that prevent it from actually being considered open source or free software. The TrueCrypt License (which, as of this week's shutdown, is no longer available on the web, including the Wayback Machine and Google cache, but can be found in the project's downloadable packages) was submitted to the Open Source Initiative (OSI) in 2006, but OSI determined that it did not meet the open source definition; it is also not on the Free Software Foundation's (FSF) list of free-software licenses. That is why official Linux releases from the project are not included in any mainstream distributions, but the third-party efforts are. The project continued to make its periodic releases and, interestingly enough, did so without ever revealing the identities of the team members.
On May 28, many users were surprised to discover that the project's previous URL truecrypt.org was suddenly redirecting visitors to truecrypt.sourceforge.net, where a page announced that development on TrueCrypt had ended and that TrueCrypt was not secure. The full text of the announcement reads:
This page exists only to help migrate existing data encrypted by TrueCrypt.
The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
Beneath the message are instructions for migrating a TrueCrypt-encrypted volume to BitLocker, plus a link to a new, signed Windows executable labeled TrueCrypt 7.2 (although source is also available from the SourceForge project files page). The signature on the new release does validate, and it was made with the same key used to sign previous releases. The 7.2 executable, however, does not encrypt; it can only decrypt TrueCrypt volumes.
The statement tying the project shutdown to Microsoft's end-of-life for Windows XP is more or less plausible, since subsequent Windows releases have other encryption options. Linux, of course, has full-disk encryption options of its own as well, such as Linux Unified Key Setup (LUKS) and dm-crypt. But the sudden disappearance of TrueCrypt is troubling for other reasons.
First, a longstanding criticism of TrueCrypt was that it had never been subjected to a real security audit. The site istruecryptauditedyet.com was set up and a crowdfunding campaign was launched in October 2013 to hire an auditor. The campaign was successful, and in April 2014 an initial report [PDF] was published, covering an analysis of the overall application. Cryptographer Matthew Green was handling the second phase of the audit, an in-depth analysis of the core encryption routines.
On May 29, Green told security blogger Brian Krebs that he still intends to complete the audit—and that he believes that the project shutdown was a move made by the real TrueCrypt developers, not a hijacking of the project's domain. The question then becomes whether or not the shutdown was related to the audit—for example, if there is a backdoor or serious vulnerability that the TrueCrypt developers anticipate Green will discover.
At this point, of course, such a discovery is purely speculation. Social media channels and discussion forums are filled with debates about other possibilities, such as government intervention like that which precipitated the sudden shutdowns of Lavabit and Silent Circle in August of 2013. Without further explanation from the TrueCrypt team, the community may never know for sure, and the team (as always) seems not to be speaking publicly.
But regardless of what led to the shutdown, TrueCrypt fans are left with a dilemma on their hands. If TrueCrypt had been released under a standard open-source or free-software license, then the community could easily take the last release and pick up development where the original authors left off. But the TrueCrypt license is not merely non-standard, it is confusing. As Richard Fontana noted in his summary of the OSI's consideration of the license, it even includes a provision that suggests anyone who does not understand whether or not they are in compliance with the license does not have the right to redistribute the code. Tom Callaway also noted that the TrueCrypt developers seem to intentionally reserve the right to sue for copyright infringement even if they remain in compliance with the license, a provision that makes the TrueCrypt source code not merely inconvenient, but perhaps even dangerous to work with.
In all likelihood, the community will move away from TrueCrypt and replace it with something else. Should Green's security audit or other subsequent investigations reveal a heretofore unknown explanation for the project's abrupt shutdown, that will be news in and of itself. But considering how well the TrueCrypt developers have managed to keep to themselves over the years, the odds are low that simple, clear explanation for these events is on its way.
Brief items
Security quotes of the week
How long before local offline storage becomes either widely unavailable, or simply illegal?
Unsafe cookies leave WordPress accounts open to hijacking, 2-factor bypass (Ars Technica)
Ars Technica is reporting on a WordPress bug that allows attackers to use a captured, unencrypted cookie to break into an account. "[Electronic Frontier Foundation staff technologist Yan] Zhu snagged a cookie for her own account the same way a malicious hacker might and then pasted it into a fresh browser profile. When she visited WordPress she was immediately logged in—without having to enter her credentials and even though she had enabled two-factor authentication. She was then able to publish blog posts, read private posts and blog stats, and post comments that were attributed to her account. As if that wasn't enough, she was able to use the cookie to change the e-mail address assigned to the account and, if two-factor authentication wasn't already in place, set up the feature. That means a hacker exploiting the vulnerability could lock out a vulnerable user. When the legitimate user tried to access the account, the attempt would fail, since the one-time passcode would be sent to a number controlled by the attacker. Remarkably, the pilfered cookie will remain valid for three years, even if the victim logs out of the account before then."
Exim 4.82.1 security release
The developers of the Exim mail transport agent have issued an urgent security release fixing a remote code execution vulnerability. Most users are probably not vulnerable, though: to be affected, a site must (1) be running the 4.82 release, and (2) have enabled the non-default EXPERIMENTAL_DMARC feature. Sites meeting those criteria should update immediately; everybody else can probably wait."TrueCrypt is not secure," official SourceForge page abruptly warns (Ars Technica)
Ars Technica reports that the SourceForge-hosted web page for the TrueCrypt encryption program suddenly changed to carry a prominent security warning. It indicates that the program may "contain unfixed security issues" and "
is not secure". A new version of TrueCrypt, 7.2, has been released, but with some major differences: "
The SourceForge page, which was delivered to people trying to view truecrypt.org pages, contained a new version of the program that, according to this "diff" analysis [.diff.gz], appears to contain changes warning that the program isn't safe to use. Curiously, the new release also appeared to let users decrypt encrypted data but not create new volumes. Significantly, TrueCrypt version 7.2 was certified with the official TrueCrypt private signing key, suggesting that the page warning that TrueCrypt isn't safe wasn't a hoax posted by hackers who managed to gain unauthorized access. After all, someone with the ability to sign new TrueCrypt releases probably wouldn't squander that hack with a prank."
New vulnerabilities
kernel: denial of service
| Package(s): | kernel | CVE #(s): | CVE-2014-2706 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | May 26, 2014 | Updated: | May 29, 2014 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Ubuntu advisory:
Yaara Rozenblum discovered a race condition in the Linux kernel's Generic IEEE 802.11 Networking Stack (mac80211). Remote attackers could exploit this flaw to cause a denial of service (system crash). (CVE-2014-2706) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
kernel: denial of service
| Package(s): | kernel | CVE #(s): | CVE-2014-2673 | ||||||||||||||||||||||||
| Created: | May 27, 2014 | Updated: | May 29, 2014 | ||||||||||||||||||||||||
| Description: | From the CVE entry:
The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
mod-wsgi: two vulnerabilities
| Package(s): | mod-wsgi | CVE #(s): | CVE-2014-0240 CVE-2014-0242 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | May 26, 2014 | Updated: | December 15, 2014 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Ubuntu advisory:
Róbert Kisteleki discovered mod_wsgi incorrectly checked setuid return values. A malicious application could use this issue to cause a local privilege escalation when using daemon mode. (CVE-2014-0240) Buck Golemon discovered that mod_wsgi used memory that had been freed. A remote attacker could use this issue to read process memory via the Content-Type response header. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-0242) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
mumble: multiple vulnerabilities
| Package(s): | mumble | CVE #(s): | CVE-2014-3755 CVE-2014-3756 | ||||||||||||||||||||
| Created: | May 23, 2014 | Updated: | May 30, 2014 | ||||||||||||||||||||
| Description: | From the openSUSE advisory: The Mumble client did not properly HTML-escape some external strings before using them in a rich-text (HTML) context (CVE-2014-3756). SVG images with local file references could trigger client DoS (CVE-2014-3755). | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
openstack-neutron: access restriction bypass
| Package(s): | openstack-neutron | CVE #(s): | CVE-2014-0187 | ||||||||||||||||
| Created: | May 29, 2014 | Updated: | August 21, 2014 | ||||||||||||||||
| Description: | From the Red Hat bugzilla entry:
Stephen Ma from Hewlett Packard and Christoph Thiel from Deutsche Telekom reported a vulnerability in Neutron security groups. By creating a security group rule with an invalid CIDR, an authenticated user may break openvswitch-agent process, preventing further rules from being applied on the host. Note: removal of the faulty rule is not enough, the openvswitch-agent must be restarted. All Neutron setups using Open vSwitch are affected. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
perl-LWP-Protocol-https: SSL certificate verification botch
| Package(s): | perl-LWP-Protocol-https | CVE #(s): | CVE-2014-3230 | ||||||||||||||||||||
| Created: | May 22, 2014 | Updated: | June 9, 2014 | ||||||||||||||||||||
| Description: | From the Red Hat bugzilla entry:
It was reported that libwww-perl (LWP), when using IO::Socket::SSL (the default) and when the HTTPS_CA_DIR or HTTPS_CA_FILE environment variables were set, would disable server certificate verification. Judging by the commit, the intention was to disable only hostname verification for compatibility with Crypt::SSLeay, but the resultant effect is that SSL_verify_mode is set to 0. This code was introduced in LWP::Protocol::https in version 6.04, so earlier versions are not vulnerable. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
PostfixAdmin: SQL command execution
| Package(s): | PostfixAdmin | CVE #(s): | CVE-2014-2655 | ||||
| Created: | May 27, 2014 | Updated: | May 29, 2014 | ||||
| Description: | From the CVE entry:
SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias. | ||||||
| Alerts: |
| ||||||
rubygem-openshift-origin-node: code execution
| Package(s): | rubygem-openshift-origin-node | CVE #(s): | CVE-2014-0233 | ||||||||
| Created: | May 22, 2014 | Updated: | May 29, 2014 | ||||||||
| Description: | From the Red Hat advisory:
A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to run cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift node server. (CVE-2014-0233) | ||||||||||
| Alerts: |
| ||||||||||
torque: code execution
| Package(s): | torque | CVE #(s): | CVE-2014-0749 | ||||||||
| Created: | May 23, 2014 | Updated: | May 29, 2014 | ||||||||
| Description: | From the Debian advisory: John Fitzpatrick from MWR Labs reported a stack-based buffer overflow vulnerability in torque, a PBS-derived batch processing queueing system. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code with root privileges. | ||||||||||
| Alerts: |
| ||||||||||
webmin: multiple unspecified vulnerabilities
| Package(s): | webmin | CVE #(s): | |||||
| Created: | May 23, 2014 | Updated: | May 29, 2014 | ||||
| Description: | From the Mageia advisory: Webmin has been updated to version 1.690, which fixes a security issue in the cron module and several XSS issues in pop-up windows. | ||||||
| Alerts: |
| ||||||
Page editor: Jake Edge
Next page:
Kernel development>>