Connect with us

Cybersecurity

TrueCrypt Passes Security Audit, Project’s Future Still Unclear

Published

on

Last year, the developers of popular disk encryption software TrueCrypt, used by Edward Snowden and countless other privacy advocates, abruptly abandoned the project, stating,

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”

The software’s mysterious death led to a storm of conspiracy theories, including the idea that TrueCrypt may contain an NSA backdoor. However, the results of a thorough, public security audit by the NCC Group have just arrived, showing no evidence of NSA backdoors. While this seems like good news for past TrueCrypt users, the future of the project is still unclear.

TrueCrypt’s Security Audit Still Leaves Many Questions Unanswered

TrueCrypt Passes Security Audit, Project's Future Still UnclearUnlike many disk encryption utilities like BitLocker and FileVault, TrueCrypt is open source, allowing anyone to inspect the project’s code for vulnerabilities and backdoors. This makes it relatively easy for anyone with the technical knowledge to audit TrueCrypt’s security, as the NCC Group has done. NCC discovered four vulnerabilities in the now-abandoned software, none of which are particularly serious. To exploit the bugs, an attacker would most likely have to first compromise the target machine.

Matt Green, a cryptographer and research professor at Johns Hopkins University, wrote about the TrueCrypt audit in a recent blog post, stating,

“The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.”

“Truecrypt is a really unique piece of software. The loss of Truecrypt’s developers is keenly felt by a number of people who rely on full disk encryption to protect their data. With luck, the code will be carried on by others. We’re hopeful that this review will provide some additional confidence in the code they’re starting with.”

While many, like Green, hope that other developers will fork the TrueCrypt project to keep it alive, TrueCrypt’s software license actually prohibits borrowing the source code to create new versions of the software. This means that developers will have to create a new encryption project from scratch, something that could take years. Interestingly, some developers have still forked TrueCrypt despite the potential legal consequences, creating projects like CipherShed and VeraCrypt.

Alternatives

While it doesn’t seem like there are any serious issues with TrueCrypt, it’s still entirely possible that the audit may have missed a fatal flaw, and using an abandoned security system is probably not the best idea anyway. The project’s page on SourceForge directs Windows users to use BitLocker – Microsoft’s built-in encryption utility that has been found to have been compromised by the CIA. For Mac users, OS X includes FileVault. FileVault isn’t known to have been compromised, but like BitLocker, FileVault is closed source. The software has been independently tested by many security researchers, but it’s still difficult to say with confidence that there are absolutely no vulnerabilities or backdoors without access to FileVault’s source code.

For now, other than TrueCrypt’s forks, there are few open source alternatives to TrueCrypt, all of which have mixed reviews from the security community.

Images from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

I've always been interested in the latest stuff in science and technology, and I'm currently a freshman undergraduate electrical engineering student at the University of Texas at Austin.




Feedback or Requests?

2 Comments

2 Comments

  1. Taras Kory C#, SEO, Python

    April 14, 2015 at 9:15 pm

    VeraCrypt probably has a backdor. I would NEVER install anything later then TrueCrypt 7.1a

  2. Max Lundgren

    August 19, 2015 at 12:07 pm

    Lol, there is more way to to enter besides a keyboard, nasty script, rooting, Memory scanners and loggers, and of cause the obvious Back door, that have more than one entrance… Lol

You must be logged in to post a comment Login

Leave a Reply

Altcoins

EOS Price Forecast: EOS/USD Heading for Another 300% Move?

Published

on

  • EOS/USD price action via the 4-hour chart view has formed a bullish flag pattern.
  • The price is moving around levels seen back end of March to early April, before a bull run of over 300%.

The past six sessions for EOS/USD have been erratic to say the least. It has been subject to a high amount of volatility, swinging aggressively in both directions. There has been a lack of commitment from either the bear or bull camps of late. As the market continues to trade with such behavior, it appears to be trying to find its feet, ahead of a potential chunky firm trend.

EOS DApp Hacked Again

An EOS based gambling DApp, EOSBet has been hacked, with $338,000 being reported as stolen. This isn’t the first time; just back in September, hackers managed to get away with a reported 40,000 worth of EOS, which at the time had a value of $200,000. It has been said that they were able to exploit their smart contracts, having found security vulnerabilities.

Technical Review – 4-hour Chart View

EOS/USD 4-hour chart

EOS/USD price action has formed a bullish flag pattern, which began taking shape on 15th October, after the aggressive price behavior stabilized. The bulls at the time ran the price well up into $6 territory. Consequently, it then met the breached ascending trend line, failing to move back above this area. This followed the sharp breakthrough to the downside, which occurred on 11th October. As a result, a drop of over 15% was seen, forcing EOS/USD to retreat in a demand area, within the $5.0000 level proximity.

Looking to the upside, small near-term resistance is seen at around $5.6100, which is the upper trend line of the mentioned bull flag pattern. A breakout will likely open the doors to a retest of the broken ascending trend line, tracking around $6.1100. Support can be eyed at $5.4600, which marks the lower trend line of the flag. Furthermore, should this fail to hold, EOS/USD could likely fall back down to the serving demand area, within the lower $5.0000 territory.

April 2018 Bull Run

EOS/USD April bull run

In April of this year EOS/USD entered a chunky bull run, gaining over 300%. From the back end of March until 11th April, the price had been stuck within consolidation mode. Resulting in the price trading within a tight range, at levels of where the price is currently seen today.

Something quite astonishing started to unfold. Between the period of 11th April to the 29th April, a bull run of around 290% was seen. Over this time frame EOS/USD went from $5.9500 up to a high of around $23.0811. The price is currently demonstrating a similar behavior to that of what was seen during the mentioned period. It is interesting to note that the price did have historical levels to break through, as it had already run higher during the period of December 2017 and came back down. Finally, this is not to say EOS/USD will observe the same bull run. However, it is an interesting observation to be aware of.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 32 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Altcoins

“Mass Adoption is the Direction Things Are Taking” – Lionel Wolberger, CTO and Co-Founder of Platin

Published

on

Platin is a new blockchain token-based ecosystem which powers an infrastructure platform that incorporates a proprietary programming language (‘SolidityGEO’), all in the name of accomplishing a so-called decentralized ‘Proof of Location’ protocol.

We reached out to the team to find out more about how their solution works, the current state and future vision.

The result of this outreach was a warm reception from the company’s Chief Technical Officer (CTO) and Co-Founder Lionel Wolberger, with whom we discussed such topics as well as Platin’s: objectives, company ethos, and views on the current state of the crypto space.

Who is Behind Platin?

Lionel Wolberger’s experience with cryptocurrency and blockchain spans as far back as 2011, where he “spoke about it at Cisco Secure Video where our team of cryptographers included the inventor of Public Key Cryptography himself, Prof. Adi Shamir.”.

It wasn’t until two years later before Wolberger got the opportunity to professionally re-engage with crypto technology, when he participated in an experiment on behalf of the Internet Identity Workshop “and decided to study it more closely and see what it was all about.”

In 2017, Lionel Wolberger created Platin alongside co-founder Allon Mason when they “identified the potential for a secure and lightweight Proof of Location protocol on the blockchain.”. Wolberger met mason during academia at Cornell University, having

“always admired his drive and passion for the projects he has developed over the years, particularly XPLace an online marketplace with hundreds of thousands of users and multi-million dollar annual turnover.”

Wolberger also highlights the fact that the team is working alongside secure-location advisor Professor Srdjan Capkun (Director of the Zurich Information Security and Privacy Center, ZISC), which he calls a “privilege”.

“Dr. Capkun is an ideal advisor, as he sits on the major standards committees, and has an inside track to secure GPS and other important technologies associated with secure proof of location.”

What is Platin?

Whilst participating in the “’colored coin’ experiment’” for the Internet Identity Workshop, Wolberger had a fundamental epiphone with regards to his perception of blockchain and the purpose of cryptocurrency:

“it’s not about currency, but an asset tracking system of decentralized trust that could also provide the basis for so much more than just currencies.”

As such, Platin’s purpose is to provide a utility-token based platform which they (on their website) describe as a system for the “Geo-location of digital assets (cryptocurrencies, documents, images, etc.), anywhere on the map, anywhere in the world, in real time.”.

There are a wide range of uses for geo-locational software, from marketing to emergency broadcasting regarding critical events such as national disasters. Official use-cases include:

Lionel Wolberger lists, among the key values of Platin its hardware agnosticism as well as its interoperable nature.

“Interoperable refers to Platin’s protocol, that it is cleanly defined and independent, enabling it to work with many other products or systems, at present or in the future, in many possible implementations with few restrictions. This is achieved by having a clean interface (API, SDK) and is essential as Platin is needs to inter-operate with Android, Apple, many backend systems and blockchain assets.

“Hardware agnostic refers to one aspect of Platin’s Proof of Location protocol, its ability to work with any — all, i possible — geospatially relevant signal sources. This will certainly include GPS, cll towers and wifi, but will extend to BLE, LoRA, Ultrasound, indeed any signal that has relevance for a Proof of Location. This is achieved by having a clear definition of Proof of Location and how a device’s location relates to all this other data.”

Furthermore, the team is planning to implement cross-chain compatibility in the future, including Ethereum / EOS.

A Security Focus

Security is also a key concern and this is echoed in our interview as well as across the website for Platin. The company even mentions KYC / AML with its list of use-cases for the platform.

One way which the company seeks to achieve this is through the use of hardware cold-storage systems for the safe-keeping of all tokens, with their first wallet integration being TrustWallet. They also, according to Wolberger, are anticipating a future partnership with Ledger.

Lionel Wolberger claims that

“Platin has security and privacy baked-in from the start. Some features that reflect this approach include.

  • Platin’s architecture starts with individuals storing their own data, with blinded commitments shared to the network.
  • Platin’s functionality is “opt-in” based, reflecting a deep respect for our users as sovereign digital actors. You opt-in for the sharing of data, whatever you are comfortable with. The default is no sharing.
  • One of our Platin’s hires was a full-time cryptographer, and we are open sourcing our first zero knowledge cryptographic achievement: a ZK Range proof of bounded location. This shows our cryptographic and security passion.
  • Platin’s default pattern is “send the algorithm to the user,” rather than, “have the user send their data to the network.” Our Artificial Intelligence is privacy-preserving in this way.
  • Platin’s three pillars of security are orthogonal, working together to create a secure proof of location that would not be possible with any one of those pillars”

Geolocation and Geofencing

With use cases including retail shopping and other location-based rewards initiatives, Platin incorporates (and is responsible for the effective utilization of) specific technical and methodological processes pertaining to their geo-locational solution / protocol.

This scenario is made fully possible using a technology called ‘geo-fencing’ which is essentially, according to Wolberger, “An ability to restrict and define usage within the boundaries of their regulatory and legal jurisdiction.”

“imagine that a national supermarket chain airdrops coupon for 10% off certain items to celebrate the launch of their new store However, they do not want these coupons to be redeemable at other locations as they want to drive traffic to this new store.

“With a special smart contract, the coupon will only work within the geo-fenced area around the new store.”

Attempts at geo-location are most effective with both the consent and honest participation of both direct and third-party sourced users. Considering tech scandals surrounding personal and public data privacy & security, it has become increasingly difficult to encourage people to confide their personal data sincerely.

This is where rewards-based systems such as Platin come in.

Humanitarian Aid (A Use Case)

Another key use case cited, which Wolberger doubles down on in our discussion is that of charitable coin drops…

“We think it is incredibly important to focus on use cases such as humanitarian aid airdrops.

“While our technology has broad commercial uses, our team is passionate about seeing the project bring new ways to enable ordinary people use cryptocurrency, and an ideal win/win use case is the ability to transfer crypto to people who need assistance.

“Blockchain and cryptocurrency can often seem intimidating to people, but mass adoption is the direction things are taking. Platin wants to ensure that everyone can access and utilize this technology to utilize decentralized funds in a beneficial and potentially life-saving way.”

These partnerships include IsraAID (with whom theys already signed an agreement) in addition to the Swiss Red Cross (with whom they are currently in discussions), where Platin plans to further develop and test their systems and processes with regards to how they will integrate geo-location focused / geo-fenced cryptocurrency airdrops.

Another, tangentially related use-case is:

“the Tokyo Olympics airdrops… we are currently discussing the opportunity with our Tokyo-based partners.

“The Olympics has traditionally seen technological innovation, such as instant replay, virtual video graphics and most recently 5G deployments. This is the year of blockchain, and we look forward to announcing details once we are permitted.”

Final Words

All these features, aims and objectives are tied together by the fact that they are all built upon not only a proprietary – but also a home-grown programming language which third parties can leverage for their own projects when working on the Platin blockchain.

“SolidityGEO extends Ethereum’s Solidity language, GEOS extends EOS’s C++ language. These will equip our partners for fast onboarding into location proofs on the blockchain.”

SolidityGEO is what Platin calls a “location-aware language” created to help the utilisation and implementation of geographic demarcation for token distribution, rewards and airdrops. It will additionally include ZK-Snarks and Starks zero-knowledge proof mechanisms as well as general operating standards such as ISO and W3C.

Finally, with regards to the future:

“Proximity radio technology is being deployed steadily, without any loud publicity. 5G, RTT-enabled Wi-Fi, and IEEE secure proximity radio standards promise highly accurate distance readings via radio. The average person feels this progress in the slow spread of keyless entry–just having a key, fob or smartphone in your pocket to unlock a desired resource such as your car or home. Platin has partners in this space and there are sure to be exciting announcements in the next six months (though they will be quite technical, they will promise rapid progress).”

Featured image courtesy of Shutterstock. 

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 12 rated posts




Feedback or Requests?

Continue Reading

Altcoins

Monero Price Analysis: XMR/USD Slips Below Crucial Daily Support Ahead of System Update

Published

on

  • Monero’s navitve token XMR is forced to breach a key area of support by the market bears.
  • XMR/USD was being support by an ascending trend line, running from 14th August.
  • The Monero foundation is scheduled for a routine network upgrade.

Monero Network Update

The Monero foundation is scheduled to update its network on 18th October, as a result this will be bringing a new hard fork to its token. They have been making it a routine process now, hard forking every six months. Their focus being on the likes of increased ring-size for more privacy, with large transactions and tweaking their proof of work algorithm.

In terms of this upgrade, the goal is to enhance efficiency and make some adjustments to the current proof of work algorithm. Ultimately, to make it resistant and curb the threat of ASIC mining. Developers at Monero will be implementing the new Bulletproofs protocol. This will see greater privacy, lower fees and faster verification. It will reduce transaction size by an estimated 80%.

Technical Review – Daily Chart

XMR/USD daily chart

XMR/USD slipped out to the downside from an ascending trend line. As a result, the market bears managed to push for a breach and daily close below on 7th October. The support had been running since 14th August, where the price hit a low of $76.739.  A retest has been seen and pressure is now gradually mounting on Monero’s XMR. In terms of support, the 50DMA has provided some initial comfort for now. Furthermore, the next major downside support is observed in a chunky demand area. This is seen tracking from $86 down to $76. Resistance will now be eyed at $116.550 area, underneath the breached ascending trend line. In proximity to the 100DMA, which may cause some difficulty for the bulls. Elsewhere, further to the north, resistance can be seen within the $125.000 territory. Finally, heavy supply is tracking from $140 up to $150.

Technical Review – 4-hour Chart

XMR/USD 4-hour chart

Despite the above-mentioned daily breakout from the supporting trend line, there is still some hope for XMR/USD in the near-term, because from looking at the 4-hour chart view, the price has been moving within a range-bound block. This narrowing area has been running since 26th September. Fortunately for the price, a fresh wave of selling pressure has been prevented for now.  The lower part of the mentioned range has proven to see some near-term support. Therefore, the protection has been observed from around $112 to the high $111 territory. Although, a breach of this area could see a fast fall back down to sub $100, last traded below here on 12th September. While further downside pressure could force a retreat back down to a firm demand zone. Eyes would be on $86-77 range for buying.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 3.50 out of 52 votes, average: 3.50 out of 52 votes, average: 3.50 out of 52 votes, average: 3.50 out of 52 votes, average: 3.50 out of 5 (2 votes, average: 3.50 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 32 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending