The NY TImes is reporting that WIKILEAKS has released a trove of documents detailing CIA techniques and technologies for bypassing encryption and for accessing phones, tablets, computers and smart TVs. Details at https://www.nytimes.com/2017/03/07/world/europe/wikileaks-cia-hacking.html
A Message from The Founder
File Drop Vault is a leader in online communications security. When I founded FDV in 2010, I did so with the mission of assisting individuals in keeping their privacy in an increasingly less private world. I’m proud of our product, but I’m always researching the latest innovations and trends in internet security. I hope you’ll find this space a valuable resource for your security interests. —Thomas Mercer
Many users were impacted when Truecrypt was shut down as a project. The need to completely encrypt the entire hard drive on Windows systems in particular was unmet for a period. The VeraCrypt project aimed to fill that void by providing an updated tool based on the TrueCrypt code (and backward compatible with it). And VeraCrypt fixed a few flaws in TrueCrypt.
Security firm Quarkslab recently performed an audit that revealed 8 critical flaws and several others. VeraCrypt has responded by issuing a new version, 1.19, that addresses these flaws. The flaws were almost exclusively related to the implementation of support for UEFI booting technology (which was not supported under TrueCrypt and replaced the old BIOS systems). This is the least mature part of the new Veracrypt code and so the discovery of flaws is not unanticipated.
Fortunately the new version addresses the flaws and should provide users with an excellent option for keeping data on Windows computers secure. VeraCrypt is free and open source.
In the latest news to reiterate that phone operating systems are not sufficiently secure Apple is scrambling to update the Iphone OS (as reported by Businessinsider.com). The “Pegasus” spyware package is apparently impossible to detect and turns any iphone into a nearly ideal spying device, monitoring the users communications, sending their passwords, reporting the GPS location, monitoring the phone audio, and basically taking over the phone.
File Drop Vault recommends using dedicated computers for business and other sensitive information. These computers should not be synched with mobile devices, or used for random web surfing. Careful monitoring of activity, strong firewall rules, and other basic security measures can dramatically reduce the risk of malware infection. Links and attachments in email should be thoroughly vetted before access.
Stay safe out there!