Critical Flaws Found in VeraCrypt
Popular open source encryption tool is vulnerable to attack
VeraCrypt, the open source full-disk encryption program, has released version 1.19, which fixes many critical flaws in previous editions.
Between August 16 and September 14, 2016, an audit of VeraCrypt 1.18 was conducted by the French cybersecurity firm Quarkslab. The audit, which was sponsored by the Open Source Technology Improvement Fund (OSTIF), found eight critical vulnerabilities. All of the serious issues have been fixed in the latest version of VeraCrypt, and users are urged to immediately upgrade to version 1.19.
The report cites other issues with VeraCrypt that still need fixing. “The availability of GOST 28147-89, a symmetric block cipher with a 64-bit block size, is an issue. This algorithm must not be used in this context. Compression libraries are outdated or poorly written. They must be updated or replaced. If the system is encrypted, the boot password (in UEFI mode) or its length (in legacy mode) could be retrieved by an attacker.”
If you are a VeraCrypt user, please upgrade to the latest release immediately.
Issue 234/2020
Buy this issue as a PDF
News
-
KDE Developers Are Working on a TV Interface
The developers of the KDE desktop are hard at work to create a TV interface.
-
System76 Is Developing a New Keyboard
The company behind the incredibly powerful Thelio desktop is developing a new keyboard.
-
Zorin OS 15.2 Now Available
The latest release of Zorin OS offers numerous improvements.
-
Firefox to Get an Additional Sandbox Layer
Starting with Firefox 74, the open source web browser will include the new RLBox security feature.
-
Microsoft Defender ATP is Coming to Linux
Microsoft is ramping up its efforts to fight attackers across all platforms.
-
South Korean Government Considers Move to Linux Desktop
Seoul Mulls Migrating from Windows to Linux.
-
OpenSSH Now Supports FIDO/U2F Security Keys
SSH users can now add FIDO/U2F to the list of supported multi-factor authentication tools.
-
System76 Launches New AMD Threadripper Machine
System76 has added an AMD Threadripper option for their Thelio desktop lineup.
-
LibreOffice 6.4 Released
The unofficial office suite for the Linux platform has performance in mind for users.
-
Official Evernote Client Coming to Linux
The most widely-used note-taking app is coming to Linux.