Full Disclosure mailing list archives
Re: TrueCrypt?
From: surivaton surivaton <surivaton () gmail com>
Date: Sat, 7 Jun 2014 10:48:37 +1000
Truecrypt is either stupid or its they way of telling everyone something is wrong. Why? root@kali:~# fierce -dns truecrypt.org DNS Servers for truecrypt.org: ns1.truecrypt.org ns2.truecrypt.org Trying zone transfer first... Testing ns1.truecrypt.org Whoah, it worked - misconfigured DNS server found: truecrypt.org. 259200 IN SOA ns1.truecrypt.org. dns-admin.truecrypt.org. ( 2010021509 ; Serial 10800 ; Refresh 3600 ; Retry 604800 ; Expire 10800 ) ; Minimum TTL truecrypt.org. 259200 IN NS ns1.truecrypt.org. truecrypt.org. 259200 IN NS ns2.truecrypt.org. truecrypt.org. 259200 IN A 72.233.34.82 truecrypt.org. 259200 IN MX 10 truecrypt.org. truecrypt.org. 259200 IN TXT "v=spf1 ip4:72.233.34.82 mx:truecrypt.org -all" forums.truecrypt.org. 259200 IN A 72.233.34.83 ns1.truecrypt.org. 259200 IN A 72.233.34.82 ns2.truecrypt.org. 259200 IN A 72.233.34.84 upload.truecrypt.org. 259200 IN A 72.233.34.84 www.truecrypt.org. 259200 IN A 72.233.34.82 There isn't much point continuing, you have everything. Have a nice day. Exiting... root@kali:~# Who in there right mind lets you do zone transfers. I mean seriously back in windows server 2003 it was common but god damn I think they are trying to tell us something. On 6/5/14, Dave Warren <davew () hireahit com> wrote:
On 2014-06-03 04:09, Dave Howe wrote:The issue we have with the current TC builds is that they are not reproducible. The source code is available online, and is in the process of being audited, but there is no guarantee the installer almost all the users have installed TC with contained code actually built from that source.https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/ claims to have managed to build a reasonably identical build (such that the remaining differences can be identified and explained as build date/time stamps). The site includes instructions to reproduce the work. I haven't tried it personally, but it might be an interesting exercise to see if anyone else can independently reproduce the binaries. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: TrueCrypt? Dave Howe (Jun 03)
- Re: TrueCrypt? Dave Warren (Jun 04)
- Re: TrueCrypt? surivaton surivaton (Jun 08)
- Re: TrueCrypt? Dave Warren (Jun 08)
- Re: TrueCrypt? surivaton surivaton (Jun 08)
- Re: TrueCrypt? Dave Warren (Jun 04)