Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TrueCrypt?

From: surivaton surivaton <surivaton () gmail com>
Date: Sat, 7 Jun 2014 10:48:37 +1000
Truecrypt is either stupid or its they way of telling everyone
something is wrong.
Why?
root@kali:~# fierce -dns truecrypt.org
DNS Servers for truecrypt.org:
    ns1.truecrypt.org
    ns2.truecrypt.org

Trying zone transfer first...
    Testing ns1.truecrypt.org

Whoah, it worked - misconfigured DNS server found:
truecrypt.org.    259200    IN    SOA    ns1.truecrypt.org.
dns-admin.truecrypt.org. (
                    2010021509    ; Serial
                    10800    ; Refresh
                    3600    ; Retry
                    604800    ; Expire
                    10800 )    ; Minimum TTL
truecrypt.org.    259200    IN    NS    ns1.truecrypt.org.
truecrypt.org.    259200    IN    NS    ns2.truecrypt.org.
truecrypt.org.    259200    IN    A    72.233.34.82
truecrypt.org.    259200    IN    MX    10 truecrypt.org.
truecrypt.org.    259200    IN    TXT    "v=spf1 ip4:72.233.34.82
mx:truecrypt.org -all"
forums.truecrypt.org.    259200    IN    A    72.233.34.83
ns1.truecrypt.org.    259200    IN    A    72.233.34.82
ns2.truecrypt.org.    259200    IN    A    72.233.34.84
upload.truecrypt.org.    259200    IN    A    72.233.34.84
www.truecrypt.org.    259200    IN    A    72.233.34.82

There isn't much point continuing, you have everything.
Have a nice day.
Exiting...
root@kali:~#
Who in there right mind lets you do zone transfers.
I mean seriously back in windows server 2003 it was common but god
damn I think they are trying to tell us something.

On 6/5/14, Dave Warren <davew () hireahit com> wrote:

On 2014-06-03 04:09, Dave Howe wrote:

The issue we have with the current TC builds is that they are not
reproducible.

The source code is available online, and is in the process of being
audited, but there is no guarantee the installer almost all the users
have installed TC with contained code actually built from that source.


https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/
claims to have managed to build a reasonably identical build (such that
the remaining differences can be identified and explained as build
date/time stamps). The site includes instructions to reproduce the work.

I haven't tried it personally, but it might be an interesting exercise
to see if anyone else can independently reproduce the binaries.




_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/



_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: