If you’re still using TrueCrypt to protect your Windows disks, even though its developers abandoned it and said it was “not secure” last year, you may want to stop that. Google Project Zero researcher James Forshaw found two “privilege elevation” holes in the popular software that would give attackers full access to your data. Worse yet, TrueCrypt was audited earlier this by a crowdfunded team of iSec security researchers and found to be error-free. Google’s James Forshaw said on Twitter that the miss was understandable, though: “iSec phase 1 audit reviewed this specific code but Windows drivers are complex beasts (and) easy to miss.” Forshaw hasn’t disclosed the bugs yet, saying he usually waits seven days after a patch is released. He and other researchers agree that the vulnerabilities — which can reportedly be exploited by “abusive drive letter handling” — weren’t deliberately installed. And they won’t, of course, be fixed in the original program’s code. @v998n @VeraCrypt_IDRIX I don’t tend to open up security bug reports until 7 days or so after the release of the patch, just in case 🙂 — James Forshaw (@tiraniddo) September 27, 2015 However, if you’re using TrueCrypt because “free” is a good price, there are other options –VeraCrypt and CipherShed are open source forks of TrueCrypt, and VeraCrypt has already patched the bugs. Suffice to say, you should stop using TrueCrypt within the seven day window before Forshow releases the exploitable code. Even if you do, however, we likely haven’t heard the end of this type of Windows vulnerability. VeraCrypt’s Mounir Idrassi gold Threatpost that “These are the kind of vulnerabilities that exist in (lots of) software on Windows, ” and that will be (and have been) used by hackers for years. Via: PC World Source: James Forshaw (Twitter)
Read the original:
TrueCrypt Windows encryption app has critical security flaws
Uber is launching yet another new product , but this one targets a specific group of people: event organizers, especially those tired of fielding calls from guests who can’t make it due to car troubles. The service called UberEvents allows organizers to buy and secure passes ahead of the occasion to send to guests, clients or whoever needs one to get to the location via email. Guests will only have to enter the code under the Promotions section of the Uber app to hail a ride. Now, nobody will be able to use car issues as an excuse anymore, and party planners won’t have to worry about how to send drunk guests home. Uber is initially making Events available to Business users and select people in New York City, though the service will be accessible by everyone in the metropolis within the coming weeks. Via: TechCrunch Source: Uber 
