lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 7 Jun 2014 10:48:37 +1000
From: surivaton surivaton <surivaton@...il.com>
To: Dave Warren <davew@...eahit.com>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] TrueCrypt?

Truecrypt is either stupid or its they way of telling everyone
something is wrong.
Why?
root@...i:~# fierce -dns truecrypt.org
DNS Servers for truecrypt.org:
    ns1.truecrypt.org
    ns2.truecrypt.org

Trying zone transfer first...
    Testing ns1.truecrypt.org

Whoah, it worked - misconfigured DNS server found:
truecrypt.org.    259200    IN    SOA    ns1.truecrypt.org.
dns-admin.truecrypt.org. (
                    2010021509    ; Serial
                    10800    ; Refresh
                    3600    ; Retry
                    604800    ; Expire
                    10800 )    ; Minimum TTL
truecrypt.org.    259200    IN    NS    ns1.truecrypt.org.
truecrypt.org.    259200    IN    NS    ns2.truecrypt.org.
truecrypt.org.    259200    IN    A    72.233.34.82
truecrypt.org.    259200    IN    MX    10 truecrypt.org.
truecrypt.org.    259200    IN    TXT    "v=spf1 ip4:72.233.34.82
mx:truecrypt.org -all"
forums.truecrypt.org.    259200    IN    A    72.233.34.83
ns1.truecrypt.org.    259200    IN    A    72.233.34.82
ns2.truecrypt.org.    259200    IN    A    72.233.34.84
upload.truecrypt.org.    259200    IN    A    72.233.34.84
www.truecrypt.org.    259200    IN    A    72.233.34.82

There isn't much point continuing, you have everything.
Have a nice day.
Exiting...
root@...i:~#
Who in there right mind lets you do zone transfers.
I mean seriously back in windows server 2003 it was common but god
damn I think they are trying to tell us something.

On 6/5/14, Dave Warren <davew@...eahit.com> wrote:
> On 2014-06-03 04:09, Dave Howe wrote:
>> The issue we have with the current TC builds is that they are not
>> reproducible.
>>
>> The source code is available online, and is in the process of being
>> audited, but there is no guarantee the installer almost all the users
>> have installed TC with contained code actually built from that source.
>
> https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/
> claims to have managed to build a reasonably identical build (such that
> the remaining differences can be identified and explained as build
> date/time stamps). The site includes instructions to reproduce the work.
>
> I haven't tried it personally, but it might be an interesting exercise
> to see if anyone else can independently reproduce the binaries.
>
>
>
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists