| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFqzMLUhbavjyng3H7Kp8==ErAktXOoPFbTq3L4BzhHO65syVQ@mail.gmail.com>
Date: Sat, 7 Jun 2014 10:48:37 +1000
From: surivaton surivaton <surivaton@...il.com>
To: Dave Warren <davew@...eahit.com>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] TrueCrypt?
Truecrypt is either stupid or its they way of telling everyone
something is wrong.
Why?
root@...i:~# fierce -dns truecrypt.org
DNS Servers for truecrypt.org:
ns1.truecrypt.org
ns2.truecrypt.org
Trying zone transfer first...
Testing ns1.truecrypt.org
Whoah, it worked - misconfigured DNS server found:
truecrypt.org. 259200 IN SOA ns1.truecrypt.org.
dns-admin.truecrypt.org. (
2010021509 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
10800 ) ; Minimum TTL
truecrypt.org. 259200 IN NS ns1.truecrypt.org.
truecrypt.org. 259200 IN NS ns2.truecrypt.org.
truecrypt.org. 259200 IN A 72.233.34.82
truecrypt.org. 259200 IN MX 10 truecrypt.org.
truecrypt.org. 259200 IN TXT "v=spf1 ip4:72.233.34.82
mx:truecrypt.org -all"
forums.truecrypt.org. 259200 IN A 72.233.34.83
ns1.truecrypt.org. 259200 IN A 72.233.34.82
ns2.truecrypt.org. 259200 IN A 72.233.34.84
upload.truecrypt.org. 259200 IN A 72.233.34.84
www.truecrypt.org. 259200 IN A 72.233.34.82
There isn't much point continuing, you have everything.
Have a nice day.
Exiting...
root@...i:~#
Who in there right mind lets you do zone transfers.
I mean seriously back in windows server 2003 it was common but god
damn I think they are trying to tell us something.
On 6/5/14, Dave Warren <davew@...eahit.com> wrote:
> On 2014-06-03 04:09, Dave Howe wrote:
>> The issue we have with the current TC builds is that they are not
>> reproducible.
>>
>> The source code is available online, and is in the process of being
>> audited, but there is no guarantee the installer almost all the users
>> have installed TC with contained code actually built from that source.
>
> https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/
> claims to have managed to build a reasonably identical build (such that
> the remaining differences can be identified and explained as build
> date/time stamps). The site includes instructions to reproduce the work.
>
> I haven't tried it personally, but it might be an interesting exercise
> to see if anyone else can independently reproduce the binaries.
>
>
>
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists