It’s that time of year again! Data Privacy Day! What follows after the jump is an aggregation of posts I’ve written about data security as well as a commentary on web-browsers and a how-to guide for using TOR safely.
Tag Archives: internet security
TrueCrypt is Still Safe
I want to preface this with a note from me: “Hey all, I apologize for not publishing anything recently; I’ve had writer’s block and now I’m doing research for my next big post (get ready for it!) amidst dealing with crashed hard drives and OS transfers.
But, inspired by a the comment “dude, truecrypt is dead” that I saw on IRC, I want to write a short statement about TrueCrypt. Now it’s no secret I’m a TrueCrypt fanboy so this will be a tad biased, but please hang with me.”
Since 2004, TrueCrypt has been the go to OTF encryption tool and has served probably millions of users (myself included). TrueCrypt had been in active development getting to version 7.1a when, on May 28, 2014, truecrypt.org displayed a very odd message warning of the insecurity of the software.
Although no one knows for sure why the develops suddenly stopped (although there are a few conspiracy theories), we do know that TrueCrypt is still safe.
Heartbleed Info
Because I have failed my duties as a blogger who not only aims to philosophical and religious discussions, but also posts about internet security and data privacy by not writing anything formal about the massive “Heartbleed” exploit in the openSSL protocol, I will provide the following videos if anyone is still interested.
So while it is too late for me to write a dedicated post (given the sheer number that exist), there are a few videos that are important for the layperson to see if they want to understand what “Heartbleed” actually is.
The first is a video from Elastica Inc. explaining the “Heartbeat” program in openSSL:
The next is a video by Lynda indicating what companies are doing to fix the exploit as well as what you should once a company has fixed the exploit (you can check to see if a company has fixed the exploit using this handy tool by LastPass):
Additionally, if sites offer it, you should enable two-step verification and you can read how to do that here.
And finally, a wise thing to do is to utilize a password manager (I explain them indepth here) and change them if needed. For instructions on how to use a password manager efficiently, please see my explanation here.