Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] ISEC Completes TrueCrypt Audit (isecpartners.github.io)
34 points by sweis on April 14, 2014 | hide | past | favorite | 8 comments



FTA:

> "iSEC did not identify any issues considered "high severity" during this testing. iSEC found no evidence of backdoors or intentional flaws. Several weaknesses and common kernel vulnerabilities were identified, including kernel pointer disclosure, but none of them appeared to present immediate exploitation vectors. All identified findings appeared accidental."


"...while TrueCrypt does not have the most polished programming style, there is nothing immediately dangerous to report."

Classic. Taking a dig at the developers while telling the rest of the world TrueCrypt is ok to use.


?

This seems matter-of-factish to me as long as they can defend it. (Hey, some of the code tha I've written to save people time and money does not have a very polished style, -that is a matter of fact and I'm fine with that.)


I was just pointing it out since it wasn't really necessary to even include in the report. I agree though. I've written some God awful code that gets the job done, but would be hell to try and refactor.


ISEC Complete PHASE I of the TrueCrypt Audit, this is just of the driver and loading software, phase II is cryptanalysis.


This might be my tinfoil hat speaking, but could this be disinfo?


Couldn't ANY security audit performed by ANYONE be disinfo?

Couldn't your pointing out that it might be disinfo also be disinfo in itself?

Oh crap, infinite loop!


Highly unlikely. iSEC is widely regarded as one of the best in the business. Having worked with those folks, I can see why.

At some point, you have to trust someone, even if they are out to get you.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: