[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] TrueCrypt?

To: Dave Warren <davew@xxxxxxxxxxxx>
Subject: Re: [FD] TrueCrypt?
From: surivaton surivaton <surivaton@xxxxxxxxx>
Date: Sat, 7 Jun 2014 10:48:37 +1000

Truecrypt is either stupid or its they way of telling everyone
something is wrong.
Why?
root@kali:~# fierce -dns truecrypt.org
DNS Servers for truecrypt.org:
    ns1.truecrypt.org
    ns2.truecrypt.org

Trying zone transfer first...
    Testing ns1.truecrypt.org

Whoah, it worked - misconfigured DNS server found:
truecrypt.org.    259200    IN    SOA    ns1.truecrypt.org.
dns-admin.truecrypt.org. (
                    2010021509    ; Serial
                    10800    ; Refresh
                    3600    ; Retry
                    604800    ; Expire
                    10800 )    ; Minimum TTL
truecrypt.org.    259200    IN    NS    ns1.truecrypt.org.
truecrypt.org.    259200    IN    NS    ns2.truecrypt.org.
truecrypt.org.    259200    IN    A    72.233.34.82
truecrypt.org.    259200    IN    MX    10 truecrypt.org.
truecrypt.org.    259200    IN    TXT    "v=spf1 ip4:72.233.34.82
mx:truecrypt.org -all"
forums.truecrypt.org.    259200    IN    A    72.233.34.83
ns1.truecrypt.org.    259200    IN    A    72.233.34.82
ns2.truecrypt.org.    259200    IN    A    72.233.34.84
upload.truecrypt.org.    259200    IN    A    72.233.34.84
www.truecrypt.org.    259200    IN    A    72.233.34.82

There isn't much point continuing, you have everything.
Have a nice day.
Exiting...
root@kali:~#
Who in there right mind lets you do zone transfers.
I mean seriously back in windows server 2003 it was common but god
damn I think they are trying to tell us something.

On 6/5/14, Dave Warren <davew@xxxxxxxxxxxx> wrote:
> On 2014-06-03 04:09, Dave Howe wrote:
>> The issue we have with the current TC builds is that they are not
>> reproducible.
>>
>> The source code is available online, and is in the process of being
>> audited, but there is no guarantee the installer almost all the users
>> have installed TC with contained code actually built from that source.
>
> https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/
> claims to have managed to build a reasonably identical build (such that
> the remaining differences can be identified and explained as build
> date/time stamps). The site includes instructions to reproduce the work.
>
> I haven't tried it personally, but it might be an interesting exercise
> to see if anyone else can independently reproduce the binaries.
>
>
>
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] TrueCrypt?
  - From: Dave Warren

References:
- Re: [FD] TrueCrypt?
  - From: Dave Howe
- Re: [FD] TrueCrypt?
  - From: Dave Warren

Prev by Date: [FD] Responsible disclosure: terms and conditions
Next by Date: Re: [FD] TrueCrypt?
Previous by thread: Re: [FD] TrueCrypt?
Next by thread: Re: [FD] TrueCrypt?
Index(es):
- Date
- Thread