There must have been some sort of planetary alignment this week. All of my IT related classes had assignments due that were focused on privacy and encryption. Finally, something I looked
forward to doing! I’m no encryption or privacy expert by a long shot, but the lack of knowledge or simple caring by my classmates was enough to make my hair stand on end.
The assignments covered the normal gamut of basic principles: use encryption (although the types described in the material were somewhat vague), discuss ad nauseum the pros and cons of encryption and privacy legislation, and perform some simple labs that involve various encryption/decryption operations. Here’s where I scored the bonus points.
One particular instructor had posted that one of the labs due for the week would require the use of TrueCrypt. If any of you have kept up with TrueCrypt at all, you would know that it’s been deprecated for a couple of years now. This was a huge red flag for me. Did this professor even check the material before assigning it?
My immediate thought was that I didn’t want my classmates using a product thinking that it would protect them, when in actuality it may very well not. So, I sent an email to the professor saying that TrueCrypt was deprecated and not considered secure anymore. The response I received was along the lines of “I see what you’re saying, but I see no proof that TrueCrypt is vulnerable.” Okay, so you the links I provided as reference weren’t enough. Time to dig deeper.
I did a few quick searches and found some CVE numbers from 2015 that specifically addressed some of the vulnerabilities in the last version of TC that was released. I included those number along with the associated links for their information in my reply. Also added to the reply were several articles from well known tech publications, and even some transcript links from episodes of Security Now! where Steve Gibson explained the audit results and resulting flaws. The final point was a link to the TrueCrypt site, where it boldly states at the top of the page in red letters:
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
Maybe this will get his attention.
As it turns out, it did.
I received an email shortly after that reply thanking me for my efforts. Somehow, the fact that it was no longer an actively developed product had escaped notice as far as class assignments went. In addition to the thank you were bonus points. That was a really nice surprise. I responded by saying that I greatly appreciated the points, but my reason was to let my classmates know that they shouldn’t depend on this particular product for their privacy. Instead they should explore other options such as VeraCrypt.
Another unexpected result of this exchange was posted in the main class board within the hour. The assignment was amended to include the use of VeraCrypt, and the message content of my email was appended as a notice for the class to read. I was even given attribution in the notice. I really didn’t mean for all of that to happen!
Discussions followed, and most people got the message to use an alternative application. Good deal, mission accomplished. There’s also been another unforeseen side effect from this episode. Now, I’m getting an unusually large number of emails and messages from others wanting more information or assistance in making things work. Ahh, a blessing and a curse.I had to draw the line and set some boundaries when I started receiving SMS messages around 4 am, and tell everyone to be a little more considerate. Adulting is hard! I don’t get to hang around campus and sleep until after sunrise like a lot of them do!
Oh, and before I forget, I did mention empanadas.
I was invited to try out a local place for lunch one day with some of my colleagues. It’s a little hole-in-the-wall place that specializes in empanadas. This was definitely a case of don’t judge the book by it’s cover. The outside didn’t look spectacular at all, but the spicy beef empanadas and stuffed avocado were amazing! This establishment is definitely worth adding to my rotation.
It’s late, I’m tired, so have a good week.
Stay safe, stay secure, encrypt all the things, and try a new local eatery.