Nov 10

Three methods of data backup

Every company now highly emphasize on data security, for example, company establish information management department to better manage company internal data security.

To protect data, one of key factors you need to consider is data backup. Backup can be divided into three levels:

Hardware-level backup: hardware-level backup refers to using hardware redundancy to protect system’s continuous operations, for example, disk mirror and Dual Fault-Tolerant. If the main hardware gets damaged, backup hardware can immediately take over the work, this approach can effectively prevent hardware failure.

But this solution also has flaws; it can’t prevent data logical corruption. When logical corruption occurs, hardware backup will copy the error again, it can’t really protect data. The goal of hardware backup is actually to ensure system continue running when failure occurs, which is more likely hardware fault tolerance.

Software-level backup: software-level backup refers to saving system data in other software, so that when error occurs you can restore system to backup status. Since this backup solution should be fulfilled with software, it’s called software-level backup.

But this solution takes much time on backup and restore. This solution can prevent logical corruption, because backup media is separate from computer system, error won’t be rewrote in backup media, which means it will help restore data as long as it can save enough history data. But this is not suitable to companies that need to quickly restore data.

Manual backup: Manual backup is the most initial but also the most simple and effective method.

But if you use manual mode to restore data, it will spend more time than using software-level backup.

When choosing backup solution, you need to consider the importance level of the data first. For more important data, choose multiple solutions to back up. In addition, use data protection software to encrypt important data.

Oct 27

JPMorgan confirmed releasing 8.3 million users information, hackers want data rather than money

In early September, the JPMorgan data leak even was found; FBI and NSA were both involved in the investigation. At that time, according to Bloomberg reports, data leak occurred in early August, hacker used 0day vulnerability in bank website to launch attacks, FBI considered this is an attack launched by a national hacker organization according to the complexity of the attack.

CISO is a “temporary” worker

In HomeDepot event, we noted that HomeDepot hired a security manager with criminal record; and in this JPMorgan data leak event, the “temporary worker” – its chief information security officer (CISO) is deeply associated with this event.

When hacker invaded the network of JPMorgan, the CISO of JPMorgan – Greg Rattray just took office, he even wasn’t familiar with his parking space; before coming to JPMorgan Rattray assumed the Air Force Information Warfare commander, and before Rattray taking office, JPMorgan former CSIO Anthony Belfiore had resigned earlier this year, during the period, Anish Bhimani served concurrently as CSIO.

Data is more valuable than money

It’s reported that hackers found vulnerabilities in JPMorgan bank computer software and exploited them, attacking over 90 servers, but the survey showed that hackers are more interested in personal information than money. Although bank account password and other crucial information didn’t leak, but just like the impacts caused by other large-scale personal information leak events, users of JPMorgan now are facing the threats of spear phishing and social engineering attacks, for hackers mastered detailed private data of a enormous number of users.

Chief Technology Officer of RedSeal Ph.D. Mik Lioyd believes that in JPMorgan data leak event, hackers were busy stealing users’ information and even had no time to steal money, which indicates that today’s cybercrime group fancy the value of users’ data (user data exchange market and underground processing industry chain have been matured). Just like the army commander is more emphasized on Battlefield intelligence than weaponry.

Difficult to remedy

Relevant officials involved in the investigation said JP Morgan need to take at least several months to ferret out thousands of software applications and confer with technology providers about authorization contract. New York pointed out that this would give hackers a long time window through which they can further attack JPMorgan internal system undetected vulnerabilities.

JPMorgan data leak event also sent by far the most serious security warning to global enterprises: although the most high-edged security response technology and processes are inadequate to deal with automatic coordinated attacks. Enterprises need to do automatic analysis on entire end to end network access path and use security tools to timely detect any wrong configuration and anomalies caused by network complexity.

JPMorgan said they would continue to focus on detection and financial fraud events related to this data leak event, and if customers could timely detect and inform account unauthorized transaction, JPMorgan would bear the loss of customers.

You can’t stop focusing on the security of your account information and other private information stored in your service providers as well as on your own computer. Information and data leak issues occur in anytime anywhere, timely and comprehensive data and file protection is necessary and imperative.

Oct 13

Shortcomings of weak password highlight, encryption software makes data in lost device secure

For documents, enterprise data, design drawing and other important information store in computer, we usually set the boot password to avoid unrelated persons’ view or steal, enterprise will also launch related training to enhance employees’ awareness of data protection. However, under many irresistible impacts, this part of risks of information security needs more attention. Since the crisis of weak password has been gradually occurred, when facing more mature hacker techniques and increasing leak phenomenon, to use file encryption software to add a secure lock to enterprise equipment can make classified data secure in any cases.

Security experts said that for the majority of ordinary laptop users, the most common-used information security defense method may be setting boot password, and they will set longer and more complex password if they need stronger safety, while in this situation, the thieves can dissemble the hard drive and read its original data in another computer. This is virtually easy.

For users having some computer knowledge, he may adopt some advanced security measures, for example, setting a password to lock computer hard drive so that you will be required for correct password every time you start the computer; and even some one dissemble the hard drive, and it’s difficult to read the original data. But with the continuous development of hacker attacks, only depending on password can’t prevent experienced thieves erasing system configuration information to break into the system to obtain classified information.

There a very important point which is often overlooked by enterprises, that is, setting password can’t completely avoid initiative leak. As both setting boot password and hard drive locking password are defense means, no matter how strong or complex the passwords are, they are useless to initiative leakers. To effectively prevent various leak events including employees leak, data leak caused by laptop loss or stolen devices, one of the best methods is to encrypt the valuable files. Classifying the users’ permission and copying protect files on LAN can avoid employees copy the company files away; besides, employees should be forced to add protection to working files store in laptop and other devices to avoid data loss caused by device loss.

Sep 22

Ten tips for USB drive data leak prevention

USB storage devices are popular because of its small size and portability. Even in the enterprises they are often used for data temporary copy and share. However, precisely because it brings convenience, it also brings many risks in the aspect of data security; especially in the field of enterprise- class, as many data and information are highly classified, once they are leaked or breached, the losses caused by them might be incomparable.

So when you are using USB storage devices, how to protect enterprise data? Here, we give you the top ten tips.

1. Manage authorized devices

Software that’s responsible for devices management can help IT staffs to track USB devices connected to the network, so as to understand what data is being transferred, when the data s used. If the IT staffs can’t monitor devices’ dynamic information, sensitive data is likely to be copied or accessed by outside unauthorized staffs.

2. Block unauthorized devices

When not dealing with official business, some staffs still use USB devices to access or copy data. If the data and information is confidential, please disable all ports of unauthorized external devices. Meanwhile, strictly prevent staffs using unauthorized devices to connect to the company computer.

3. Make up USB encryption plans

Make up and implement an encryption scheme. This plan should include how to protect flash memory devices and their data transfer process, specify who can access to the company data and make up a response plan when the device get lost.

4. Provide company-approved devices

It’s necessary to not only tell staffs that they need to use encrypted drives and set password, but also provide company-approved devices. If enterprise can’t provide secure USB device and its execution policy, staffs will often adopt unsecure practices.

5. Adopt appropriate secure level

Enterprises often need to seek balance among cost control, security and productivity. Find the right secure level according to company’s budget. If you do not need military secure level, you do not need to spend too much money.

6. User training and education

Make employees understand how to safely use a variety of devices. Companies often require using secure devices, while there are still data leak incidents, which is mainly because staffs don’t use these devices, for they feel difficult to use. It’s a must to let employees fully be aware of the consequences of not using secure devices.

7. Clarify secure policy

Making up policies is only the first step, but it’s very important. Define individuals who can download data into secure drives, and create a limitation that only allows these users to access. To clarify who to obtain these devices, and how to place these devices and which type of password should be used to protect them.

8. Encrypt data

The confidential data is sent via emails or removable storage media transmission, they should be password protected before users to use them. If data is not encrypted in advance, attackers can bypass secure control and directly access these data.

9. Protect endpoints

Even the most careful users will connect infected USB to the company computer. The latest anti-virus software is critical because it ensures access networks are secure. When the USB is connected to network, it requires scanning them as soon as possible. For older Windows computers, they need to install patches to disable autorun.

10. Disable unsecure devices

A report of Ponemon institute found that even if the company will provide approved secure devices, 72% of employees still used meeting and trade exhibition drive devices, while these drives tend to spread malicious software.

Sep 09

Strife openly and secretly behind data encryption

In the information age, the U.S. National Security Council (NSA) almost becomes popular in the whole Internet. Not because they are credited with maintaining American security but because they rip off information, which makes them become enemy of users who strike to maintain network and freedom of network information security.

NSA has the world’s leading IT and personnel, meanwhile they are supported by U.S. government, which make them unscrupulous in the information world and the Internet.

According to “New York Times” online edition reports, a few years ago, the United States National Security Agency (hereinafter referred to as” NSA “) had implanted back door system into a International encryption technology that allows the United States federal to breach any data that was protected by this encryption technology.

There were reports that in 2006 the National Bureau of Standards and Technology helped develop an international encryption technology to assist countries and all walks of life to prevent their computer systems were hacked. But another United States federal agency — NSA—had stealthily implanted a backdoor system into the technology without many users knowing it, so that federal agents can decipher any data encrypted by this technology.

According to the documents leaked by former NSA contractor Edward Snowden, NSA has attempted to infiltrate each set of encryption systems, and often try to use the easiest means to achieve this goal. As modern encryption technology is extremely difficult to decipher, even with powerful supercomputers of the institution, it often failed to decipher. Therefore, NSA prefers to cooperate with major software developers and encryption technology licensors to secretly gain access permission to the system.

According to the news from “New York Times”, “The Guardian” and news site ProPublica, NSA can now access the code that’s originally used to protect commercial banking system, trade secrets, medical records and e-mail and Internet chat. Sometimes, NSA has forced some companies to give them access permissions.

These backdoors and particular access permissions are another evidence of the United States intelligence community’s ultra vires. Today, more and more businesses and individuals store most secret data on the cloud storage service, hence they need to be assured that their data is secure, but this relationship is mostly based on trust. Once users know the encryption system is sabotage, they will shake their confidence in these systems, which may have adverse impact on business activities.

People were originally thought that individuals, businesses and government agencies’ privacy in the general communications will be protected, but the fact that NSA implanted backdoor backdoor system might make such illusions shattered.

NSA tends to assure the U.S. government that they would decipher the communication or data that is suspected of illegal individuals or businesses. But weakening citizens’ ability of using encryption technology is obvious a practice of ultra vires.

New Jersey Democratic Congressman Rush Holt has proposed a bill, banning the government requiring software developers to implant backdoor in encryption software system. Outsiders believe that the bill should receive the unanimous support of the U.S. Congress. At the same time, a number of Internet companies including Google and Facebook are developing a new encryption system that is difficult for NSA to penetrate. These companies attempt to show an attitude that they are not secret partner of intelligence agency.

Aug 25

Top 10 Security Issues Revealed in 2014 Blackhat Conference (2)

6. Insecure family router

In-Q-Tel’s CISO (Chief Information Security Officer) Dan Geer said in hacker conference that the home router was most likely to be invaded. These routers could be easily found through a network scan, which usually contained the default login information, and most people never thought of upgrading their router firmware to the latest version. Perhaps in 2014 family network security will be a hotspot for hacker attack.

7. NAS with numerous loopholes

Storage devices connected to the network even have more loopholes. A security analyst at an Independent Security Evaluators agency Jacob Holcomn said the topic at this year’s hacker conference theme is NAS network storage.

He said there’s no one device that he cannot get, at least half of the device he could intrude without authentication. Through invading NAV devices, attackers could hijack other devices’ traffic on the same network, using the sniffing technology similar to ARP. “Jacob Holcomb said in a hacker conference.

More alarming is that, loopholes Jacob Holcomb showed in hacker conference had been submitted to the NAS manufacturers, but these loopholes had not been fixed yet. And the NAS patches usually take a few months to reach users.

8. Network management procedure

Do you remember Carrier IQ that develops smart phone hidden tracking program and the chaos caused by it? In fact the original intention of this phone app was just monitoring the phone flow, and it’s just a network performance diagnose tool. However, phones that install this diagnostic tool are vulnerable to attacks. Just like Mathew Solnik and Marc Blanchou from said in hacker conference, this vulnerability could be used to execute remote code, and bypass the local protection mechanism of operating system.

The researchers said that about 70% to 90% of mobile phones sold worldwide were equipped with device management program. Some other devices, such as notebook computers, wireless devices and networking equipment hotspots, etc., were facing risks from the “Open Mobile Alliance Device Management Protocol” (OMA-DM) contained loopholes.

9. Cheap picklock

Qualsy company’s researchers Silvio Cesare demonstrated how to use cheap and easy to get components to patchwork a tool, and then use it to get a car with smart system.

Cesare said this tool can be used to open the car door, and opened the trunk. But it takes implementers 2 hours to stay in the vicinity of the car, so now the car thieves still not abandon the rowbar and turn to computers.

10. Invade Hotel

The loophole mentioned by Security consultant Jesus Molina in hacker conference is more practical. Molina had lived in five-star hotels St. Regis Shenzhen, China Shenzhen, at that time Molina cracked iPad app “ digital butler” the hotel offered for customers through reverse engineering and used protocol vulnerabilities in KNX / IP router successfully control the hall way lights. In addition to lighting, television, temperature, music in room, and even the window-blinds in more than 200 rooms in the hotel were all in control. More exaggerated, the hacker who controlled all of this even had no need stay in China.

If you need more information about individual data protection and enterprise file management, you can visit Kakasoft.

Aug 11

Top 10 Security Issues Revealed in 2014 Blackhat Conference(1)

Hackers always present their amazing skills to the public, from invading aircraft code to monitoring surveillance cameras, and then to using any USB device as attacking tool.

Even though some of the security issues are sensational in theory, but they are pioneers that uncover security risks in Internet world.

1. Quietly deadly BadUSB

A researcher in Berlin “Security Research Laboratory” claimed that they had developed conceptual tools to attack USB device firmware. When the infected USB device is plugged into the computer, it will disguise as keyboard to download malicious software.

Since most USB device manufacturers haven’t taken any measures to protect the firmware, and anti-malicious software won’t scan firmware malicious behaviors. So theoretically this vulnerability can spread malicious software owing to hard to find and difficult to prevent, and imagine how many USB devices are interacting with computers over the world, we know how terrible this vulnerability is. Fortunately, in reality we have not found attacks based on this vulnerability.

2. Invade aircraft

The consequence of another conceptual attack is more terrible. A researcher in the field of human-computer interaction, Ruben Santamarta claimed that hackers can invade aircraft satellite communication system via Wi-Fi and entertainment systems, thereby allowing the attacker to affect aircraft navigation and safety systems.

The satellite communication system manufacturer said in an interview with Reuters, the possibility of such attack and harm caused by the attack are very small, but they also said they had begun to fix loopholes.

3. Being monitored surveillance cameras

Are your surveillance cameras monitored by other people?

Two security researchers opened a $ 200 Dropcam camera, wanting to see how it works internally. It turned out that there are many vulnerabilities that hackers can make use of them to not only browse the video camera in the store but also upload to third-party video and forge to be taken by other machine. In short, hackers can hijack and take over the camera’s video stream.

Fortunately, there’s a significant adverse condition to implement this terrible security vulnerability: an attacker need physically access to your Dropcam camera. In other words, if an attacker can strut into your room and access to your camera, the security issue on your company or your room is more serious than that of surveillance camera.

4. Tor crisis

Tor provides anonymous access between the source node to the destination node for the user. However, a researcher Alexander Volynkin at Carnegie Mellon University said that with minimal cost to break the anonymity of Tor network is very possible. However, the specific implementation details hadn’t been announced yet.

However, urged on by Carnegie Mellon University, Volynkin abruptly canceled his speech at the hackers conference. Meanwhile, recently Tor’s operators also discovered a set of unidentified malicious relay node, Tor tries to decrypt the user’s identity. (Reference: peeled onion skin, deep Inside the Tor network)

5. Symantec Endpoint Protection loophole

Renowned security expert Mati Aharoni discovered three vulnerabilities in Symantec Endpoint Protection tool. These vulnerabilities could allow an attacker to launch high-level access to the victim’s computer. In other words, hackers can invade your computer through security software. Would not it be a very ironic thing?

Of course, Symantec has started repairing the vulnerabilities!

The last five vulnerabilities will be revealed in next blog post, please stay tuned!

If you want to know information about personal or enterprise file protection solutions, please visit: http://www.kakasoft.com.

Jul 14

Five Errors in Personal Network Protection

Owing to the frequently happened network security incidents and personal privacy and data leak issues, most of readers have already begun to pay attention to strengthening personal information protection and enhancing secure awareness. But unfortunately, currently there’s still some false information about data protection spreading among the public. These erroneous views spread between the network community and users, but seldom experts correct these errors. The following includes five representative security errors:

Error 1: I don’t have valuable information, nobody would hack my computer

Many people hold the similar argument. When you tell them to strengthen security measures (for example, improve the account password strength), they always say we don’t have valuable information and there’s no need to hack my computer.

In fact, today’s hackers often use phishing attacks. Once your cell phone information , email and social network information and other network information have been mastered by hackers, they would carry out further social engineering attacks (of course, the targets may be your friends in Contacts), and even cooperate with offline fraud, causing serious consequences.

Moreover, hackers or cyber criminals can not only make use of privacy information to start social engineering attacks, they can also invade your home router, laptop. NAS and even smart phone, they can change your device into zombie clients, even worse, they can use your device to initiate a variety of criminal activities, so you will not only be a victim but also an accomplice. Therefore, it’s a responsibility for us to enhance security awareness, improve security knowledge level.

Error 2: VPN or Tor can realize completely anonymous.

After Snowden event happened, Tor has stepped into the vision of people who are seeking asylum privacy. Many people may forget, Tor is also a paradise of botnet network and network black market. And more importantly, after Snowden event, some experts pointed out that Tor couldn’t help escape tracking of US intelligence agencies.

The most typical example is that by the end of 2013 a student of Harvard University – Eldo Kim used Tor to release bomb threat information and then arrested. Perhaps influenced by Snowden, Kim overestimated Tor’s “stealth” capability, and published false information of bomb attack by Tor, attempting to delay the date of the final exam, but unfortunately FBI officers soon found Kim’s classmate.

Similarly, VPN also do not have the stealth capability, for the design purpose of VPN is strengthening security, rather than being stealth.

Error 3: Mac address filtering plus turned off SSID broadcast can ensure WiFi network security

Many users think setting the MAC address filtering plus turned off SSID broadcast can ensure family WiFi hotspots security, which is actually a big misunderstanding. It may be useful for computer novice, but useless for computer geeks or hackers.

Remember that only WPA2 encryption standard level can effectively protect your WiFi network, and you must use strong password.

Error 4: Seamless browse can ensure security

Today, many browsers have launched a so-called “incognito browsing” security option, but in reality this so-called incognito can only prevent other users of your computer check and see your privacy information, but for network service providers such as providers of cloud disk, mailbox, social network, your activities are still under surveillance.

Error 5: I have never visited dangerous sites, so I don’t need to install anti-virus software.

Many people think that computer hacker is caused by browsing “dirty” sites, in fact. Nowadays many hackers use pub-style attacks”, which means that first of all attacking regular sites you frequently visit, and then sit back and wait to control your computer. In addition, browser plug-ins, malicious app will stealthily steal your important private information and data.

Hackers have been all pervasive and even your computer that’s never connected to the Internet may be infected with virus. Therefore, you need to keep good online habits including installing anti-virus software, enhancing anti-phishing awareness and password protecting personal files.

Jun 30

Best Defense is Equal to Attack

Speaking of BYOD, the best defense is attack, namely, making strategies in advance to achieve your desired results and to avoid potential risks.

BYOD (Bring Your Own Device) has stirred all walks of business processes. Some companies are fully enjoying the convenience brought by BYOD, yet some companies shy away from them. On the bright side, BYOD can potentially help companies save operating costs, help employees maintain a happy mood and improve office efficiency. But on the other hand, BYOD may also bring a series of problems and pitfalls in the various aspects of security, compatibility and so on. But through some planning and education, most of these problems and pitfalls can be avoided. We can have a look at the troubles brought by BYOD and corresponding resolutions to these problems.

Data leakage: Companies sensitive data leakage is always one of most concerned problems for companies. Employees bringing their own devices to company makes enterprise more worried. Employees may lose their smart phone or tablet; for these devices can easily be eyeing by thief. When the devices containing companies’ sensitive data get lost, the data may fall into wrong hands. One way to avoid this situation is to use file password protection program to lock sensitive data with password, and the other way is to use a remote deletion policy, namely when the employee’s mobile device is stolen, company can remotely delete the sensitive data on the remote device.

Password Leak: just like we usually carry several keys, employees’ mobile devices will store various passwords that are used to log in company’s network and applications. These passwords may exist in mobile applications, or may also be stored directly in the mobile device’s memory. Enterprises must establish a strategy to ensure that companies’ passwords won’t be stored in cache or any application in mobile device. An alternative strategy is that if employees want to save the password on the mobile device business (even login information), they need to use information/password saving application to properly encrypt them.

Productivity decline: When employees start BYOD, they will spend a lot of time on social network, chatting with friends or do other things unrelated to work. How to solve this problem? Since many devices are connected to operator’s mobile communication network, in which case the employees feel that their equipment is not bound by corporate policy. In order to avoid this situation, you should require employees’ mobile devices switch into WiFi network provided by the enterprise when entering company. 

Insufficient bandwidth: Many companies have been concerned about this problem. Most companies believe that the enterprise network bandwidth demands will be dropped after the use of BYOD, which is a big mistake. One of the advantages of BYOD is that employees also can use the mobile operator’s network networking to work when going out, but when they returned to the office, they are likely to connect desktop and their mobile devices to the corporate network, thereby increasing the burden on the enterprise network access bandwidth. Therefore, companies need to ensure that their network access bandwidth has sufficient load-bearing capacity.

Device Management: Many companies are asking how to manage a large number of mobile devices. Because of the many types of equipment, as well as different operators, companies is difficult to centrally manage all mobile devices. But what companies can do is to establish a set of network access control mechanism (NAC), and to control these devices via MAC address for each mobile device.

Over Autonomy: Once a company implemented a BYOD strategy, which’s equivalent to tell employees and users that businesses gives them a very high autonomy. Of course, this autonomy is likely to be abused by employees or network users. Therefore, even if the enterprises implement BYOD, they should let employees know that it doesn’t mean that they can use their own equipment in any activity. If necessary, you can also require employees to sign BYOD agreement confirming that they understand their mobile devices use behaviors in the enterprise are limited.

Jun 16

It’s time for you to abandon TrueCrypt

A series of aftermath of WindowXP end of support is gradually revealing. Currently open source TrueCrypt warn users of the tool’s security vulnerability on SourceForge official site; meanwhile, TrueCrypt also announced the termination of TrueCrypt development.

TrueCrypt warned on the official page with striking red font:

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

TrueCrypt’s warning and development suspension caused uproar on social media, since in the past decade, TrueCrypt had always been a very popular cross-platform open-source encryption program, so it’d been first choice for users who had needs of data encryption.

For a long time, TrueCrypt are famous for excellent encryption performance and good safety record, TrueCrypt could create a virtual disk on your hard drive without needing to generate any file, the user can access in accordance with the drive, all files on virtual disk are automatically encrypted, which need password to be accessed. TrueCrypt offers a variety of encryption algorithms, including: AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish, other features support FAT32 and NTFS partitions, hide labels, hot start and so on.

In 2009, the Brazilian Federal Police confiscated five hard drives in banker Daniel Dantas’s Rio de Janeiro apartment in the Satyagraha action launched in July 2008. These drives used two types of encryption programs, one of which is TrueCrypt, the other is unknown 256 AES encryption software. After the expert failed to crack the password, the Brazilian government asked the U.S. for help in the beginning of 2009, however, the United States federal police also failed to crack the encryption after one-year attempt, and returned the hard drive. This incident makes TrueCrypt famous.

In 2013, Snowden exposure NSA can decrypt most Internet encryption technology; TrueCrypt supporters raised a lot of money to audit TrueCrypt security. From the first phase of audit results, there has not been found security backdoors.

Johns Hopkins University professor Matthew Green participated in the TrueCrypt security audit, he said TrueCrypt official warning looks really, unlike the hacker’s prank, and he also contacted the TrueCrypt secret private developers, trying to get more details.

Whatever the truth, TrueCrypt users should enhance viligance, TrueCrypt is no longer the indestructible who should begin vigilant, TrueCrypt encryption is no longer the indestructible encryption software. And it’s time for you to consider using other file encryption software as an alternative. There’re many file encryption solutions on Google, you can try and choose most suitable one. If you need file/folder encryption solution for Windows computer, you can try Folder Protector.