Woah. This caught me off guard. Reporting from ArsTechnica, Dan Goodin has the story:
One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn’t safe to use.
“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” text in red at the top of TrueCrypt page on SourceForge states. The page continues: “This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”
Is this real (no independent verification has been made)? Why are they only talking about platform-based encryption software? What about cross-platform alternatives? What does this mean for existing TrueCrypt containers? Are we about to see another Heartbleed-style exploit?