HTTPS faster than HTTP ?!

It’s possible that some users may even find that the HTTPS version of a web site is faster than HTTP. This can happen if they sit behind a coporate HTTP proxy that normal intercepts, examines and records web traffic. An HTTPS connection will often just be forwarded as a simple TCP connection through the proxy because HTTPS traffic cannot be intercepted. It’s this bypassing that can lead to improved performance.

Source: http://blog.httpwatch.com/2011/01/28/top-7-myths-about-https/

I can actually confirm this to be true in some cases. Even worse is that people might think that HTTPS prevents corporate from sniffing - that is not always the case 🙂

TrueCrypt insecure?

There is a warning on the homepage of truecrypt

http://truecrypt.sourceforge.net/

>WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

More info:

http://www.networkworld.com/article/2342845/microsoft-subnet/encryption-canary-or-insecure-app--truecrypt-warning-says-use-microsoft-s-bitlocker.html
http://www.rawstory.com/rs/2014/05/29/security-enthusiasts-may-revive-truecrypt-encryption-tool-after-mystery-shutdown/
http://www.hbarel.com/analysis/itsec/the-status-of-truecrypt
http://it.slashdot.org/comments.pl?sid=5212985&cid=47115785

Alternatives:

http://truecrypt.ch/ (forking or actually continuing the development)
https://ciphershed.org/ (truecrypt fork)

TrueCrypt's audit in pdf:
https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf