Earlier today we found the official TC website had been modified and now featured a warning to disuse the product. I initially suspected website compromise but found that the “new” TC packages offered are signed by a legitimate looking key. To further confound the issue a representative from Sourceforge reported earlier that no unusual activity had been noticed. This may be a plain and simple compromise but it may also be the TC developer’s way of informing the public that they are unable to guarantee their privacy, perhaps as a result of a NSL. I am trying to contact individuals who should know more about what is going on, and will update this post later today as the fog dissipates on this issue.
Readers of this blog will know that I have never particularly liked the secrecy behind TC’s development. It remains to be seen what happens next, especially with the interim results of the TC audit due to be released next week.
Mike the Crypto Goat 