bendejo Posted October 22, 2019 Share Posted October 22, 2019 uh-oh! https://arstechnica.com/information-technology/2019/10/hackers-steal-secret-crypto-keys-for-nordvpn-heres-what-we-know-so-far/ Link to comment Share on other sites More sharing options...
Stocky Posted October 22, 2019 Share Posted October 22, 2019 I can't imagine many NordVPN users in Thailand would be using a server in Finland. I certainly don't. I'm not concerned. Link to comment Share on other sites More sharing options...
MJCM Posted October 22, 2019 Share Posted October 22, 2019 One datacenter in Finland and not even NordVPN it's fault, but the datacenter. Quote The breach was the result of hackers exploiting an insecure remote-management system that administrators of a Finland-based datacenter installed on a server NordVPN leased. The unnamed datacenter, the statement said, installed the vulnerable management system without ever disclosing it to its NordVPN. NordVPN terminated its contract with the datacenter after the remote management system came to light a few months later. Link to comment Share on other sites More sharing options...
tjo o tjim Posted October 22, 2019 Share Posted October 22, 2019 I would still put the responsibility on them... they need to take ownership. Link to comment Share on other sites More sharing options...
Jan Dietz Posted October 23, 2019 Share Posted October 23, 2019 That would be the teamviewer virus then Link to comment Share on other sites More sharing options...
tjo o tjim Posted October 23, 2019 Share Posted October 23, 2019 10 hours ago, Jan Dietz said: That would be the teamviewer virus then That would surprise me; I would think something like the VMWare console or IPMI based on information I have read. Link to comment Share on other sites More sharing options...
toast1 Posted October 24, 2019 Share Posted October 24, 2019 I noticed NordVPN had many bad reviews, when I researched them. Link to comment Share on other sites More sharing options...
tjo o tjim Posted October 24, 2019 Share Posted October 24, 2019 They were always one of the solid go-to companies— considered well run. Depending on what you are using them for... it can be hard to trust anyone though. I’m much happier having my own VPN connection to my place in the US (or even work). Most of my need is just geo-blocking issues, and often to make sure I can reasonably obfuscate online banking. Link to comment Share on other sites More sharing options...
Shengen Posted October 31, 2019 Share Posted October 31, 2019 Who needs logs. According to this recent article OpenVPN has been exploited and if compression is used on the transmission it can be decoded. The companies mentioned below including NordVPN use compression.According to an article by Paul Wagensell which he presented at DEF CON 26 and was published August 13th in Tom's guide many well known VPN service providers (NordVPN, PureVPN, Hotspot Shield, ExpressVPN, PIA) can be hacked. The recommendation it to use another protocol. https://www.tomsguide.com/us/vpn-voracle-attack-defcon26,news-27784.html Link to comment Share on other sites More sharing options...
tjo o tjim Posted October 31, 2019 Share Posted October 31, 2019 4 hours ago, Shengen said: According to an article by Paul Wagensell which he presented at DEF CON 26 and was published August 13th in Tom's guide many well known VPN service providers (NordVPN, PureVPN, Hotspot Shield, ExpressVPN, PIA) can be hacked. The recommendation it to use another protocol. https://www.tomsguide.com/us/vpn-voracle-attack-defcon26,news-27784.html Isn’t NordVPN IKEv2? Link to comment Share on other sites More sharing options...
guzzi850m2 Posted October 31, 2019 Share Posted October 31, 2019 On 10/22/2019 at 9:35 AM, Stocky said: I can't imagine many NordVPN users in Thailand would be using a server in Finland. I certainly don't. I'm not concerned. Well I sometimes have my VPN set on a Danish address when I want to watch some Danish TV programs. Some programs from one particular TV channel can only be seen in DK. I could imagine the same applies for Finish nationals regarding above? I uses NordVPN by the way and are happy with it. Link to comment Share on other sites More sharing options...
Stocky Posted October 31, 2019 Share Posted October 31, 2019 Glad to hear there's at least one. Link to comment Share on other sites More sharing options...
Mutt Daeng Posted November 1, 2019 Share Posted November 1, 2019 15 hours ago, tjo o tjim said: Isn’t NordVPN IKEv2? Yes, you do have the option to define an IKEv2 connection for NordVPN. See https://nordvpn.com/tutorials/ for tutorials on how to do it for various devices. Just tried it on Win 10 and works fine. So far NordVPN works fine for me (OpenVPN & IKEv2). Link to comment Share on other sites More sharing options...
Stocky Posted November 1, 2019 Share Posted November 1, 2019 20 hours ago, Shengen said: Who needs logs. According to this recent article OpenVPN has been exploited and if compression is used on the transmission it can be decoded. The companies mentioned below including NordVPN use compression.According to an article by Paul Wagensell which he presented at DEF CON 26 and was published August 13th in Tom's guide many well known VPN service providers (NordVPN, PureVPN, Hotspot Shield, ExpressVPN, PIA) can be hacked. The recommendation it to use another protocol. https://www.tomsguide.com/us/vpn-voracle-attack-defcon26,news-27784.html But you should be enforcing a https connection. Extensions like HTTPS Everywhere help ensure https encryption, I think Chrome forces this by default. . Link to comment Share on other sites More sharing options...
Mutt Daeng Posted November 3, 2019 Share Posted November 3, 2019 As a NordVPN customer, I contacted Nord and asked the question regarding the OpenVPN vulnerability wrt the Voracle attack. It was fixed in August 2018, so no need to worry. See this article https://nordvpn.com/blog/voracle-attack/ Link to comment Share on other sites More sharing options...
Mutt Daeng Posted November 3, 2019 Share Posted November 3, 2019 On 10/31/2019 at 12:14 PM, Shengen said: Who needs logs. According to this recent article OpenVPN has been exploited and if compression is used on the transmission it can be decoded. The companies mentioned below including NordVPN use compression.According to an article by Paul Wagensell which he presented at DEF CON 26 and was published August 13th in Tom's guide many well known VPN service providers (NordVPN, PureVPN, Hotspot Shield, ExpressVPN, PIA) can be hacked. The recommendation it to use another protocol. https://www.tomsguide.com/us/vpn-voracle-attack-defcon26,news-27784.html This vulnerability was fixed by Nord in Aug 2018. I woudn't describe Aug 2018 as recent. Not sure how other VPN providers have responded to the threat. Link to comment Share on other sites More sharing options...
Mutt Daeng Posted November 3, 2019 Share Posted November 3, 2019 <Rant> NB I'm not affiliated in any way to any VPN provider. Just a retired sysprog, who hates to see scaremongering posts by people who post things after reading some article somewhere without any kind of veracity checks. </Rant> Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.