got NordVPN?

[bendejo]

uh-oh!

https://arstechnica.com/information-technology/2019/10/hackers-steal-secret-crypto-keys-for-nordvpn-heres-what-we-know-so-far/

 

 

[Stocky]

I can't imagine many NordVPN users in Thailand would be using a server in Finland. I certainly don't.

 

I'm not concerned.

[MJCM]

One datacenter in Finland and not even NordVPN it's fault, but the datacenter.

 

Quote

The breach was the result of hackers exploiting an insecure remote-management system that administrators of a Finland-based datacenter installed on a server NordVPN leased. The unnamed datacenter, the statement said, installed the vulnerable management system without ever disclosing it to its NordVPN. NordVPN terminated its contract with the datacenter after the remote management system came to light a few months later.

 

[tjo o tjim]

I would still put the responsibility on them... they need to take ownership.

[Jan Dietz]

That would be the teamviewer virus then

[tjo o tjim]

10 hours ago, Jan Dietz said:

That would be the teamviewer virus then

That would surprise me; I would think something like the VMWare console or IPMI based on information I have read. 

[toast1]

I noticed NordVPN had many bad reviews, when I researched them.

[tjo o tjim]

They were always one of the solid go-to companies— considered well run.  Depending on what you are using them for... it can be hard to trust anyone though.  I’m much happier having my own VPN connection to my place in the US (or even work).   Most of my need is just geo-blocking issues, and often to make sure I can reasonably obfuscate online banking.

[Shengen]

Who needs logs. According to this recent article OpenVPN has been exploited and if compression is used on the transmission it can be decoded. The companies mentioned below including NordVPN use compression.
According to an article by Paul Wagensell which he presented at DEF CON 26 and was published August 13th in Tom's guide many well known VPN service providers (NordVPN, PureVPN, Hotspot Shield, ExpressVPN, PIA) can be hacked. The recommendation it to use another protocol.

https://www.tomsguide.com/us/vpn-voracle-attack-defcon26,news-27784.html

[tjo o tjim]

4 hours ago, Shengen said:

According to an article by Paul Wagensell which he presented at DEF CON 26 and was published August 13th in Tom's guide many well known VPN service providers (NordVPN, PureVPN, Hotspot Shield, ExpressVPN, PIA) can be hacked. The recommendation it to use another protocol.

https://www.tomsguide.com/us/vpn-voracle-attack-defcon26,news-27784.html

Isn’t NordVPN IKEv2?

[guzzi850m2]

On 10/22/2019 at 9:35 AM, Stocky said:

I can't imagine many NordVPN users in Thailand would be using a server in Finland. I certainly don't.

 

I'm not concerned.

Well I sometimes have my VPN set on a Danish address when I want to watch some Danish TV programs. Some programs from one particular TV channel can only be seen in DK.

I could imagine the same applies for Finish nationals regarding above? 

 

I uses NordVPN by the way and are happy with it.

[Stocky]

Glad to hear there's at least one.

[Mutt Daeng]

15 hours ago, tjo o tjim said:

Isn’t NordVPN IKEv2?

Yes, you do have the option to define an IKEv2 connection for NordVPN.

See https://nordvpn.com/tutorials/ for tutorials on how to do it for various devices.

Just tried it on Win 10 and works fine.

So far NordVPN works fine for me (OpenVPN & IKEv2).

[Stocky]

20 hours ago, Shengen said:

Who needs logs. According to this recent article OpenVPN has been exploited and if compression is used on the transmission it can be decoded. The companies mentioned below including NordVPN use compression.
According to an article by Paul Wagensell which he presented at DEF CON 26 and was published August 13th in Tom's guide many well known VPN service providers (NordVPN, PureVPN, Hotspot Shield, ExpressVPN, PIA) can be hacked. The recommendation it to use another protocol.

https://www.tomsguide.com/us/vpn-voracle-attack-defcon26,news-27784.html

But you should be enforcing a https connection. Extensions like HTTPS Everywhere help ensure https encryption, I think Chrome forces this by default.

 

.

[Mutt Daeng]

As a NordVPN customer, I contacted Nord and asked the question regarding the OpenVPN vulnerability wrt the Voracle attack. It was fixed in August 2018, so no need to worry. See this article https://nordvpn.com/blog/voracle-attack/

 

[Mutt Daeng]

On 10/31/2019 at 12:14 PM, Shengen said:

Who needs logs. According to this recent article OpenVPN has been exploited and if compression is used on the transmission it can be decoded. The companies mentioned below including NordVPN use compression.
According to an article by Paul Wagensell which he presented at DEF CON 26 and was published August 13th in Tom's guide many well known VPN service providers (NordVPN, PureVPN, Hotspot Shield, ExpressVPN, PIA) can be hacked. The recommendation it to use another protocol.

https://www.tomsguide.com/us/vpn-voracle-attack-defcon26,news-27784.html

This vulnerability was fixed by Nord in Aug 2018. I woudn't describe Aug 2018 as recent. Not sure how other VPN providers have responded to the threat.

[Mutt Daeng]

<Rant>

NB I'm not affiliated in any way to any VPN provider. Just a retired sysprog, who hates to see scaremongering posts by people who post things after reading some article somewhere without any kind of veracity checks.

</Rant>