NordVPN takes action to become more secure It is unclear what the allegation presented in the TechCrunch article is based on, but there’s next to no actual substance behind it – rather, it seems to serve as an instrument to attract more attention to the story. The NordVPN infrastructure doesn’t “trust” our VPN servers and was designed this way from the very early days of NordVPN.” It is impossible to reach any other part of our core infrastructure (databases, the web, or other VPN servers) from a single VPN server. “Our infrastructure is built in such a way that the breach of a single VPN server will always be isolated to that particular server. According to representatives at the company, this could not possibly be true: We have reached out to NordVPN for a comment on this claim. This is the claim that NordVPN’s revelations indicate a localized breach that could have spread throughout the whole network: “ is an indication of a full remote compromise of this provider’s systems.” There is ostensibly just one serious claim made by the nameless researcher worth commenting on from a technical perspective. This entire issue of the anonymous security researcher was disastrously misunderstood by PCGamer, who decided that the security researcher was – somehow – actually “one NordVPN researcher, who declined to be identified.” Is there anything to the senior researcher’s allegations? “Your car was just stolen and taken on a joy ride and you’re quibbling about which buttons were pushed on the radio?”.“should be deeply concerning to anyone who uses or promotes these particular services”.“this is an indication of a full remote compromise”.This unnamed “security researcher” makes the following serious claims: This is done largely with the help of a “senior security researcher” Whittaker claims to have spoken to, one who doesn’t hold back on piling on the fear and thereby elevating a normal story to something Oscar-worthy. Long before other publications got wind of NordVPN’s security breach, TechCrunch’s Zack Whittaker wrote a searing piece on the impact of the situation based on a thread from Twitter user While the article that Whittaker writes starts off objectively, it begins to veer quite quickly into speculation, spreading “FUD” – Fear, Uncertainty, Doubt. It’s at this point we should note that this is one server that was breached from an entire fleet of 3,000+ worldwide (a number that has grown since 2018), a breach that seems to have limited impact.īut amid all this hullabaloo, another more interesting story is beginning to emerge: a story of one tech publication stoking the fires to make NordVPN’s security incident seem bigger than it is while ignoring similar breaches from TorGuard and Avast Secureline VPN. The company quickly terminated the server when the breach was discovered, limiting the scope of the impact on its users. Impersonate the server using the stolen keyĪccording to NordVPN’s article about the breach, “the key couldn’t possibly have been used to decrypt the VPN traffic of any other server.” Since NordVPN keeps no logs, usernames and passwords wouldn’t have been intercepted either.Insert themselves between the user and the NordVPN server by using some variant of a spoofing technique, essentially fooling your device that the attacker is the intended recipient of network communications.Get access to a network or compromise a user’s device, where they can insert themselves between the user and the NordVPN server.To illustrate the complexity of such an attack, here’s a list of steps the attacker would have to take: This would allow the attacker to see unencrypted traffic. The breach could have exposed users to a “personalized and complicated” man-in-the-middle attack on a single connection trying to access. Similarly to the TLS key, however, the OpenVPN keys could not be used to decrypt data. The other thing stolen was OpenVPN keys, potentially allowing an attacker to set up servers posing as legitimate NordVPN servers. In the breach, the attacker stole a NordVPN Transport Layer Security (TLS) key that may be used to impersonate the website or VPN servers, but would not allow to decrypt traffic. The issue occurred due to a vulnerability in a remote management system used by the datacenter. Recently, NordVPN admitted that one of its servers in Finland suffered a security breach in early 2018.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |