So, if Nord is telling the truth, no lives were at risk. All the hackers could see was the addresses of the sites being visited by users on that server – they couldn’t see the content users were viewing. Some news reports say that NordVPN’s lax security measures were putting activists’ lives at risk, but the company itself countered that by stating that it operates a zero-logs policy, so no individual user could be identified as having visited a particular website. It has also revised its standard for current and future datacentre providers “to ensure that no similar breaches could ever happen again.” Should I use NordVPN?Īs we said at the start, it depends upon why you’re using a VPN. This should mean NordVPN is much less susceptible to this kind of attack. Nord’s blog post includes a full apology for “an egregious mistake” and admits that the company “should have done more to filter out unreliable server providers and ensure the security of our customers”. These have since expired and NordVPN says the keys could not have been used to decrypt NordVPN traffic in any case. It went on to say “NordVPN seems do not pay more attention to security by themselves and somehow try to put this on our shoulders”.Īt the time of the attack, NordVPN was not encrypting the hard disks in its rented servers, so the hacker was able to steal encryption keys. It claimed that other VPN providers also used its servers and paid more attention to security, asking the datacentre to block access to the tool until they need it. Tech Advisor was sent a copy of an email from this datacentre, which explained that the software was installed on all their servers and was well known to have security holes. The datacentre which ran the server installed some remote access software on it without informing NordVPN, and this software had a vulnerability which was exploited in March 2018 by a hacker.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |