So apparently NordVPN was compromised at some point. Their (expired) private keys have been leaked, meaning anyone can just set up a server with those keys...pic.twitter.com/TOap6NyvNy
Prikaži ovu nit
-
OpenVPN keys were leaked as well as the expired *.nordvpn.com TLS cert. I haven't researched enough about OpenVPN to know if it's using forward secrecy, though you'd hope so
Prikaži ovu nit
For those of you wanting a source: https://twitter.com/le_keksec/status/1185745754176049153 … Apparently it's "been floating around mostly unnoticed", so I don't know where it's originally from. Here's the cert that matches the private key: https://crt.sh/?id=10031443 With the cert + key you can verify for yourself
-
-
Some useful info (3 tweets):https://twitter.com/cryptostorm_is/status/1185976222364438528 …
Prikaži ovu nit -
Apparently other VPN providers were also compromised:https://twitter.com/cryptostorm_is/status/1186097950327476224 …
Prikaži ovu nit -
I should probably make it clear that whoever compromised NordVPN had root access to a container server, allowing full control of everything in it (presumably including the ability to view and tamper with all network traffic going through it). Why was this never detected?
Prikaži ovu nit -
I've also confirmed that that TorGuard was compromised, this TLS certificate for *.torguardvpnaccess.com was leaked: https://crt.sh/?id=241227763 (expired Oct 2018). There's also an OpenVPN server key. (Again, someone gained root access on the server)
Prikaži ovu nit -
So this is in the news now, and NordVPN and TorGuard have both released official statements. I see a lot of people are asking which VPN service to use instead. This is a good read: https://gist.github.com/joepie91/5a9909939e6ce7d09e29 … Also a good thread:https://mobile.twitter.com/CiPHPerCoder/status/1186298282676498433 …
Prikaži ovu nit -
If you're going to run your own VPN server, Algo is good: https://github.com/trailofbits/algo … (but make sure you keep your server secure)
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
https://web.archive.org/web/20180504001844/https://8ch.net/b/res/7948898.html#7950919 … is the source. Also includes some hacks of VikingVPN and TorGuard. VikingVPN also wasn't practicing secure PKI management. TorGuard was though. The last link in that post appears to be 8chan itself, which had a .bash_history exposed.
-
Thanks for the info!
Kraj razgovora
Novi razgovor -
-
-
it's originally from a dump on a chan-site that just got slid off because nobody on the board knew what to do with the info, i recognize it
-
Interesting. Do you know when that happened? (And which site?)
- Još 1 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.