Site Tools: Change WAG54G AnnexB | Εγκατάσταση DM500s posts | DM500s Images | Gemini 4.70 GSF posts | Unlock Thomson 585v6

 



Θύματα παραβίασης γνωστές υπηρεσίες VPN
Oct 24, 2019


Τα κρυπτογραφικά κλειδιά των πιστοποιητικών που ασφαλίζουν τους servers και τα VPN configuration files, των NordVPN και TorGuard VPN, κλάπηκαν μετά από επίθεση και διέρρευσαν online. Θύμα φαίνεται να έχει πέσει και η υπηρεσία VikingVPN, ενώ η κλοπή από την NordVPN φαίνεται να έγινε πριν 19 μήνες.
 
According to a statement issued by NordVPN, the attacker was able to gain access to their servers through an insecure remote management tool deployed by their datacenter.

"We became aware that on March 2018, one of the datacenters in Finland we had been renting our servers from was accessed with no authorization. The attacker gained access to the server by exploiting an insecure remote management system left by the datacenter provider while we were unaware that such a system existed. The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either. The exact configuration file found on the internet by security researchers ceased to exist on March 5, 2018. This was an isolated case, and no other datacenter providers we use have been affected."

NordVPN further states that the TLS key taken by the attacker was already expired and contrary to what Cryptostorm.io stateed, no VPN traffic could have been decrypted at the time of the attack.
 
In a statement by TorGuard, the VPN provider states that as they utilize "secure PKI management", none of their VPN users were affected by this breach and their CA key was not stolen as it was not present on the compromised server

"TorGuard was the only one using secure PKI management, meaning our main CA key was not on the affected VPN server."

They further state that the stolen TLS certificate for *.torguardvpnaccess.com is for a "squid proxy cert which has not been valid on the TorGuard network since 2017."

While, they do not go into details as to how the server was hacked, they do state that there was "repeated suspicious activity" at the reseller they were renting the server from and that they no longer work with them.

TorGuard further stated that the compromised server is related to a lawsuit they filed against NordVPN in 2019.
 
[via]

Labels: , , , ,

0 Comments:

Post a Comment

<< Home