1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Windscribe VPN servers seized by authorities were not encrypted

    From TechnologyDaily@1337:1/100 to All on Wed Jul 28 14:45:03 2021
    Windscribe VPN servers seized by authorities were not encrypted

    Date:
    Wed, 28 Jul 2021 13:33:00 +0000

    Description:
    Details shared by Windscribes founder reveal the shortcomings of their VPN stack.

    FULL STORY ======================================================================

    Following last months seizure of a couple of its VPN servers in Ukraine, security tools provider WindScribe shockingly revealed that the seized
    servers werent encrypted.

    While WindScribe contends that no user data is at risk since it doesnt log
    any activities, the unencrypted server had an OpenVPN server certificate
    along with its private key.

    In a blog post Windscribes founder Yegor Sak admits that anyone with the private keys could have impersonated the Windscribe servers to capture and decrypt traffic passing through them. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << Heres our list of the best VPN services These are the best VPN services for Windows 10 Also take a look at our roundup of the best VPN services for Mac devices

    Although we have encrypted servers in high sensitivity regions, the servers
    in question were running a legacy stack and were not encrypted. We are currently enacting our plan to address this, wrote Sak. Misconfigured servers

    According to Sak, the seized servers were part of an old investigation into
    an activity that occurred over a year ago.

    While sharing the plans to address the incident and improve Windscribes OpenVPN infrastructure, Sak revealed that their OpenVPN server and client configuration used the compress parameter.

    By Sak's own admission, the compress parameter was deprecated in 2018 after security researchers revealed that it could be exploited to allow adversaries to decrypt data.

    For its part though, Windscribe has assured that it has no reason to believe that the servers were compromised or that any unauthorized access took place before the seizure.

    Furthermore, Sak has promised to get their replacement server stack audited
    by a third-party to ensure it is completely sound. Weve also rounded up the best business VPN services



    ======================================================================
    Link to news story: https://www.techradar.com/news/windscribe-vpn-servers-seized-by-authorities-we re-not-encrypted/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)