SoylentNews is people
SoylentNews
from the not-the-flaw-you're-looking-for dept.
Top VPN Software Had a Major Security Flaw
Top VPN software had a major security flaw:
One of the most popular VPN services available today may have exposed customer payment information due to a significant security flaw.
Security researchers uncovered a vulnerability in the payment platform used by NordVPN, which has millions of users around the world.
The flaw could have allowed hackers access to user account information, including email addresses and shopping history, according to the team at security firm HackerOne.
- What's the truth about the NordVPN breach? Here's what we now know
- Bug bounties have made these hackers millionaires
- NordVPN boosts security with new bug bounty program
UPDATE: NordVPN has told TechRadar Pro that the vulnerability was isolated to three small payment providers and possible to exploit only within a limited timeframe.
"We have confirmed with our tech team that the issue was disclosed on H1 only after evaluating that no data had been exploited," a NordVPN spokesperson told us.
Also at:
NordVPN HTTP POST bug exposed customer information, no authentication required:
(Score: 2) by Freeman on Wednesday March 11 2020, @05:55PM (1 child)
It's a lot easier to secure a closed-off wired local net than an always online computer.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Wednesday March 11 2020, @08:52PM
OP here.
Given that I run several domains (with downtime only when I have no Internet connectivity from *both* my ISPs) as well as my own DNS with multiple ISPs and and a diverse set of resources, I make an effort (aided by 20+ years of *professional* InfoSec experience) to secure my environment and use a variety of tools to monitor that security.
So far, I've been successful. And no, you can't use it either. :)