NordVPN says one of its servers was breached in March 2018, exposing some of the browsing habits of customers who were using the VPN service to keep their data private. NordVPN says the server, located in Finland, did not contain activity logs, usernames, or passwords. But the attacker would have been able to see what websites users were visiting during that time, a company advisor said, although the content of the websites likely would have been hidden due to encryption.
Over the past couple years, NordVPN has become a lot more popular as it’s gone on a heavy advertising push. You’ll often hear NordVPN ads in the middle of podcasts, or find a YouTube host pausing to talk about how NordVPN can protect your privacy by masking your browsing habits. The company has positioned its product, which sends your traffic through servers in other cities or countries to mask your browsing habits, as an easy way to maintain your privacy online, but the server breach could detract from that promise for potential customers.
“Potential attackers could have gotten only into that server and only intercept the traffic and seen what websites people are browsing — not the content, only the website — for a limited period of time, only in that isolated region,” Tom Okman, a member of NordVPN’s tech advisory board, told The Verge.
Okman says NordVPN usually changes the server each user is connected to every five minutes or so, but that users get to pick which country they are connecting through. That means users likely would have only been impacted for intermittent periods of time. The breach also could have only impacted users who were connecting through Finland, which is where the breached server was located.
Details of the breach started circulating over the weekend by security researchers. In a blog post this morning, NordVPN said it has known about the breach for “a few months,” but did not immediately disclose the problem because the company wanted to audit the rest of its systems. The flaw was limited to a single server, NordVPN says. The data center installed a remote access system on the server, without telling the VPN provider, and that system was insecure, allowing an outsider to gain access, according to the blog post.
The server was vulnerable between January 31st, 2018 and March 20th, 2018, but NordVPN believes it was only breached once, during March.
NordVPN says information taken from the server couldn’t have been used to decrypt traffic on any other server. It acknowledges that a stolen encryption key, which is now expired, could have been used to perform a man-in-the-middle attack, with the hacker disguising themselves as a NordVPN server. But NordVPN says such an attack would have to be “personalized and complicated” and apply to a single person at a time.
No other data centers were affected, NordVPN says, and it has cut ties with the company that maintained the flawed server.
Okman says the company doesn’t believe any information was taken, but that NordVPN will be informing its customers of the breach by email. “I would not call this a hack,” Okman said. “This is an isolated security breach — hack is too powerful a word in this case.”
Defensive minds convening upon Georgia Tech for ‘summit’
In the search for improved schemes and tactics, Georgia Tech coach Geoff Collins will bring together defensive coaches from several teams, including the Falcons, to present and trade ideas Wednesday at Tech.
The practice of bringing together coaching staffs from multiple schools to talk strategy is common in the offseason. Collins held a similar “summit,” as he called it, when he was at Temple.
“It’s really, really good, because you get to sit in a room with a bunch of other guys that have different takes on different things and you sit there (and say), ‘Here’s what we’re seeing in our league. Do y’all see it?’” Collins told the AJC. “’What’s some good things that you do with it?’ So it’s a good sharing of ideas, and it’s really good for the young coaches on the staff.”
Besides the Falcons, Collins said that defensive coaching staffs from Texas, South Carolina, Indiana, Georgia Southern, Navy, Central Michigan and Jacksonville State will attend. A notable name on the guest list among college coaches is new Texas defensive coordinator Chris Ash. Before his three-plus seasons as Rutgers’ head coach, Ash was co-defensive coordinator at Ohio State, where he helped the Buckeyes win the 2015 national championship and led a defense that finished second nationally in scoring defense the following season.
Collins said that defensive coordinator Andrew Thacker will give a presentation, and new Falcons defensive line coach Tosh Lupoi likely will present, as well. Lupoi came to the Falcons from the Cleveland Browns, where he held the same title, and before that was defensive coordinator at Alabama.
Tech can use ideas. While the Temple ranked among the top units in the American Athletic Conference in Collins’ two seasons with the Owls, the Jackets were among the weakest in the ACC last season.
“I think we’ve done a really good job playing some high-level defense over the years and kind of have a good reputation, and some really good programs are coming to share ideas with us,” Collins said. “I think it’s really good.”
Collins did not fail to mention that breakfast would be provided by a Waffle House food truck.
Support real journalism. Support local journalism. Subscribe to The Atlanta Journal-Constitution today.
Your subscription to the Atlanta Journal-Constitution funds in-depth reporting and investigations that keep you informed. Thank you for supporting real journalism.
What the Tech? How to Sue Robocallers – Alabama News Network
White House readying new limits on tech exports to counter China
The White House is reportedly planning new limits on technology exports in an effort to counter China’s reverse-engineering of U.S. technology, though President Trump on Tuesday appeared to dispute a report that his administration was blocking aircraft engines going to China.
The Commerce Department is planning five regulations covering items like quantum computing and 3D printing technologies, Reuters reported Tuesday. The rules were mandated by a 2018 law meant to prevent the theft or loss of U.S. technology. Trade groups have been concerned that the White House would create tough regulations, but internal documents suggest the regulations will be limited in scope.
The administration is mulling blocking an export license for aircraft engine parts made by U.S. company General Electric intended for planes being built in China, the Wall Street Journal reported, citing people familiar with the discussion. China intends to use the engines in the creation of a new generation of passenger jets. Blocking the license could cripple the project.
Trump appeared to dispute the aircraft parts report in a Tweet on Tuesday, stating that he wanted China to buy the parts. “We don’t want to make it impossible to do business with us. That will only mean that orders will go to someplace else. As an example, I want China to buy our jet engines, the best in the World.”
In a follow-up tweet, he said, “I want to make it EASY to do business with the United States, not difficult. Everyone in my Administration is being so instructed, with no excuses.”
The White House referred questions on the reports to the Commerce Department, which had not responded as of press time.
Sports4 months ago
Bill Belichick Delights In Tormenting The Hapless Jets
Sports4 months ago
LAFC Coach Bob Bradley Storms Off When ESPN’s Sebastian Salazar Lobs Softball Question About Carlos Vela
Business3 months ago
Kohl’s, Amazon, Walgreens and more
Entertainment4 months ago
Steve Harvey’s Daughter Lori Harvey Arrested For Hit & Run in Los Angeles
Tech4 months ago
Modern Warfare on the PlayStation Store in Russia • Eurogamer.net
Fashion4 months ago
Sonam Kapoor shows you the right way to wear your mom’s traditional gold jewellery without looking outdated
Sports4 months ago
Bears WR Taylor Gabriel apologizes to fantasy owners
Business4 months ago
Avast, NordVPN Breaches Tied to Phantom User Accounts — Krebs on Security