fsy 34 Posted ... Drama! But somehow hilarious, somehow bewildering when you see how the exploit was made possible by Atlas software developers:https://www.bleepingcomputer.com/news/security/atlas-vpn-zero-day-vulnerability-leaks-users-real-ip-address/ Quote Share this post Link to post
OpenSourcerer 1435 Posted ... Is there even a use case for such an API? Scripting, maybe? Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Stalinium 44 Posted ... Context: https://www.techradar.com/news/nord-security-snaps-up-atlas-vpn I don't know what's worse here. Unauthenticated web interface lack of CSRF that would prevent such blind requests the web interface on a localhost port that browsers still allow access to without asking any permission-related questions Regardless of the current fix, websites will be able to find out if the user is a user of Atlas VPN, without any IP matching. And in the case it's used by the client, it's a giant red flag of qualification, business direction and security practices at Atlas and Nord as a whole. Now that Nord positions itself as a cybersecurity company especially in the B2B segment, I can't explain how they don't have processes in place to audit the design choices of their acquired companies. This further reinforces my position to avoid them entirely. 1 ARandomGuy reacted to this Quote Share this post Link to post
fsy 34 Posted ... 22 hours ago, Stalinium said: And in the case it's used by the client, it's a giant red flag of qualification, business direction and security practices at Atlas and Nord as a whole. Now that Nord positions itself as a cybersecurity company especially in the B2B segment, I can't explain how they don't have processes in place to audit the design choices of their acquired companies. This further reinforces my position to avoid them entirely. NordVPN? Those who had servers cracked no more than a few years ago because they ignored to check IPMI interfaces? 🤣 By golly, we live in a world where the head of the European Central Bank is a convicted person found guilty in court for negligence in finance-related crimes when she was Minister of Finance in France, a world where the planet's largest company offering privacy-oriented VPN services favored clickware and adware spreading and infections, so NordVPN cucks recycling themselves as security experts is clearly a very proper and natural action. 😏 I realize now I opened this topic on the wrong forum, I wanted to open it in "Other VPN competitors" and not here! Moderators help! 2 ARandomGuy and Stalinium reacted to this Quote Share this post Link to post