Skip to main content

VPN servers seized by Ukrainian authorities weren’t encrypted

posted onJuly 27, 2021
by l33tdawg
Arstechnica
Credit: Arstechnica

Privacy-tools-seller Windscribe said it failed to encrypt company VPN servers that were recently confiscated by authorities in Ukraine, a lapse that made it possible for the authorities to impersonate Windscribe servers and capture and decrypt traffic passing through them.

The Ontario, Canada-based company said earlier this month that two servers hosted in Ukraine were seized as part of an investigation into activity that had occurred a year earlier. The servers, which ran the OpenVPN virtual private network software, were also configured to use a setting that was deprecated in 2018 after security research revealed vulnerabilities that could allow adversaries to decrypt data.

“On the disk of those two servers was an OpenVPN server certificate and its private key,” a Windscribe representative wrote in the July 8 post. “Although we have encrypted servers in high-sensitivity regions, the servers in question were running a legacy stack and were not encrypted. We are currently enacting our plan to address this.”

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th