-----BEGIN PGP SIGNED MESSAGE-----
March 2nd 2015
VikingVPN, and it's parent company Viking Connections LLC, from the inception of the company to present day, has not received any of the following:
Requests for information - Civil or Criminal - We have never received a request for information on a specific user, nor any request for bulk user data, nor any request for metadata.
Requests to modify or weaken our services - We have never received a request to change our encryption, our security practices, or our protocols. This includes wiretap orders or implementing methods to identify users on our network.
Requests for private keys - We have never received a request for private VPN server keys, access to our website CA, or any code signing certificates we control. This includes all of our self-signed certificates in the chain used by our VPN network.
Viking VPN Service is releasing our client for Windows PCs into Open Beta as of today. You can download the client here.
Follow our connection guide for Windows to get it set up. It's pretty easy and hassle free.
It's possible that you'll get false-positives from malware or virus scanners for this app. These false-positives are caused simply by the app being new on the market. These false-positives will go away in time.
We have open-sourced the code for the app. It is published on bitbucket.
> read more
We have completed emergency maintenance to respond to the Stack Overflow in glibc as disclosed in CVE-2015-7547. Google and Red Hat are credited with the disclosure and fix.
More information on the CVE can be found below:
Google Online Security: https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
Proof of Concept Attack: https://github.com/fjserna/CVE-2015-7547
Our infrastructure has been patched and all server clusters have been issued rolling restarts to ensure that there is no chance of an out-of-bounds buffer being active. Google and Red Hat are confident that the vulnerability has likely not been exploited in the wild. As a precautionary measure, we will be performing an internal audit of our systems ahead of schedule to verify that all systems are secure.> read more
Our policies are completely unchanged, this update is to just make it more clear how we handle logging.
We clarified that total user bandwidth is not monitored.
We clarified that total server bandwidth usage (per day) is monitored.
We clarified that we have never had to use our logging contingency plan to defend the network. It is just present in case it ever has to be used.
Since the inception of VIkingVPN, we have been committed to using open-source, trustworthy software only. This is why we exclusively use OpenVPN on all supported devices for our users, and eschew technologies that can have poorly implemented or outright compromised implementations. (I'm looking at you, PPTP, IPSEC, and SSTP)
We are remaining committed to that cause.
However, we have run into a number of usability problems with the standard OpenVPN client that many non-technical customers cannot overcome. This includes implementing DNS leak protection, protecting yourself from IPv6 leaks, managing your own config files, and obfuscation technologies for customers in nations with heavy censorship.
As a response to these needs that the regular OpenVPN client does not meet for some customers, we are developing a custom client that will fill this role.
We have multiple goals for the client that will be slowly implemented and tested.> read more
All VikingVPN server clusters are receiving routine security updates, and updates to OpenVPN 2.3.9. Downtime is expected to be less than 5 seconds. If you are disconnected from your server cluster due to a rolling restart, you will be able to immediately reconnect and continue using the service normally.
OpenVPN 2.3.9 contains updates that allow greater protection from DNS leaks in Windows 8 and Windows 10. We will be exploring these options in the coming days to see if implementing them on the Viking network impacts non-Windows customers.> read more
VikingVPN has donated to the Open Source Technology Improvement Fund (OSTIF.org) to help support open source security software.
The OSTIF is a group that raises funds in order to get open-source security projects audited by professionals and also to set up bug bounties and give grants in order to create landmark improvements in software.
The OSTIF currently has a KickStarter going to get bug bounties and security audits going for OpenVPN, OpenSSL, GnuPG, VeraCrypt, and Off-The-Record Messaging. It's stretch goals include getting audits for NoScript, Mailvelope, and operating 10 Tor exit nodes in Chicago.
You can help the OSTIF by donating to them on the KickStarter, or spreading the word on social media!