The staff of VikingVPN is working on a Cybersecurity Wiki. This Wiki is going to explain all of the major aspects of how to protect your data and privacy on and off the internet.
We will be covering all aspects of cybersecurity in high detail, to allow users to learn about how to protect themselves, as well as step-by-step generic guides on various hardening techniques.
We will be incorporating some information from our security blog into this new wiki area, the largest move being the Firefox Hardening Guide that is very popular among the privacy community.
This is a GIGANTIC topic and the world of cybersecurity is constantly evolving. We will be routinely adding to the information in the Wiki and hope to have a comprehensive guide for users completed some time in the future. We will be adding content to the Wiki regularly as well as referencing good outside sources for topics that are too broad for us to cover.
The VikingVPN Web server is being restarted for routine security updates. Downtime of the website is expected to be less than two minutes. VPN services will not be affected by the restart.> read more
VikingVPN Has Received a Request for Information from the European Union - The Questions and Our Full Responses
VikingVPN has received a voluntary request for information from the European Commission. We have partially participated in the request and refused to answer any questions pertaining to customer data. The request contained no requests for individual user data, but had requests for some aggregate data that we also felt was too intrusive or requested information we simply do not have because we do not log our user activity.
*WARNING THIS IS A LONG AND DETAILED POST, AND IT IS NOT MOBILE FRIENDLY AS IT CONTAINS LARGE TABLES*> read more
There is a new "severe" OpenSSL flaw that was exposed today. OpenSSL has patched the flaw and it is available on their website immediately.
The flaw exposes all clients, servers and software that use certificate validation to a bug that would allow an attacker to impersonate a trusted device. This is a total bypass of the security of the certificate system. If there are no additional layers of verification (that do not rely on the certificate system) then the system is vulnerable to attack.
This could allow an attacker to impersonate trusted servers and push malicious updates to software, or an attacker to skim security credentials, or other malicious activity that would allow deep compromise of the victim's machine.
The VikingVPN Security Impact:
This area will be updated with a graphic in the near future. We are rushing out this transparency post to show exactly what we are working on and the impact of the problem.> read more
OpenDNS has announced that they are about to be acquired by Cisco Systems. Our US server clusters have been using OpenDNS for over a year because they perform well and do not log user activity.
The acquisition of OpenDNS by Cisco Systems raises concerns about whether their logging policies will remain the same, or be silently changed. It also raises concerns about Cisco's plausible complicit participation in clandestine activities.
Due to these concerns, VikingVPN is changing all of its US infrastructure to use servers that are ran by the OpenNIC project. These are servers that are fast, regularly audited, and do not log.
The VPN server clusters will be issued rolling restarts over the next few hours to complete these changes. Downtime is expected to be less than one second. If you lose connectivity during this period, you can immediately reconnect to the service and continue using it normally.
All server clusters are being issued rolling restarts to apply routine security updates to our systems. Downtime is expected to be less than one second.
If you lose your connection to the VPN network during these restarts, you will be able to immediately reconnect.
The restarts should be completed within 30 minutes of this post.> read more
OpenVPN 2.3.7 has just been released which contains several bug fixes and updates.
This changes our recommended version to 2.3.7 for all platforms and we urge users to update. There are no critical security fixes that directly impact VikingVPN customers but it does contain a large number of bug and documentation fixes and re-enables some features that were disabled while older vulnerabilities were fixed.
We will be updating our server clusters throughout the day today. You may temporarily be dropped from the network during the update process. Downtime is expected to be less than 5 seconds. You should be able to immediately reconnect to any cluster if you lose your connection.
Keep your eyes peeled for updates to the Apple iOS and Google Android apps!> read more
We have learned that Comcast is having a significant outage on the west coast of the US. We peer with Comcast directly in Phoenix and Seattle. We have managed the issue and users should only see slight increases in ping until Comcast is fully restored. For now, our other carriers are picking up the Comcast slack.
Users that do not use Comcast internet services should see no change in performance.> read more
VikingVPN has officially joined a number of other American tech companies that are protesting the Trans Pacific Partnership, which is a trade agreement for a number of nations all over the Pacific that is appears to be catering heavily to corporate interests and has closed off all negotiations to privacy and civil liberties groups.
We have signed the Electronic Frontier Foundation's letter that expresses our concerns about the secrecy of the negotiations as well as the efforts to "fast-track" the legislation to avoid public debate on the provisions.
Along with our signature, we added our official comments about the TPP exactly as below:
VikingVPN is strongly against the secretive Trans-Pacific Partnership trade agreement due to multiple serious concerns.
At Viking, we are dedicated to protecting our users to the greatest extent possible. We have adopted long held standards for security, and then gone above and beyond that mark and used the best techniques known to the industry.
Beyond checklists and penetration tests, we have implemented policies that minimize our attack surface and harden our systems against 0-day attacks and other unknown threats.
One of the measures we have taken since day 1 is avoiding the use of virtual machines. We have always opted for bare-metal servers and avoided Virtual Private Servers and Clouds to increase performance and decrease our attack surface. We have also opted to keep our systems as simple as possible, avoiding adding layers of complexity by using additional software or weakening infrastructure to make the network easier to manage.