There is a new "severe" OpenSSL flaw that was exposed today. OpenSSL has patched the flaw and it is available on their website immediately.
The flaw exposes all clients, servers and software that use certificate validation to a bug that would allow an attacker to impersonate a trusted device. This is a total bypass of the security of the certificate system. If there are no additional layers of verification (that do not rely on the certificate system) then the system is vulnerable to attack.
This could allow an attacker to impersonate trusted servers and push malicious updates to software, or an attacker to skim security credentials, or other malicious activity that would allow deep compromise of the victim's machine.
The VikingVPN Security Impact:
This area will be updated with a graphic in the near future. We are rushing out this transparency post to show exactly what we are working on and the impact of the problem.> read more
OpenDNS has announced that they are about to be acquired by Cisco Systems. Our US server clusters have been using OpenDNS for over a year because they perform well and do not log user activity.
The acquisition of OpenDNS by Cisco Systems raises concerns about whether their logging policies will remain the same, or be silently changed. It also raises concerns about Cisco's plausible complicit participation in clandestine activities.
Due to these concerns, VikingVPN is changing all of its US infrastructure to use servers that are ran by the OpenNIC project. These are servers that are fast, regularly audited, and do not log.
The VPN server clusters will be issued rolling restarts over the next few hours to complete these changes. Downtime is expected to be less than one second. If you lose connectivity during this period, you can immediately reconnect to the service and continue using it normally.
All server clusters are being issued rolling restarts to apply routine security updates to our systems. Downtime is expected to be less than one second.
If you lose your connection to the VPN network during these restarts, you will be able to immediately reconnect.
The restarts should be completed within 30 minutes of this post.> read more
OpenVPN 2.3.7 has just been released which contains several bug fixes and updates.
This changes our recommended version to 2.3.7 for all platforms and we urge users to update. There are no critical security fixes that directly impact VikingVPN customers but it does contain a large number of bug and documentation fixes and re-enables some features that were disabled while older vulnerabilities were fixed.
We will be updating our server clusters throughout the day today. You may temporarily be dropped from the network during the update process. Downtime is expected to be less than 5 seconds. You should be able to immediately reconnect to any cluster if you lose your connection.
Keep your eyes peeled for updates to the Apple iOS and Google Android apps!> read more
We have learned that Comcast is having a significant outage on the west coast of the US. We peer with Comcast directly in Phoenix and Seattle. We have managed the issue and users should only see slight increases in ping until Comcast is fully restored. For now, our other carriers are picking up the Comcast slack.
Users that do not use Comcast internet services should see no change in performance.> read more
VikingVPN has officially joined a number of other American tech companies that are protesting the Trans Pacific Partnership, which is a trade agreement for a number of nations all over the Pacific that is appears to be catering heavily to corporate interests and has closed off all negotiations to privacy and civil liberties groups.
We have signed the Electronic Frontier Foundation's letter that expresses our concerns about the secrecy of the negotiations as well as the efforts to "fast-track" the legislation to avoid public debate on the provisions.
Along with our signature, we added our official comments about the TPP exactly as below:
VikingVPN is strongly against the secretive Trans-Pacific Partnership trade agreement due to multiple serious concerns.
At Viking, we are dedicated to protecting our users to the greatest extent possible. We have adopted long held standards for security, and then gone above and beyond that mark and used the best techniques known to the industry.
Beyond checklists and penetration tests, we have implemented policies that minimize our attack surface and harden our systems against 0-day attacks and other unknown threats.
One of the measures we have taken since day 1 is avoiding the use of virtual machines. We have always opted for bare-metal servers and avoided Virtual Private Servers and Clouds to increase performance and decrease our attack surface. We have also opted to keep our systems as simple as possible, avoiding adding layers of complexity by using additional software or weakening infrastructure to make the network easier to manage.
Our web server will be restarted to apply routine security updates. The expected downtime of the website is 30 seconds or less. The VPN network will be unaffected and remain up.> read more
We have deployed a number of improvements to the VPN service in order to further optimize speeds on our network. These changes were tested thoroughly on all supported platforms and we believe there to be no cases where performance or stability will get worse.
The changes are both client and server based. So in order to enjoy the full benefit of the changes, you'll need to get a new set of OpenVPN configuration files from our website. For customers that means signing in to the website and going to the "Profile" tab, and then selecting the option to download new config files.
The install process is the same, and the changes are backwards compatible with older clients and older config files. This update has been tested on Windows 7, Windows 8, Windows 10, Windows XP, Android 4.0 and up, iOS6 and up, Ubuntu, Debian, Arch, OSX, DD-WRT and Tomato
There are no changes to the security infrastructure or settings in place with these changes.> read more
We are planning to change our website to a new web host due to an unacceptable number of outages with our current host. We will be moving to one of our known to be reliable hosts that we use for the VPN network. Downtime will be between 15 and 60 minutes on Saturday for the website only.
The VPN network will remain active and functional throughout this transition, and no slowdowns or outages are expected.