The OpenSSL team upgraded FREAK to "high" severity today, due to the impact of the bug being far more widespread than initially thought. FREAK did impact OpenVPN, but did not impact VikingVPN because of our security topology.
First and foremost, FREAK requires two specific conditions in order to be exploitable. It requires a man-in-the-middle and it attacks OpenSSL autonegotiation. An attacker must be able to place themselves in the middle of the session, and then send fake data to the server to downgrade the encryption on their connection to the easily crackable Export RSA. The impact is huge as it breaks the encryption without notifying the client or the server that anything is wrong.
VikingVPN has a very tight security model specifically to protect users from these kinds of attacks. Firstly, we do not allow any negotiation on cipher to take place at all. We only use one cipher suite, the one that we believe is the strongest in the open-source OpenVPN client. The lack of autonegotiation already makes the FREAK attack impossible, but we also use the HMAC firewall to block man-in-the-middle attacks.> read more
We will be restarting the website and the associated infrastructure in order to apply routine security updates. Downtime is expected to be less than 1 minute. If you experience any issues with the website after this routine update (we are not expecting any), let us know via customer care.> read more
In our commitment to privacy and security, we have added support for the Darkcoin cryptocurrency. Our focus at VikingVPN is to provide the fastest and most secure service possible, and payment methods are one of the biggest challenges with a fully private model.
We added Bitcoin support a few months ago in an effort to give our customers more options for private payment. While Bitcoin is substantially safer than using your debit card directly for privacy, it is not perfect. There are ways to analyze the block chain, find the source of the transaction (usually an exchange) and then go after the exchange for user information regarding the transaction. There are also ways to associate IP addresses with wallets.
The Darkcoin project addresses both of these issues head-on by using the Tor network to anonymize IP addresses for transactions, and by automated wallet mixing systems that are similar to the> read more
VikingVPN is adding support to accept the Darkcoin digital cyptocurrency in the near future. We will be implementing Darkcoin in the same fashion as our current Bitcoin system.
We are adding DRK support as a commitment to keeping our customers as private as possible.
The Darkcoin project has significant improvements over the Bitcoin system for privacy in that:
1. All of the source code is available to be audited by the public.
2. The source code has been professionally audited.
3. The project has many privacy improvements over Bitcoin, making transactions much harder to trace and track.
You can see more information about Darkcoins and get a DRK wallet here: https://www.darkcoin.io/
We will soon be able to say:
We plan to write a stub article on the history of Darkcoin and the privacy concerns that it addresses. I will update this article with a link to the Darkcoin article when it is completed.
We are currently working on updating our connection guides to reflect the most current versions of software for both download links and screenshots. This overhaul will make sure that our users have the easiest methods to set up their VikingVPN service securely.
We are also working on updating our YouTube video guides for getting connected. As of this writing, all of the connection guides are current except for the Tunnelblick video. The methodology has changed for installation and a number of steps have been done away with to make the whole set up process easier.
You may notice a number of small changes to the site with regard to graphics and guides in the next few days, and we will be updating the Tunnelblick guide on YouTube as soon as is possible. The changes have already been made on the regular Tunnelblick guide on the site, the Video is the only guide that is dated.
If you have any questions regarding getting set up with VikingVPN, feel free to email us at customer care!> read more
Our server cluster in Bucharest, Romania is now live and ready for use! This is our second cluster of servers in Europe and it brings our high speed VPN services to eastern Europe, the Balkan states, as well as parts of Russia and the Middle East.
As part of our commitment to be the fastest and most secure VPN service out there, we select new locations based on network resources and laws regarding logging policies. Romania perfectly fits into this model as the nation has a fantastic network infrastructure and they have recently thrown out their data retention laws as unconstitutional on July 8th 2014. English source and the original source is in Romanian
The addition of this server cluster also adds more value to your VikingVPN subscription. Since we allow 1 connection per server cluster, this increases the maximum number of simultaneous devices to 6 per account.
As always, we urge our customers to connect to the closest VPN servers for the best possible performance.> read more
VikingVPN has completed a threat analysis and subsequent patch (if needed) of all systems related to the new Ghost vulnerability.
Our full analysis shows that none of our systems were vulnerable to attack on day 0.
Our web server does not utilize glibc. We also do not use PHP anywhere in the site. Our VPN servers have glibc present, and glibc is called by OpenVPN, but it does not use the vulnerable functions (gethostbyname, gethostbyname2). This means that the code related to the vulnerability is never used or executed by our systems.
We have updated the VPN servers to non-vulnerable versions of glibc as a precautionary measure.
Our final judgement is that no systems were vulnerable to the threat, and no risk to company or user data is or was present.
A more expansive article on the Ghost vulnerability will be posted to our Security Blog tonight.> read more
We are currently doing routine maintenance on the Phoenix cluster. Users may be temporarily dropped from the network during this maintenance as some servers inside of the cluster need to be restarted. If you are disconnected from VikingVPN during this maintenance window, you should be able to immediately disconnect and reconnect to Phoenix and continue using the VPN normally.
Maintenance Is expected to be complete by Midnight EST.> read more
Viking is committed to keeping speeds a high as possible for it's customer base. We have implemented a server buildout plan based on a clustering model, so that we have an ever-increasing territory with a high performance network, rather than a global slow one.
Our expansion plans include adding locations to better cover eastern Europe and the Asia-Pacific region.
Our expansions are triggered by servers in a nearby region hitting a certain density of users, which prompts us to expand to a new area. This means some of our existing customers will move to the new location because it is closer to them geographically (which usually means better performance) and it reduces the load on the existing cluster.
Amsterdam is our only EU cluster at this time. We are approaching the number of users on that node that will trigger an expansion in that region. This means that we are currently looking at datacenters in Eastern Europe for our next home.> read more
We have been working on an issue where some customers with very fast internet would see limited speeds when connecting to our servers. This problem seems to span multiple platforms, and multiple high speed internet providers.
We have found the underlying cause of the performance drag, and plan to implement the fix in the near future after we test the changes on all devices to be sure that no problems are introduced into the network with the change.
It bears repeating that this fix is only for very high speed customers (50+ Mbps) and will not impact most of our user base.
If you are a VikingVPN subscriber who thinks they are impacted by the current bug, you can contact us at customer care if you would like to implement the fix. We would appreciate the additional feedback from people before we roll out the change globally. This change may improve the performance of our service for all of our high speed broadband customers, especially those who are combining very high speeds with Wifi.> read more