Internal Security Audit Completed - Smooth Sailing for VikingVPN

Our Christmas break was interrupted by the purported hack of Cyberghost, a large VPN provider. We have gone through a rigorous internal audit of all of our servers and services and found no issues with our servers or our network.

VikingVPN has routine internal audits of our entire infrastructure and occasional external audits of our non-critical infrastructure in an effort to create the hardest environment possible for attackers. This internal audit was generated by the press around the CG breach, as an extraordinary precaution to protect user data.

As it turns out, Cyberghost did not suffer a security breach, and the account information leaked from CG was via outside attack vectors like botnets or trojans on individual PCs.

> read more

Seattle Cluster Maintenance

*This issue has been resolved. The Seattle Cluster is alive and healthy once again.*

Our Seattle servers are currently under maintenance due to a problem with our host there. Due a problem with infrastructure in the datacenter in Seattle, our servers are operating at 1/10th of their normal speed. We are currently working to mitigate the issue.

If we have to take any of the live servers down during this process, we will automatically redirect users to other clusters to prevent service outages.

This post will be updated when maintenance is completed.

The issue with the host is resolved, and service to Seattle has been fully restored.

> read more

NYC Servers Being Upgraded

*This upgrade has been completed and the NYC cluster is operating normally*

Our server cluster in NYC is being migrated to a new SSAE16 data center for better connectivity and greater uptime. The NYC cluster will be down throughout this migration, and the cluster will be down for maintenance for approximately 8 hours.

At this time, we are redirecting all NYC customer traffic through our Chicago cluster.

When the migration is complete and the servers have been tested for functionality, we will update this post notifying our users that the NYC cluster has returned to normal.

Edit:

We have halted the redirection of users from NYC to Chicago. The NYC cluster is live once again in its new home. To connect to the cluster, just disconnect your current connection and connect using your NYC.ovpn file.


> read more

Seattle Cluster Restart

The Seattle cluster is being restarted to investigate a performance anomaly reported by some users. A full reboot of the cluster is required in order to be able to fully investigate the problem.

Downtime of the Seattle cluster is expected to be less than 1 minute. Reconnecting to the service should resolve any connectivity issues you have.

> read more

VikingVPN is Patching OpenVPN for a Denial of Service Attack Vulnerability

We are in the process of patching our servers for the recently discovered DOS vulnerability. Upgrading our servers to a new version of OpenVPN will require us to issue a rolling restart to all server clusters. This may cause clients to stop responding to network requests in the process. Downtime is expected to be approximately two seconds. Disconnecting and reconnecting to the service should instantly fix any issues.

The vulnerability is performance related only, and there is no risk to client information leaking as a result of the discovered bug.

A new version of OpenVPN is available fixing the issue (OpenVPN 2.3.6). This issue is mostly server-side so an upgrade from 2.3.5 is not going to be required to connect to our network.

You can read more about the vulnerability here:

> read more

The VikingVPN Seattle Server Cluster is Live

We have completed the provisioning, configuration, testing, and security auditing of our new server cluster in Seattle, and have taken it to live service. The addition of a Seattle server cluster brings optimal service to the Pacific Northwest and the surrounding regions, as well as improving service to nations in and across the pacific.

As always, we urge our customers to connect to the closest VPN servers for the best possible performance.

To access the new servers, you will need to download a new set of keys from the VikingVPN website. You need to sign in with your account, go to the profile area, and select the option to download new certificates. Note: You will need to install these certificates on all devices, as the old set of certificates is revoked for security reasons when you generate a new set.

> read more

Making Installation Easier in Apple OSX - Zip Bug Squashed

A long standing issue with unzipping files in Apple OSX has been fixed. The original problem was that if you tried to unzip our VikingVPN.zip file to set up your account on Apple OSX, the zip module that is built into OSX would misread the header of the zip file and create a new zip file containing the original file. If you opened that file, it gave you the original zip file again and this continued infinitely.

The issue stems from the way OSX reads zip file headers. A new feature in zip files allows "zip streaming" which means that our VikingVPN web server begins sending the file before it is even done compressing the zip file. We used this feature to make the service as fast as possible when you are generating a new set of config files.

> read more

VikingVPN is Expanding to Seattle


VikingVPN is currently building a new server cluster in Seattle to bring our high performance service area to the Pacific Northwest.

Our strategy with our network build-out is to get high performance coverage in all of the US and (most of) Canada.

Our new Seattle cluster will bring even faster service to Seattle, Portland, Vancouver, and surrounding areas.

We expect to have our Seattle cluster deployed and the service open by Nov 1st 2014.

This will increase our number of server clusters to five, (Phoenix, Chicago, New York City, Amsterdam, and Seattle) and allow up to 5 simultaneous connections for all of our customers (one connection per location).

Our next planned expansion after Seattle is Atlanta. We will then move our focus to improving locations in the EU.

> read more

VikingVPN is Adding Bitcoin Paypal and Dwolla Support

A frequently requested feature by our customers is to increase our number of payment methods. The most frequently requested methods are Bitcoin and Paypal support.

We have been listening.

We will be adding Bitcoin, Paypal and Dwolla (a cheaper paypal alternative) support in the coming days.

Due to legal hurdles regarding corporate registration and paperwork, Paypal and Dwolla support will take a few weeks from today to be added. Bitcoin support should be available within 24-hours.

There will pages related to the process of paying with alternative payment systems on the site soon. We will be placing them on the sign up page.

Edit: The Bitcoin policies page is here.

> read more

Emergency Maintenance Applied - Bash

9/26 update:

We have completed emergency maintenance to close the new severe bash vulnerability named ShellShock.

I will be writing a security article on the vulnerability in the near future. Edit: here it is

Viking's network uses a mixture of operating systems that are tuned for security by our staff. Some important facts are: We do not use an OS that defaults to bash, but it does contain bash. Bash is disabled on all servers. We have taken the extra precaution of locking down bash with our intrusion prevention system, so even if a program calls bash, bash will not be able to access any resources to run, execute code, navigate, or utilize any resources.

All VikingVPN services are now hardened against the attack with multiple layers of protection. We do not believe we were vulnerable to attack via this vector originally, but these additional measures are precautionary.

No ShellShock related attacks were detected anywhere on our network.

> read more