NordVPN safe from DROWN Vulnerability
A few of our customers have turned our attention to OpenSSL protocol vulnerability news asking if our VPN was affected in any way. We wanted to reiterate to everyone that NordVPN is safe from this vulnerability, because we do not use SSLv2 or even SSLv3 protocols – as these are very outdated.
When it comes to HTTPS websites – it is time to ‘patch up’.
The vulnerability in question is being called DROWN (short for Decrypting RSA using Obsolete and Weakened eNcryption). Reportedly it targets OpenSSL though SSLv2 and could potentially decrypt internet user personal information on HTTPS websites thus intercepting info like user credit card information, by executing the so called MITM (man-in-the-middle) attacks.
As many as 33% of worldwide HTTPS websites might experience this vulnerability. The researchers who exposed the vulnerability advise that some of Alexa’s leading web sites are vulnerable to DROWN-based man-in-the-middle attacks, including Yahoo, Sina, and Alibaba.
Great to see researchers sharing this information and the media is alerting others on how to fix the issue where applicable. Here is a link to the site where you can find out if your site is vulnerable using the DROWN attack test site.
Once again, because NordVPN is a young company it has not used such outdated protocols, and as such, users info is not at risk of being exposed under DROWN vulnerability. To understand the issue better you can read a blog post by a cryptographer Mathew Green or the DROWN attack website that was shared with us by our readers.