Podcast Episode Details
Back to Podcast Episodes
Nord VPN Security Incident, Smart Speaker Phishing, Apple iOS 13 Privacy Features
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technology…with your host, Tom Eston.
In episode 92 for October 28th 2019: Details on the Nord VPN security incident, using Amazon Echo and Google Home smart speakers for phishing attacks, and new privacy features in Apple iOS 13 you should know about.
What does it mean to go off the grid? For most of us that are constantly relying on our phones, tablets, and laptops it means shutting them off and doing some other activity like enjoying nature or spending valuable time with friends and family. I don’t know about you but I struggle with turning off or putting down my phone because I’ve become so tied to it. I mean, have you ever forgotten your phone at home while you were driving to work or did you happen to find yourself in the wilderness or somewhere where you can’t get a cell phone signal? How did this make you feel? I know I have had that awkward feeling of “what if someone tried to message me?” or “how will anyone get ahold of me in an emergency”? In fact, how many of you would drive back home to retrieve your phone or walk around until you found a cell phone signal out in the middle of nowhere? Look it’s hard to go off the grid but the good news is that there are products that can help. That’s why I recommend using a Silent Pocket Faraday bag which can instantly block are wireless signals, quickly taking you off the grid. Check out their full product line at silentpocket.com. And because you listen to this podcast remember to use discount code “sharedsecurity” at checkout to receive 15% off your order.
Welcome to the Shared Security Weekly Blaze Podcast where we update you on this week’s most important cybersecurity and privacy news. These podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
Popular VPN service provider Nord VPN disclosed that they were the victim of a security incident which happened about 16 months ago, back in March 2018. The attack compromised a server in Finland in which attackers were able to access encryption keys which could have been used to potentially decrypt user traffic, launch man-in-the-middle attacks, and even impersonate the nordvpn.com website. Attackers were able to access the server by exploiting an unnamed remote management system that was being used by the data center that housed one of the Nord VPN servers. One of the certificates the attackers gained access to was one that provides HTTPS encryption for nordvpn.com. This certificate wasn’t set to expire until October 2018, seven months after the breach. This means that for months, attackers could have been luring unsuspecting victims to phishing sites thinking they were signing up or accessing nordvpn.com. And to make matters worse details about the incident have been apparently floating around underground forums on the Internet since May of 2018.
Nord VPN posted a blog about the incident and stated that no user accounts or user data was affected or that anyone attempted to monitor user traffic in any way. They also stated that the only attack possible would have been a personalized and highly sophisticated man-in-the-middle attack to intercept a single connection. And also restating that they are a “no logs” VPN provider so there would be nothing for an attacker to see anyway. This is contrary to what others in the media and security research community are saying noting that man-in-the-middle attacks are not that hard to pull off and that these types of attacks are actually what VPNs are supposed to help protect users from. The Nord VPN blog post also seemed to pass complete blame of the inci
Published on 6 years, 2 months ago