Month: October 2019

Gemeinsam mit seinen Hardware-Partnern startet Microsoft die Initiative Secured-core-PC. Diese Windows-Rechner sollen Manipulation der Firmware und des Bootprozesses erkennen. Die Idee und Technik dafür ist längst bekannt. (Windows 10, Microsoft)

Drei Projekte, die 5G anschaulicher machen sollen, erhalten Steuergelder vom Bundesverkehrsministerium. Es geht um Telemedizin, Mobilität und Industrie 4.0. (5G, Handy)

Der Plan des milliardenschweren Kabelkonzernführers John Malone, UPC für 5,6 Milliarden Euro zu verkaufen, ist gescheitert. Olaf Swantee, Chief Executive Officer von Sunrise, sagte am Dienstag, der Deal sei "tot". (Freenet, Kabelnetz)

Neben NordVPN wurden offenbar bei zwei weiteren VPN-Anbietern Server gehackt. Das geht aus einem alten Thread bei 8chan hervor. Zum NordVPN-Hack sind nun weitere Details bekannt. (VPN, Computer)

Mit dem Ghost Canyon alias NUC9 Extreme plant Intel einen 5-Liter-Mini-PC mit untypischem Innenleben: Statt auf einer Hauptplatine sitzen der Prozessor, die RAM-Steckplätze und die SSD-Slots auf einem PCIe-Modul. Hinzu kommt optional eine dedizierte Grafikkarte neben dem Mainboard. (Intel NUC, Prozessor)

Das Surface Pro X könnte als neues Vorzeigegerät der Plattform Windows-10-on-ARM herhalten. Das Display ist groß und hochauflösend. Der Stift wurde verglichen mit dem herkömmlichen Surface Pen merklich verbessert. Allerdings gehen Zielgruppe und Preisvorstellung weit auseinander. Ein Hands on von Oliver Nickel (Surface, Microsoft)

Ab 30 Euro im Monat vermietet Media Markt Saturn E-Scooter. Der Elektronikmarkt hofft, eine Marktlücke gefunden zu haben. (E-Scooter, GreenIT)

VPN service provider NordVPN was the victim of a server breach early last year, the provider has confirmed.

The news was made public following a series of tweets from hacker / web developer ‘undefined.’ These were picked up by Ars Technica and TechCrunch, among others.

The hack in question targeted a single server at a third-party datacenter. The attacker reportedly compromised the server by exploiting an insecure remote management system, which NordVPN wasn’t aware existed at the time.

By compromising the server the attacker gained access to three TLS keys that would allow this person to operate a fake NordVPN.com site or VPN server, using a man-in-the-middle attack. NordVPN stresses that it doesn’t keep user logs and that it wasn’t possible to use the keys to decrypt regular VPN traffic or previously recorded VPN sessions.

The server in question was compromised early 2018 but NordVPN didn’t disclose it at the time. The company now says that it chose not to do so because it had to make sure that none of its other infrastructure was prone to similar issues.

Following the news reports, NordVPN published its own account of what happened and how this affected its users. The company stresses that the breached keys have since expired (they were initially active) and could never be used to decrypt VPN traffic of users.

While the compromised TLS keys couldn’t decrypt VPN traffic, a server breach is of course always a big event of course. Especially in the VPN industry, where trust in a company is extremely important. That the effect appears to be limited here is a good thing, but that doesn’ change the fact that the server was hacked.

While NordVPN stresses that the hack only had a minimal impact, it recognizes that security is a vital issue, and that it should do better going forward.

“Even though only 1 of more than 3000 servers we had at the time was affected, we are not trying to undermine the severity of the issue. We failed by contracting an unreliable server provider and should have done better to ensure the security of our customers,” NordVPN says.

“We are taking all the necessary means to enhance our security,” the company adds.

NordVPN further informs TorrentFreak that it always treats VPN servers as the least secure part of their infrastructure, since breaches are always possible. This means that VPN endpoints do not contain any “vulnerable information,” nor do they provide access to the rest of the infrastructure or a user database.

If anything, this episode shows that 100% security is nearly impossible. In addition to the NordVPN hack, competing services TorGuard and VikingVPN also suffered breaches, according to reports. TorGuard previously confirmed this a few months ago.

—

Disclaimer: NordVPN is one of our sponsors. This article was written independently, as all of our articles are.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Ab sofort können Spieler auf Windows-PC und Xbox One das in Xbox Live angezeigte Gamertag frei wählen - fast jedenfalls. Je nach Plattform wird eine zusätzliche Nummer hinter dem Namen mehr oder weniger deutlich sichtbar eingeblendet. (Xbox Live, Microsoft)

Das Gpi Case sieht aus wie ein Game Boy vergangener Zeiten, ist aber ein Gehäuse für den Raspberry Pi Zero - inklusive Power-Schalter und Klinkenbuchse. Ein paar Unterschiede zum Nintendo-Original gibt es: etwa zusätzliche Tasten und ein Farb-Display. (Raspberry Pi, Nintendo)