Archive for NordVPN

Guest Post: NordVPN Celebrates Its 8th Birthday

Posted in Commentary with tags on February 11, 2020 by itnerd

NordVPN’s story began in 2012. Four childhood friends came together to build a product that could liberate the internet. All of the founders had their 9 to 5 jobs at other companies but were giving their best to create the technology they believed in.

The beginning of NordVPN was very modest: it was only available on Windows, users had to self-configure it, and it had one server in Germany. By the end of 2012, NordVPN had six servers. “We used to mark these servers on a map on our office wall. It later became our symbol and an inspiration — when creating our first apps, we duplicated this map for easy server selection,” says Ruby Gonzalez, Head of Communications at NordVPN.

In 2013, NordVPN celebrated its first significant milestone — 1000 users. “In those first years, we had three people working for customer support, four in marketing and product, and five developing apps and taking care of infrastructure. We had no CEO, CTO, CMO, or any other C level employee. Everyone was doing everything. If someone was skilled in writing code and also happened to know something about grammar — well, we could use copywriters. If someone could do front-end, then hey, they must obviously know something about web design. It was a small amazing team, and everyone did the best they could,” says Ruby Gonzalez, Head of Communications at NordVPN.

NordVPN launched its first native app for Windows in September 2013. However, as the growth was still slow, other apps didn’t arrive until much later. In fact, the next apps for iOS and macOS were launched in 2015 only. Then the Android app came out in 2016, and the apps for Android TV and Linux followed in 2018.

Even though NordVPN wasn’t available on all devices, by the end of 2014, the company celebrated its first 10,000 users. “We are convinced that the reason for this success was the 24/7 customer support, introduced in September 2014. NordVPN was the first among premium VPNs to launch such a service. Knowing the importance of our support team, we keep strengthening and improving it further. We call our customer support “Success Managers,” as we truly believe that customer satisfaction is the ultimate key to the success of NordVPN,” says Ruby Gonzalez, Head of Communications at NordVPN.

In 2015, the company finally realized that it could be a global brand. The biggest reason for that was the Australian data retention law, which required Australian internet service providers and telecommunications carriers to retain customer metadata. The private information, such as the device location or sender’s email address, had to be held for at least two years. This controversial law led to NordVPN’s popularity skyrocketing — in just a few days, the company doubled its customer base. It was clear that people took their privacy online very seriously.

Continuing to realize its global impact, the company started a social responsibility program, providing the first emergency VPN in Uganda. During the 2016 general elections, Ugandan authorities resorted to shutting down entire social media platforms twice. “As our main goal is to liberate the internet, the social responsibility program is a no brainer for our company,” says Ruby Gonzalez, Head of Communications at NordVPN.

2017 marks the beginning of an incredible bout of growth: both in users and staff, along with the expansion of features and services. “The enthusiasm that led to starting this company has not gone away. Things haven’t always gone smoothly, and we haven’t always achieved what we wanted. However, every time we made a mistake, we made sure we’ve learned something from it and tried to do even better next time. That’s our recipe for success,” says Ruby Gonzalez, Head of Communications at NordVPN.

In November 2018, NordVPN took an even further step towards improving its service and completed an industry-first audit of its no-logs policy. “The trust of our customers is vital, and we wanted to prove we keep no logs of our user activity. And that was not our only audit. In 2019, third-party penetration testers checked our apps, while a full infrastructure audit is planned for this year,” says Ruby Gonzalez, Head of Communications at NordVPN.

Last year was extremely exciting for NordVPN. In 2019, the company celebrated 12 million users. It also launched NordLynx — a new solution for a fast and secure VPN connection, built around the WireGuard® protocol. The company also launched three new products: NordPass — a new generation password manager, NordLocker — a powerful file encryption tool, and NordVPN Teams — a VPN solution for business.

“Our company has no plans to stop growing – our ambitions are very high. We are incredibly excited about the future, and we are committed to serving our users and offering the best product on the market. We will also focus on transparency and trust between our clients and us,” concludes Ruby Gonzalez, Head of Communications at NordVPN.

Guest Post: NordVPN Discusses Apple vs FBI: how dropped data encryption plans impact user privacy

Posted in Commentary with tags on January 24, 2020 by itnerd

About two years ago, Apple canceled its plans to implement end-to-end encryption for iCloud because of complaints from the FBI, reports Reuters.

Reuters’ sources say that the technology giant had to abandon full encryption of iPhone backups after FBI objections over the resulting reduced ability to gather evidence of criminal activities. If Apple had followed through, it would no longer have been able to access users’ encrypted data. Thus, even under court orders, it could no longer turn over private material to authorities in readable form.

The FBI uses hacking software to break into the phones and computers of potential criminals. By contrast, Apple’s cloud can be searched in secret, which is more convenient. Therefore, the company’s decision to not proceed with end-to-end encryption of iCloud backups made the FBI’s job easier.

According to Reuters, in the first half of last year, U.S. authorities armed with warrants obtained full device backups or other iCloud content in more than 1,500 cases.

According to Oliver Noble, a cybersecurity expert at NordLocker, Apple’s intention to offer end-to-end encryption and cut off its own access to customers’ information should be lauded, despite it running contrary to the FBI’s principles. That is because unencrypted data is coveted not only by the authorities, but also by cybercriminals.

“Users’ data has been in demand for many years and the situation is out of control. Last year’s data breaches, hacks, and leaks put an unimaginable amount of sensitive information at risk. And the risk of getting money stolen from a credit card is no longer the worst possible outcome. Nowadays, our data is sold to advertisers or used to influence our political decisions — and that is changing the world as we know it,” says Oliver Noble from NordLocker.

Although Apple’s backtracking hasn’t been reported until recently, data encryption has been a hot topic for quite some time now. Security experts advise people to not wait for the government or big corporations to take care of their data, but to look after their privacy themselves. There are many different tools, such as VPNs, file encryption software, and password managers, that help users protect themselves from hackers.

The Apple case shows that even big companies can find themselves between a rock and a hard place, forced to choose between better protection for their users and unimpeded government access to information for legitimate purposes.

 

Guest Post: NordVPN Discusses New Year’s Cybersecurity Resolutions That You Might Want To Adopt

Posted in Commentary with tags on January 7, 2020 by itnerd

“New Year, New Me” – everyone is familiar with the desire to change for the better as the New Year comes. And although about 80% of New Year’s resolutions fail by mid-February, some are worth keeping. In the digital age, those are the ones related to cybersecurity and online lives.

2019 saw a massive increase in cyberattacks; in fact, 4 billion records have been breached so far. “Even the biggest corporations are vulnerable, and we never know when our data is going to end up in the wrong hands,” says Daniel Markuson, the digital privacy expert at NordVPN. “We have no control over when the next company or even government institution is hacked. But even if we can’t prevent all cyber threats, there are things we can do to make our digital life safer.”

Promise to stay safe during 2020 and make some resolutions that will stick:

  1. ‘I will use stronger passwords.’

According to recent findings, most people still make the same mistake and use unimaginative passwords. To make it worse, a lot of people recycle their passwords. While recycling is an excellent initiative for the environment, reusing your passwords is a terrible cyber hygiene practice. This means that if one of your accounts gets hacked, others will too. Security experts advise using password managers, such as NordPass, to create a complex password. It is also a good idea to use two-factor authentication for extra protection.

  1. ‘I will stop oversharing on social media’

Of course, we all love to boast about our exotic vacations and weekend city breaks. However, whenever you announce you are leaving for a trip on social media, you practically invite a burglar to your house. A good idea is to post those pictures afterward, when you are there to protect your home.

  1. ‘I will be careful with public Wi-Fi.’

We all love something free, and in this digital age, free Wi-Fi is something we assume every public place will provide. However, public Wi-Fi is a real gold mine for cybercriminals. They have their methods to intercept your internet connection and collect your sensitive information: credit card details, passwords, phone numbers, addresses, and so on. So be vigilant when using public Wi-Fi, use a firewall, and install a VPN, like NordVPN, which encrypts your online data.

  1. ‘I won’t click on every link.’

Clicking on a malicious link is the easiest way to catch a virus. How do you know which link is malicious and which one is not? Hover over the link or banner and check if the destination site looks legitimate. Also, always check the sender’s details.

  1. ‘I will stop postponing software updates.’

We’ve all done it – we’re doing something so important and don’t have time to stop for 10 mins to install that software or app update. However, these updates usually contain essential security patches that protect your system from threats. Skipping these updates means that you are leaving your device open to vulnerabilities. Also, make sure you download all updates from verified legitimate sources.

  1. ‘I will shop on secure websites only.’

Before even thinking about making a transaction, you should check whether your e-shop is secure or not. All you need to do is pay attention to the beginning of your website URL and see if it starts with ‘http’ or ‘https.’ The letter ‘s’ means that the connection is made through a secure protocol, and you can trust the site with your payment. Also, be vigilant and pay attention to how much information the website requires. If it’s asking for more details than usual, it might be a fraudulent site.

NordVPN Launches NordPass

Posted in Commentary with tags on November 26, 2019 by itnerd

NordVPN has launched its latest cybersecurity product. NordPass is a password manager built with a focus on simplicity and security. This tool saves you memory space for more important things than logins.

When it comes to cybersecurity, people have plenty of bad habits. This includes passwords too: from keeping login information in sticky notes or notepads to using “password” or “123456.” And worst of them all — reusing them all for different accounts.

Like a master key, NordPass fits everyone’s needs. Not only does it help to generate new complex passwords, but also lets you share them securely with friends or coworkers. And most importantly, this password manager remembers it all: from complex logins to private notes and credit cards. And you can access it all with a single Master Password.

To keep the information secure, NordPass uses top-of-the-field XChaCha20 encryption for the password vault and Argon 2 for key derivation. Users can also choose optional two-factor authentication for extra safety. Additionally, the new tool will have a zero-knowledge architecture to ensure ultimate security.

Powered by cybersecurity experts, NordPass is easy to use. You can download user-friendly browser extensions for Chrome, Firefox, Opera, Brave, Edge, and Vivaldi. And, of course, apps for iOS and Android.

Key NordPass features:

  • Top security and zero-knowledge architecture
  • Two-factor authentication (2FA)
  • Effortless password management — only a single password to remember
  • Syncing on up to 6 devices at the same time
  • Sharing items (such as passwords, credit cards, and notes) with family, friends, and coworkers
  • Import from other password managers
  • Secure storage for private notes and credit card information
  • Universal availability (apps and extensions)

Premium users can share and use NordPass on more devices at the same time. Monthly prices start from $2.49 with a 2-year plan. If users need basic features only, they can get a freemium version of NordPass. Visit nordpass.com for more information.

 

NordVPN Announces NordLocker

Posted in Commentary with tags on November 12, 2019 by itnerd

NordVPN has announced the launch of its latest cybersecurity product — NordLocker. The new digital tool secures all types of files stored on your computer or in the cloud with end-to-end encryption.

NordLocker is perfect for both personal use and handling work-related data. If someone gets access to your computer or other storage without permission, you don’t want your private files, such as photos, videos, music, notes, etc. to be peeked at or stolen. With NordLocker, what others see on your computer is secure, folder-like “lockers,” which hold your encrypted files and can only be accessed with your master password. The tool is especially handy for protecting your most sensitive data, including finances, IDs, and work files.

On the other hand, NordLocker is a must for companies that store financial, legal, or medical records of their clients or deal with any other confidential information. In case of a breach, the encrypted data remains ultra-safe and private. That’s because NordLocker’s cryptosystem uses the most advanced ciphers and principles, featuring Argon2, AES256, ECC (with XChaCha20, EdDSA, and Poly1305), and other creations of modern cryptography. Military-grade encryption secures files kept both on your computer and in the cloud hosting services, such as Dropbox.

NordLocker features zero-knowledge privacy. “Your data is not our business. Our encryption system is designed in such a way that we can’t see your file content under any circumstances,” says Ruby Gonzalez.

Running on both Windows and macOS, NordLocker supports documents of any type and size. To encrypt files, simply drag and drop them into your locker folder or use the “plus” button within the locker. Once the files are in the locker, they can only be accessed and decrypted with your master password. Finally, your data is safe from hacking, snooping, and unauthorized access of any kind.

The easy-to-use app offers a safe way to share your files with others confidentially. Just encrypt them first and then send them via email, messaging apps, file transfer services, upload them to the cloud, or use any other way. The data stays protected and impossible to crack until you give someone access to it. If the people you want to share your files with don’t have NordLocker, they can download it, sign up, and access your files for free.

Main features of NordLocker:

  • One-click encryption
  • Master password protection
  • Confidential cross-platform sharing
  • Supports files of any type and size
  • Encrypts files stored on a computer and in the cloud
  • Accessible on multiple devices
  • Runs on macOS and Windows
  • Powerful cryptosystem (AES256, ECC, Argon2)
  • Zero-knowledge architecture

A free version of NordLocker is available which gives users 5GB of encrypted data. Premium users can encrypt unlimited amounts of data. Visit nordlocker.com for more information.

Guest Post: NordVPN Discusses Their Recent Independent Security Audit

Posted in Commentary with tags on November 6, 2019 by itnerd

This October, NordVPN has completed an application security audit. The in-depth application penetration test was conducted by an independent auditor VerSprite, one of the leading cybersecurity consulting firms, which specializes in finding threats, risks, and vulnerabilities in application software.

“This audit made our apps even stronger. After the initial test, our developers followed the auditor’s recommendations and implemented a few changes,” explains Ruby Gonzalez, NordVPN’s Head of Communications. “We intend to regularly audit our service in the future.”

NordVPN’s application penetration test covered NordVPN’s API endpoint and Clients Panel, mobile apps for iOS and Android, and desktop applications for Windows and macOS.

The VerSpirte’s penetration testing methodology is based on real-world attack simulations by a malicious actor. Auditors focused on identifying high-impact vulnerabilities that could lead to IP leaks, breaching confidential user data, and overall privilege escalation.

Just recently NordVPN received another good evaluation during the extensive VPN test by the AV-TEST GmbH. The independent research institute for IT security from Germany distinguished NordVPN for its speed, security, and bypassing censorship.

A year ago, NordVPN completed another third-party audit. Then PricewaterhouseCoopers AG (Switzerland) performed an industry-first audit of NordVPN’s no-logs policy.

At the moment NordVPN is used by over 12 million users worldwide and has over 5,000 servers in 60 countries. This year, Panama-based company announced three new tools: a new-generation password manager NordPass, a powerful file encryption tool NordLocker, and a VPN solution for businesses and teams NordVPN Teams.

Guest Post: NordVPN Comments On The Five Measures They Are Taking To Enhance Their Security

Posted in Commentary with tags on October 30, 2019 by itnerd

In the aftermath of a security incident involving NordVPN and a third-party data center, the company is taking action to enhance its security. One of the first moves is a long-term strategic partnership with VerSprite — one of the leading cybersecurity consulting firms.

The partnership will include threat and vulnerability management, penetration testing, compliance management and assessment services. VerSprite will also help to form an independent cybersecurity advisory committee, which will consist of selected experts and oversee NordVPN’s security practices.

“We are planning to use not only our own knowledge, but to also take advice from the best cybersecurity experts and implement the best cybersecurity practices there are,” says Laura Tyrell, Head of Public Relations at NordVPN. “And this is the first of many steps we are going to take in order to bring the security of our service to a whole new level.”

According to NordVPN, they are ready to take action in five different fields to become more secure than ever. Here’s the list of the planned measures:

1. Partnership with the top cybersecurity consulting firm VerSprite. Penetration testers are a key part of NordVPN’s security efforts. Their job is to prod the infrastructure for weaknesses and mitigate the vulnerabilities. That’s why NordVPN is engaging in a long-term strategic partnership with VerSprite, a leading cybersecurity consulting firm.

VerSprite will work with NordVPN’s in-house team of penetration testers to challenge the infrastructure and ensure the security of customers. The main tasks covered in the new agreement include comprehensive penetration testing, intrusion handling, and source code analysis. VerSprite will also help to form an independent cybersecurity advisory committee.

2. Bug bounty program. Over the next few weeks, NordVPN is going to introduce a bug bounty program. Bug bounties reward cybersecurity experts for catching potential vulnerabilities and reporting to the developers so they can fix them. Bounty hunters will get a well-earned payout, and NordVPN users will get a service they know is scoured for bugs by thousands of people every day to make it as secure as possible.

3. Infrastructure security audit. NordVPN is planning to complete a full-scale third-party independent security audit in 2020. The audit will cover the infrastructure hardware, VPN software, backend architecture, backend source code, and internal procedures. The chosen vendor for the security audit will be announced in the future.

4. Vendor security assessment and higher security standards. NordVPN is planning to build a network of collocated servers. While still located in a data center, collocated servers are wholly owned exclusively by NordVPN. NordVPN is currently finishing its infrastructure review so that they can eliminate any exploitable vulnerabilities left by third-party server providers. NordVPN is committed to ensuring that their exclusively owned data centers maintain the highest security standards.

5. Diskless servers. NordVPN is planning to upgrade their entire infrastructure (currently featuring over 5100 servers) to RAM servers. This will allow to create a centrally controlled network where nothing is stored locally — not even an operating system. Everything the servers need to run will be provided by NordVPN’s secure central infrastructure. If anyone seizes one of these servers, they’ll find an empty piece of hardware with no data or configuration files on it.

“The changes we’ve outlined will make you significantly safer every time you use our service. Every part of NordVPN will become faster, stronger, and more secure – from our infrastructure and code to our teams and our partners,” says Laura Tyrell. “That’s our promise – we owe it to you.”

What happened last week

Last week, it was announced that 1 of more than 5000 NordVPN’s servers was accessed by an unauthorized third party. The hacker managed to access this single server located in Finland because of mistakes made by the data center owner, of which NordVPN was not aware.

However, NordVPN is sure that no customer data was affected or accessed by the malicious actor, as the server did not contain any user activity logs, usernames, or passwords. NordVPN’s service as a whole was not hacked, the code was not hacked, the VPN tunnel was not breached, and the NordVPN apps stayed unaffected.

vcsPRAsset_3564741_110533_fb78eb66-32e4-46ca-874b-53e5d8c9cdd4_0.png

vcsPRAsset_3564741_110534_f1faf3e4-aa0a-469d-b449-93486eeb5162_0.png