VPN service Private Internet Access (PIA) announced that they have contracted noted and well-reputed cryptographer Dr. Matthew Green to perform a security audit of OpenVPN. However, it seems that there will be two separate security audits of OpenVPN. “On November 22, we saw that an organization called OSTIF had announced that they had wanted to raise money in hopes of auditing OpenVPN 2.4. By the time OSTIF’s OpenVPN audit fundraising drive was announced, we were … More
Source: helpnetsecurity

The burden of proof is on publishers to defend their web traffic, yet 80 percent admit they don’t have insight into how their traffic is audited, raising questions about which traffic is non-human traffic (NHT). Marketers are no longer willing to pay for NHT, with 74 percent of publishers reporting that traffic quality issues are part of pre-sales discussions, and 68 percent stating they have received requests for information (RFIs) with acceptable NHT thresholds. This … More
Source: helpnetsecurity

VPN service Private Internet Access (PIA) has just announced that they have contracted noted and well-reputed cryptographer Dr. Matthew Green to perform a security audit of OpenVPN. OpenVPN is an open source software application that implements various VPN techniques, and is used by millions of people. It’s available for a number of platforms (Windows, OS X, most Linux versions, Android, iOS, etc.) PIA supports multiple VPN technologies, among them OpenVPN. “Private Internet Access has contracted … More
Source: helpnetsecurity

VeraCrypt, the free, open source disk encryption software based on TrueCrypt, has been audited by experts from cybersecurity company Quarkslab. The researchers found 8 critical, 3 medium, and 15 low-severity vulnerabilities, and some of them have already been addressed in version 1.19 of the software, which was released on the same day as the audit report. The code auditing effort analyzed VeraCrypt 1.18 and its bootloaders. “A first step consisted in verifying that the problems … More
Source: helpnetsecurity

SSH-audit is a standalone open source tool for auditing and fixing SSH server configurations. It has no dependencies and will run wherever Python is available. It supports OpenSSH, Dropbear SSH and libssh, and reports on every detail of the tested SSH server, including detailed information about used algorithms and security related information. “For each algorithm, it will state the security level (warning or failure), reasoning behind the assigned state, and historic information about the algorithm’s … More
Source: helpnetsecurity