Hacker News new | past | comments | ask | show | jobs | submit | windy_willow's comments login

I get your point here, but its been years since that happened and they kept clean since then as far as I know. That server didn't store any user data just as none of their servers do, I've also read their audits and no evidence of logs were ever found. Even with that breach, it was not directly their fault, but a data center that left a backdoor. Since then they cut ties with the and nothing similar happened again. What I'm trying to say is that no one is 100% safe from a breach as the tech world changes daily and new exploits are growing just as fast. Once company can stay breach free for a decade and then get one. All that such companies can do is work to constantly improve and keep such problems under control.


No one is immune to a breach. You're absolutely right. Which is why the response to the breach is what is so important.

NordVPN left the backdoor open themselves - they left a remote admin console enabled. Then, they proceeded to hold their silence for _six months_, before informing their customers... And take no responsibility. They struggled to even admit they got their dates wrong.

That kind of behaviour, and lack of transparency, is the problem. Not that a breach occurred.


Hmm, just trying to make sure then. If they can see all traffic would using a tool hide this in combination with Tor help?


Using https would help. If you totally disable http (or only use http on .onion sites) the described attack won't work. Similarly, if the site in question enabled HSTS the attack would be prevented.

Think of tor like the open wifi network of dubious origin at a black hat hacker convention. You are probably fine if using https, but plain http is a bad idea.

Using a vpn is more questionable. Generally a paid vpn already knows who you are so hiding you origin ip with tor would be pointless. Also sometimes combining vpn technologies can cause traffic congestion algorithms to interact poorly and make things really slow, but that will depend on which technologies are in use.


I am so impresses that this device is still actually able to do so much after so long... I really hope that the current space probes and rovers do just as well if not better.


Consider applying for YC's first-ever Fall batch! Applications are open till Aug 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: