We work hard to provide a sustainable and secure VPN service, and today we are happy to announce that OVPN has become even safer. This was made possible thanks to .Chloe from Flashback.
What has been changed?
Our website has become safer as we’ve fixed a few shortcomings on it. The following problems are now fixed, and this is impossible to exploit:
- We’ve added CSRF for all forms on the website.
- We’ve removed the possibility for XSS attacks in our contact form.
- We’ve forced all cookies to go through SSL.
- We’ve added rate limiting on the login page in order to prevent brute-force attacks.
Chloe reported the problems to us on September 5th, and all the issues pointed out were fixed within a few hours.
Have these issues been exploited previously?
No, no one had exploited these problems before we fixed them. All our users are and have been completely safe.
Responsible disclosure is the term used to describe a person who finds a security problem and reports it to the company rather than exploiting it.
The person reporting the issue doesn’t tell anyone else than the company about the issue until the problem has been resolved. This way, no one is able to exploit any security issues on websites.
Responsible disclosures increase security for all involved parties and help companies provide better and more secure services.
At OVPN, we are strong believers in responsible disclosure just like many other organizations are. Google, Facebook and Microsoft are good examples of where responsible disclosure has been adopted successfully, resulting in security issues being fixed efficiently.
As a thank you to the person reporting the issues, you will receive a reward and an official sign of gratitude. A one-month subscription is given for every issue you find and report as well as a cool T-shirt.
After fixing the issues, we will also make a blog entry telling our users about the issue and directing a huge thank you to the person who report the issue(s).
Thank you, Chloe!
Chloe is very knowledgeable in anything regarding internet security and has written a number of detailed guides about IT security.
We are very happy to report that we have managed to increase the security of OVPN further.
We are also happy to report that nobody managed to exploit the security issues, and no information about out customers has been leaked.
If you find and report a security issue, you will receive a month of subscription time as well as a cool T-shirt for free as a sign of gratitude.
We want to thank .Chloe, who reported the issues, and urge others to adopt responsible disclosure.