![]() ![]() NordVPN has a higher number of servers, at 5,000-plus, compared to ExpressVPN’s 3,000-plus servers. ![]() (Other VPNs allow you to use their service on an unlimited number of devices, so it’s worth researching these options if you plan on using the VPN on more than six devices.) NordVPN offers a slightly higher number of devices, at six compared with five. The encryption and free trial length are the same for both of these VPNs. ![]() Both companies also offer a trial period of 30 days. Both VPNs are compatible with Android, iOS, Windows, Mac and Linux, while NordVPN will also connect to Android TV. When it comes to price, NordVPN is considerably cheaper than ExpressVPN, at $59.88 per year compared to $80.04 per year. Spokespersons for ExpressVPN, NordVPN, and Surfshark did not return a request for comment before this article’s publication, although Zerodium’s announcement today is bound to ruffle some features and ring some internal alarms.Ī Zerodium spokesperson did not reply to a request for comment in regards to the prices it is willing to pay to researchers.Android, iOS, Windows, Mac, Linux, Android TV The reasons behind this bug acquisition drive are easy to guess, as VPN services are often used by cybercriminals to hide their real-world location when connecting to their hacked victims’ networks or their hacking infrastructure.īut today’s announcement has also riled up some privacy-conscious users who use VPN apps to browse the web from oppressive countries, especially since it’s not clear to whom and which countries Zerodium peddles its hacking tech. Today, Zerodium said that it was interested in exploits that target only the Windows clients, and namely in exploits that can disclose a VPN user’s personal information, that can reveal the user’s real-world IP address, or exploits that allow remote code execution on the user’s computer. In order to connect to these networks, users typically have to install a VPN client on their computer or mobile device, with all the three aforementioned companies providing apps for all the major OS platforms today, such as Windows, macOS, Linux, Android, and iOS. These companies manage a network of thousands of proxy servers across the globe that reroute their customers’ web traffic in order to disguise their users’ real location. The three VPN companies mentioned in Zerodium’s tweet are some of today’s biggest providers of cloud-based VPN services. Local privilege escalation is out of scope. We're looking for #0day exploits affecting VPN software for Windows:Įxploit types: information disclosure, IP address leak, or remote code execution. The latest of the company’s bug acquisition drives was announced earlier today via a tweet on the company’s official Twitter account. Latest bug acquisition drive targets Windows VPN clients Past acquisition drives have targeted routers, cloud services, mobile IM clients, and even something as niche as the Pidgin app - popular with cybercrime organizations. In addition, across the years, the company has also held so-called temporary “bug acquisition drives,” during which they offer to buy zero-day exploits in non-standard software. The company runs a bug acquisition program on its site, where security researchers can sell their exploits for prices of up to $2.5 million - based on the type and nature of their vulnerability. Zerodium seeking zero-days in ExpressVPN, NordVPN, and Surfshark VPN appsĮxploit broker Zerodium announced its intention today to buy zero-day vulnerabilities in the Windows clients of three major VPN providers-ExpressVPN, NordVPN, and Surfshark.įounded in 2015, Zerodium is a security company based in Washington, DC, that has built a reputation over the years for buying exploits for zero-day vulnerabilities in various applications and then reselling the exploits to government and law enforcement agencies. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |