OpenVPN will get a security audit

The widely popular VPN is being put to the test by a cryptography expert with a long history in exposing vulnerabilities in major systems.

By Patrick Howell O'Neill

December 8, 2016

AlphaBay operated for three years as a marketplace on the Tor network, rising as a leader among dark web marketplaces due to its speed, reliability and availability of goods that separated the site from its competitors. (Flickr)

OpenVPN 2.4 will be audited by Johns Hopkins University cryptography professor Matthew Green.

Published at GitHub, OpenVPN is a wildly popular security protocol. The audit is being funded by Private Internet Access, a provider who uses the OpenVPN standard.

“The OpenVPN 2.4 audit is important for the entire community because OpenVPN is available on almost every platform and is used in many applications from consumer products such as Private Internet Access VPN to business software such as Cisco AnyConnect,” Private Internet Access’s Caleb Chen wrote. “Instead of going for a crowdfunded approach, Private Internet Access has elected to fund the entirety of the OpenVPN 2.4 audit ourselves because of the integral nature of OpenVPN to both the privacy community as a whole and our own company.”

Green has a long history in this field. In addition to his work in academia, he’s on the board at the Open Crypto Audit Project, where he led the security audit of the TrueCrypt project after intense pressure following Edward Snowden’s NSA revelations in 2013. He’s been a part of teams that have exposed vulnerabilities in systems like E-ZPass. He’s also currently looking at closely and critically encryption in Google’s Android N.

Most recently, he was a part of the team that created the anonymous cryptocurrency Zcash.

The results of the audit will be shared with the OpenVPN community and then published for the public.

OpenVPN will get a security audit

More Like This

FCC, Tracfone Wireless reach $16M cyber and privacy settlement

Judge dismisses much of SEC suit against SolarWinds over cybersecurity disclosures

Mixed results for Russia’s aggressive Ukraine information war, experts say

Top Stories

Cyber firm KnowBe4 hired a fake IT worker from North Korea

Low-level cybercriminals are pouncing on CrowdStrike-connected outage

North Korean hacking group makes waves to gain Mandiant, FBI spotlight

More Scoops

NSA, CISA share guidelines for securing VPNs as hacking groups keep busy

International cops seize DoubleVPN, a service allegedly meant to shield ransomware attacks from investigators

Suspected Iranian hackers exploit VPN, Telegram to monitor dissidents

Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says

At least 24 agencies run Pulse Secure software. How many were hacked is an open question.

State-linked hackers hit American, European organizations with Pulse Secure exploits

After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Dewey Murdick on enabling principles for AI governance; a landmark breach at AT&T

Government

Technology

Threats

Geopolitics