CyberGhost had a huge flaw that affected millions of Windows users. The flaw could have led to a full on system compromise and the guy who noticed the flaw and wanted to report it to the bug bounty program was bullied for it.
CG was going downhill already lately but this is outright preposterous.
Source: https://vpnoverview.com/news/cyberghost-vpn-bug-put-millions-of-windows-users-at-risk/
Thank goodness I left this app for Mullvad right when it was about to renew.
Well… Good riddance.
I sympathize with Coburn because no security researcher should ever be bullied for trying to collect a bug bounty, ever. However one big issue I see is that he reported the bug on May 05 and the patch had already been pushed out on Feb 24.
Not knowledgable on the rules of such disclosures if the bug had already been identified internally and patched, maybe someone else can shed some light.
Additionally, common vulnerabilities and exposures are not something that never happens. They happen all the time but vary wildly with actual impact risk in society at large.
It is almost certain that modern hardware (software/firmware) have bugs that are sitting and waiting to be discovered in the future, as with what happened with Meltdown and Spectre pertaining to Intel CPU’s.
I was about to get a 2 year plan with cyberghost but have read several negative reviews. Is there any recommendation for a VPN? I’ll use it mainly to stream geoblocked content.
Looks like this might be the end for them.
Does this mean if we once used this service our info is leaked?
Never used it so im happy and sad for the ones who did
probobly fake, only vpnoverview postet some thing about a data breach by CyberGhost. so i wouldnt trust.