OpenVPN 2.4.0, the NDIS6 TAP Driver for Windows, the Windows GUI, and Linux versions were evaluated. This release included a number of new features including control channel encryption. QuarksLab found: 1 Critical/High Vulnerability CVE-2017-7478 1 Medium Vulnerability CVE-2017-7479 5 Low or Informational Vulnerabilities / Concerns This public disclosure of these vulnerabilities coincides with the release of OpenVPN 2.4.2 which fixes…
New Attacks on Privacy Show That Legal Solutions Cant Be Relied On One of the core concepts that motivated me to create the OSTIF is the belief that the Internet is an enormous tool for good. In order for us to be able to enjoy the fruits of free information,…
The Audit of OpenVPN is Complete We have confirmed with QuarksLab that the security review of OpenVPN 2.4.0 is complete, and that they are now documenting the results. The process will then proceed as follows: QuarksLab will securely give these results to the OpenVPN security team on April 7th. The…
The OpenVPN Audit Begins February 15th 2017 The OpenVPN audit is going to be carried out as planned by QuarksLab's Gabriel Campana and Jean-Baptiste Bedrune on February 15th 2017. There will be 90 man-days of work completed throughout this audit and it will take approximately 45 days to complete. During this…
The OpenVPN Fundraiser Has Hit It's Goal - Work On The Audit Begins We are delighted to announce that the Open Source Technology Improvement Fund has surpassed it's target goal of $71,000 USD with two weeks of fundraising to spare! We are continuing to seek donations until fundraising officially ends…
Progress! Goals! Collaboration! We are reporting in with more progress updates on our fundraising, more specifics on our goals, and some positive news about collaboration. Fundraising: We have secured substantially more funding over the last few days, increasing our total cash raised to $41000. This places us at about 60%…
Fundraising Is Going Well, Progress Is Fast! We have had a lot of early success with our OpenVPN fundraiser, and the community response to the project has been tremendous with privacy advocates, VPN review sites, and VPN providers coming together to raise over $34,000 USD over the last two weeks.…
OSTIF is Beginning a Fundraiser for OpenVPN - Let's Get it Audited! Edit: Updates about the progress of this fundraiser are here: https://ostif.org/openvpn-audit-updates-news-and-more/ Today marks the first day of our OpenVPN fundraiser. We are asking for your support to get one of the most widely used networking applications in the world…
VeraCrypt 1.18 and its bootloaders were evaluated. This release included a number of new features including non-western developed encryption options, a boot loader that supports UEFI (modern BIOSes), and more. QuarksLab found: 8 Critical Vulnerabilities 3 Medium Vulnerabilities 15 Low or Informational Vulnerabilities / Concerns This public disclosure of these vulnerabilities coincides with the release of VeraCrypt 1.19…
OSTIF + QuarksLab Audit of VeraCrypt Completed - Phase II Begins The audit of VeraCrypt has been completed, and the final report is being created over the coming days. The VeraCrypt developers have the preliminary results and we are working with both VeraCrypt and QuarksLab on the timetable for releasing…