- cross-posted to:
- technology@lemmy.zip
- hackernews@lemmy.bestiver.se
- cross-posted to:
- technology@lemmy.zip
- hackernews@lemmy.bestiver.se
Direct link to the PDF report: https://x41-dsec.de/static/reports/X41-Mullvad-Audit-Public-Report-2024-12-10.pdf
Titles of issues they found:
- 4.1.1 MLLVD-CR-24-01: Signal Handler’s Alternate Stack Too Small
- 4.1.2 MLLVD-CR-24-02: Signal Handler Uses Non-Async-Safe Functions
- 4.1.3 MLLVD-CR-24-03: Virtual IP Address of Tunnel Device Leaks to Net- work Adjacent Participant
- 4.1.4 MLLVD-CR-24-04: Deanonymization Through NAT
- 4.1.5 MLLVD-CR-24-05: Deanonymization Through MTU
- 4.1.6 MLLVD-CR-24-06: Sideloading Into Setup Process
Mullvad’s blog post: https://mullvad.net/en/blog/the-report-for-the-2024-security-audit-of-the-app-is-now-available
You must log in or # to comment.
Removed by mod
Wasn’t FastVPN caught holding user logs and selling personal data to advertisement agencies?
Removed by mod
FastVPN is known to astroturf online communities to promote their bad product. Their tendency to use unethical marketing strategies raises serious concerns about the legitimacy of their VPN.