Tuesday, 2 June 2015

VPN Service Hola Promises Improvement After DDoS Attack

VPN service Hola has promised change after the bandwidth of users were used to carry out a DDoS attack and leaks were discovered in the software, but researchers are not convinced. Hola is an extension for Google Chrome offers users a free VPN connection.

What many people do not know is that the company behind the VPN service sells the users of bandwidth via a service called Luminati. Luminati gives parties that pay access Hola network. Recently knew anyone to use this service for a DDoS attack on the 8Chan website. Hola got them to endure a storm of criticism and the founder of 8Chan advised users to uninstall the software.

In addition, several vulnerabilities were discovered in the software that could allow an attacker to execute arbitrary code in the worst case to the computer. In a statement CEO Ofer Vilenski states that there is "growing pains" and that some allegations in the media are unjustified. However, the company will take various measures.

Bandwidth sharing

The first measure concerns about sharing of bandwidth. Through a P2P network called Hola thought it was clear to users that their bandwidth was used. Something not subsequently turns out to be, according Vilenski. Therefore, it still will be clearer for users to communicate. Furthermore, the CEO that there are not used as much bandwidth users, namely 6MB per day.

This bandwidth should be accessible only to business customers. In the case of DDoS attack that took place last week did a 'spammer' to pretend to be a company and were not noticed by Luminati. To avoid repetition have changed several processes.In addition, a Chief Security Officer will be appointed.


Further Vilenski points to two vulnerabilities that were discovered and now would be patched. Hola also run some code by a third party and there will be a "bug bounty" program to be launched, in which hackers and researchers who report vulnerabilities are rewarded. Despite the words of the CEO are the researchers who discovered the vulnerabilities unconvinced.

According to them, the problems still exist and Hola has only made ​​cosmetic changes so that their demonstration of the leak has stopped working. "Many of the problems are ignored, and some claims are simply not true", so leave them on the website Adios-Hola.org know.

No comments:

Post a Comment