back to article A Nord VPN bug, a(nother) bad Microsoft patch, Zynga data farmed out, and more

Here's the latest security news in handy digest form of stories you may have missed over the last week. NordVPN bug causes connection confusion Reg reader Tony H writes in to tell us of an interesting security bug that arises when running NordVPN in tandem with the Cloudflare 1.1.1.1 WARP service in iOS. The end result is a …

  1. gerdesj Silver badge
    Childcatcher

    Calling Nord 1.1.1.1

    NordVPN is a VPN. Cloudflare's 1.1.1.1 with Warp service is a VPN as well.

    Both are attempting to dance around all sorts of weird shit that your phone is doing in its IP stack already. Modern mobes absolutely torture IP to get you the best subjective experience of cat pics and stuff. You expect to wander in and out of various wifi and GSM (int al) and expect things to just carry on working.

    Use one or the other.

    1. Pascal Monett Silver badge
      Trollface

      Re: Calling Nord 1.1.1.1

      Apparently, some people really adamantly do not want the NSA to know that they're viewing those cat pics.

  2. TheVogon Silver badge

    But we all tested that Microsoft patch before deploying it, right?

    I give Microsoft the benefit of the doubt in this case that best to get a patch out for an actively exploited issue versus delaying it for a full integration testing cycle.

    However Microsoft's QA for OS patches really seems to suck these days. Interesting insider view of why here:

    https://youtu.be/S9kn8_oztsA

    The Windows 10 insider builds do include a "feedback hub" app to report bugs in the start menu, but it's non obvious, not on the desktop and unless you bother to search for how to report a bug you would probably never be aware of it.

    I think if Microsoft added a one screen summary of how to report bugs on the insider build signup process and added some incentive for valid bugs such as Microsoft points or account credits this would cost them peanuts but massively improve the level of customer feedback.

    1. Michael Wojcik Silver badge

      No doubt they'll get right on that, right after they stop forcing patches down people's throats, stop bundling unrelated patches together, start providing useful explanations of what patches update and why, stop smuggling spyware and forced updates in the patch stream, and finish snowplowing Hell.

      Microsoft's update philosophy is "you'll take what we dish out, and we don't care whether you like it".

  3. Anonymous Coward
    Anonymous Coward

    "it might be a good idea to double-check your IP address is indeed being hidden."

    I've always done this anyway, just assumed everybody did - seems like common sense to me.

    1. Paul Crawford Silver badge

      Indeed, always test using a site like https://ipleak.net/ (from AirVPN)

      Not just your IP being hidden, but also that DNS queries are not leaking (such as the result of the systemd muppets changing things on Linux as covered many times such as here: https://ubuntu-mate.community/t/dns-leaking-with-systemd-resolved-and-openvpn/16709).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019