ExpressVPN Security Team

ExpressVPN's Security Team contributes articles with the aim of benefiting the cybersecurity community at large.

14 Posts
179 Claps
A graphic representation of a VPN tunnel
7 mins

TunnelVision: ExpressVPN’s statement and assessment of the technique

ExpressVPN users are protected from the leak thanks to the robust design of our kill switch, Network Lock.
Finding bugs in code.
7 mins

Why software security audits matter

Audits help ensure software is free of vulnerabilities. Find out how we incorporate them into our overall security strategy.
A certificate with a slash through it.
6 mins

Why we’d never install a Trusted Root CA on your device

What is a Trusted Root CA, what could go wrong if a VPN company installs its own, and why we won’t ever do so.
Yubikey logo.
9 mins

Code integrity primer: GitHub commit signature verification via YubiKey

We discuss our preference for YubiKey as a form of 2FA and look at how to use YubiKey for signature verification for GitHub code commits.
Bug with Log4J logo.
4 mins

Log4Shell’s long-tail impact on your security

ExpressVPN’s mitigation technique against Log4Shell and what you can do to protect yourself against the Log4j vulnerability.
Someone whispering with a hand up.
13 mins

Cybersecurity lessons: Safer private keys with Shamir’s Secret Sharing

Learn how digital certificates work and why Shamir’s Secret Sharing is a secure method for storing private keys.
Bug with an envelope body.
10 mins

Cybersecurity lessons: Risk of email takeover via a 4th-party provider

ExpressVPN's Security Team investigated a bug that could have been exploited by signing up on Mailgun and hijacking an email subdomain.
Steps with footprints heading up.
10 mins

Cybersecurity lessons: Privilege escalation via file read/write

How a highly privileged process interacting with a lower-privilege user space can lead to attackers elevating their access or a DoS attack.
Folder with dots and slashes.
15 mins

Cybersecurity lessons: A PATH vulnerability in Windows

Our cybersecurity experts discuss the PATH environment variable and the security implications of having it misconfigured.
Cranes moving shapes around.
11 mins

Cybersecurity lessons: Flaw in Zendesk file-upload feature

Our cybersecurity team worked with Zendesk, a support software provider, to fix a flaw in its file-upload system. Here's a play-by-play of how we did it.
8 mins
2 mins
10 mins
10 mins

What is DNS hijacking?

Featured Posts

ExpressVPN is proudly supporting

  • logo_1
  • logo_2
  • logo_3
  • logo_4
Need help? Chat with us!