TunnelVision: ExpressVPN’s statement and assessment of the technique
ExpressVPN users are protected from the leak thanks to the robust design of our kill switch, Network Lock.
Why software security audits matter
Audits help ensure software is free of vulnerabilities. Find out how we incorporate them into our overall security strategy.
Why we’d never install a Trusted Root CA on your device
What is a Trusted Root CA, what could go wrong if a VPN company installs its own, and why we won’t ever do so.
Code integrity primer: GitHub commit signature verification via YubiKey
We discuss our preference for YubiKey as a form of 2FA and look at how to use YubiKey for signature verification for GitHub code commits.
Log4Shell’s long-tail impact on your security
ExpressVPN’s mitigation technique against Log4Shell and what you can do to protect yourself against the Log4j vulnerability.
Cybersecurity lessons: Safer private keys with Shamir’s Secret Sharing
Learn how digital certificates work and why Shamir’s Secret Sharing is a secure method for storing private keys.
Cybersecurity lessons: Risk of email takeover via a 4th-party provider
ExpressVPN's Security Team investigated a bug that could have been exploited by signing up on Mailgun and hijacking an email subdomain.
Cybersecurity lessons: Privilege escalation via file read/write
How a highly privileged process interacting with a lower-privilege user space can lead to attackers elevating their access or a DoS attack.
Cybersecurity lessons: A PATH vulnerability in Windows
Our cybersecurity experts discuss the PATH environment variable and the security implications of having it misconfigured.
Cybersecurity lessons: Flaw in Zendesk file-upload feature
Our cybersecurity team worked with Zendesk, a support software provider, to fix a flaw in its file-upload system. Here's a play-by-play of how we did it.
