ExpressVPN Now Comes with Protection Against Log4Shell Vulnerability

  • Log4Shell affects millions of applications, cloud services, and servers.
  • ExpressVPN offers a way to avoid getting affected by this highly severe vulnerability. 
  • The VPN has a server-side approach, so existing subscribers are already protected. 

Unless you’re interested in following the latest cybersecurity news, you might have missed online discussions about Log4Shell, which have started to surface online in the last couple of days. In short, Log4Shell is the name given to a zero-day vulnerability that seems to affect millions of applications, cloud services, and individual servers. 

The source of the Log4Shell vulnerability is Log4j, an open-source Java logging tool. Supplied by Apache, this utility performs network lookups using the Java Naming and Directory Interface to obtain services from the Lightweight Directory Access Protocol (LDAP). As now proven by Log4Shell, Log4j can interpret a log message as a URL, which leads to executing a harmful command with the full privileges of the main program. 

What’s important to mention is that Log4Shell isn’t just a vulnerability that exists in theory. It has already appeared in the wild, affecting Minecraft’s servers. So, if you need a more in-depth look at Log4Shell, we recommend turning to this Naked Security blog post

https://twitter.com/eastdakota/status/1469800951351427073

Now, this is where ExpressVPN comes into play, being the first VPN to implement protection against the Log4Shell vulnerability. All ExpressVPN users already have access to this protective layer, which becomes active once a connection is made to any server provided by this VPN.

More precisely, ExpressVPN has turned to a port-based blocking solution, which means that this mitigation is server-side (no action from users is required). As a result, ExpressVPN’s solution should be quite effective in protecting individuals who can now continue using possibly affected services such as Apple’s iCloud, Steam, Amazon, Tesla, and Twitter (to name a few).

https://twitter.com/expressvpn/status/1470802775357464593

Here’s what Peter Membrey, ExpressVPN’s Chief Architect, had to say about the VPN’s decision to implement proactive measures against Log4Shell: “While this vulnerability has not affected us directly and the security of our company systems is intact, we were not content to sit and watch this impact the world. Many of the apps and services our customers rely on are being affected. Given that LDAP is a networking protocol, we saw an opportunity for us as a VPN to provide an essential layer of protection against this vulnerability.”

In the end, we remind you that if you’re a subscriber to ExpressVPN, there are no additional actions that you need to take against Log4Shell. Just make sure to connect to any server before you use Web-based apps. 

And, of course, if you wish to protect yourself against this vulnerability (even before big-name companies start to implement fixes into their software), you can subscribe to ExpressVPN

Latest
Morocco vs. Portugal Live Stream: How to Watch World Cup 2022 Quarterfinal Match Online
Eight teams remain in the hunt to win the 2022 FIFA World Cup, and the quarterfinals present fans with four exciting match-ups....
England vs. France Live Stream: How to Watch World Cup 2022 Quarterfinal Match Online
A blockbuster clash awaits us as England and France lock horns in the 2022 FIFA World Cup quarterfinals. Some of the world's...
How to Watch The Match 2022 Online: Live Stream Golf From Anywhere
Golf fans, prepare yourselves: The Match 2022 has arrived. Watching the live stream of the Match 2022 has never been easier, as...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari