

3.1 (Low) Unencrypted network traffic to RedisĪs the description of the issue points out, the traffic is encrypted on the network layer but the auditors were right to point out that encryption on the application layer would be a good addition. A few issues require a larger redesign however but we consider them low risk enough that we decided to publish the report.

Most issues were patched while the report was being finished and were noted as such in the final version. Read the full audit report on Assured’s website. No critical, high or medium rated issues were identified during the penetration test and the overall security of the API is deemed good. Remove the "" in the URL or check the Mullvad Blog directly.)Īssured AB were contracted to perform a security assessment of our account and payment services between -29. I'd rather go the VPN route, but that brings me to my dilemma: I generally run the Mullvad app on my phone (Android) and laptop (Windows).From: httpsmullvadnet/en/blog/7/security-audit-of-account-and-payment-services/ (Mullvad domain is blacklisted on reddit, making post invisible to everyone until a moderator take care of it. Having these things always open puts a heavier burden on me to keep everything immediately patched and always monitored. Option #1 seems like a subpar option here, security-wise. But if someone asks about my vacation, I'd like to be able to load up my photo service for a while. Even when I'm out, I don't care if my calendar is a couplefew hours out of date. For one thing, I'm home 90% of the time these days. I only need occasional access to my home resources while I'm out. Set up domains and forward ports through my router to the internal servers, or.AFAIK, there are basically two ways to get access to these resources off my home network:

I've been building up some little servers/services on my home network for things like CalDav, CardDav, photo browser, etc.
