Hong Kong virtual private network provider PureVPN has rejected claims in a study published this week that its service among many other popular providers are open to DNS hijacking and has pushed fixes to shore up security.
Research revealed earlier this week ruffled privacy feathers after a five security bods identified that 14 of the top commercial virtual private networks in the world leak IP data. They say in a paper [PDF] vendor promises of user privacy and security are often lies that put users at risk.
PureVPN communications bod Ali Mansoor told El Reg the study is outdated.
"Please note that the study is rather outdated, incorrectly citing the number of servers we have and the number of countries we operate in - more than 500 servers in more than 100 countries," Mansoor says.
"It is also incorrect in stating that our users are at risk of DNS hijacking. We would like to ensure our customers and your readers that PureVPN users are safe from DNS hijacking and there has not been an attack.
"With regards to the IPv6 leakages, IPv6 traffic has been disabled since late 2014. Nevertheless, to further enhance security, we have released an updated Windows client today, with Mac soon to follow."
Mansoor says the company runs its own DNS using IPs from the same pool assigned to users, and uses different DNS servers for each VPN box.
The company has written a blog post explaining its security mechanisms and generally rebuffing the research paper.
It says it has disabled IPv6 traffic since 2014 third quarter removing the possibility that attackers could trace users requests by tricking them into downloading IPv6 content.
It has overnight pushed out an update for its Windows client and is working on fixes for Mac and Android. It said only that the updates will introduce "additional IPv6 leak protection features". ®