After deciding to be security engineer, everything that I do, for example visiting pages, downloading any content or apps, etc. seems suspicious. So today I encountered something strange in my new VPN.
I heard about a free and secure VPN service www.urban-vpn.com. Firstly, their page uses Lets Encrypt, maybe there is no any remarkable at first glance, but it looks weird for such a service, I think. There is no contact section or any support.
After installing it to my PC and phone, I tested my phone. Some ports which made me suspicious about being open are:
139/tcp open netbios-ssn
135/tcp open msrpc
443/tcp open https
445/tcp open microsoft-ds
902/tcp open iss-realsecure
912/tcp open apex-mesh
5357/tcp open wsdapi'
Mostly port 135 took my attention about security of my PC. There were only 2 -3 ports active before installing the VPN.
Personally, I think this service is not secure and I even think they can use my workstation to make a bot.
So what do you think? Is this kind of VPN service secure or insecure?