http://thehackernews.com/2015/11/vpn-hacking.html
A newly discovered flaw affecting all VPN protocols and operating systems has the capability to reveal the real IP-addresses of users' computers, including BitTorrent users, with relative ease. The vulnerability, dubbed *Port Fail *by VPN provider Perfect Privacy (PP) who discovered the issue, is a simple port forwarding trick and affects those services that: - Allow port forwarding - Have no protection against this specific attack Port Forwarding trick means if an attacker uses the same VPN (*Virtual Private Network*) as the victim, then the real IP-address of the victim can be exposed by forwarding Internet traffic to a specific port. *"The crucial issue here is that a VPN user connecting to his own VPN server will use his default route with his real IP address, as this is required for the VPN connection to work," *Perfect Privacy wrote in a blog post <https://www.perfect-privacy.com/blog/2015/11/26/ip-leak-vulnerability-affecting-vpn-providers-with-port-forwarding/> on Thursday. *Also Read: *This Secure Operating System Can Protect You Even if You Get Hacked <http://thehackernews.com/2015/10/secure-operating-system.html>. Port Fail affects all VPN protocols including… - OpenVPN - IPSec …as well as applies to all operating systems, posing a huge privacy risk. How Does 'Port Fail' Work? A successful IP address leak attack requires an attacker to be on the same VPN network as the victim and to know the victim's VPN exit IP address, which could be discovered by tricking a victim into visiting a website control controlled by the attacker. For example, an attacker with port forwarding enabled can see the request from the victim's actual IP addresses by tricking the victim into opening an image file. The same attack is possible for* BitTorrent users*, but, in this case, there is no need for the attacker to redirect the victim to their page. In this case, the attacker only with the activated port forwarding for the default BitTorrent port, can expose the real IP-address of a VPN user on the same network. *Also Read:* Hackers Backdooring Cisco WebVPN To Steal Customers' Passwords <http://thehackernews.com/2015/10/virtual-private-networks-hacking.html> Affected VPN Providers The flaw affected various large VPN providers. Perfect Privacy tested nine VPN providers out of which five were found to be vulnerable to this flaw and were alerted last week. VPN providers including Private Internet Access (PIA), Ovpn.to and nVPN have fixed the issue before publication. However, the company warned, *"other VPN providers may be vulnerable to this attack as we could not possibly test all."* VPN aims to make you sure that your real identity remains anonymous on the Internet so that nobody could track the origin of your connection back to you, but this newly discovered flaw shows that it's quite easy to bypass this on some VPN providers. __._,_.___ ------------------------------ Posted by: "Beowulf" <[email protected]> ------------------------------ Visit Your Group <https://groups.yahoo.com/neo/groups/grendelreport/info;_ylc=X3oDMTJmYm90cTRzBF9TAzk3MzU5NzE0BGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDdnRsBHNsawN2Z2hwBHN0aW1lAzE0NDg2NjU2MTM-> - New Members <https://groups.yahoo.com/neo/groups/grendelreport/members/all;_ylc=X3oDMTJnZzM4YjdrBF9TAzk3MzU5NzE0BGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDdnRsBHNsawN2bWJycwRzdGltZQMxNDQ4NjY1NjEz> 2 [image: Yahoo! Groups] <https://groups.yahoo.com/neo;_ylc=X3oDMTJlcmFrbTdtBF9TAzk3NDc2NTkwBGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDZnRyBHNsawNnZnAEc3RpbWUDMTQ0ODY2NTYxMw--> • Privacy <https://info.yahoo.com/privacy/us/yahoo/groups/details.html> • Unsubscribe <[email protected]?subject=Unsubscribe> • Terms of Use <https://info.yahoo.com/legal/us/yahoo/utos/terms/> __,_._,___ -- -- Thanks for being part of "PoliticalForum" at Google Groups. For options & help see http://groups.google.com/group/PoliticalForum * Visit our other community at http://www.PoliticalForum.com/ * It's active and moderated. Register and vote in our polls. * Read the latest breaking news, and more. --- You received this message because you are subscribed to the Google Groups "PoliticalForum" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
