still kicking Posted May 9 Share Posted May 9 14 hours ago, gargamon said: Hahaha. You believe the marketing BS in the ads? Yes he is German 2 Link to comment Share on other sites More sharing options...
AreYouGerman Posted May 9 Author Share Posted May 9 Just now, eisfeld said: VPNs on Android. Don't be dense. BTW Android does have a VPN built in. As you are the one who wants to be extra correct about the topic title you should follow the same rules about what you are writing. Or, don't be dense, as you said it! 1 Link to comment Share on other sites More sharing options...
AreYouGerman Posted May 9 Author Share Posted May 9 Security researchers say this scary exploit could render all VPNs useless VPNs are no longer safe if these security researchers are right. https://www.zdnet.com/article/security-researchers-say-this-scary-exploit-could-render-all-vpns-useless/ Link to comment Share on other sites More sharing options...
connda Posted May 9 Share Posted May 9 15 hours ago, AreYouGerman said: In short, it's basically you going in some public wifi or compromised wifi and you won't know that your traffic is not routed through your VPN as you are connected to your VPN and everything seems in order. Everything is affected except Android, at the time of writing. "TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation." More on: https://securityaffairs.com/162894/hacking/tunnelvision-attack-vpn.html https://www.techradar.com/pro/security/many-top-vpn-apps-can-be-hacked-and-almost-totally-ruined-by-this-attack The NSA can already do that. Mai bpen rai. Link to comment Share on other sites More sharing options...
eisfeld Posted May 9 Share Posted May 9 It's getting blown way out of proportion. 99% of VPN users have nothing to worry about. They can continue watching their Netflix or downloading torrents or whatever they use it for. 1 1 Link to comment Share on other sites More sharing options...
AreYouGerman Posted May 9 Author Share Posted May 9 2 minutes ago, eisfeld said: It's getting blown way out of proportion. 99% of VPN users have nothing to worry about. They can continue watching their Netflix or downloading torrents or whatever they use it for. Well, as a German you should know that 'I have nothing to hide' doesn't lead to less surveillance. If people have nothing to hide, why are they using a VPN anyway, right. They found that 50 of the vendors that they tested were vulnerable. Also, OpenVPN, the most used VPN software is vulnerable in standard configuration. So, saying not 'all VPNs are affected' just because you can modify it or prevent it, is really not helping. Affected VPN Providers and VPN Protocols We found that VPNs that solely rely on routing rules to secure the host’s traffic are vulnerable. https://www.leviathansecurity.com/blog/tunnelvision 1 1 Link to comment Share on other sites More sharing options...
AreYouGerman Posted May 9 Author Share Posted May 9 8 minutes ago, connda said: The NSA can already do that. Mai bpen rai. Next time Adolf is in power again, please remember that phrase! 😊 1 1 1 Link to comment Share on other sites More sharing options...
connda Posted May 9 Share Posted May 9 If your worried about it then set you VPN to run data via TCP over port 443. Bob's your uncle. Link to comment Share on other sites More sharing options...
eisfeld Posted May 9 Share Posted May 9 6 minutes ago, AreYouGerman said: Well, as a German you should know that 'I have nothing to hide' doesn't lead to less surveillance. If people have nothing to hide, why are they using a VPN anyway, right. They found that 50 of the vendors that they tested were vulnerable. Also, OpenVPN, the most used VPN software is vulnerable in standard configuration. So, saying not 'all VPNs are affected' just because you can modify it or prevent it, is really not helping. Affected VPN Providers and VPN Protocols We found that VPNs that solely rely on routing rules to secure the host’s traffic are vulnerable. https://www.leviathansecurity.com/blog/tunnelvision Where is the number 50 from? It's not from the linked article. They don't mention at all how many they tested. And I want to ask again where the 77% you mentioned is from. Anyways you have to be a bit realistic about the threat model for the majority of users. Most people read these headlines and articles and get duped into fear while in reality it's not going to hurt them in any way. Corporate VPN users for example... if the traffic doesn't go through the VPN then it also wont have access to their networks. Most of these route to non-public IPs anyways in the 10.0.0.0/8 range or similar. Nobody will be able to snoop on that because there's nothing to route to. And then you have the big number of users who use VPNs to cirmcumvent geo blocking or some such. Again nothing to worry. Big nothing burger for most. 1 Link to comment Share on other sites More sharing options...
AreYouGerman Posted May 9 Author Share Posted May 9 Just now, eisfeld said: Where is the number 50 from? It's not from the linked article. They don't mention at all how many they tested. And I want to ask again where the 77% you mentioned is from. "All VPNs that the researchers tested are affected by the vulnerability called “TunnelVision” – they claim to have informed over 50 manufacturers about the security problem." https://www.heise.de/news/Tunnelvision-Angreifer-koennen-VPNs-aushebeln-und-Daten-umleiten-9710188.html 20 minutes ago, eisfeld said: 99% of VPN users have nothing to worry about. Please give me a verifiable source for that claim. 2 Link to comment Share on other sites More sharing options...
eisfeld Posted May 9 Share Posted May 9 4 minutes ago, connda said: If your worried about it then set you VPN to run data via TCP over port 443. Bob's your uncle. Uhm no, the attack is on the IP routing table via DHCP. TCP, UDP, ports etc don't matter. It's at a layer under that. 1 Link to comment Share on other sites More sharing options...
eisfeld Posted May 9 Share Posted May 9 3 minutes ago, AreYouGerman said: "All VPNs that the researchers tested are affected by the vulnerability called “TunnelVision” – they claim to have informed over 50 manufacturers about the security problem." https://www.heise.de/news/Tunnelvision-Angreifer-koennen-VPNs-aushebeln-und-Daten-umleiten-9710188.html Nothing they researches published mentioned the number 50. I don't know where Heise took that from. Anyways notifying a vendor about a problem doesn't mean they tested it. And it also doesn't mean that the users of a vendor need to worry about it - even if their VPN is vulnerable. 5 minutes ago, AreYouGerman said: Please give me a verifiable source for that claim. Again don't be dense. Of course I have no source. It's a figure of speech and not a claim of fact. You really are German 🙂 1 Link to comment Share on other sites More sharing options...
connda Posted May 9 Share Posted May 9 If you're using Linux with a VPN using WireGuard: WireGuard routing technology closes the side channel the Tunnelvision exploits with Linux OS's 1 Link to comment Share on other sites More sharing options...
connda Posted May 9 Share Posted May 9 Make sure to lock-down your computer, place a mask on its intake fan, keep it at least 2 meters from other computers, and make sure to give it at least two EUA Pfizer shots and all will be well. 😷 💉 1 1 1 Link to comment Share on other sites More sharing options...
cdnvic Posted May 9 Share Posted May 9 Any hope of readers getting good advice is being lost in pointless personal attacks. Posts contravening community standards, or quoting them have been removed. It's ok to disagree, but personal attacks aren't the way to do it. Link to comment Share on other sites More sharing options...
AreYouGerman Posted May 9 Author Share Posted May 9 (edited) Other forums: How to find a solution for a serious security threat. Aseannow: Bickering about usage of words and insults. Edited May 9 by AreYouGerman Link to comment Share on other sites More sharing options...
ChaiyaTH Posted May 9 Share Posted May 9 (edited) One must be really living under a stone, if posting this, about VPN's, and thinking that that is a new discovery or news item. Anyone with brains knew this since ages, hence the need for multiple tunnels and layers aside from other detailled technical knowledge, to actually be as anonymous as it can be. The entire sale of VPN for consumers is just a big business, because well, most people are suckerfishes. Anyone with brains would setup a 2-5 layer aside from using low key residential proxies that dynamically switch as a whole, making it virtually impossible to ever find out who it is, unless your the guy who set up his market place with a hotmail address, to then be caught and hang yourself (alpha bay). Yup you read that right, without that mistake, he would still run. As a consumer, without interest or technical skills and knowledge, and not willing to learn nor put money + time in it, you can give up already. Edited May 9 by ChaiyaTH Link to comment Share on other sites More sharing options...
ChaiyaTH Posted May 9 Share Posted May 9 (edited) 4 hours ago, AreYouGerman said: Security researchers say this scary exploit could render all VPNs useless VPNs are no longer safe if these security researchers are right. https://www.zdnet.com/article/security-researchers-say-this-scary-exploit-could-render-all-vpns-useless/ You are really a tool lol, reading articles like this, to then think and know you are up-to-date, while this is like years old knowledge. Same time tons of solutions but whatever. These are the worst creatures; those who read that type of tech articles, while being entirely stupid about tech themself. Edited May 9 by ChaiyaTH Link to comment Share on other sites More sharing options...
eisfeld Posted May 9 Share Posted May 9 31 minutes ago, AreYouGerman said: A lot of blabla and still you didn't even address how to fix the current vulnerability. Multiple layers? Haha, nope, 100% you didn't even understand the vulnerability. 😅 I actually agree with you here. Multiple layers don't help in any way against this attack because the attack causes the clients to not even send the traffic through the first hop and so subsequent hops are bypassed as well. In other words it causes the traffic to not enter the VPN in the first place and flow out somewhere else. Link to comment Share on other sites More sharing options...
eisfeld Posted May 9 Share Posted May 9 56 minutes ago, ChaiyaTH said: One must be really living under a stone, if posting this, about VPN's, and thinking that that is a new discovery or news item. Anyone with brains knew this since ages, hence the need for multiple tunnels and layers aside from other detailled technical knowledge, to actually be as anonymous as it can be. The entire sale of VPN for consumers is just a big business, because well, most people are suckerfishes. Anyone with brains would setup a 2-5 layer aside from using low key residential proxies that dynamically switch as a whole, making it virtually impossible to ever find out who it is, unless your the guy who set up his market place with a hotmail address, to then be caught and hang yourself (alpha bay). Yup you read that right, without that mistake, he would still run. As a consumer, without interest or technical skills and knowledge, and not willing to learn nor put money + time in it, you can give up already. Not everyone is running a darknet drug marketplace and hiding from the police 🙂 Link to comment Share on other sites More sharing options...
Will B Good Posted May 9 Share Posted May 9 This has me really worried....someone could catch me watching Emmerdale. Link to comment Share on other sites More sharing options...
SmokeyJoe Posted May 10 Share Posted May 10 From NordVPN Re Tunnelvision We would like to reassure you that none of our applications leak traffic if 'Stay invisible on a local network' (from iOS 16) and 'Kill Switch' features are enabled within the app settings menu. Side channel attack would result in lost Internet connection, but not the data leak as well. In theory, the attacker could exploit the vulnerability if: they have access to the network their target is connected to; they know the destination IP the target is trying to access; resources target is trying to access are not under any kind of CDN. If all of these requirements are met, attacker could try to block certain IP addresses and then guess whether the target's traffic has dropped because of it. This could reinforce their beliefs that the target is visiting the website they are suspecting, but it would still be probabilistic. That said, even in this case, it won't provide attackers with any content of the target's requests. 1 Link to comment Share on other sites More sharing options...
scottiejohn Posted May 10 Share Posted May 10 7 hours ago, Will B Good said: This has me really worried....someone could catch me watching Emmerdale. Or worse still catch what you are doing while watching Emmerdale! 1 Link to comment Share on other sites More sharing options...
johng Posted May 10 Share Posted May 10 The best explanation I've read so far. https://tunnelcrack.mathyvanhoef.com/details.html very interesting that this "backdoor" has been around since the very beginning of VPN's in 1996 and "The attacks can also be carried out by a malicious ISP or compromised core Internet router." How very useful for all those 3 letter agencies !!! 1 Link to comment Share on other sites More sharing options...
sungod Posted May 10 Share Posted May 10 On 5/9/2024 at 8:40 AM, BE88 said: So that it works in Thailand for Pornhub I have no problems The only people who need to watch pornhub in Thailand must be into some totally weird stuff........ 1 Link to comment Share on other sites More sharing options...
eisfeld Posted May 10 Share Posted May 10 1 hour ago, johng said: The best explanation I've read so far. https://tunnelcrack.mathyvanhoef.com/details.html very interesting that this "backdoor" has been around since the very beginning of VPN's in 1996 and "The attacks can also be carried out by a malicious ISP or compromised core Internet router." How very useful for all those 3 letter agencies !!! 1. That's an older, different attack from what this topic is about and therefore can't act as an explanation. 2. It's not a backdoor, just many VPN clients didn't handle simple network configurations properly Link to comment Share on other sites More sharing options...
johng Posted May 10 Share Posted May 10 5 minutes ago, eisfeld said: 1. That's an older, different attack from what this topic is about and therefore can't act as an explanation. As far as I understand things tunnelvision and tunnelcrack are very similar except for the option 121 bit in tunnelvision ? they achieve the same goal by abusing the routing table and tricking the VPN client into sending information outside of the VPN tunnel. https://www.tunnelvisionbug.com/ "Recently, a technique known as TunnelCrack allowed attackers to leak data from a VPN. Simultaneously, we have been working on a more general technique we call “TunnelVision.” TunnelVision leaks VPN traffic more simply and powerfully. We have demonstrated an attacker can leak all traffic just by being on the same local network as a VPN user. From the user’s perspective, they appear as if they are connected to the VPN." The main difference seems to be. "However, neither technique described in TunnelCrack leveraged DHCP option 121 to push routes. Pushing routes through DHCP has a significantly higher impact from the same attacker vantage point (the ability to hand out IP leases for a non-RFC1918 range or spoofing DNS replies)." 11 minutes ago, eisfeld said: 2. It's not a backdoor I put "backdoor" in quotes, as you correctly point out it's not a backdoor as such just has the same very bad results. Link to comment Share on other sites More sharing options...
eisfeld Posted May 10 Share Posted May 10 9 minutes ago, johng said: As far as I understand things tunnelvision and tunnelcrack are very similar except for the option 121 bit in tunnelvision ? they achieve the same goal by abusing the routing table and tricking the VPN client into sending information outside of the VPN tunnel. https://www.tunnelvisionbug.com/ "Recently, a technique known as TunnelCrack allowed attackers to leak data from a VPN. Simultaneously, we have been working on a more general technique we call “TunnelVision.” TunnelVision leaks VPN traffic more simply and powerfully. We have demonstrated an attacker can leak all traffic just by being on the same local network as a VPN user. From the user’s perspective, they appear as if they are connected to the VPN." The main difference seems to be. "However, neither technique described in TunnelCrack leveraged DHCP option 121 to push routes. Pushing routes through DHCP has a significantly higher impact from the same attacker vantage point (the ability to hand out IP leases for a non-RFC1918 range or spoofing DNS replies)." There are similarities for sure that's why I also said earlier this new attack is just a variation of similar prior attacks and nothing shocking. Even TunnelCrack is not the first of this kind. And even before attacks on VPNs there have been attacks on routing tables for decades to leak traffic somewhere where it was not intended to go. That's why there are carefully designed VPN clients which are not vulnerable to these attacks because the basic idea behind them is always the same. Classic examples are BGP hijacking or DNS cache poinoning. The idea is always the same: redirect traffic from its intended destination. Just using different features and attacking different layers. The problem with attacks that work directly on an enduser device is that they can prevent the traffic from entering the VPN in the first place and therefore getting encrypted. That's why you still want a layer of encryption that doesn't depend on the network routing in applications like TLS for websites, email servers and so on. Link to comment Share on other sites More sharing options...
BE88 Posted May 10 Share Posted May 10 2 hours ago, sungod said: The only people who need to watch pornhub in Thailand must be into some totally weird stuff........ The only bizarre types are those who don't admit it but are the first to go there assiduously. Link to comment Share on other sites More sharing options...
Sticky Rice Balls Posted May 10 Share Posted May 10 17 hours ago, AreYouGerman said: Aren't you the guy who runs Linux and thinks it's safe and his VPNs are not affected. Hahaha, oh dude. Get educated, Ubuntu click boy. arent you the guy that believes a website that says something and you conclude it for fact???? oh dude...hahaha the irony Link to comment Share on other sites More sharing options...
.png.3b3332cc2256ad0edbc2fe9404feeef0.png)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now