- Joined
- Dec 9, 2016
I don't trust any of these commercial VPNs. They have a lot of reason to mine your data as they tend to learn the most about who you really are.
VPNs
- Thread starter MarvinTheParanoidAndroid
- Start date
- Joined
- Mar 17, 2019
Nah, it's fucking excellent if true. This is either propaganda from the dodgy Israeli company that owns PIA, or just this guy talking nonsense.Some weird possibly shit going on with NordVPN.
How is NordVPN unblocking Disney+?
NordVPN, a company reeling from careless security practices revealed as part of a security breach (one that they covered up for 6 months…medium.com
TL;DR: NordVPN may be using malware from a cousin company to gain illicit access to residential connections for VPN use.
Don't take this as incontrovertible truth, I haven't looked too deep into it, but fucked up if true. Anybody know more?
NordVPN specifically denied that their "VPN clients are being used to turn our users into a botnet". The article provides not a shred of proof of any such allegations- instead, traffic may be, after going through the regular NordVPN servers, routed through residential internet connections via a service that has nothing to do with NordVPN and especially the VPN clients that users install on their computers.
It's all FUD. Routing traffic through residential IPs is a great way to further decrease the ability for the traditional enemies of the truth to track your internet activity. Now, when will they be offering this for bypassing 4chan blocks?
- Joined
- Dec 28, 2014
Another Israeli company, Hola, did exactly this, having a peer to peer VPN that used bandwidth from its "free" customers without their knowledge and selling the bandwidth to their paying customers (Luminati).
- Joined
- Mar 17, 2019
Yeah, I looked into using this for stuff I didn't need to be private with, where the ability to get random residential IPs might be useful.
What I found was that all the free traffic just goes through a very limited number of dedicated servers. So you don't even get the advantage of using other people's residential IPs.
They're still engaging in these same practices- I believe they still don't even encrypt the traffic from your browser to their shitty proxy servers.
- Joined
- May 9, 2017
Some weird possibly shit going on with NordVPN.
medium.com
TL;DR: NordVPN may be using malware from a cousin company to gain illicit access to residential connections for VPN use.
Don't take this as incontrovertible truth, I haven't looked too deep into it, but fucked up if true. Anybody know more?
FULL DISCLOSURE: I use PIA but with recent events I'm looking pretty hard at Mullvad. I have no religion when it comes to VPNs.
How is NordVPN unblocking Disney+?
NordVPN, a company reeling from careless security practices revealed as part of a security breach (one that they covered up for 6 months…
medium.com
TL;DR: NordVPN may be using malware from a cousin company to gain illicit access to residential connections for VPN use.
Don't take this as incontrovertible truth, I haven't looked too deep into it, but fucked up if true. Anybody know more?
Still, if what he's saying is true, NordVPN is routing through residential IPs by some shady-ass means, even if they're not DIRECTLY involved compromising those machines, yeah? Possibility 1: He's lying/wrong about the connections being routed through residential. Possibility 2: He's right. Well, how exactly are they routing through residential? Even if NordVPN itself isn't turning VPN connections into nodes (which I don't think he's claiming), SOMETHING is, right?
FULL DISCLOSURE: I use PIA but with recent events I'm looking pretty hard at Mullvad. I have no religion when it comes to VPNs.
- Joined
- Mar 17, 2019
And? It sounds like NordVPN is giving you a privacy gain, without any downside for the NordVPN user (too bad for the people installing adware).
This mong with a Medium account is trying to conflate this with NordVPN users somehow being compromised by using NordVPN or their official clients.
There's some potential for there to be downsides to this, if this is done with HTTP traffic not just HTTPS (and it's probably only done with HTTPS traffic for only some specific criteria to avoid the Disney blocks), but if so why are you sending sensitive stuff over HTTP?
- Joined
- Dec 28, 2014
It says something about their integrity. If they'd steal from random people why wouldn't they fuck you over, too?
- Joined
- Mar 17, 2019
If people install adware on their computers in exchange for some shitty software product, that's fair play.
- Joined
- Dec 28, 2014
I'm sure they'd have some similar bullshit justification for betraying me, too, so I just won't trust them. If you sign up for them knowing they're thieves and get fucked over, you deserve it, too, by that reasoning.
- Joined
- Mar 17, 2019
It's a different operation.
If they need to get residential IPs to avoid content blocking, then they need to get residential IPs. It sounds like they got these from a company that does this in a pretty civilized way, with an addon that people voluntarily installed with some software that had nothing to do with privacy (a lot of the others just rely on botnets installing their software).
Would I like to see more information about what triggers routing through residential IPs so I can take advantage of it for non-Disney related activities, assuming this is possible? Absolutely.
Would I like to see VPN providers looking at alternative ways to route traffic through residential IPs? Sure. Maybe they could make it a premium service where paid a little more but if you didn't want to pay and were in a desirable region, you could choose to allow others to route traffic for certain services like Netflix, etc*, in exchange for credits to do the same yourself. But that seems like it would require a fair amount of investment and consumer buy in. They have a good solution for now.
* as there are obvious reasons not to allow people to post bomb threats against schools on 4chan from your own connection
- Joined
- Dec 28, 2014
It just takes a couple high profile end users going down for someone else's CP downloading for consumer buy in to disappear.
- Joined
- Mar 17, 2019
Yeah, it definitely doesn't work if you let random anonymous people go through your residential connection to access anything, whether that be the successor of 8chan's /hebe/ under Frederick Brennan's management, or 4chan to post bomb threats, or...
I think you could make it work as long as it was solely for geogated sites where the user generally has to have an account tied to their credit card anyway, which is the issue NordVPN are addressing here, with some sort of system where effectively a bugman in the UK could trade his geogated BBC iPlayer access and whatever shows are geogated to the UK, with a bugman in the US whose connection gives him access to US Netflix and Disney shit.
This Disney lockdown that NordVPN is circumventing is only the start. The MPAA's front organization is specifically working to crack down on 'password sharing' and geogate avoidance, and they have British, European, and Canadian media corps on board- and even ISPs. The situation is only going to get worse for VPN providers relying on routing all their traffic through random VPSs in datacenters.
- Joined
- May 20, 2018
GrayWater
kiwifarms.net
- Joined
- Mar 14, 2017
Regarding the subject of PIA, here's a little tidbit. I cancelled my subscription last night and gave them my reason, that they've been snatched up by a company responsible for literally creating malware.
Earlier today I get an email reply back from Customer Support. Here's what they had to say:
I did mention CyberGhost in my reasoning, but they didn't seem to address the Crossrider debacle I also mentioned. Not too surprised I guess, but still curious.
Earlier today I get an email reply back from Customer Support. Here's what they had to say:
PIA Customer Support said:
I did mention CyberGhost in my reasoning, but they didn't seem to address the Crossrider debacle I also mentioned. Not too surprised I guess, but still curious.
- Joined
- May 9, 2017
Anecdotal, but in the past few days, for the first time, Youtube has been throwing fits with PIA. It's a general "too many requests from your network" error, but y'know. Horse shit.
Mysterious.
Mysterious.
a_lurker
kiwifarms.net
- Joined
- Jun 16, 2019
Some weird possibly shit going on with NordVPN.
How is NordVPN unblocking Disney+?
NordVPN, a company reeling from careless security practices revealed as part of a security breach (one that they covered up for 6 months…
TL;DR: NordVPN may be using malware from a cousin company to gain illicit access to residential connections for VPN use.
Don't take this as incontrovertible truth, I haven't looked too deep into it, but fucked up if true. Anybody know more?
I figure they'd probably have a specific route for dns requests for Disney+
- Joined
- Mar 5, 2018
For still being competitors, that rep sure went to bat for them.
- Joined
- Mar 5, 2018
I've been using Mullvad for the last week and it's working well for me. Having the option to mail cash as payment is nice. They only offer monthly payments which might be a negative to some, but I was paying PIA monthly in case I needed to drop them and move on (which seems to be a wise move).
All of the servers I tried (10+) have been fast with low latency.
The android app is pretty barebones, especially compared to the PIA one, but it works. I ended up using the WireGuard client because I needed to exclude a couple of apps from the VPN.
I'm satisfied so far.
All of the servers I tried (10+) have been fast with low latency.
The android app is pretty barebones, especially compared to the PIA one, but it works. I ended up using the WireGuard client because I needed to exclude a couple of apps from the VPN.
I'm satisfied so far.
- Joined
- Mar 5, 2018
https://www.bleepingcomputer.com/ne...bility-lets-attackers-hijack-vpn-connections/
https://archive.ph/GoizH
New Linux Vulnerability Lets Attackers Hijack VPN Connections
Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams.
They disclosed the security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard.
The vulnerability is known to impact most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android.
A currently incomplete list of vulnerable operating systems and the init systems they came with is available below, with more to be added once they are tested and found to be affected:
• Ubuntu 19.10 (systemd)
• Fedora (systemd)
• Debian 10.2 (systemd)
• Arch 2019.05 (systemd)
• Manjaro 18.1.1 (systemd)
• Devuan (sysV init)
• MX Linux 19 (Mepis+antiX)
• Void Linux (runit)
• Slackware 14.2 (rc.d)
• Deepin (rc.d)
• FreeBSD (rc.d)
• OpenBSD (rc.d)
All VPN implementations are affected
This security flaw "allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website," according to William J. Tolley, Beau Kujath, and Jedidiah R. Crandall, Breakpointing Bad researchers at University of New Mexico.
"Additionally, we are able to determine the exact seq and ack numbers by counting encrypted packets and/or examining their size. This allows us to inject data into the TCP stream and hijack connections," the researchers said.
Attacks exploiting CVE-2019-14899 work against OpenVPN, WireGuard, and IKEv2/IPSec, but the researchers are still testing their feasibility against Tor.
They also note that the VPN technology used does not seem to be of importance since the attacks worked during their tests even when the responses they got from targets were encrypted, given that the size of the packets and the number of packets sent was enough to find the type of data packets that were being delivered through the encrypted VPN tunnel.
This attack did not work against any Linux distribution we tested until the release of Ubuntu 19.10, and we noticed that the rp_filter settings were set to “loose” mode. We see that the default settings in sysctl.d/50-default.conf in the systemd repository were changed from “strict” to “loose” mode on November 28, 2018, so distributions using a version of systemd without modified configurations after this date are now vulnerable. Most Linux distributions we tested which use other init systems leave the value as 0, the default for the Linux kernel.
The researchers discovered that most of the Linux distros they tested were vulnerable to attacks exploiting this flaw. They also found that all distros that use systemd versions released after November 28, 2018, that come with Reverse Path filtering switched from Strict mode to Loose mode, are vulnerable.
Given this, all Linux distributions using a systemd version with default configurations after this date are vulnerable.
It's important to note though that, despite some distros with specific systemd versions being vulnerable, the flaw is known to impact a variety of init systems and it is not only related to systemd as shown by the list of affected OSs available above.
Furthermore, network security consultant Noel Kuntze said in a reply to the disclosure report that only route-based VPN implementations are impacted by this vulnerability.
An alleged Amazon Web Services employee also stated that the Amazon Linux distro and AWS VPN products are not affected by attacks exploiting this flaw.
Mitigation is possible
Mitigation is possible according to the researchers and it can be potentially achieved by turning reverse path filtering on, by using bogon filtering —filtering bogus (fake) IP addresses — or with the help of encrypted packet size and timing.
These are the steps needed to run an attack designed to exploit this vulnerability and hijack a target's VPN connection:
1. Determining the VPN client’s virtual IP address
2. Using the virtual IP address to make inferences about active connections
3. Using the encrypted replies to unsolicited packets to determine the sequence and acknowledgment numbers of the active connection to hijack the TCP session
The full procedure to reproduce the vulnerability on Linux distros is explained in detail within the disclosure report publicly available here.
The research team is planning to publish a paper with an in-depth analysis of this vulnerability and its implications but only after finding an adequate workaround.
https://archive.ph/GoizH
New Linux Vulnerability Lets Attackers Hijack VPN Connections
Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams.
They disclosed the security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard.
The vulnerability is known to impact most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android.
A currently incomplete list of vulnerable operating systems and the init systems they came with is available below, with more to be added once they are tested and found to be affected:
• Ubuntu 19.10 (systemd)
• Fedora (systemd)
• Debian 10.2 (systemd)
• Arch 2019.05 (systemd)
• Manjaro 18.1.1 (systemd)
• Devuan (sysV init)
• MX Linux 19 (Mepis+antiX)
• Void Linux (runit)
• Slackware 14.2 (rc.d)
• Deepin (rc.d)
• FreeBSD (rc.d)
• OpenBSD (rc.d)
All VPN implementations are affected
This security flaw "allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website," according to William J. Tolley, Beau Kujath, and Jedidiah R. Crandall, Breakpointing Bad researchers at University of New Mexico.
"Additionally, we are able to determine the exact seq and ack numbers by counting encrypted packets and/or examining their size. This allows us to inject data into the TCP stream and hijack connections," the researchers said.
Attacks exploiting CVE-2019-14899 work against OpenVPN, WireGuard, and IKEv2/IPSec, but the researchers are still testing their feasibility against Tor.
They also note that the VPN technology used does not seem to be of importance since the attacks worked during their tests even when the responses they got from targets were encrypted, given that the size of the packets and the number of packets sent was enough to find the type of data packets that were being delivered through the encrypted VPN tunnel.
This attack did not work against any Linux distribution we tested until the release of Ubuntu 19.10, and we noticed that the rp_filter settings were set to “loose” mode. We see that the default settings in sysctl.d/50-default.conf in the systemd repository were changed from “strict” to “loose” mode on November 28, 2018, so distributions using a version of systemd without modified configurations after this date are now vulnerable. Most Linux distributions we tested which use other init systems leave the value as 0, the default for the Linux kernel.
The researchers discovered that most of the Linux distros they tested were vulnerable to attacks exploiting this flaw. They also found that all distros that use systemd versions released after November 28, 2018, that come with Reverse Path filtering switched from Strict mode to Loose mode, are vulnerable.
Given this, all Linux distributions using a systemd version with default configurations after this date are vulnerable.
It's important to note though that, despite some distros with specific systemd versions being vulnerable, the flaw is known to impact a variety of init systems and it is not only related to systemd as shown by the list of affected OSs available above.
Furthermore, network security consultant Noel Kuntze said in a reply to the disclosure report that only route-based VPN implementations are impacted by this vulnerability.
An alleged Amazon Web Services employee also stated that the Amazon Linux distro and AWS VPN products are not affected by attacks exploiting this flaw.
Mitigation is possible
Mitigation is possible according to the researchers and it can be potentially achieved by turning reverse path filtering on, by using bogon filtering —filtering bogus (fake) IP addresses — or with the help of encrypted packet size and timing.
These are the steps needed to run an attack designed to exploit this vulnerability and hijack a target's VPN connection:
1. Determining the VPN client’s virtual IP address
2. Using the virtual IP address to make inferences about active connections
3. Using the encrypted replies to unsolicited packets to determine the sequence and acknowledgment numbers of the active connection to hijack the TCP session
The full procedure to reproduce the vulnerability on Linux distros is explained in detail within the disclosure report publicly available here.
The research team is planning to publish a paper with an in-depth analysis of this vulnerability and its implications but only after finding an adequate workaround.
---- End of Article ----
- Joined
- Mar 17, 2019
Hmm. I can't profess to fully understand this, but there is this:
https://seclists.org/oss-sec/2019/q4/122
If you avoid using a VPN that routes IPv6 (there's very little reason to do so) and you don't use a distribution that has been infected by systemd malware, you are fine.