Check also: [When you think you are Anonymous behind a VPN]
American intelligence follows British lead in warning of serious VPN vulnerabilities:
The US National Security Agency (NSA) is warning admins to patch a set of months-old security bugs that have recently come under active attack.
The NSA’s bulletin, issued earlier this week, says that state-sponsored hacking groups are now actively targeting the remote takeover and connection hijacking flaws in VPNs that were first publicized in April of this year.
“These vulnerabilities allow for remote arbitrary file downloads and remote code execution on Pulse Connect Secure and Pulse Policy Secure gateways. Other vulnerabilities in the series allow for interception or hijacking of encrypted traffic sessions,” the NSA warned.
“Exploit code is freely available online via the Metasploit framework, as well as GitHub. Malicious cyber actors are actively using this exploit code.”
The NSA’s update comes on the heels of an earlier alert issued in the UK by the National Cyber Security Centre (NCSC), warning of attacks that it had spotted against both private and government sector firms in the UK ranging from military and academic institutions to business and healthcare providers.
A Nord VPN bug, a(nother) bad Microsoft patch, Zynga data farmed out, and more
“An attacker can use these stolen credentials to connect to the VPN and change configuration settings, or connect to further internal infrastructure,” the NCSC’s warning reads.
“Unauthorised connection to a VPN could also provide the attacker with the privileges needed to run secondary exploits aimed at accessing a root shell.” David Stubley, CEO of security firm 7 Elements, told The Register that his firm has already found tens of thousands of servers vulnerable one of the outlined bugs, and provided a video showing just how easy the process of exploiting the flaws and stealing VPN user data is.
“Trivial to extract user names and passwords, 60k passwords were identified,” Stubley of one test run.
“Over 800 were based upon the dictionary word ‘password’, 4k based on this year as in 2019, we even saw passwords based on 2009 with the password of ‘Sep-09’.”
Admins who use VPNs for remote connections are being advised to test and install the patches as soon as possible.
Around 20% of today’s top VPN solutions are leaking the customer’s IP address via a WebRTC bug known since January 2015, and which apparently some VPN providers have never heard of.
From EFF Page:
-VPNs can see, modify, and log your Internet traffic. Many VPN providers make promises to not log your traffic and to take other privacy protective measures, but it can be hard to verify this independently since these services are built on closed platforms. For example, a recent study found that up to 38% of VPN apps available for Android contained some form of malware or spyware.
-Would using the VPN service still leak your DNS queries to your ISP?
This story reported by New York Times brings a big question : WHAT IF ..
What IF there are many VPN controlled remotely by US.GOV or UK.GOV or AU.GOV , etc.
as the History teaches, if they must control then THEY WILL CONTROL also physically reaching the datacenter, regardless of the technologies used and applied, and regardless of the people that own these technologies. Hence you must think well about WHO you are going to trust and entrust your privacy data.
ipfilterX opposite to the above view doesn’t ask you anything, either it won’t be able to know anything,it will avoid to receive questions and it will deny to enemy abilities to know about you.
HERE THE ARTICLE : ”They thought these phones protected their anonymity, but they didn’t,”
said a senior intelligence official based in Europe.
Even without personal information, the authorities were able to conduct routine monitoring of phone conversations.
Routing ‘Feature’ Can Expose VPN Users’ Real IP-Addresses
[NSA attacks on VPNs]:
>At the end the Silk Road Creator’s Dread Pirate aka Roberts Ross William Ulbricht
fatal error has been to use A FUKIN
#VPN to access in Silk Road
and not TOR itself .
– 9 points that must not be underestimate about VPN …
[Why ipfilterX and not only VPN]
1) Well the same VPN owners tell how much wrong is their job:
“Our VPN service and VPN services in general are not designed to be used to commit illegal activity.” : from Hide your Ass?
So in their opinion what activity should be executed on their service ?
Just not be traced for advertising commercials and/or statistics plans ?
No, Instead get : YOUR ASSES EXPOSED
2) ********** – *********** Hits=1 VUPEN ,
they don’t even know that they hit my machine but they know that they hit a VPN and thus they will ask Customers IDs.
In summary :
using ipfilterX they can’t know if an ip/machine is online , ipfilterX works as a stealth fighter engine,
it’s invisible to enemy radar, we can’t tell the same for VPN , it’s true that your IP is behind the VPN IP but for the reason at point 1, VPN won’t ever cover you , often it could be the opposite thing-
3) The speed of download and upload behind a VPN is a often a very failure, your downloads will never be fast or faster , same for uploads, your data must go through the VPN servers then be released outside and viceversa for the input data. When a VPN is at its almost full overload the DL/UPL speed are almost comparable with Dial-Up speed.
So what benefit is this ? And it is known how many users got problems just trying to connect to their VPN service ?
4) The cost. Well an average VPN costs around 6$ X month. And those are like 72$ x year .
72$ to receive what ? Not full anonymity , not the greatest performances or any sort of benefits, often not that illusion that you paid for.
5) VPN won’t be able to protect you from various Net Threats like Malware, Trojans, Keyloggers, Botnets, etc. instead ipfilterX actively does.
6) VPN are often used as BOTNETS , so your bandwidth will be wasted carrying on attacks to other networks.
7) Often a VPN disconnection may expose irreparably your real IP.
It’s unavoidable because of temporary problems in your ISP or some software problem related to your LAN ,or whatever , your Internet and/or your VPN connection will fall at some point.
You will not get a warning or an alarm and you will continue to browse the net or sharing files over P2P Networks as never happened because you did not notice but it’s done, your IP is now exposed for everyone to see. The evil that comes with this event is that you won’t realize of what happened to you at first instance, but your privacy will be compromised as you never used something to protect you being on the internet, naked over a scanner , and after all the boring stuff you did, the price and the time you paid for an ultimate slow and average service , at the end you are EXPOSED .
8) SOME VPN SERVERS ARE CONTROLLED BY F.B.I. and other Government Agencies:
9) When you ‘re going to subscribe to a VPN remember to read
______VERY CAREFULLY THEIR LEGAL TERMS,
______________for example :
In order to use this website and services, you affirm that you are atleast eighteen (18) years of age and/or are legally able to make purchases online. If you are under the age of eighteen (18) years of age, then you must find a legal parent or guardian to purchase and activate this service for you. If you are unable to find a legal parent or guardian to purchase and activate this service for you, you are not permitted to use this website or its services.
You agree to comply with all applicable laws and regulations in connection with use of this service. You must also agree that you nor any other user that you have provided access to will not engage in any of the following activities:
Uploading, posessing, receiving, transporting, or distributing any copyrighted content which you do not have written consent from the copyright owner.
Interfering with the service to any other user, client, host or network which reduces the quality of service for other clients and users.
Accessing data, systems or networks including attempts to probe scan or test for vulnerabilities of a system or network or to breach security or authentication measures without written consent from the owner of the system or network.
Using this service to transmit any material (by email, uploading, posting, or otherwise) that threatens or encourages bodily harm, injury or destruction of property.
Accessing the service to violate any laws at the local, state and federal level in the United States of America or country/territory in which you reside.
PrivateInternetAccess.com abides by a ZERO TOLERANCE policy relating to any activity which breaches our terms and conditions. Additionally, PrivateInternetAccess.com will cooperate in full with all governmental agencies that seek those who have violated any of the above terms and conditions.
Along with the ZERO TOLERANCE policy, Clients who breach the terms and conditions will have their account removed without any refund. Additionally, PrivateInternetAccess.com expressly reserves the right to hold the Client responsible for any financial damages and losses which may be incurred due to said violation(s), including, but not limited to attorney fees, court costs, and other charges.
SERVICE LEVEL AGREEMENT
Service coverage, speeds, locations and quality are not guaranteed. While PrivateInternetAccess.com will make every attempt to maintain the Service availability at all times, the Service may be subject to unavailability for numerous reasons including maintenance, emergencies, third party service failures, transmission errors, equipment failures, network issues, interference, natural disaster, amongst other reasons. PrivateInternetAccess.com does not guarantee that data, messages, or pages will be delivered and shall not be held responsible in the event pages are lost, not delivered, delayed, misdirected or are otherwise inaccessible.
Additionally, we may impose usage limits to our services, suspend or block services, or cancel any and all services at our sole discretion at any time. Finally, we do not guarantee the accuracy and timeliness of any datas received.
We make no guarantee that this service will be accessible at any time. However, we will do our best to keep the service up and running for our beloved clients.
Some accounts may be imposed with data transfer limits. These plans will be subject to said usage limits and will be terminated upon completion of the data limits.
Additionally, unmetered bandwidth means there are no usage caps. However, users who display excessive usage may have caps imposed or have their account suspended or terminated.
>In summary :
Slow service if not when no service at all. Limited Bandwidth. Subjected to Law as anyone else. I would name the three things above: The three Laws of the Virtual Private Networks, equal to V.P.N.=U.W.O.T.A.M. – Useless Waste of Time and Money.
“ If your VPN provider retains logs and turns over user data to law enforcement, what is the point?”