It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

WARNING: Vulnerability Found In VPN's - Anonymity Compromised

page: 1
2

log in

join
share:

posted on Oct, 2 2010 @ 01:44 PM
link   
Ok if anyone here is using a VPN that relies on PPTP technology (most of the commercial ones do btw) then you need to read this.

Huge Security Flaw Makes VPNs Useless for BitTorrent

While this article relates to bittorrent, please understand this means anything you send across a VPN that uses PPTP could be compromised, so if you're a political activist or whistleblower you should take note of this one. The fix for this is provided in the article, it can be prevented. However i must make something else clear.

The authentication VPN's use often relies on the CHAP protocol, this has also been found to be lacking in security, however for now, as long as you close the IPv6 vulnerability mentioned in the above article you should be ok.

However i encourage people to look at the OpenVPN project as SSL encryption and the various authentication protocols are more secure for whatever you are doing online.

I hope this is useful for some people.



posted on Feb, 9 2013 @ 04:31 PM
link   
reply to post by ImaginaryReality1984
 


Hey... I realize this thread is kinda old... but I have a quick question you may be able to answer for me. I run a Win7 x 64 home premium pc stand alone... no domain... no homegroup... is it possible that if I were compromised, someone could add/create VPN on my comp without me being aware? Get back to me when you ave the time. thanks!



posted on Feb, 22 2013 @ 07:42 AM
link   
Yeah PPTP is pretty much garbage. When you have newer IPv6 protocols over old broken down PPTP you're going to have security holes. Microsoft refuses to do anything with it, and they include it in the pro and ultimate versions of their software, like it's a added bonus to the end user. LOL! They won't make it secure because then it would hurt their revenue for their sever software scheme. LP2T and IPSEC is part of their server software cash cow. Funny thing about it is you can actually find some powerful robust 3rd party software out there that offer IPSEC etc. It too will cost you, but not as much. Maybe $100 dollars for a pro version and probably $200 dollars for unlimited users licenses and support. You can also install it on any flavor of OS you want. That's better then being held hostage by Microsoft and paying $500-2000 dollars for corporate software just to enjoy IPsec VPN lol. Then you gotta buy the CALS (Client Access License) packs too.

Then there is this thing called open source. You can download your OS free and your VPN software free. Go figure right.



 
2

log in

join