Forum Thread

Your VPN may be worthless - Engadget

flipmarc 191 29 December 14, 2015 at 07:38 AM
http://www.engadget.com/2015/12/1...worthless/

Not sure if this is the right place to post this.

Personally, I use PIA Frown

12 Comments

1

Sign up for a Slickdeals account to remove this ad.

Joined Nov 2005
L10: Grand Master
25,035 Posts
3,353 Reputation
Pro
#2
Quote from flipmarc View Post :
http://www.engadget.com/2015/12/1...worthless/

Not sure if this is the right place to post this.

Personally, I use PIA Frown

PIA did recently issue an update to its Windows software claiming to fix something.... don't know the details.

Also this is clickbait.... under the details you'll see:

For Port Fail to work, the attacker uses the same VPN provider as the target and simply sets up port forwarding. It doesn't matter if the victim has port forwarding turned on or not.

The attacker can get the real IP addresses of any user on the same VPN service by getting the victim to click a link; it then redirects the victim to a port under the attacker's control.

Yeah so basically the target needs to be a complete moron.
Reply Helpful Comment? 0 0
#3
Quote from Dr. J View Post :
PIA did recently issue an update to its Windows software claiming to fix something.... don't know the details.

Also this is clickbait.... under the details you'll see:

For Port Fail to work, the attacker uses the same VPN provider as the target and simply sets up port forwarding. It doesn't matter if the victim has port forwarding turned on or not.

The attacker can get the real IP addresses of any user on the same VPN service by getting the victim to click a link; it then redirects the victim to a port under the attacker's control.

Yeah so basically the target needs to be a complete moron.
If you assume that the attacker is a website or ad/tracking network, this is a dead simple attack to pull off.

If the attacker is not one of these things then it is of much less use. A completely click bait headline, but depending on your threat model this could be a completely viable attack.
Reply Helpful Comment? 0 0
#4
This is pretty common knowledge in commercial VPN hardware / providers (think F5, not PIA). This is easily addressed with server side firewall rules or client side firewall rules. Not really a mind blowing find.
Reply Helpful Comment? 0 0
Joined Jul 2013
Conservative with a gun
2,139 Posts
263 Reputation
#6
Engadget is worthless
Reply Helpful Comment? 0 0
#7
Quote from Novakingwai View Post :
Engadget is worthless
Changes to engadget (and other sites they've sucked up) in the last few years have me visiting them less frequently, but I wouldn't call them worthless. I'd save that title for a site like bgr.
Reply Helpful Comment? 0 0
Joined Feb 2008
I Love Sports
31,521 Posts
5,562 Reputation
Pro
#8
Quote from jkee View Post :
Changes to engadget (and other sites they've sucked up) in the last few years have me visiting them less frequently, but I wouldn't call them worthless. I'd save that title for a site like bgr.
Never heard of bgr.
Reply Helpful Comment? 0 0

Sign up for a Slickdeals account to remove this ad.

#9
Quote from xxxHolic View Post :
Never heard of bgr.
boy genius report http://bgr.com

Way too much click bait and too little substance.
Reply Helpful Comment? 0 0
Joined Jul 2013
Conservative with a gun
2,139 Posts
263 Reputation
#10
Quote from jkee View Post :
Changes to engadget (and other sites they've sucked up) in the last few years have me visiting them less frequently, but I wouldn't call them worthless. I'd save that title for a site like bgr.
It and pretty much most online "news" sites are click bait junk.
Reply Helpful Comment? 0 0
An armed man is a citizen. An unarmed man is a subject.
The strongest reason for the people to retain the right to keep and bear arms is, as a last resort, to protect themselves against tyranny in government.
A gun in the hand is better than a cop on the phone
Joined Dec 2009
L3: Novice
191 Posts
29 Reputation
Original Poster
#11
Reply Helpful Comment? 0 0
Last edited by flipmarc December 17, 2015 at 06:19 AM
#12
Really stories presented by Engadget seems worthless to me.
Reply Helpful Comment? 0 0
Joined Nov 2006
disgruntled caveman
28,540 Posts
1,901 Reputation
#13
Quote from Dr. J View Post :
PIA did recently issue an update to its Windows software claiming to fix something.... don't know the details.

Also this is clickbait.... under the details you'll see:

For Port Fail to work, the attacker uses the same VPN provider as the target and simply sets up port forwarding. It doesn't matter if the victim has port forwarding turned on or not.

The attacker can get the real IP addresses of any user on the same VPN service by getting the victim to click a link; it then redirects the victim to a port under the attacker's control.

Yeah so basically the target needs to be a complete moron.
or just attracted to a clickbait link...
Reply Helpful Comment? 0 0
I heart slickdeals:

$12: 10 (good!) DVDs
$138: Zen X-Fi 32 gb
$4: ToyStory 1&2 BR/DVD + 2x TS3 movie tix
$45: 8 bags M&Ms+ 4Orville 6packs + 2 Redbox +3 blurays+ 2 DVDs+ 4 movie tix+ 1 Bisquick
$262: 50" LED TV
$281.99: mower+ 3 barstool+ 2 tailgate grill+ 6fertilizer+sawzall+4pillows+edger+swimsuit+2WiiU AfterglowPro +2sandals + sprinkler + 50' hose -- SYWR
One happy wife!
Running video game deal list: $155 bought me
3DS: DKCR, ALBW, PkmnY, MarioGolf, Starfox, FE:A
WiiU: NinLand, BatmanAC, AC4, W101, NG:RE, MK8, Pikmin 3, NSLU, 3DWorld, ZombiU
Page 1 of 1
1
Join the Conversation
Add a Comment
 
Copyright 1999 - 2016. Slickdeals, LLC. All Rights Reserved. Copyright / Infringement Policy  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)  •  Interest-Based Ads
Link Copied to Clipboard