@DickButtKiss's comment on 'VPN exploit discovered (that's been possible since 2002) and literally cucks everyone :chadstevejobsgenocide: :marseypenguingenocide: :marseybsodgenocide: except Android enjoyers :marseygigachad:'

https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/

TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user's IP address. The researchers believe it affects all VPN applications when they're connected to a hostile network and that there are no ways to prevent such attacks except when the user's VPN runs on Linux or Android. They also said their attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then.

( . . . . )

Interestingly, Android is the only operating system that fully immunizes VPN apps from the attack because it doesn't implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there's a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks. Network firewalls can also be configured to deny inbound and outbound traffic to and from the physical interface. This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation.

:!#marseygossipsmug: :#marseyglowtyping: :#marseygossipretard:

Jump in the discussion.

No email address required.

View entire discussion

boogiecat oo/aa :boogiecat:

6mo ago #6364941

if you use VPNs for anything except pirating or ban evasion you're a brainlet and deserve what you get coming

40 Context

ChristmasEnjoyer tis/the/season :marseygiftboxmarseyhug:

boogiecat 6mo ago #6365021

I don't even vpn to pirate, I ain't paying for that shit

:#marseyviewerstaretalking:

22 Context

ChristmasEnjoyer 6mo ago #6365261

i used to do that a long time ago but my ISP sent me a physical letter yelling at me for torrenting the first 10 seasons of the simpsons

11 Context

DickButtKiss Sick/Piss F•R•I•E•N•D•S :marseynightmare:

boogiecat 6mo ago #6365514

that's all they can do lol. I got cease and desists a couple times from my ISP when I was younger, just ignore them and file it in that special filing cabinet. It's not illegal to pirate except for when you are making money off the pirated shit. Consumer downloads are fine ISPs will just sent a letter to your house that you are downloading porn so your parents yell at you

7 Context

DickButtKiss 6mo ago #6365523

i could have sworn i heard stories of people getting their internet shut off because they pirated stuff. but thats good to know that i wont get in trouble :marseythumbsup:

5 Context

Haberdasher Castor/Pollux boogiecat 6mo ago #6365671

They went hard after a bunch of random consumers twenty years ago, and between that and the letters it instilled the fear of consequences in a lot of people. But no one gets done for that sort of thing now, it's far more about DCMA claims against YouTubers, whether it's fair use or not.

Pirate away.

9 Context

Enward_Sahir the/word I should be allowed to say it Haberdasher 6mo ago #6365793

Warner still sends ISPs notices, so in theory you can get still get your service cut off for piracy, but it's generally not worth it to take anyone to court for it these days.