- 1 Post By Arun Kumar
3rd February 2015, 10:27 #1
Huge Security Flaw Leaks VPN Users Real IP-Addresses !
"VPN users are facing a massive security flaw as websites can easily see their home IP-addresses through WebRTC.
The vulnerability is limited to supporting browsers such as Firefox and Chrome, and appears to affect Windows users only.
Luckily the security hole is relatively easy to fix.
The Snowden revelations have made it clear that online privacy is certainly not a given.
Just a few days ago we learned that the Canadian Government tracked visitors of dozens of popular file-sharing sites.
As these stories make headlines around the world interest in anonymity services such as VPNs has increased, as even regular Internet users don’t like the idea of being spied on.
Unfortunately, even the best VPN services can’t guarantee to be 100% secure.
This week a very concerning security flaw revealed that it’s easy to see the real IP-addresses of many VPN users through a WebRTC feature.
With a few lines of code websites can make requests to STUN servers and log users’ VPN IP-address and the “hidden” home IP-address, as well as local network addresses.
The vulnerability affects WebRTC-supporting browsers including Firefox and Chrome and appears to be limited to Windows machines and FreeBSD.
Full story: Huge Security Flaw Leaks VPN Users' Real IP-Addresses | TorrentFreak
Note: Pale Moon does not have WebRTC, so it is not affected by this bug.
Yet another good reason to use Pale Moon instead of Firefox...
Last edited by hackerman1; 3rd February 2015 at 10:30.
4th February 2015, 07:26 #2
I read about this some days ago but did not take it seriously. I originally thought it was limited to some VPN services and not all (I was not able to decode WebRTC then). Thank you for sharing the article. I am now looking for a patch. There is one for Firefox at https://addons.mozilla.org/de/firefox/addon/noscript/ but I am not sure what it does. The language is different from English. Or maybe I can use of the translation tools to check it.
Pale Moon is based on mozilla code as I can recall. But may be safer if you say that it doesn't have WebRTC.
I have been more worried in the past over VPNs dropping connections while browsing. Some of them free ones drop connections frequently. This WebRTC thing confirms my fears.
4th February 2015, 12:34 #3
Iīm glad that you appreciated my post.
NoScript is not a "patch", it does not have anything specific to do with this bug.
Itīs a very important add-on to Firefox & Pale Moon, if you use Firefox then install NoScript.
Yes, I also noticed that the author for some very odd reason linked to a german version of the add-on page...
Athough it doesnīt bother me personally as I speak german....
I donīt need to read it anyway, I already have NoScript installed...
You have an english version here: https://addons.mozilla.org/en-US/fir...ddon/noscript/
Tip: Whenever someone posts a link to a Mozilla-page in the wrong language,
look at the URL, the "language-code" fx. in this case is de,
To get an english version just replace de with en: https://addons.mozilla.org/en/firefox/addon/noscript/
Swedish version: sv-SE
Itīs the same language-code as that used in the browser if you have "localized it" to your local language.
If you use Firefox, you should try Pale Moon, itīs faster and safer...
And there is also a 64-bit version...
Pale Moon uses itīs own profile, so you can have both Firefox and Pale Moon installed,
and even run both simultaneasly if you want.
Itīs very simple to get started, basically you just copy your Firefox-profile to Pale Moon.
Just follow the instructions
Pale Moon-forum, WebRTC
And btw. the support is excellent in the forum
Last edited by hackerman1; 4th February 2015 at 12:40.