Like Tree1Likes
  • 1 Post By Arun Kumar

Thread: Huge Security Flaw Leaks VPN Users’ Real IP-Addresses !

  1. #1
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default Huge Security Flaw Leaks VPN Users’ Real IP-Addresses !

    "VPN users are facing a massive security flaw as websites can easily see their home IP-addresses through WebRTC.
    The vulnerability is limited to supporting browsers such as Firefox and Chrome, and appears to affect Windows users only.
    Luckily the security hole is relatively easy to fix.

    The Snowden revelations have made it clear that online privacy is certainly not a given.
    Just a few days ago we learned that the Canadian Government tracked visitors of dozens of popular file-sharing sites.
    As these stories make headlines around the world interest in anonymity services such as VPNs has increased, as even regular Internet users don’t like the idea of being spied on.

    Unfortunately, even the best VPN services can’t guarantee to be 100% secure.
    This week a very concerning security flaw revealed that it’s easy to see the real IP-addresses of many VPN users through a WebRTC feature.

    With a few lines of code websites can make requests to STUN servers and log users’ VPN IP-address and the “hidden” home IP-address, as well as local network addresses.
    The vulnerability affects WebRTC-supporting browsers including Firefox and Chrome and appears to be limited to Windows machines and FreeBSD.
    "

    Full story: Huge Security Flaw Leaks VPN Users' Real IP-Addresses | TorrentFreak


    Note: Pale Moon does not have WebRTC, so it is not affected by this bug.

    Yet another good reason to use Pale Moon instead of Firefox...
    Last edited by hackerman1; 3rd February 2015 at 11:30.

  2. #2
    Arun Kumar's Avatar
    Arun Kumar is offline MVP Alumni
    Join Date
    Aug 2012
    Location
    Hyderabad
    Posts
    98

    Default

    I read about this some days ago but did not take it seriously. I originally thought it was limited to some VPN services and not all (I was not able to decode WebRTC then). Thank you for sharing the article. I am now looking for a patch. There is one for Firefox at https://addons.mozilla.org/de/firefox/addon/noscript/ but I am not sure what it does. The language is different from English. Or maybe I can use of the translation tools to check it.
    Pale Moon is based on mozilla code as I can recall. But may be safer if you say that it doesn't have WebRTC.

    I have been more worried in the past over VPNs dropping connections while browsing. Some of them free ones drop connections frequently. This WebRTC thing confirms my fears.
    HappyAndyK likes this.

  3. #3
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    Thank you.
    Iīm glad that you appreciated my post.

    NoScript is not a "patch", it does not have anything specific to do with this bug.
    It blocks javascript on all webbsites, except those that you allow.
    Itīs a very important add-on to Firefox & Pale Moon, if you use Firefox then install NoScript.
    The first days / weeks it feels like a real P-I-T-A because you have to allow javascript on all your regular webbsites, building a database of allowed sites.

    Yes, I also noticed that the author for some very odd reason linked to a german version of the add-on page...
    Athough it doesnīt bother me personally as I speak german....
    I donīt need to read it anyway, I already have NoScript installed...

    You have an english version here: https://addons.mozilla.org/en-US/fir...ddon/noscript/

    Tip: Whenever someone posts a link to a Mozilla-page in the wrong language,
    look at the URL, the "language-code" fx. in this case is de,
    To get an english version just replace de with en: https://addons.mozilla.org/en/firefox/addon/noscript/

    English: en-US
    Swedish version: sv-SE
    Itīs the same language-code as that used in the browser if you have "localized it" to your local language.

    If you use Firefox, you should try Pale Moon, itīs faster and safer...
    And there is also a 64-bit version...

    Pale Moon uses itīs own profile, so you can have both Firefox and Pale Moon installed,
    and even run both simultaneasly if you want.
    Itīs very simple to get started, basically you just copy your Firefox-profile to Pale Moon.
    Just follow the instructions

    Pale Moon

    Pale Moon-forum, WebRTC

    And btw. the support is excellent in the forum
    Last edited by hackerman1; 4th February 2015 at 13:40.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in

Log in

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22