It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Major Security flaw in VPNs giving our real IP- addresses

page: 1
4
<<   2 >>

log in

join
share:

posted on Jan, 30 2015 @ 10:04 PM
link   
Just a heads up about this in case anybody has not heard about it

VPN users are facing a massive security flaw as websites can easily see their home IP-addresses through WebRTC. The vulnerability is limited to supporting browsers such as Firefox and Chrome, and appears to affect Windows users only. Luckily the security hole is relatively easy to fix.

With a few lines of code websites can make requests to STUN servers and log users’ VPN IP-address and the “hidden” home IP-address, as well as local network addresses.

A demo published on GitHub by developer Daniel Roesler allows people to check if they are affected by the security flaw.

torrentfreak.com...




posted on Jan, 30 2015 @ 10:37 PM
link   
a reply to: douglas5

Grabbed the Firefox add-on from the article.

Allowed Above Top Secret because it was the only way to see icons like the reply button. Then had to allow "ajax.google.apis.com" in order for the buttons to function again. Just fyi for anyone else who gets this add-on.

Edit:
After messing around a little it seems like the add-on also functions similarly to an adblock. I had to also allow a bunch of other things in order to see them. Not that I like seeing them because they significantly slow down loading time but heh. My habit of browsing the new threads list and opening interesting ones in other tabs probably doesn't help.

Not sure if I will keep this add-on if I have to go through all the scripts and select which ones to allow and which ones not to.

Anyway, thanks for the info OP.



edit on 1-30-2015 by WakeUpBeer because: (no reason given)



posted on Jan, 30 2015 @ 10:45 PM
link   
a reply to: WakeUpBeer

I never use a VPN as i do not download much just e-books so i do not feel threatened by this , but i have had no-script for a while now .

But i am thinking of trying a new browser as Firefox is getting a bit resource hungry these days




posted on Jan, 30 2015 @ 10:58 PM
link   
a reply to: douglas5

I'm not very IT savvy.. How do I know if and when I'm using a VPN?

Downloaded even though I wasn't sure. Didn't seem like a bad idea.
edit on 1-30-2015 by WakeUpBeer because: (no reason given)



posted on Jan, 30 2015 @ 11:08 PM
link   

originally posted by: douglas5
VPN users are facing a massive security flaw as websites can easily see their home IP-addresses through WebRTC.

I'm a little unclear as to how this is a "massive security flaw" except for sensationalist click-bait.

Firstly, anyone who is really paranoid about such security issues is using Chrome in the Incognito mode, which disables WebRTC (which is a real-time communications technology). It's not a flaw, WebRTC revealing real IP's is expected behavior since it allows browser-to-browser communications between different clients. The IP's must be known in order for it to work.

Secondly, IP addresses have not yet been classified as personally identifiable information. For prosecution of cyber-related crimes such as illegal file sharing, IP addresses alone are not enough.

And third, using VPN's raises your "threat profile" online. VPN traffic is much more closely scrutinized than normal traffic. If you're paranoid about security/privacy, shell out a few dollars every month for a quality high-speed private proxy service, using Chrome Incognito, on a Mac.



posted on Jan, 30 2015 @ 11:08 PM
link   
a reply to: WakeUpBeer

I am not to far ahead of you in being a computer noob , you will need to download a vpn freenuts.com... and run it i think it is a must if you stay in the U.S or China



posted on Jan, 30 2015 @ 11:12 PM
link   
a reply to: SkepticOverlord

I have heard that rumour that if you use Tor or a VPN you will get watched a lot more but i have never been a fan of Chrome for the resources it hogs up



posted on Jan, 30 2015 @ 11:22 PM
link   
a reply to: douglas5

No problem. I'm not to sure about all this.

Honestly, I saw "hides personal IP" and figured why not.

I'm not paranoid about anything I do online or download.

Not sure what the risks are, if any real ones.

And now that I know I'm not using a VPN I don't see the need.

I think I'm going to un-install this add-on! I don't seem to have a use for it.

Not to mention it doesn't seem to remember my preferences.



posted on Jan, 30 2015 @ 11:28 PM
link   
a reply to: WakeUpBeer

noscript.net...

03/10/2014, Edward Snowden endorses NoScript as a countermeasure against state Surveillance State.



posted on Jan, 30 2015 @ 11:35 PM
link   
a reply to: douglas5

I'm feeling indecisive! Screw it! I'll just keep the dang thing installed. It seems to have a lot of functionality even if I don't use a VPN. I'm not keeping it because of what you said about Snowden. I'm kind of on the fence about that guy but that's another subject. I do find his endorsement amusing though.

Edit: Solved font issue.
edit on 1-30-2015 by WakeUpBeer because: (no reason given)



posted on Jan, 30 2015 @ 11:55 PM
link   

originally posted by: douglas5
03/10/2014, Edward Snowden endorses NoScript as a countermeasure against state Surveillance State.

And I call BS on that.

Four years ago, maybe. Now, no. All modern browsers are well-protected against click-jacking and cross-site scripting anymore.

Furthermore, disabled JavaScript completely hobbles you online.



posted on Jan, 31 2015 @ 12:21 AM
link   

originally posted by: SkepticOverlord
Furthermore, disabled JavaScript completely hobbles you online.


This is true. After going around a few places with this add-on pages are often sparse or not working like I expect them to. I have to go through the preferences and choose what to allow and what to block. It's just a pain in the butt hassle quite honestly. It's nice that it blocks ads and some other annoying things but I am not sure how much security I'm getting. Nor am I sure what exactly I'm being secured against, if anything I would consider a real threat.



edit on 1-31-2015 by WakeUpBeer because: format



posted on Jan, 31 2015 @ 01:05 AM
link   
a reply to: douglas5

As someone who is backward when it comes to VPNs can someone tell me of a good VPN to use and do I still need an ISP with a vpn.

thanks



posted on Jan, 31 2015 @ 04:52 AM
link   
a reply to: WakeUpBeer

It is hard to find out if you are using VPN if you are not IT savvy because you should know
if you are using an internal IP address, you should know how to use your command prompt to
find out your current IP address, and you should use a tool to check your network traffic to
determine if you are using VPN. You could also visit cmyip.com to view your IP address but it
still requires some networking knowledge to really know for sure that you are using VPN.



posted on Jan, 31 2015 @ 04:56 AM
link   
a reply to: learnatic

ISP is short for Internet Service Provider and without it you cannot connect to
the internet. VPN stands for a Virtual Private Network. It provides you security
and anonymity. So after you are connected to the internet trough your ISP you
should use VPN for more security.



posted on Jan, 31 2015 @ 05:00 AM
link   
a reply to: douglas5

Tor or VPN encrypts your connection, all they can see is encrypted text.



posted on Jan, 31 2015 @ 05:06 AM
link   
a reply to: WakeUpBeer

VPN encrypts your connection. If you are not using VPN, some people can get deep into your life, they can
collect allot information about you that can be used against you. Would you uninstall you antivirus and your
firewall? You are disabling your own security by uninstalling the add-on



posted on Jan, 31 2015 @ 05:10 AM
link   
a reply to: SkepticOverlord

LOL, you become a threat to them because using VPN is a sign of intelligence and they don't want
you to be intelligent. They expect you to give them information to use against you.
edit on 31-1-2015 by fedupkid because: (no reason given)



posted on Jan, 31 2015 @ 05:31 AM
link   
a reply to: douglas5

If you are not using VPN you are giving them allot of information to use against you. I
would not even want them know what books I am reading. The less they know about you
the better. I may be wrong but as far as I know just installing no-script does not encrypt your connection.
it just prevents websites from running scripts on your computer. You should also get the VPN service. And
even that may not be enough because you are only encrypting your web browser connection, you may be
leaking other kinds of info too.



posted on Jan, 31 2015 @ 06:18 AM
link   
a reply to: fedupkid

I haven't used an anti virus for years.

So far so good. Unless I decide to visit shady sites.

Who are you referring to when you say "they"?




top topics



 
4
<<   2 >>

log in

join