Tag Archives: vpn

Networking attack gives hijackers VPN access

Researchers have discovered a security flaw in macOS, Linux, and several other operating systems that could let attackers hijack a wide range of virtual private network (VPN) connections.

The bug, discovered by University of New Mexico researchers William J Tolley, Beau Kujath, and Jedidiah R. Crandall, lets a malicious access point or someone on the same network snoop on a user’s VPN session. The snooper can tell that they’re on a VPN and figure out what site they’re visiting. The researchers explain:

This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.

The attack begins by working out the VPN client’s virtual IP address, which is the fake IP address that a VPN gives you when you use it to pretend that you’re somewhere else. It does this by sending SYN (short for synchronization) and ACK (short for acknowledgement) packets to the device. Because it doesn’t know the device’s exact address, it sends these packets to all addresses in the virtual IP space. When this noisy attack eventually hits the victim’s machine, it will respond with a reset (RST) packet that drops the connection.

Read more in

Virtual Private Networks (VPNs)

You may find yourself needing to use public Wi-Fi for Internet access when you are away from home, such as when you are at your local restaurant or coffee shop, or when you are traveling at a hotel or airport. But how secure are these public networks and who is watching or recording what you are doing online? Perhaps you do not even trust your ISP (Internet Service Provider) at home and want to be sure they can’t monitor what you do online.

Protect your online activities and privacy with something called a VPN (Virtual Private Network). A VPN is a technology that creates a private, encrypted tunnel for your online activity making it much more difficult for anyone to watch or monitor what you are doing online. In addition, a VPN helps hide your location, making it much harder for websites you visit to determine where you are located.

Read more in

https://www.sans.org/security-awareness-training/resources/virtual-private-networks-vpns