A group of researchers from Sapienza University of Rome and Queen Mary University of London have published a study detailing significant security flaws in 16 commercial VPN services.
The problems arise from the way these VPN services operate over dual-stack networks (those using both IPv4 and IPv6). Over half of the services were found to be open to partial (and sometimes full) IPv6 traffic leakage, with the potential to expose the user's browsing history—even on websites that only use IPv4 connectivity.
All the services save for one were also found to be vulnerable to DNS hijacking, which can also expose IPv4 network traffic. Equally worrying is the fact that roughly half of the services provide connectivity through the Point-to-Point Tunneling Protocol with MS-CHAPv2 authentication, a method which can be easily cracked via brute force.
VPN services have risen in popularity for a multitude of reasons—whether for security on a public hotspot, privacy concerns, or simply as a way to work around regional restrictions on content. This study shows that users should be careful, however, as it's very easy to unwittingly purchase VPN services done wrong.
|Intel unveils purpose-built Neural Network Processor for deep learning||12|
|Razer's Blade Stealth and Core V2 step to the cutting edge||8|
|Wear Something Gaudy Day Shortbread||9|
|Astro Gaming A20 rockets to 5.8 GHz for clearer connections||0|
|Asus teases ROG Strix X370I mobo for spiffy Mini-ITX Ryzen builds||10|
|NZXT's H700i, H400i, and H200i cases have their heads in the clouds||13|
|ASRock X299E-ITX/ac stuffs Core i9s into mini-ITX systems||27|
|Surface Book 2 flies higher with eighth-gen Core and Pascal||31|
|Rumor: Samsung 970 and 980 NVMe SSDs could be on the way||40|
|That's a lot of dongs.||+16|