Huge security flaw can expose vpn users’ real ip-adresses

[MadScientist]

https://torrentfreak.com/huge-security-flaw-can-expose-vpn-users-real-ip-adresses-151126/

I use PIA's VPN. Their newest client software update, v.53, would not install properly with Windows 10 on 3 of my computers, it failed to install the TAP driver, unless I totally uninstalled their old software and TAP driver from my computers. I also turned Avast's active protection off while installing. https://www.privateinternetaccess.com/pages/client-support/
Here's PIA's how to perform a clean reinstallation of their application on Windows 10: https://support.privateinternetacces...ticle/View/134

 

[Mushkins]

For anyone interested, the PIA description of the attack is *way* easier to understand than the torrentfreak article.

 

[John Connor]

Cool for me. I use VPN.ac and as far as I know they don't allow port forwarding. But I'll run this by them just to make sure.

Crazy. First it was WebRTC and now this. I wonder if a proxy is affected as well? I know VPN.ac offers a browser addon proxy to their customers.

 

[John Connor]

Got a response from VPN.ac My question was whether they allowed port forwarding or not.

Hi

yes, we don't allow it - never had and never will. It's stated in our FAQ page.
The problem highlighted in the torrentfreak article is just one of the various problems coming with it, and we've been aware of it since years ago. We always considered it a big no-no, either for reasons that would easily allow exposing of real IPs or due to abuse, as people can use it to reach backdoors on infected PCs. Then there's also the problem coming with manipulating firewall rules on servers by customers, which is also a big no-no - regardless of how secure a script handling such firewall rules would be.
While we do understand the the disadvantage coming with not providing support for port forwarding, essentially torrent seeding, we don't consider that a big problem: most people don't care about seeding and who do care might as well use seedboxes for such purposes, which is a much better approach in keeping up the torrent ratio on private trackers.


Best Regards,


vpn.ac team




- We're not big fans of social media (mass tracking services), but you can also reach us on Facebook, Twitter, Google+

- Skype: vpn.ac
- Jabber/XMPP: vpn@cryptolayer.com

 

[KeithP]

I use PIA's VPN. Their newest client software update, v.53, will not install properly, it hangs on installing the TAP driver, unless you totally uninstall their the old software from your computer.

That must be a Windows thing...the update worked fine for me but I am running OS X.

-KeithP

 

[MadScientist]

It's a Windows 10 thing with the TAP driver. On one of my computers after totally uninstalling PIA's software and the TAP driver I had to search the registry for OpenVPN and delete the entries in the registry under HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\oemvista.inf_amd64_690431ea2d4f48b2 before I could get PIA's v.53 software and the TAP driver to install.

This fix is essentially the same thing but editing the registry is a lot easier: http://shockandawe.me/2015/09/09/tap-windows-adapter-v9-install-failed-on-windows-10.html

 

[TheRyuu]

Just a reminder this only affects you if you use their port forwarding. If you haven't explicitly enabled this I don't think this affects you at all.

 

[slag]

https://torrentfreak.com/huge-security-flaw-can-expose-vpn-users-real-ip-adresses-151126/

I use PIA's VPN. Their newest client software update, v.53, will not install properly with Windows 10, it hangs on installing the TAP driver, unless you totally uninstall their the old software from your computer. I also turned Avast's active protection off while installing. https://www.privateinternetaccess.com/pages/client-support/

I had a different experience and it worked fine. I installed their newest client yesterday and had zero problems with it. I did not uninstall their old client first. I did an update from within the client and it all worked perfectly. I'm on windows 10, did two updates, one on my desktop, one on my laptop, zero problems.

If you had a problem with the install, the issue is not with their software, but rather a configuration on your machine.

That being said, I think I'm going to move over to a DDWRT configured router instead of relying on a desktop client to be on.

 

[John Connor]

That being said, I think I'm going to move over to a DDWRT configured router instead of relying on a desktop client to be on.

I was going to do that with my VPN, but there could be several consequences doing so. 1) I hear PayPal doesn't like VPNs i.e they see the IP address and think it's a hack or some crap and suspend your account, and 2) Google may give you trouble since your IP address will be used by several others where is you will have to enter a captcha every time.

I would rather have the choice in using the VPN or not.

 

[slag]

I was going to do that with my VPN, but there could be several consequences doing so. 1) I hear PayPal doesn't like VPNs i.e they see the IP address and think it's a hack or some crap and suspend your account, and 2) Google may give you trouble since your IP address will be used by several others where is you will have to enter a captcha every time.

I would rather have the choice in using the VPN or not.

There are definitely drawbacks. I'm going to do it to bypass the blackouts for local games that I will watch on the Roku or kodi player.

 

[MadScientist]

That's just not true. I installed their newest client yesterday and had zero problems with it. I did not uninstall their old client first. I did an update from within the client and it all worked perfectly. I'm on windows 10, did two updates, one on my desktop, one on my laptop, zero problems.

If you had a problem with the install, the issue is not with their software, but rather a configuration on your machine.

That being said, I think I'm going to move over to a DDWRT configured router instead of relying on a desktop client to be on.

That could be (I have changed my 1st post to read my computers), but I had the same TAP driver installation fail on 2 different computers and my tablet when I tried to re-install their new application, v.53, over their old application. If you do a Google search you will find many others with the same problem. Here's PIA's how to perform a clean reinstallation of their application on Windows 10: https://support.privateinternetaccess.com/Knowledgebase/Article/View/134

Are you running Windows 10 v.1511?

 

[slag]

I don't know what version I'm running. I did the upgrade from Windows 7 to windows 10, so whatever version that free upgrade is, that's what I'm running with the latest fixes and patches. Mine worked fine on 2 different computers. Maybe I got lucky?

 

[slag]

I was going to do that with my VPN, but there could be several consequences doing so. 1) I hear PayPal doesn't like VPNs i.e they see the IP address and think it's a hack or some crap and suspend your account, and 2) Google may give you trouble since your IP address will be used by several others where is you will have to enter a captcha every time.

I would rather have the choice in using the VPN or not.

Wanted to add something else to this. I have a uverse account that my wife's work computer and most of our wireless devices use that has no special configuration. Off of that, I have a ddwrt configured router on its own separate network that my desktop computer, my son's computer, and our plex/xbmc server is configured on, plus a couple other personal wireless devices. If I want to use paypal, I can use my laptop that isn't on this network, but for other things, I want the separate network to be on a VPN for anonymity.