The ITpro website (link below) has reported on a VPN flaw could expose a user’s real IP address to hackers. The bug could enable hackers to breach the port forwarding feature of VPN network.
To enable a Port Fail attack, the hacker needs to certain the user’s exit IP address. This can be done by tricking the user into opening a specially programmed file.
Once that has been done, the user’s real IP address is exposed. ITpro reported that nine leading VPN companies were tested, and five of those were vulnerable to this type of Port Fail attack.
In a curious twist, one of the major applications for this hack is that copyright litigation firms who have been retained by media companies could use the Port Fail hack to unmask torrent users who have been downloading movies or music.
VPN vulnerability audit with Elastic Detector.
Companies providing VPN services could themselves on the receiving end of litigation if they have failed to protect their customers from having their IP address revealed.
Organizations around the world are using vulnerability assessments as a way to expose weaknesses and flaws in their own network resources.
Elastic Detector from SecludIT is a pioneer is proactive vulnerability assessments. An automated daily audit (it can be configured for hourly audits, if your network is particularly ‘at risk’) will highlight any weak points in the network, from a threat list which is updated daily.
As a differentiator, it’s worth noting that Elastic Detector can audit clones of servers. This has three key benefits: 1) there is no degradation in network performance; 2) clones can be more aggressively tested than operational servers; 3) stopped machines can be cloned as well for testing.
ITpro. Bug could endanger privacy of VPN users.