CYBER NEWS

Três Popular VPNs encontrado para ser Vazamento de endereços IP real

Tem a privacidade-savvy e contando com uma VPN para manter o seu negócio on-line para si mesmo? Se então, você pode querer saber que um site recomendação VPN decidiu teste 3 VPNs to see whether they were flawlessly performing their task. The results weren’t good at all – three out of the three services the website tested turned out to be leaking IP addresses of its users.

Story relacionado: Tracking Scripts Exploit Browsers’ Built-In Password Managers

hotspot Shield, PureVPN, Zenmate Tested for Privacy-Leaking Bugs

VPNMentor consulted with “accredited researchers” who tested three well-known VPNs – Hotspot Shield, PureVPN, and Zenmate. The idea was to check whether the mentioned services could leak data.

While we hoped to find zero leaks, we regretfully found that all of them leak sensitive data,” VPNMentor disse.

How did it all start? The website hired Paulos Yibelo from Cure53 known as File Descriptor, and an anonymous researcher to perform the test. And as already mentioned, the researchers found leaks in all three of the VPNs (hotspot Shield, PureVPN, and Zenmate).

It is worth mentioning that one of the VPNs, hotspot Shield, responded swiftly to the vulnerability disclosure:

Pelo lado positivo, after we contacted the VPN vendors, we saw one that was fast to respond and release a patch within days. We are still waiting to hear from the other two VPN vendors, and have decided to publish the information in hope that they will hurry up and fix the underlying issues for the benefit of their users.

The vulnerabilities in Hotspot Shield were only located in its Chrome extension, meaning that the desktop and mobile versions were intact. One of the bugs enabled an attack to hijack the user’s traffic via a malicious site.

Story relacionado: Exposições agregadas de banco de dados 1.4 Bilhões de credenciais de texto não criptografado

Mais especificamente, the bug detected if the current URL had the query parameter act=afProxyServerPing, and if it did, it routed all traffic to the proxy hostname provided by the server parameter. The bug appeared to be a leftover of an internal test code that remained in the public version, and as stated, it is already fixed. The other bugs were also fixed, including a DNS and an IP address leaks.

As for the IP leak, it could be triggered because the browser extension had an unconstrained whitelist for direct connection.

The other two VPNs that were tested still haven’t responded to VPNMentor, so their vulnerabilities are not detailed yet. Contudo, it is known that both of the services leaked user IP addresses. Users of the two VPNs are advised to contact their support teams to demand for the bugs to be addressed as soon as possible.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...