From owner-freebsd-questions@freebsd.org Fri Nov 27 15:50:59 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C91ADA3950C for ; Fri, 27 Nov 2015 15:50:59 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 42C9817C4 for ; Fri, 27 Nov 2015 15:50:59 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from host-4-75.office.adestra.com (vpn-1.adestra.com [46.236.37.122]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.15.2/8.15.2) with ESMTPSA id tARFoqtC046600 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Fri, 27 Nov 2015 15:50:53 GMT (envelope-from matthew@FreeBSD.org) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org DKIM-Filter: OpenDKIM Filter v2.10.3 smtp.infracaninophile.co.uk tARFoqtC046600 Authentication-Results: smtp.infracaninophile.co.uk/tARFoqtC046600; dkim=none; dkim-atps=neutral X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host vpn-1.adestra.com [46.236.37.122] claimed to be host-4-75.office.adestra.com Subject: Re: VPN security breach To: freebsd-questions@freebsd.org References: <20151127104401.7fdfd5fd@Papi> From: Matthew Seaman X-Enigmail-Draft-Status: N1110 Message-ID: <56587BD4.4000904@FreeBSD.org> Date: Fri, 27 Nov 2015 15:50:44 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <20151127104401.7fdfd5fd@Papi> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="lEb9m0HhiU9rTdGpJt3RFEhrNeDgRro2g" X-Virus-Scanned: clamav-milter 0.98.7 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.7 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Nov 2015 15:50:59 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --lEb9m0HhiU9rTdGpJt3RFEhrNeDgRro2g Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2015/11/27 13:44, Mario Lobo wrote: > Any comments on this? >=20 > https://thehackernews.com/2015/11/vpn-hacking.html Looks like a real problem, but only for people who share their VPN endpoints with other people they don't trust. VPN service providers should be capable of blocking this pretty much as soon as they understand what is happening No doubt VPN software authors will produce patches or work-arounds fairly soon. Cheers, Matthew --lEb9m0HhiU9rTdGpJt3RFEhrNeDgRro2g Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQJ8BAEBCgBmBQJWWHvaXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTn4LMP/0iGI2tJWgcQ0/gks7WlY1oI hOQ3VxNTx2um/X7XQ0ygaki4F0m9Eu3i/6qgFaNniJSW6wGtRa2zx5Qg9fxPsqQj CqNETPFvsiQ5P2N5KfzLDDtUVrvy7ARtjPoJxY/8jj2DEbl7VwY4s6ClVF51VRg6 iz9f+hs6LOtb+nFrBLlt3tmFGgQPKDcDV3bXns+rTEcRmNaJJuyt5egFYv58sH22 cMjOP2t3EitswTeadvia3oyI1A0+a6ke6BXx+IZGT+pjl9yvoEonsm1kipIslok7 ilGo0cP/ITAwG+iNBiGBSLqQ8kVfi3SJ7UI5h3yuQrsFw8JdENkpzuyW4y+09sGW eAcP/cWp2U2wskf2AnDT4e6Yh5lQH+Bv2kRwEhdNpdMtY+L78zAHdPUNKY6Yyn/X OUano+RXVRlNG37zgVmm3ZQdzgdoNH8SENDm/1imh2jHRBDONVoBwgqmgl+XlW8l 2P440rDavwdDHZf2BySf2QkxbynCmaBWFmgPW76usGrITpxeju9YcVH6Hj/bLGwD YmDikOoe22ilPjYE1/IZz/oXEsG7/npV9xIuc1lDTVqRz0KjXzOuMgICesDOAPO3 SUBPV1serYRUR4pd0lIRXHB+9cCyZe0cz3h/Zy3H6U/20z0kt5PfNch2ZmnMesh+ iA47pyMPtLNtYI+j/E5u =kBtM -----END PGP SIGNATURE----- --lEb9m0HhiU9rTdGpJt3RFEhrNeDgRro2g--