64 sats \ 2 replies \ @Lumor 7 May \ parent \ on: Novel attack against virtually all VPN apps neuters their entire purpose privacy
Linux is still slightly vulnerable according to the article.
reply
Linked in the articke: https://www.leviathansecurity.com/blog/tunnelvision
Using network namespaces on Linux can completely fix this behavior. However, in our experience, it is less commonly implemented.
WireGuard’s documentation shows how it’s possible to use a namespace for all applications with traffic that should be using a VPN before sending it to another namespace that contains a physical interface. However, this appears to be Linux-specific functionality and it’s not clear if there is a solution for Windows, MacOS, or other operating systems with the same amount of robustness.
Guess we'll have to see how the attack applies to different VPN providers. Maybe 1-2 do use namespaces.
Initially I thought this was more of a threat on mobile networks (I guess not Android) or when using public WiFi. If one has control over one's home router doing the DHCP it shouldn't be an issue. But what are our home router talking to? A DHCP server of our internet provider. I'm not sure whether these 121 configurations can pass multiple hops, have not investigated further.
reply