Researchers at Leviathan Security have released some interesting findings that ...

Why Nostr? What is Njump?

npub1vc…0axsh

2024-05-06 14:40:46

Researchers at Leviathan Security have released some interesting findings that illustrate why your VPN service may not be as secure as it claims.

From the story:

"VPNs work by creating a virtual network interface that serves as an encrypted tunnel for communications. But researchers at Leviathan Security say they’ve discovered it’s possible to abuse an obscure feature built into the DHCP protocol so that other users on the local network are forced to connect to a rogue DHCP server.

“Our technique is to run a DHCP server on the same network as a targeted VPN user and to also set our DHCP configuration to use itself as a gateway,” Leviathan researchers Lizzie Moratti and Dani Cronce wrote. “When the traffic hits our gateway, we use traffic forwarding rules on the DHCP server to pass traffic through to a legitimate gateway while we snoop on it.”"

More here: https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/

Author Public Key

npub1vc39pnjdqd77zzdxff4qyv8h3x0ey2mkx33c3vl8egr0a9ysxkxsk0axsh

Show more details

Published at

2024-05-06 14:40:46

Kind type

1 Short Text Note

Event JSON

{ "id": "e2968437f3969a111e5914bba4e29066c02d26e2181e0cb5929795e6fb89b973", "pubkey": "662250ce4d037de109a64a6a0230f7899f922b76346388b3e7ca06fe9490358d", "created_at": 1715006446, "kind": 1, "tags": [ [ "proxy", "https://infosec.exchange/@briankrebs/112394662457412977", "web" ], [ "imeta", "url https://media.infosec.exchange/infosec.exchange/media_attachments/files/112/394/650/290/122/039/original/3bf5335e0a3e6a70.png", "m image/png" ], [ "proxy", "https://infosec.exchange/users/briankrebs/statuses/112394662457412977", "activitypub" ], [ "L", "pink.momostr" ], [ "l", "pink.momostr.activitypub:https://infosec.exchange/users/briankrebs/statuses/112394662457412977", "pink.momostr" ] ], "content": "Researchers at Leviathan Security have released some interesting findings that illustrate why your VPN service may not be as secure as it claims.\n\nFrom the story: \n\n\"VPNs work by creating a virtual network interface that serves as an encrypted tunnel for communications. But researchers at Leviathan Security say they’ve discovered it’s possible to abuse an obscure feature built into the DHCP protocol so that other users on the local network are forced to connect to a rogue DHCP server.\n\n“Our technique is to run a DHCP server on the same network as a targeted VPN user and to also set our DHCP configuration to use itself as a gateway,” Leviathan researchers Lizzie Moratti and Dani Cronce wrote. “When the traffic hits our gateway, we use traffic forwarding rules on the DHCP server to pass traffic through to a legitimate gateway while we snoop on it.”\"\n\nMore here: https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/\nhttps://media.infosec.exchange/infosec.exchange/media_attachments/files/112/394/650/290/122/039/original/3bf5335e0a3e6a70.png\n", "sig": "005895271847df14d672027d7962a5f0225b51758d773422c96f6ff788bca52f9b8cb56dfda401ad58cd4f54f089ba7e2f00b9610de4212113765499d34601e7" }