this post was submitted on 06 May 2024
497 points (98.3% liked)

Technology

61850 readers
2602 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
497
Novel attack against virtually all VPN apps neuters their entire purpose (arstechnica.com)
submitted 9 months ago by [email protected] to c/[email protected]
132 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 77 points 9 months ago (14 children)

So for this attack to work, the attacker needs to be able to run a malicious DHCP server on the target machine’s network.

Meaning they need to have already compromised your local network either physically in person or by compromising a device on that network. If you’ve gotten that far you can already do a lot of damage without this attack.

For the average person this is yet another non-issue. But if you regularly use a VPN over untrusted networks like a hotel or coffee shop wifi then, in theory, an attacker could get your traffic to route outside the VPN tunnel.

[–] wreleven 45 points 9 months ago (1 children)

This is the primary reason folks use VPNs - to protect themselves on public networks. I would say it's definitely not a non-issue.

[–] [email protected] 7 points 9 months ago

The thing is that in most cases you don’t need a VPN to protect yourself on a public network. The ubiquity of TLS on the internet already does a great job of that. Using a VPN on a public network for privacy and security reasons amounts to little more than the obfuscation of which sites you’re visiting, and some fallback protection against improperly configured websites. So while I agree it isn’t entirely a non-issue, it definitely isn’t as big of an issue as one might assume given the scary wording of the headline and article.

load more comments (12 replies)