Huge privacy flaw in VPN systems
Since the slow introduction of internet monitoring systems around the world began, more and more people have attempted to preserve their privacy by signing up for VPN services like the Pirate Bay’s Ipredator and Pirate Party offering Relakks. But it turns out that there’s a gaping security flaw in these services that allows individual users to be identified.
The finding was announced at the Cipher conference in Sweden. The flaw is caused by a combination of IPv6, which is a new internet protocol due to replace the current IPv4, and PPTP (point-to-point tunneling protocol)-based VPN services, which are the most widely used. IPv6 is enabled on many computers, and you may well be using it without realizing.
The flaw means that the IP address of a user hiding behind a VPN can still be found, thanks to their connection broadcasting information that can be used to identify them. It’s also relatively easy to find a MAC address (which identifies a particular device) and a computer’s name on the network that it’s on.
It’s possible to re-hide yourself by switching IPv6 off and going back to IPv4, but that does mean losing the benefits that it offers. It’s most dangerous because many users aren’t aware of the issue, so it’s likely that administrators of VPN networks may end up having to warn their users, and offer instructions on how to turn off IPv6. It’s thought that the Swedish anti-piracy bureau could already be gathering data using the exploit.
One alternative to PPTP is OpenVPN and offers a number of advantages, especially as it’s free and open-source. It’s more secure than PPTP, and more stable too, though it doesn’t work on mobile devices natively and isn’t quite as easy to set up on a computer, especially older machines. OpenVPN also has the advantage that it’s often not blocked in countries where PPTP systems are blocked.
Of course, if you’re thinking of using a VPN, remember that you’re essentially giving a third party company access to all of your private information, rather than a government. At the end of the day, that could be a far larger security hole than anything else, so be careful who you trust with your data.
Read More http://www.wired.co.uk/news/archive/2010-06/18/huge-privacy-flaw-found-in-vpn-systems?page=all