nagios
+ Reply to Thread
Page 2 of 2 FirstFirst 12
Results 16 to 18 of 18

Thread: Don't trust proxies if...

  1. #16
    Join Date
    Oct 2002
    Posts
    47
    Quote Originally Posted by mat* View Post
    I'd like to learn it too but seems to hard for me to start. I should know what's my purpose and whose account am I going to hack. All I know was about connections and VPN's. Other things than that is not my forte but I still want to learn.
    You've mentioned that you use a VPN several times, and seem secure in the belief that they're protecting your privacy, but there are some things you should be aware of.

    DNS leaks:

    "A DNS leak may happen whenever a DNS query ‘bypasses’ the routing table and gateway pushed by the OpenVPN server. The trigger on Windows systems may be as simple as a slight delay in the answer from the VPN DNS, or the VPN DNS unable to resolve some name.

    This means that rather than using the DNS servers provided by the VPN operator, it’s possible that the user’s default DNS servers will be used instead or otherwise become visible."

    https://torrentfreak.com/how-to-make-vpns-even-more-secure-*204**/

    The article I quoted goes on to talk about using more than one VPN at a time, or using TOR in addition to a VPN for added security, in addition to other related topics.

    You can check for DNS leaks while using your VPN here:

    https://www.dnsleaktest.com/


    What if your nefarious exploits were discovered? Is your VPN keeping records, and if so, would they give them up if served with a subpoena? Some questions you need to ask are:

    *. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?

    2. Under what jurisdiction(s) does your company operate?

    *. What tools are used to monitor and mitigate abuse of your service?

    4. Do you use any external email providers (e.g. Google Apps) or support tools ( e.g Live support, Zendesk) that hold information provided by users?

    5. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?

    6. What steps are taken when a valid court order requires your company to identify an active user of your service? Has this ever happened?

    7. Does your company have a warrant canary or a similar solution to alert ********s to gag orders?

    8. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?

    *. Which payment systems do you use and how are these linked to individual user accounts?

    *0. What is the most secure VPN connection and encryption algorithm you would recommend to your users? Do you provide tools such as “kill switches” if a connection drops and DNS leak protection?

    **. Do you use your own DNS servers? (if not, which servers do you use?)

    *2. Do you have physical control over your VPN servers and network or are they outsourced and hosted by a third party (if so, which ones)? Where are your servers located?

    https://torrentfreak.com/anonymous-vpn-service-provider-review-20*5-*50228/

    It continues with interviews of several VPN providers and their answers to these questions.


    Some other things you need to think about is the browser you're using and how it's configured. Do you have JavaScript enabled globally, or just for selected sites you visit? Consider using Firefox as your browser and the NoScript extension for an added layer of security. You can see what info your browser is giving away about you here:

    https://www.browserleaks.com

    You might want to consider disabling, or uninstalling Flash, as it's notoriously insecure and several Zero-Day exploits have been revealed in the past few weeks. The last site I referenced will also show you what info your browser gives away through Flash.
    Last edited by Siseneg; 07-28-2015 at 03:13 PM.

  2. #17
    Join Date
    Oct 2002
    Posts
    47

    Fyi

    Google Publishes Chrome Fix For Serious VPN Security Hole

    July 2*, 20*5

    "Google has published an extension for its Chrome browser that fixes a serious security hole that can reveal a user's real IP address even though they're using a VPN. The vulnerability was made headlines in early 20*5 and caused a wave of panic but Chrome users can now mitigate the problem with few clicks."


    "January this year details of a serious vulnerability revealed that in certain situations third parties were able to discover the real IP addresses of Chrome and Firefox users even though they were connected to a VPN.

    This wasn’t the fault of any VPN provider though. The problem was caused by features present in WebRTC, an open-source project supported by Google, Mozilla and Opera.

    By placing a few lines of code on a website and using a STUN server it became possible to reveal not only users’ true IP addresses, but also their local network address too."

    https://torrentfreak.com/google-publishes-chrome-fix-for-serious-vpn-security-hole-*5072*/


    How to disable WebRTC in Firefox

    "Firefox users should be able to block the request with the NoScript addon. Alternatively, they can type “about:config” in the address bar and set the “media.peerconnection.enabled” setting to false."

    https://torrentfreak.com/huge-security-flaw-leaks-vpn-users-real-ip-addresses-*50**0/

  3. #18
    Join Date
    Aug 2016
    Posts
    6

    ???

    why done use premium id?

+ Reply to Thread

Similar Threads

  1. Proxies
    By Guest in forum Proxies and Firewalls
    Replies: 0
    Last Post: 04-04-2003, 12:36 AM
  2. IE 5.0 with proxies
    By flo in forum Proxies and Firewalls
    Replies: 1
    Last Post: 07-06-2002, 03:13 PM
  3. Aol and proxies
    By j0080 in forum Proxies and Firewalls
    Replies: 2
    Last Post: 02-20-2002, 03:18 PM
  4. .su proxies?
    By Aragorn in forum Proxies and Firewalls
    Replies: 2
    Last Post: 08-05-2001, 12:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts