4 Vulnerbilities Found in OpenVPN That Were Not Found in the Recent Audits. Please Reconsider Your DNM VPN Use.

Alternate Discussions:

https://pay.reddit.com/r/netsec/comments/6il9nq/the_openvpn_postaudit_bug_bonanza/

https://pay.reddit.com/r/VPN/comments/6ilkt6/4_important_security_vulnerabilities_discovered/

Link: https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/

This is a very long and technical write up and I only understand it at face value but worth it as he does a good job of keeping the content clear. This is a good reason why you shouldn't be using a VPN for your DNM use. The more software you add to your opsec the broader your attack surface becomes, the less software you use the less likely you are to introduce yourself to these sort of vulnerabilities. This discovery comes after 2 professional audits of OpenVPN that did not find these vulnerabilities, a good reminder that nothing is immune to bugs and being reviewed isn't the gold star it seems to be.

Article is too long to copy and paste here.


Comments


[9 Points] throw_Away_Someday:

I was surprised how few vulnerabilities were found in the original audit. Openvpn has been around for a long time and is bloated.

I run my own openVPN server at home. It's great for security on public networks while browsing the clearnet. The only reason I trust my connection is because I have control over the endpoints.

People need to understand that it's useless to use VPNs on the darkweb. Just like using your own PGP, it's foolish to trust other people to protect your privacy.


[3 Points] DruggieBear:

Yeah, just wondering how many of these people who claim to be scammed by AB are using VPN with unsecured darknet endpoints, lol.

Might be something to ask them the next one that comes up


[3 Points] Derrick4Real:

this is crazy considering openvpn is the gold standard.

good post


[1 Points] None:

[removed]