I am a great believer in VPNs for better cyber security, especially when away from your main base – here are a couple of my articles explaining why:
It’s holiday time again – dust off that VPN!
VPNs even got a mention in my recent device security mini-series. But there are issues to address:
Now researchers have created an attack to circumvent some of the information tunneling.
Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica
Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.
Dan Goodin – Ars Technica
TunnelVision – this is what they are calling the attack – does require some inside administrator rights to be implemented, but how hard would that be for threat actors or government agencies. The article explains the attack in detail.
In this case it seems that the only OS where a complete fix has been done is Android, others offer only partial protection.
Your Takeaway
Obviously it is not good when a fundamental system we rely on for our cyber security is compromised. You can also bet there will be threat actors right now trying to exploit this research. However this does not mean you and your organisation should stop using VPN technology – but someone should be checking that the ones you are using are and remain secure.