Security News

With Windscribe VPN, you can improve your security online by blocking ads, covering your browsing data and blocking your network behind a firewall. Normally, a Windscribe VPN Three-Year Pro Subscription would be $207, but you can get it for the best price online of $69.97 through May 12.

Researchers have brought to light a new attack method - dubbed TunnelVision and uniquely identified as CVE-2024-3661 - that can be used to intercept and snoop on VPN users' traffic by attackers who are on the same local network. "Luckily, most users who use commercial VPNs are sending web traffic which is mostly HTTPS. HTTPS traffic looks like gibberish to attackers using TunnelVision, but they know who you are sending that gibberish to which can be an issue," the researchers noted.

"TunnelVision's effect is independent of the underlying VPN protocol because it reconfigures the operating system network stack the VPN relies on." Anyone who is able to operate a DHCP server on the same network as someone using a VPN, and get that VPN client's machine to use that DHCP server, can decloak their traffic because of a particular feature in the configuration protocol: option 121, which allows administrators to add classless static routes to client routing tables.

A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection. The attackers set up a rogue DHCP server that alters the routing tables so that all VPN traffic is sent straight to the local network or a malicious gateway, never entering the encrypted VPN tunnel.

Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user's IP address.

VPNs are popular due to the fact they add security and privacy to what are otherwise daily open Wi-Fi and public internet channels. But can VPNs be tracked by the police?

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. As Mullvad found out while investigating the issue spotted on April 22, an Android bug leaks some DNS information even when these features are enabled on the latest OS version.

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. Enabling the "Block Connections Without VPN" option ensures that ALL network traffic and connections pass through the always-connected VPN tunnel, blocking prying eyes from monitoring the users' web activity.

Microsoft has confirmed that the April 2024 Windows security updates break VPN connections across client and server platforms. The company explains on the Windows health dashboard that "Windows devices might face VPN connection failures after installing the April 2024 security update or the April 2024 non-security preview update."

VPNs are legal to use in most countries, including the United States, United Kingdom, Canada, some European Union countries, Australia and Japan. So while VPNs provide privacy and security, they don't exempt users from legal responsibilities.