Double VPN

Discussion in 'privacy technology' started by badjoey, Jan 10, 2009.

Thread Status:
Not open for further replies.
  1. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    1. It won't work on xerobank at all because our network implementation isn't vulnerable to this type of attack.

    2. OpenVPN for windows, specifically XP SP2 (From what I've seen) may do leaks depending on how your own home network is set up. It isn't an issue in OpenVPN, it is a issue in Windows routing.

    3. XeroBank only validated by rebill. You only get booted off if you don't have any more credits. Your other issue, with ShadowVPN, is that your account was manually cancelled as an admin didn't read the delay notice on the cancellation.
     
  2. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    How will a DNS leak compromise your security/privacy?
     
  3. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    DNS means Domain Name Server. Domain Name Servers are what takes an internet domain like "google.com" and looks up the true IP address of the server "1.2.3.4".

    If you had a privacy service and you were leaking DNS, instead of your DNS requests going to the privacy service through an encrypted tunnel, they would be going out on your local network and to your ISP, who would answer them.

    It means you could have encrypted surfing, but all the websites you visit would be known to your ISP.

    Kyle and I are working on a script to prevent that, it should be available inside our xB VPN software soon.
     
  4. badjoey

    badjoey Registered Member

    Joined:
    Dec 9, 2008
    Posts:
    50
    Steve any realistic time for when this american ip is going to be added to the xerobank vpn. i first asked you over the xmas hollidays and you said shortly than 2 weeks later i asked again and you said possibly in the next week or two and than in another post someone else asked and you said shortly again.well it would be nice if you could give a little bit more clear of an answer than shortly.like will it be this month,next month or are you waiting for the next full feature update before you make any changes and if so when do you expect that to be.
     
  5. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Well, it's kind of like ShadowVPN. We get the stuff going and get it completed, and then management tells us when we can release it for public consumption. Those being two separate events. So when I say it's going to be "done" I'm talking usually about when we complete it and it is active, but management may hold it for whatever reason like penetration testing, beta testing, load testing. The USA nodes are done. In this particular case, however, there is an issue how implementing it as a one-hop system as well, like ShadowVPN. I should have an update about what we're gonna do, later today.
     
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I think tomorrow i'm going to leak a connection file for users to access the USA service, in the xerobank forum.
     
  7. stap0510

    stap0510 Registered Member

    Joined:
    Aug 5, 2008
    Posts:
    104
    Wait, so your "xB VPN software" is or could be leaking DNS-queries right now?
    If not, what is it exactly that you ARE reparing?
     
  8. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    OpenVPN can leak dns if your home network is improperly configured, or you have bad software like Hamachi installed. ie, things that we don't have control over. We are working on a way to blackhole the routes consistently so that even if you have a misconfigured network, it won't be able to leak DNS.
     
  9. geazer40

    geazer40 Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    128

    steve why do you change answers to suit yourself remember my post which i linked to your answer to a question regarding leaks and you suggested that xerobank vpn was wrote in a way for that not to happen then i showed you that my dns was leaking on shadow vpn then you now say its the way users have machines configured you just cannot be wrong in anyway can you JEEZZZ
     
  10. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    The OpenVPN leak was a vulnerability I was going to present at DefCon last year, but it wasn't particularly prevalent in user systems because they didn't have bad adapters installed or bad routing. Now that virtualized network adapters are more common, we are seeing this issue.

    The difference is unlike PPTP, it isn't the network design on the host side that makes the system leak or a bad protocol. It is outside the scope of the OpenVPN protocol. It is an issue with the Windows operating system and the way you've set up your networking. This is a user's problem that their machine is leaking, not that the vpn is leaking. If you have a locked down machine, but then tell everyone your password, it is outside the scope of the security of the machine because now everyone can access your system even with all your security in place.
     
  11. geazer40

    geazer40 Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    128


    ok so if it is a user prob which i agree it prolly is why do you still slag other providers about how they are insecure or they leak dns you and any other provider who supplys vpn and the user is using windows then untill someone tells us how to plug the hole they will leak dns and that goes for XEROBANK aswell full stop
     
  12. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Different problem, same symptom. Other providers are offering things like PPTP which is simply bad design on the connection. There is nothing they can do to make PPTP secure. We choose solid designs that are secure, and then take things that really aren't our problem, and choose to make them our problem because it is all about the clients.

    BTW, we have a two working solutions. One of them will automatically be implemented before Monday. The rest will be contained in an update in xB VPN.
     
  13. geazer40

    geazer40 Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    128

    ok cool see be truthful no need to knock others when as you say xerobank users using windows leak dns just like other providers

    now until i told you about this you never ever mentioned to your users that are using windows that all this time they was clearly leaking dns just like every one else but clearly now you have tried to solve the issue which i think many will thank you for

    p.s hopefully from monday you can truly tell all you have a solid vpn that does not leek dns
     
  14. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    That isn't what I said. XeroBank's VPN connection isn't leaking DNS but your home computer may be leaking. PPTP VPN does cause DNS leaks and your home computer may be leaking. Entirely different issues.

    Your home computer is your responsibility, including what software and networking setup you choose to run. This is like telling everyone your password and then blaming the security system when other people get into it.

    However, don't confuse our desire to extend our security to protect you from yourself, for our responsibility to do so. For most users it isn't going to leak DNS. If you have an odd configuration in windows, such has having added a lot of network adapters or other virtualized adapters, it can happen.
     
  15. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Steve, I am curious about something. Do you think that using Cryptorouter will automatically fix this problem since the connection is forced through a mechanical device?
     
  16. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Yes, a cryptorouter will fix the problem 100%
     
  17. jonw

    jonw Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    83
    How much would this cryptorouter cost and also will it have wifi built into it,also whats the advantages of buying one from you when you can hack certain routers already to work with vpn.
     
  18. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    This one will cost between $150 and $300, hopefully, and unlike existing routers, it can do full key exchange and multimegabits of aes-256. no cheap pptp / l2tp, and prevention of side-channel attacks. All you do is plug it in at your home router or dsl/cable modem, and it handles everything else.
     
  19. jonw

    jonw Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    83
    You no what would be really cool if you guys made a pci wireless card that connected to xerobank kinda like the cryptorouter for all of us users who get on public hot spots, no dns server leaks no matter what os you use
     
  20. Leonid

    Leonid Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    42
    The way you speak about the whole issue is so lame. One does not have to be a computer expert to see it. Nothing personal.

    It's more then obvious that you're not addressing the question of anonimity and privacy. You're just trying to promote your own private company.

    None of the services you mentioned in the above quote can't be compared with Tor.
     
  21. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Does that read like you thought it would? My response depends on knowing what you meant.
     
  22. Klaus_1250

    Klaus_1250 Registered Member

    Joined:
    Jun 24, 2006
    Posts:
    45
    Will they become available to consumers?
     
  23. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Absolutely. That is the target client.
     
  24. havregryn

    havregryn Registered Member

    Joined:
    May 28, 2008
    Posts:
    5
    So how will we know, is there any kind of monitoring software I can install to find out if my openVPN or other leaks DNS? Would be great to know how to check this :)
     
  25. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Yes, there is. It is the DeAnonymizer that Kyle Williams is building with XB right now. It will test a variety of techniques and properties of your connection to see if your anonymity can be compromised trivially. We've got a number of tests so far, but it isn't public yet. Expect to see it in a few weeks.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.