XeroBank not encrypting MSN chats?

Discussion in 'privacy technology' started by elumineX, Jun 28, 2008.

Thread Status:
Not open for further replies.
  1. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    I'm currently running a XeroBank membership and decided to test the encryption so I fired up Wireshark (packet capture utility), and tested the difference between packets with and without XeroBank enabled.

    Without XeroBank I could easily follow each Live Messenger chat and read each conversation. No surprise since MSN doesn't use any encryption by default.
    With XeroaBank, it wasnt as easy to locate the right packages since a lot more packages was sent (and most of them was sen't to the same location- XB server), but it wasnt hard either. The text from the Live Messenger chats was right there unencrypted in the packages as well.

    My question is if this is how it's supposed to be? I'd like to actually have the software encrypt my packages like it should...
    Another thing; since Im not an expert at network stuff I might have misunderstood something. I selected my REAL network adapter from the captue list in Wireshark (I couldnt see the TAP virtual adapter).
    Could it be that Wireshark is capturing all my packages BEFORE they are actually encrypted? If so, is there a way to capture the packages as close to the router (when every processing has been done) as possible (with software?)
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Everything passing out of the TAP adapter is encrypted, to listen to it locally you should initiate the connection from inside a VM, I think. That might work. Or naturally you need to use another card in promiscuous mode or listen in at the router.
     
  3. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    I'll try that in a VM. The thing is that with Secure Tunnel, I can easily see that everything is encrypted by listening on my primary network adapter.
    Anyways Secure Tunnel didn't seem to install any TAP drivers or virtual network adapters, but instead a virtual connection in network connection folder. What's the advantage/disadvantage of not doing so? How come XeroBank chose that path?
     
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    What we are doing, using OpenVPN, is the most secure method possible with today's technology. It is the most leakproof connection you can have. If I remember right, Secure Tunnel is a good discount provider, but they use a SSH Tunnel, which only accepts the traffic you can route through the tunnel. And even then it is kind of shaky, not a serious privacy solution, but a little fishing line and gum and it kind of works for your web traffic. And we're just talking about the connection, forget their network. The real way of explaining OpenVPN TAP drivers is that your system thinks it has a new hardware network card, and it routes ALL traffic through that network card, but secretly that network card is an encryption software device that talks through your normal network card. If you want serious VPN anonymity, you can't use PPTP/L2TP, web proxy, SSH tunnel, or dll injection, which are all Level 7 or Level 6 OSI layer technologies, you have to use OpenVPN, which is performed via TAP drivers at Layer 4.
     
  5. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    Right, XeroBank - but Secure Tunnel has a service named VPN which also does route ALL traffic through this network adapter (according to themselves) and should be completely secure? They do have a SSH product only as well, but the one I'm evaluating is the VPN solution similar to XeroBank.

    What caught me was that Secure Tunnel does encrypt everything as shown by packet capturing while XeroBank does not (and you possibly need to run it from a VM as you stated...). But in this case Secure Tunnel seems more thrustworthy since it easy to see its encrypted while XeroBank seems not to be.. get the point?
     
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    That's purely a superficial difference. There may be a way, I'll take a look, but the facts are their VPN is PPTP, so it leaks DNS queries when the wind blows.
     
  7. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    elumineX, your observations are intriguing — and, your dedication to independently seeking to verify the operation of xB VPN is laudable. I encourage you to persist.

    While I can’t offer an explanation for what you are observing (and, I have not tried such a test myself), the following FAQ from the OpenVPN website suggests that your results may (?) be due to some facet of how you are conducting the test.

    Source: OpenVPN FAQ

    While xB VPN appears to use OpenVPN, it also seems to be the case that the two are not interchangeable. Perhaps therein resides the difficulty?

    Steve, can you explain (maybe in a new thread) the relationship between xB VPN and OpenVPN - and, if OpenVPN can be used alone without the need to launch xB VPN? I do understand that xB VPN needs to be installed, so that the security certificates (*.crt) can be generated - but, after that, shouldn't a user be able to just use OpenVPN?

    Thank you.
     
  8. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    xB VPN is a wrapper for OpenVPN that makes it modular and portable. It accomplishes what OpenVPN alone doesn't. It carries the TAP drivers inside it and can install them wherever it goes, so you can put it on a USB drive and take it with you. This also means that xerobank vpn files you download are also 100% compatible with OpenVPN.
     
  9. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    Alright I tried installing xbVPN in a VM but it gave me the exact same problems as I had been having with Vista. I'm getting really tired of this... I'm running XP SP2 x32 in my virtual machine, and still your product doesnt install the TAP drivers. It asks to install, then says its installed and when I reboot it asks to install them again.

    Guess I'll have to install them manually here as well... not very user friendly :/
     
  10. dstar

    dstar Registered Member

    Joined:
    Jun 27, 2008
    Posts:
    6

    hi, exactly the same thing happened here (VM windows xp sp2 on mac osx). The fix is easy, just installing openvpn, but it would be helpful if that was cleary detailed in the installation, as I only did it because of posts on here.
     
  11. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    Hi dstar. I know that solution (had to discover it myself as well), and I already applied it and its working great. Its noteworthy that XeroBank haven't fixed the issue yet. I got a mail from them stating that they had been waiting for a long time to find the x64 issue, and that thanks to me they fixed it now. True they did, and Xerobank now installs the tap drivers on my x64 vista machine. But apparantly there's an equivalent issue with the x32 build. I honestly don't know what to say anymore.
    I appreciate that XeroBank is fixing the issues when reported, but issues as serious as these should never exist in a release build. I wasn't able to use my XeroBank connection for a week because it wouldn't install on my X64 machine. Not really a nice first impression.
     
  12. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    Thanks for this information again, Steve (right?:)). I initiated the connection in a VM and listened to my local network adapter outside the VM. It showed clearly that XeroBank did indeed encrypt -everything- except the DNS lookups (I guess this is because I wasn't using xB browser?).
    Also it showed that Secure Tunnel was some way more messy. It communicated a lot more packages with Secure Tunnel and not all was encrypted while it was encrypted with XB. Good to know:)
     
  13. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Except the DNS lookups? If the observation of elumineX is correct, then it would appear to be a serious anonymity violation, since an adversary could repeat the process described by elumineX and gain visibility to all the web requests of the user. Steve, can you interject insight into this concern? Earlier in this thread (post #6) you indicated that Secure-Tunnel (unlike XeroBank) leaked “DNS queries when the wind blows.”

    Thank you.
     
  14. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    I am confused. The installer for OpenVPN also “carries the TAP drivers inside it”, so – more specifically – what exactly does xB VPN accomplish that “OpenVPN alone doesn't”?

    Steve, to clarify, does this statement mean that a user can employ the “industry standard” OpenVPN/OpenVPN-GUI executables (available from here) in place of using xB VPN?

    Thank you.

    P.S.: If this subject is “off topic,” then please initiate another thread to continue this conversation.
     
  15. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    The OpenVPN program and the OpenVPN Installer are separate. You have to run the installer to get the tap driver, which are only installed to the system you install on. With xB VPN, you can install to a USB key, and take the software with you. If it encounters a system without TAP drivers, it will install there.

    Yes
     
  16. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    It may be that the VM structure interferes with the way XP SP2 handles, or it may be that your XP SP2 system is set to deny DNS changes for some reason. Can you send me a copy of the image?
     
  17. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I tested the x64 drivers on a XP SP2 system, and they worked great. I did anticipate that they wouldn't be universally compatible, within the code, so I had another set of drivers on standby for non x64 systems, I just had not yet implemented it. Interesting that it spits at your x86 but not ours. So I also added some driver checking code after the driver install is to have completed. That way you won't get stuck in the reboot loop, we'll be able to see if there is a problem right then. I've built another version of xB VPN, 2.1 RC7 g, which will be available for download later today.
     
  18. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    I rechecked this just to be sure and it is indeed not hiding the whole portion of DNS loopkups (with FireFox or IE). The part that is visible is the DNS lookup request, but not the response. This is true for BOTH XB and Secure Tunnel. Can you comment on this Steve?
    What this means is that your ISP will be able to see exactly what pages you have requested to see. They can't see whether you actually viewed the pages or not though (downloaded the content), but still.. this is a privacy issue indeed I agree.
     
  19. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    The xb network and ovpn clients both support and use their own DNS. The issue is definitely with how your operating system is acting. I am suspecting it is a VM setting, but I can't tell until I see the VM image you've got.
     
  20. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    Well I'm sure we can fix it otherwise since I can't send you the VM image. First of all it contains private information (XP product key, personal files etc) and second it's ~2.5gb which is going to take too long time with my slow connection (2048/256).
     
  21. axle00

    axle00 Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    92

    Hi ElumineX

    I was having a similar problem with dns lookups. What I had to do was set my DNS server to a remote one instead of the local one. After I did this I had no more DNS leaks while using Xerobank.


    Here's the instructions on how to do it:


    Here are text instructions on how to change your DNS settings.

    - Start Menu -> Settings -> Network Connections
    - Right-Click on 'Local Area Connection' or whatever your network adapter is, and choose Properties.
    - From the list of services, choose "Internet Protocol (TCP/IP)" and click Properties. 'Obtain DNS server address automatically' is probably selected.
    - Choose 'Use the following DNS server addresses' and type in:
    Preferred DNS server: 4.2.2.2
    Alternate DNS server: 4.2.2.4
    - Click "OK"
    - Click "OK" again.

    That's it!

    (NOTE: 4.2.2.1 to 4.2.2.6 are the oldest DNS servers on the Internet)
     
  22. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Kyle and I were discussing the issue this evening and we agreed that it was with competing adapters. It can happen if you have another network adapter fighting for the lowest metric. For example, if you have Hamachi installed it will destroy your network routing and fight with your other adapters including OpenVPN adapters. This problem isn't just limited to Hamachi, but can plainly be seen with it. What you have to do is rewrite your networking tables to put OpenVPN as the adapter with a metric of 1. Complicated? Perhaps. We'll need to reverse engineer hamachi and some others to see what they're doing, and perhaps disable them while xB VPN runs.
     
  23. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    Let me get this.. you're saying that the DNS requests are visible because the openVPN adapter isn't metric 1?
     
  24. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Is this an acknowledgement by XeroBank that xB VPN does indeed leak DNS requests under some set of circumstances?

    Given the seriousness of this revelation with respect to maintaining anonymity, can XeroBank kindly post a set of practical instructions to allow a user to diagnose whether or not DNS requests are being leaked? (Running a network protocol analyzer from a virtual machine is probably beyond the abilities of many who read this thread.)

    Thank you.
     
  25. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    OpenVPN is always set to metric 1. If you installed another piece of software that is poorly designed, like Hamachi, it will try to force it's own network settings, and instead designate itself to also be metric 1 at the same time. Then the OS decides at random which one to treat as #1. Technically this is irrelevant to Hamachi, and irrelevant to OpenVPN. This is actually relevant only to Microsoft Windows OS, when caused by what can only be considered user misconfiguration. This is like having an encrypted drive but keeping an unencrypted backup partition. Not really the software's fault, it's something the user setup to happen. I doubt it is a common issue, but let's move ahead.

    How to check your settings:
    Go to Start Button : Run : "cmd"
    "route print" and hit enter

    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 18 de 73 2e 8d ...... Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
    0x3 ...00 ff d5 23 63 05 ...... TAP-Win32 Adapter V8 - Packet Scheduler Miniport
    0x4 ...00 ff b4 08 96 e4 ...... TAP-Win32 Adapter V9 - Packet Scheduler Miniport

    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 128.0.0.0 10.0.24.29 10.0.24.30 1
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
    10.0.24.1 255.255.255.255 10.0.24.29 10.0.24.30 1
    10.0.24.28 255.255.255.252 10.0.24.30 10.0.24.30 1
    10.0.24.30 255.255.255.255 127.0.0.1 127.0.0.1 1
    10.255.255.255 255.255.255.255 10.0.24.30 10.0.24.30 1
    74.55.55.162 255.255.255.255 192.168.1.1 192.168.1.3 1
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    128.0.0.0 128.0.0.0 10.0.24.29 10.0.24.30 1
    192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 25
    192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 25
    192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 25
    224.0.0.0 240.0.0.0 10.0.24.30 10.0.24.30 1
    224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 25
    255.255.255.255 255.255.255.255 10.0.24.30 3 1
    255.255.255.255 255.255.255.255 10.0.24.30 10.0.24.30 1
    255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
    Default Gateway: 10.0.24.29
    ===========================================================================
    Persistent Routes:
    None

    Is this difficult to read for a human? Yes.

    How to change your settings:

    Go to Start Button : Run : "ncpa.cpl"
    Right click on the adapter in question
    Highlight "Internet Protocol (TCP/IP)" and select Properties button
    On the General tab select Advanced button
    For your TAP adapter, turn off Automatic Metric and set your TAP adapter to 1. Make sure others are set lower or to Automatic.

    This is just one more reason to run xB VPN. I'm going to try to add some code which takes other adapters and rolls them lower.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.