crash_course , 1 month ago

@arstechnica
"The researchers believe it affects all VPN applications when they’re connected to a hostile network and that there are no ways to prevent such attacks except when the user's VPN runs on Linux or Android."

Really?!

Sigh of relief.
That's what I'm running : Linux & Android... 😆 🙏

pcherry , 1 month ago

@arstechnica Interesting and concerning exploit. Are there legitimate uses for Option 121? If Android OS can get on without it, it must not be critically important.

MotherEarth , 1 month ago

@arstechnica

I didn't understand anything you wrote, but can you tell me: will it kill me or ask me for money? Lol

thomascoven , 1 month ago

@arstechnica
Can I ask a noob question?
If all my devices have individial IP's set and my router has DHCP disabled, am I subject to this attack? If I go further and set static leases for each device in my router firmware, does that improve things?

formlessone , 1 month ago

@arstechnica Didn't 2600 cover this, like, nearly two decades ago?

atatassault , 1 month ago

@arstechnica

>or to connect the VPN to the Internet through the Wi-Fi network of a cellular device

What if you connected your phone to your computer via cable, to get around carrier limiting the amount of hotspot data you get?

not2b , 1 month ago

@arstechnica It seems that this attack isn't an issue for people working from home and using a corporate VPN, or using a VPN to pretend to be in another country to get access to media, because the attacker has to control DHCP on the home network, and if they can do that the user has worse problems than just with their VPN. It could make it unsafe to access sensitive work sites from a coffee shop if I understand correctly.