VPN Security

Some security issues when using a VPN

VPN Anonymity

How anonymous is the RiseupVPN? The answer primarily depends on what user information you have associated with your Riseup login. If you are concerned about your anonymity, we suggest you create a separate VPN account that you only use for the VPN.

We keep very few logs and do not track any DNS requests or traffic of the VPN, but we do keep a record of which users accounts have used the VPN on which days.

Man-in-the-middle attacks

A Man-in-the-middle attack (or MiTM) is where the attacker is able to listen and/or modify your network traffic. Such an attack can be used to de-anonymize you, modify content, steal your passwords, or serve you viruses, trojans or other software designed to gain access to your computer.

Every internet connection is vulnerable to a MiTM attack because of the broken nature of how the internet works. By tricking the routing protocol used by the internet, any traffic is vulnerable to a MITM attack from anywhere in the world. Although this vulnerability has been known for years, researchers dramatically demonstrated such an attack at the hacker conference DEFCON in August of 2008.

Does a VPN help protect against MiTM?

Yes and no. Using a VPN will shut down many of the places where a MiTM attack might happen, but not all of them. Specifically, it will protect your traffic between your device and the VPN gateway, preventing your ISP (or most governments) from performing a MiTM attack targeted toward you.

However, once your traffic passes from the VPN gateway to its eventual destination, it becomes vulnerable to a MiTM attack. With a VPN, your traffic is then semi-anonymized, so it is much much more difficult to target any attack toward any particular person, but an indescriminate attack against all users of a particular website is still very possible.

For example, in January 2011 the Tunisian government, in fear of the popular upraising that would eventually topple the regime, was able to perform a MiTM attack on Facebook users connecting from withing Tunisia, capturing their login and passwords. In this case, a VPN would have pretected against so long as the VPN gateway was located outside the country of Tunisia.

PPTP and LT2P

PPTP and LT2P have been disabled because of vulnerabilities:

While the PPTP protocol has the advantage of a pre-installed client base on Windows platforms, analysis by cryptography experts has revealed security vulnerabilities. (openvpn.net)

Bruce Schneier analysed PPTP weaknesses for years and Moxie Marlinspike’s ChapCrack is able to drop PPTP encryption.

WPA2 flaws

In conjunction with ChapCrack the penetration testing service Cloudcracker can break encrypted wireless networks in less than an hour:

WPA-PSK, NT and NTLM passwords have all long been known to be vulnerable to dictionary attacks that try every possible set of words that compose a password. But because they use cryptographic hashes to obscure those words, the computing power to run a dictionary attack has long been unavailable to most users. Marlinspike’s service accesses a collection of 400 CPUs and 70 GPUs and distributes the cracking task across them. (forbes)

WPA2 routers with enabled Wi-Fi Protected Setup allow a remote attacker to recover the WPS PIN and, with it, the router’s WPA2 password in a few hours.