• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Week 1: Course Introduction
      • Week 2: Meterpreter, Avoiding Detection, Client Side Attacks, and Auxiliary Modules
      • Week 3: Social Engineering Toolkit, SQL Injection, Karmetasploit, Building Modules in Metasploit, and Creating Exploits
      • Week 4: Porting Exploits, Scripting, and Simulating Penetration Testing
      • Week 5: Independent Study – Perform Metasploit Attack and Create Presentation
      • Week 6: Ettercap
      • Week 7: Introduction to OWASP’s WebGoat application
    • Second Half of the Semester
      • Week 8: Independent Study
      • Week 9: Introduction to Wireless Security
      • Week 10: Wireless Recon, WEP, and WPA2
      • Week 11: WPA2 Enterprise, Wireless beyond WiFi
      • Week 12: Jack the Ripper, Cain and Able, Delivery of Sample Operating Systems
      • Week 13: Independent Study – Analyze provided Operating System Samples and Create Assessment Report
      • Week 14: Deliver Assessment to Operating System Class either in person or via teleconferenc
  • Assignments
    • Analysis Reports
    • Group Project Report and Presentation
  • Webex
  • Harvard Coursepack
  • Gradebook

MIS 5212-Advanced Penetration Testing

MIS 5212 - Section 001 - Wade Mackey

Fox School of Business

VPN Leaks Data

March 24, 2018 by Fred Zajac 2 Comments

This report identified three vulnerabilities with VPN services leaking sensitive IP Address and location information.  Virtual Private Networks are used for several different reasons, but in this case it is used to connect privately to an internal network.  The VPN service will encrypt your data and hide your true IP address for security reasons.

Vulnerabilities were found at PureVPN, HotSpot Shield, and Zenmate.

It was also noted that these vulnerabilities were with the Chrome plug-in.  Not the desktop or smartphone version.  The other vulnerabilities were not disclosed because no patch has been created.

https://thehackernews.com/2018/03/vpn-leak-ip-address.html

Filed Under: Week 02 Tagged With:

Reader Interactions

Comments

  1. Elizabeth V Calise says

    March 24, 2018 at 9:33 pm

    Fred, really interesting article you posted. I remember last year when Internet privacy laws were scrapped and all my IT friends kept discussing VPN. What is more concerning is that the VPN services which contained vulnerabilities were the services provided by three popular VPN providers. I could expect this from a smaller provider, but not a well-known one. To me, VPN services is your focus so why are there slip ups? Also, I am sure once Internet privacy laws were removed, business must have increased. I know many of people who purchased VPN services once this change went into effect. Technology, security and privacy are huge today and I feel as if those companies should know that and not have vulnerabilities in the free Chrome-plug-in.

    Log in to Reply
  2. Donald Hoxhaj says

    May 11, 2018 at 1:28 am

    Fred,
    That’s actually quite interesting because over 40% of SMBs use VPN for remote business operations. I am unsure of the severity of these transactions, but if VPNs are leaking sensitive information such as IP address and location, this possibly has a huge place to instigate another cyber threat. Attackers can easily catch hold of these IPs to demand ransom. I am sure that Private VPNs are far secured and that organizations do use advanced security systems to prevent IP leaks over the private network.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (10)
  • Week 01 (18)
  • Week 02 (9)
  • Week 03 (13)
  • Week 04 (17)
  • Week 05 (12)
  • Week 06 (16)
  • Week 07 (2)
  • Week 08 (8)
  • Week 09 (5)
  • Week 10 (10)
  • Week 11 (5)
  • Week 12 (5)
  • Week 13 (2)
  • Week 14 (7)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in