VPN Flaw Shows Users' IP Addresses 124
AHuxley writes "A VPN flaw announced at the Telecomix Cyphernetics Assembly in Sweden allows individual users to be identified. 'The flaw is caused by a combination of IPv6, which is a new Internet protocol due to replace the current IPv4, and PPTP (point-to-point tunneling protocol)-based VPN services, which are the most widely used. ... The flaw means that the IP address of a user hiding behind a VPN can still be found, thanks to the connection broadcasting information that can be used to identify it. It's also relatively easy to find a MAC address (which identifies a particular device) and a computer's name on the network that it's on.' The Swedish anti-piracy bureau could already be gathering data using the exploit."
Re:garbage in, garbage out... (Score:5, Insightful)
Re:Tor (Score:5, Insightful)
Re:Tor (Score:5, Insightful)
Re:Tor (Score:3, Insightful)
In order to have a web of trust, don't you need to be able to establish the identity of the other people in your web to a reasonable degree of certainty? Wouldn't verifiable identities undermine the concept of anonymity that is the whole purpose of Tor?
Re:garbage in, garbage out... (Score:1, Insightful)
"Spoofing" an IP address will tend to cause the packets to be delivered to the wrong place.
On a very different note, it is worth remembering that MAC addresses are embedded in the IPv6 address. If these guys are presenting the idea that you can get a MAC address from an IP address (in IPv6) as a new security flaw, they obviously haven't been reading the RFCs. Why the #*%! do these morons think people are so reluctant to switch to IPv6? Because it makes it very hard to obscure a machine on the Internet, and since there's no built-in security on the Internet ...