An Interest In:
Web News this Week
- March 23, 2024
- March 22, 2024
- March 21, 2024
- March 20, 2024
- March 19, 2024
- March 18, 2024
- March 17, 2024
August 18, 2018 08:34 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/gFSUHgDbP0k/new-voracle-attack-can-recover-http-data-from-some-vpn-connections
New VORACLE Attack Can Recover HTTP Data From Some VPN Connections
"A new attack named VORACLE can recover HTTP traffic sent via encrypted VPN connections under certain conditions," reports Bleeping Computer, citing research presented last week at the Black Hat and DEF CON security conferences. An anonymous reader writes:The conditions are that the VPN service/client uses the OpenVPN protocol and that the VPN app compresses the HTTP traffic before it encrypts it using TLS. To make matters worse, the OpenVPN protocol compresses all data by default before sending it via the VPN tunnel. At least one VPN provider, TunnelBear, has now updated its client to turn off the compression. [UPDATE: ExpressVPN has since also disabled compression to prevent VORACLE attacks.] HTTPS traffic is safe, and only HTTP data sent via the VPN under these conditions can be recovered. Users can also stay safe by switching to another VPN protocol if their VPN client suppports multiple tunneling technologies. In response to the security researcher's report, the OpenVPN project "has decided to add a more explicit warning in its documentation regarding the dangers of using pre-encryption compression."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/gFSUHgDbP0k/new-voracle-attack-can-recover-http-data-from-some-vpn-connections
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot