sud0nick Posted June 1, 2015 Share Posted June 1, 2015 I just came across this article via reddit.com/r/technology (http://www.dailydot.com/technology/hola-vpn-security/) about a free VPN called Hola that apparently uses every one of it's users' systems as an exit node for their service. The problem is you can't opt out of it and even worse the VPN application apparently runs as SYSTEM on your machine! And on some systems, it gets worse; Hola will happily run whatever you feed it as the 'SYSTEM' user. What this means in simple terms, is that somebody can completely compromise your system, beyond any repair. It allows for installing things like a rootkit, for example. For starters I wouldn't want anyone using my home network as an egress point for obvious reasons. I find it to be even worse that arbitrary programs can be run as the SYSTEM user because of this software. This is even more proof that nothing is truly free. Quote Link to comment Share on other sites More sharing options...
Rkiver Posted June 1, 2015 Share Posted June 1, 2015 This was in Threatwire on Friday also. Quote Link to comment Share on other sites More sharing options...
digininja Posted June 1, 2015 Share Posted June 1, 2015 And people think it is easy to be anonymous online! Quote Link to comment Share on other sites More sharing options...
cooper Posted June 2, 2015 Share Posted June 2, 2015 Worse yet, people expect a VPN to be free... Quote Link to comment Share on other sites More sharing options...
sud0nick Posted June 4, 2015 Author Share Posted June 4, 2015 Worse yet, people expect a VPN to be free... this times infinity! I barely trust my paid VPN. Sure they can tell me that they don't keep record of any traffic and IP addresses are shared but I don't get to monitor their servers and network devices so how would I truly know? Quote Link to comment Share on other sites More sharing options...
cAnT3Sp Posted July 9, 2015 Share Posted July 9, 2015 Adding to @sud0nick. Is there some device you can attach to your router so that no matter what computer/ device is using ur wifi it will go thru VPN rather than connecting each device? Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted July 9, 2015 Share Posted July 9, 2015 Adding to @sud0nick. Is there some device you can attach to your router so that no matter what computer/ device is using ur wifi it will go thru VPN rather than connecting each device? If you use ddwrt or openwrt you can set it up to connect to an openVPN as a client. Quote Link to comment Share on other sites More sharing options...
cooper Posted July 9, 2015 Share Posted July 9, 2015 Kinda wondering what you're trying to achieve by that... It just seems wasteful to me. The only gain I can see is that someone were to DDOS your VPN box you can shut down the VPN connection and continue using the internet in some way until the attack ceases, on the assumption that what you do doesn't identify you to the attacker in a way that makes him/her/them move their attack target to your actual IP. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted July 9, 2015 Author Share Posted July 9, 2015 Kinda wondering what you're trying to achieve by that... It just seems wasteful to me. The only gain I can see is that someone were to DDOS your VPN box you can shut down the VPN connection and continue using the internet in some way until the attack ceases, on the assumption that what you do doesn't identify you to the attacker in a way that makes him/her/them move their attack target to your actual IP. I understand the latter half of your statement but how is it wasteful? Quote Link to comment Share on other sites More sharing options...
cooper Posted July 10, 2015 Share Posted July 10, 2015 You're spending money to have a second egress point, every packet going out has been delayed by at least 1 hop, your throughput is limited by what the egress point can manage (typically not a problem, but still), your bandwidth is reduced due to the VPN overhead and your hardware is spending cycles encrypting the data transmitted between you and your VPN. It might be worth it to you, but I see a lot of expenses and very little value in return. Quote Link to comment Share on other sites More sharing options...
digip Posted July 10, 2015 Share Posted July 10, 2015 I have OpenVPN capabilities built into my ASUS router by default. I can add an ovpn config file to the router for which all traffic will flow through the VPN for the home. However, compared the desktop equivalent(same ovpn config file) the traffic is a fraction of the speed on the router, as it is natively on my desktop. Routers are meant for what they do, routing traffic. Encrypting data on the fly for everyone on the network, is probably not the best thing you can do to your off the shelf router and in my experience, made things hella slow, as where on the desktop, speeds were actually faster for some things. A desktop machine dedicated with multiple nics as a firewall with VPN access, would probably work better than a small home rotuer for VPN access though, but this also might just be the implementation on my router that is slower than from my desktop alone. Quote Link to comment Share on other sites More sharing options...
tracyleon Posted August 26, 2015 Share Posted August 26, 2015 It is better to use nothing if you have only option of using free VPN. I think when it comes to online security purpose free vpn tools should be sideline by users and it is much better option to buy paid tools. I am using ... to access blocked content in US. Quote Link to comment Share on other sites More sharing options...
digininja Posted August 26, 2015 Share Posted August 26, 2015 I'd disagree with that, it depends on your environment. If you are in a hostile environment and there is guaranteed network monitoring then using a free VPN that may be monitoring is probably a better option if you have to get online. Quote Link to comment Share on other sites More sharing options...
oz120 Posted September 5, 2015 Share Posted September 5, 2015 I personally plan to get https://www.privateinternetaccess.com/ I am wondering if that price seems right. They seems to have a rather large server list and my ASUS router can connect to it without modification. I can also set the router so that if there is no connection to the VPN It wont connect to the internet at all. This is only my intended plan until I can get a mini board to put a wifi card or 2 in to make my own router running VMs with pfSense to run antiviruse and the VPN for all computers connected to the network. Does this sound right? Quote Link to comment Share on other sites More sharing options...
cooper Posted September 5, 2015 Share Posted September 5, 2015 Sounds like the wrong place to have antivirus running. If you use some secure webmail which you access directly from your machine within your LAN your router (and, thus, antivirus) can't inspect that data since it's encrypted. So you're going to have to run antivirus on your machine anyways. Given that, why bother with it on the router? Quote Link to comment Share on other sites More sharing options...
digininja Posted September 6, 2015 Share Posted September 6, 2015 Also, there is a good chance that it will be Clam AV which is OK but not the best. Quote Link to comment Share on other sites More sharing options...
Karit Posted September 7, 2015 Share Posted September 7, 2015 For VPN on the go I have a Raspberry PI 2 running l2tp/ipsec running. I like this as it means I can use always on VPN on my Andriod devices. Given that for Always On you have to use an IP for the server and give an IP for DNS it doesn't even leak DNS look up for the host. The tutorial I followed was http://linux.tips/tutorials/how-to-setup-l2tp-vpn-server-on-raspberry-pi The only down side is can't use captive portal WiFi as you have to turn the VPN off to see the login page and you can leak a lot info given how many apps still do stuff over HTTP or un CA checked HTTPS. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.