lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAJtJjZs9bLrEU=5jT75TWha47eSLowMHU9P=C8RUT92AvSdiZQ@mail.gmail.com>
Date: Tue, 4 Oct 2011 10:27:32 +0100
From: Darren Martyn <d.martyn.fulldisclosure@...il.com>
To: Ferenc Kovacs <tyra3l@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: VPN providers and any providers in general...

Ok, well I suppose we can avoid spamming the list with our off topic
ramblings and get back to the topic on hand (and behave like adults, which I
assume all of you'se are), and clear up a few things up.

VPN's and such can serve as a method to stop people on the local network
from sniffing your connection (assuming a reliable encryption scheme is in
place, and you have not been MITM-ed during the key exchange or whatever -
crypto is NOT my interest!). However, we can reliably assume that the VPN
provider can sniff your connection and compromise your "safety" per se, and
that they WILL cooperate with Law Enforcement.

Even running your own VPN (OpenVPN) on a VPS you purchase is still risky, as
the VPS provider can simply take over the box. Etc.

TL;DR, VPN's are not as safe as some believe for protecting ones anonymity.
They WILL roll over for LEO and such. Not to mention threats on the LAN
could compromise you, but I do not know much about how that works on the
crypto side (however, if someone wants to enlighten me I would be grateful,
it has piqued my curiosity!)

Also, NOT surprised the provider rolled over in THAT case.

*footnote for Christian, etc. I apologise for inciting a bit of off topic
ranting, merely discussing morals, and how they affect people, and how often
people do silly things when their logic/morality is compromised, often by
narcotics and such. But that is for a discussion on morals and the
psychology/sociology of "cybercriminals". The ensuing debate about
psychadelics and coding was probably my fault, but hey, people have varied
interests, no? If we are going to act our age (adults, I presume) on this
list at least display some tolerance for other peoples discussions, and keep
the anger off the list.

On Tue, Oct 4, 2011 at 8:06 AM, Ferenc Kovacs <tyra3l@...il.com> wrote:

> http://vpn.hidemyass.com/vpncontrol/legal.html
>
> "VPN Data
>
> What we store: Time stamp and IP address when you connect and
> disconnect to our service."
>
> ...
>
> "Legalities
>
> Anonymity services such as ours do not exist to hide people from
> illegal activity. We will cooperate with law enforcement agencies if
> it has become evident that your account has been used for illegal
> activities."
>
> people should read the TOC, AUP and privacy policy especially if they
> are planning to use that service for illegal activities.
>
> As I mentioned before it is hard to expect that a VPN provider will
> risk his company for your $11.52/month, and maybe they would try it
> for some lesser case, but what Lulsec did was grant, so I'm not
> surprised that they bent.
>
> On Tue, Oct 4, 2011 at 1:09 AM, xD 0x41 <secn3t@...il.com> wrote:
> > maybe they are law abiding companies? :)
> >
> > Who were advertising themselves, and acting like they would NEVER do the
> > dirty by handing over any payment records etc... wich is half the reason
> i
> > believe the people use theose ones, advertising to protect you.. not to
> give
> > your infos up, for really, no reason. as they did.
> > Law abiding or not, then they should be advertising as a law abiding
> > company, and not acting like some hackers-oparadise vpn service.
> > xd
> >
> >
> > On 4 October 2011 06:16, Ferenc Kovacs <tyra3l@...il.com> wrote:
> >>
> >> On Mon, Oct 3, 2011 at 10:35 PM, Laurelai <laurelai@...echan.org>
> wrote:
> >> > On 10/3/2011 10:42 AM, Antony widmal wrote:
> >> >> Using an external VPN provider to cover your trace clearly shows your
> >> >> incompetency and your idiot assumption.
> >> >> Trying to blame the VPN provider rather than accepting your mistake
> >> >> and learning from it clearly show your 3 years old mentality.
> >> >>
> >> >> Also, could you please stop posting as GLOW Xd as well ?
> >> >> We do not need your schizophrenic script kiddie "lolololol", "xD",
> >> >> hugs,  spamming on this mailing list.
> >> >>
> >> >> You being on this mailing list is once again not the best idea.
> >> >>
> >> >> Thanks,
> >> >> Antony
> >> > Actually XD and me are two different people. Second issues of privacy
> >> > are always relevant, not understanding that law abiding individuals
> >> > should always be concerned about companies that hand over personal
> info
> >> > at the request of an authority figure are the ones with three year old
> >> > mentalities.
> >>
> >> maybe they are law abiding companies? :)
> >> this whole fuss wouldn't have happened, if everybody could just stay a
> >> law abiding citizen.
> >>
> >> --
> >> Ferenc Kovács
> >> @Tyr43l - http://tyrael.hu
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> Ferenc Kovács
> @Tyr43l - http://tyrael.hu
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ