A new attack was published, named TunnelVision, explaining how to snoop all the unencrypted VPN traffic through a local system.

In summary, the attack make the local DHCP server auto configuring workstations network to send a gateway address that is similar to the one used by the VPN but with a higher priority, so the operating system will send its VPN traffic to that address instead of the VPN server.

This attack is not discrete, it could be easily spotted in the network settings.

https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/

#Android seems unaffected.

#QubesOS is immune as long as you do not establish a VPN in the qube connected to the real world network (by defaut it's either sys-net or sys-firewall).

=> https://qubes-os.org

#OpenBSD is certainly affected as DHCP option 121 allowing that trick is implemented into dhcpleased (the dhcp client).
However, using a different rdomain for the VPN should prevent any kind of snooping. I wrote a guide explaining how to use WireGuard tunnels on different rdomains https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html

=> https://www.openbsd.org

Linux users using WireGuard can configure namespaces as a protection: (thanks @zgou for the link)

=> https://www.wireguard.com/netns/

Tor users do not have to worry, this does not affect Tor at all (it works at a different layer in the network). However, in case you use Tor over VPN, this could potentially leak the fact that you use Tor, but Tor data is still encrypted.

#infosec #opsec #cybersecurity

Well this is fucking lovely....

Malicious code was discovered in the upstream tarballs of "xz" which then affects liblzma

Downstream there may be backdoors in various implementations of "sshd".

Versions Affected:

• Fedora 41
• Fedora Rawhide
• openSUSE Tumbleweed
• Debian testing, unstable, experimental distributions
• Kali updates between March 26th and March 29th

Original notice here:
https://www.openwall.com/lists/oss-security/2024/03/29/4

Red Hat CVE: https://nvd.nist.gov/vuln/detail/CVE-2024-3094

Red Hat Security Blog Post: https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

Arch Linux Security Post: https://archlinux.org/news/the-xz-package-has-been-backdoored/

Debian Security Post: https://lists.debian.org/debian-security-announce/2024/msg00057.html

openSUSE Security Post: https://news.opensuse.org/2024/03/29/xz-backdoor/

Kali Linux announcement: https://infosec.exchange/@kalilinux/112180505434870941

CISA Advisory: https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094

Article here: https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/

#infosec #linux #foss #hacking #cve20243094 #cve