It’s been two weeks the VPN provider Perfect Privacy found an enormous security breach in most services known as “Port Fail.” Surprisingly most of the affected providers still haven’t solved the problem.
In an email Perfect Privacy told Engadget, “We have not tested this again after the fact so we can make no definite statement on the current number of affected VPN providers.”
This is definitely not a good news for those whose security and safety count on keeping their IP address private, or those who just want to safely use public Wi-Fi as most of the VPN users may as well not be using one.
“Anyone using a VPN service to ask their support desk whether this issue has been fixed,” Perfect Privacy insists.
When people use VPN (Virtual Private Network), their internet connection travels encrypted from computer to VPN server, then it is unencrypted and travels to the final destination (the website). So, websites can only see the VPN’s IP address, not the users’.
Among top nine VPNs sampling Perfect Privacy tested, five of them have been found to be vulnerable. Of them, only Opvn.to and nVPN changed the settings necessary to prevent Port Fail attacks.
The solutions are quite simple, and were published on Perfect Privacy’s November release. “The easiest fix for affected VPN providers is to add firewall rules when a client connects that blocks access from client real IP to port forwardings that are not his own,” the company said via email. “The other option is to assign different entry and exit IPs.”
As there are hundreds of VPN services worldwide, you should find out whether your service uses port forwarding and the Port Fail is solved or not. If you find the problem unsolved, it’s time for you to change the VPN service.