For those of you that use VPN: "CVE-2019-14899 - Inferring and hijacking VPN-tunneled TCP connections." sounds like a load of fun:
<Here is a list of the operating systems we have tested which are
vulnerable to this attack:
Ubuntu 19.10 (systemd)
Debian 10.2 (systemd)
Arch 2019.05 (systemd)
Manjaro 18.1.1 (systemd)
Devuan (sysV init)
MX Linux 19 (Mepis+antiX)
Void Linux (runit)
Slackware 14.2 (rc.d)
This list isn’t exhaustive>
Here is a link to the full write-up on the OSS Security mailing list:
I'd like to know which vendor is going to react first...
<< This vulnerability works against OpenVPN, WireGuard, and IKEv2/IPSec, but has not been thoroughly tested against tor, but we believe it is not vulnerable since it operates in a SOCKS layer and includes authentication and encryption that happens in userspace.>>
TL;DR: pretty much everyone is vulnerable, except Tor. Ooops.
Sounds very likely.
Since this is what I use all the time, I feel much better about certain technical choices I made long ago... 😋
"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko