Privacy-Busting Bugs Found in Popular VPN Services Hotspot Shield, Zenmate and PureVPN
A report by VpnMentor, a website which ranks VPN services, reveals several vulnerabilities in Hotspot Shield, Zenmate, and PureVPN — all of which promise to provide privacy for their users. VpnMentor says it hired a team of three external ethical hackers to find vulnerabilities in three random popular VPNs. While one hacker wants to keep his identity private, the other two are known as File Descriptor and Paulos Yibelo. ZDNet: The research reveals bugs that can leak real-world IP addresses, which in some cases can identify individual users and determine a user’s location. In the case of Hotspot Shield, three separate bugs in how the company’s Chrome extension handles proxy auto-config scripts — used to direct traffic to the right places — leaked both IP and DNS addresses, which undermines the effectiveness of privacy and anonymity services. […] AnchorFree, which makes Hotspot Shield, fixed the bugs, and noted that its mobile and desktop apps were not affected by the bugs. The researchers also reported similar IP leaking bugs to Zenmate and PureVPN.
of this story at Slashdot.