Do You Know Personally/Professionally Every VPN You List?

Suggestions/comments/criticisms are welcome here

DasFox

Posts: 18
Joined: Sat Mar 26, 2011 4:36 pm

Post by DasFox » Fri May 13, 2011 10:18 am
Hi guys...

There's a problem with making a small list like you have done.

For starters since you are a small company and that's a small list, I'm going to assume that you might personally or professionally know them...

Here's the problems, one VPN provider I know gave me a password that is less then 20 bits, and that's pathetic, another vpn provider has been put on a major hit list of skepticism, that you'd have to be a fool to sign up with them if you read all the implications...

I'm guessing here, but by the looks of that list, I'll bet you most of them only give you username/password authentication, with the exception of a few.

There are three issues if you use just username/pass:

1) Authentication: If your vpn provider didn't provide keys/certs, you can't verify you are really speaking to them or a MITM / imposter.

2) Authorization: if they do not encrypt the authentication channel, you are exposing your credentials (username & password)

3) Plaintext Disclosure: If they aren't using a key, then you probably don't have Perfect Forward Secrecy. This means that your previous traffic streams can be decrypted if either endpoint is compromised in the future.

Anyone claiming security or anonymity, without using key authentication and certs, should be disregarded.

I just posted this because I think that Viscosity is a nice client and you need to be more careful with putting up a VPN list like this, otherwise it might just bring more harm then good and make you look bad recommending VPN providers that you know nothing about.

I'll be honest there are a few VPN providers with some pretty pathetic looking sites I would never trust.

Yes looks can be deceiving but with experience you can read between the lines too.

CHEERS
1 post Page 1 of 1