PIA Still Vulnerable to "Port Fail" Leak

p0800122

So why didn’t you guys test your so called patch ??

https://www.reddit.com/r/VPN/comments/3ueoz6/piaipvanish_still_vulnerable_to_port_fail_leak/

Btw im a customer if you think any different. Seems reddit post was removed wtf: heres a copy:

-----------------------------

So i just seen this new way of detecting users IP's through port forwarding, i tested top 3 providers mentioned in torrent freaks top providers 2015 article which included PIA/TorGuard and IPVANISH.

Despite PIA saying they patched this leak as per this article just posted >> https://torrentfreak.com/huge-security-flaw-can-expose-vpn-users-real-ip-adresses-151126/

After testing around 80 of there servers they are still vulnerable and leaking! proof below:

Setup local webserver connected through PIA VPN listening on port forward:

https://www.dropbox.com/s/4x3oczx2p0i18mh/Screenshot%202015-11-26%2023.33.05.png?dl=0https://www.dropbox.com/s/apebxv677y5bfxz/Cursor_and_Windows_8_1__New_.png?dl=0

Connect to same server on a different machine and browse to the myip.php script on the remote accessible webserver:

https://www.dropbox.com/s/j4d9a6om4of5n3e/SdYYoH_Rc0JLg_xD0yloGiVzR177YBSHH1aSXN845yE.png?dl=0

Tested about 80 servers and they are all still leaking!

Sounds like PIA didn’t actually test there patch! 

IPVANISH failed too.

AirVPN Failed

TorGuard passed..

ddd

Hi p0800122, thank you for bringing this to our attention. Yes, I can confirm that you are right. I would hope PIA will comment sooner than later, at least to advise they are looking into this. This is atrocious.

ddd

Best not to respond to that sort of rubbish. Ignore them, such comments should get flagged in any case.

moshbeast

my question is: I have port forwarding unchecked in the app, does this have any impact on me at all

buckbundy

moshbeast said:

my question is: I have port forwarding unchecked in the app, does this have any impact on me at all

I'd like to know this also, as port forwarding is unchecked in my Client Settings (v47).

ddd

PIA, could you please delete this username. Looking over its history, it is clear it is being used for puerile trolling.

https://www.privateinternetaccess.com/forum/profile/comments/28846/Marco_Wollank
 
Thanks.

tomeworm

robert_lazar said:

You're anti-PIA slander is not going to work.

As a PIA client I'm embarrassed to repeatedly see such childish retorts, as you have so frequently posted when anyone posts anything negative about PIA. Same goes for Marco Wollank. Is your claim that PIA a perfect company in every way? That PIA is incapable of making any mistakes?

Thanks p0800122 for reposting the reddit comment. I hope that PIA fixes this soon. Until it can be confirmed that it's really been fixed I'll disable port forwarding.

tomeworm

robert_lazar said:

PIA is the best vpn, period. We do not tolerate anti-PIA lies or anti-PIA slander here. You and these other guys were sent here by a rival vpn to attack PIA and spread lies.

I'm a PIA customer. You can easily confirm that from other comments I've posted on this forum, including requests for support. If anyone is slandering it is you for falsely accusing me of being "sent here by a rival vpn to attack PIA and spread lies." That is a bold faced lie. It sounds to me like you have issues with paranoia. You are not helping PIA's credibility in the least with your unfounded allegations.

You're entitled to your opinion that "PIA is the best vpn, period." You've said it many times before, but I'm unimpressed with the opinions of sycophants.

the_abstract

It is important to disregard the forum jester robert_lazar and his transparent clone accounts. It's pretty sad that PIA continues to tolerate this mongrel.

p0800122

No PIA official response to this yet ? this is pretty serious but PIA seems to be laxy daisy about the whole thing. PIA please test this, this i still vulnerable on all your servers and your doing jack shit about it, 

"""

“We implemented firewall rules at the VPN server level to block access to forwarded ports from clients’ real IP addresses. The fix was deployed on all our servers within 12 hours of the initial report,” PIA’s Amir Malik says.""""

Amir Malik, you have alot to answer for...

Everyone MUST disable port forwarding. PIA has put you all at risk!

p0800122

lrryie said:

p0800122 said:

No PIA official response to this yet ? this is pretty serious but PIA seems to be laxy daisy about the whole thing. PIA please test this, this i still vulnerable on all your servers and your doing jack shit about it, ....

You can't read and understand your own linked reference article, not sure what you are bitching about. PIA publicly acknowledge they fixed it within 12 hours of finding out about it.

“We implemented firewall rules at the VPN server level to block access to forwarded ports from clients’ real IP addresses. The fix was deployed on all our servers within 12 hours of the initial report,” PIA’s Amir Malik says."

Your statements are false; PIA did close the vulnerability and did do "jack shit about it" and was not "laxy daisy about the whole thing". PIA did it before it was even publicly known or to you as Perfect Privacy alerted several affected VPN service providers to the vulnerability before making it public, and PIA took immediate steps to stop the vulnerability.

 

Man, the ignorance of the people around here who believe PIA and there so called techies, they did NOT FIX IT.

Thats the whole point in this thread, can i do a test wth you or ANYONE for that matter right now while your connected to your PIA VPN ? i guarantee you, i can prove your IP leaks.

moshbeast

P0800122...PIA is based in California
..it's frickin thanksgiving ...there's probably nobody working today ...see what happens Friday

tomeworm

p0800122 said

Everyone MUST disable port forwarding. PIA has put you all at risk!

Good advice. But is that alone an adequate precaution? I don't claim to have any expertise with such things but it seems like we should avoid even connecting to any of PIA's servers that have port forwarding enabled. In other words it's a server issue, not just a client app issue. According to Perfect Privacy, "This IP leak affects all users: The victim does not need to use port forwarding, only the attacker has to set it up."

p0800122

Which BIG thing did i miss, did you see those screenshots up there ? haha, you retracted and then re-added your comment, is that you Amir Malik

Did you not like the fact that someone made you out to be wrong lol or where you sneakily running away to fix ti quick and then come back and re-add your comment ?

PIA are mugs and you should not trust this mob with your security, if i hadn't pointed this out you would ALL be vulnerable even though they said they fixed it!

tomeworm

lrryie said:

If it did not work for some for some reason or other that does not mean what your statements say, your statements are false because PIA did take measures and steps contrary to your statements.  Your statements are false.
. 

Either it's fixed or it isn't. That's all any of us care about. p0800122 says he's tested it and it's not fixed. He hasn't given us any reason to distrust him. You and your PIA sycophants however haven't given me any confidence, whatsoever, that you have any idea what you're talking about. In fact you're just confirming my doubts.

This port forwarding leak needs to be fixed and it needs fixing today. The longer you engage in this pointless banter the more time you're wasting just trying to CYA for your foul ups. Focus your attention on fixing it Irryie. The longer you stall and CYA the more negative comments will show up here and, far more devastating to your business, on forums like Torrent Freak (it's going on there right now).

p0800122

Hello, im really wanting you to point out what we missed, if you cant then please step aside as you obviously do not know what your talking about and just keep repeating yourself...please look at the screenshots, the test is not wrong its exactly how PP announced it, you will clearly see the following:

1) 1 PC running PIA VPN connected to 46.166.188.228 with a webserver running through open port 48390

2) On the 2nd machine connected to a different network, this would act as the victim, they are tricked into visiting the 46.166.188.228:48390/myip.php

3) Then the IP is clearly seen next to the REMOTE_ADDR filed did you SEE that ?

***oh for cripes sakes, give us a break, its obvious to anyone with even moderate reading and comprehension skills that just by reading the article link you posted that "our statements are false". Trying to defend them does not make them true. ***

Yes you can say that again!

p0800122

And yet you can’t seem to point it out ... blah blah

tomeworm

p0800122 said:

And yet you can’t seem to point it out ... blah blah

Thanks p0800122 for all your efforts. The PIA sycophants hate you for it, but please know that privacy minded PIA customers like myself greatly appreciate it. However, at this point it's become clear that the PIA sycophants will just continue shouting you down.

I'm inclined to agree with your suspicions that Irryie is Amir Malik, or at the very least he's another PIA staff member. Amir and crew can more easily get away with their antics here since this area of the forum that isn't very active. Let me suggest you abandon this thread and start again under https://www.privateinternetaccess.com/forum/categories/general-support/

That area gets a lot more traffic and Amir will have a harder time shouting you down there. Once you start that thread be sure to post a comment to the Torrent Freak article with a link to your new thread here. The only way we're likely to see this issue get fixed is by turning the heat up.

Osborne_Cox

Thanks for the heads up, @p0800122. Could it be that PIA are still rolling out the fix on their servers? Are you still able to get the IP to leak?

Looking at this, one fix maybe to firewall connections to PIA server other than on the connection port.

p0800122

Osborne_Cox said:

Thanks for the heads up, @p0800122. Could it be that PIA are still rolling out the fix on their servers? Are you still able to get the IP to leak?

Looking at this, one fix maybe to firewall connections to PIA server other than on the connection port.

I will test tonight and post back, i tested earlier today and there where still leaks. The thing is PIA said they had it all fixed inside 12 hours before the article was posted, so we should have trust in them that this was the case, now we can’t really trust there word on much can we. It makes me feel edgy so i will be moving services for sure.

p0800122

Also i just want to say one thing from my experience on this forum the last day, i came here to report a serious and genuine issue and all you get is useless nobody's constantly taking trash, i mean how is anyone able to take PIA seriously when all you get is halfwits like this all around the forums.

PIA i would highly suggest that you remove these critters from your forums, to name a couple:

robert_lazar , DerekZimmer + Marco_Wollank << obviously  clone troll accounts. They all sound the dyslexic so must be the same person to be quite frank.

tomeworm

MahmoudAbdul, you have major projection issues. Please seek professional help. It's also more than obvious that you're just another of the many sock puppets giving voice to your multiple personality disorder, as well as the deep bitterness you hold toward whoever Derek A Zimmer is. Did you used to work for him? Did he fire you for your obvious mental health issues?

PIA, please add MahmoudAbdul to that list of accounts to delete, along with TiffanyNichols. More will be added to the list as those additional sock puppets make their voice known here.

p0800122

Wow MahmoudAbdul 

You just sound like Marco Wanker, Dereks in a Zimmer and Robert Largeass, you all say the same things -how many accounts do you have ?

p0800122

LiquidVpn said:

tomeworm said:

MahmoudAbdul, you have major projection issues. Please seek professional help. It's also more than obvious that you're just another of the many sock puppets giving voice to your multiple personality disorder, as well as the deep bitterness you hold toward whoever Derek A Zimmer is. Did you used to work for him? Did he fire you for your obvious mental health issues?

PIA, please add MahmoudAbdul to that list of accounts to delete, along with TiffanyNichols. More will be added to the list as those additional sock puppets make their voice known here.

Are you blind or just plain stupid? These guys have told you multiple times that PIA does not censor and does not remove and does not ban usernames or accounts. Why are you crying to have these names removed? It won't do you any good. You're making yourself look pathetically weak-minded.

That’s a bit harsh don't you think? you mean the trolls, the dyslexic faggots with multiple usernames who goes around trolling everyone who question PIA and who don;t have the mental capability to understand the fuckin problem?

They do PIA more harm than good and why is liquidvpn (another vpn provider) a regular on this forum? it’s a bit strange.

Maybe your better off cutting the grass...

catcher749

It's concerning PIA has yet to address this. Calling @Support

tomeworm

Let us know what they have to say. If you don't get any straight answers I'll put in a support ticket.

catcher749 said:

It's concerning PIA has yet to address this. Calling @Support

bunklung

I think the problem is they thought they fixed this, but the technical staff took the long weekend. We won't see a fix until Monday when they hit their inboxes. That's provided they aren't busy buying stuff on Cyber Monday from their work PC .

Osborne_Cox

PIA response here:
https://www.privateinternetaccess.com/forum/discussion/19310/ip-leak-vulnerability-in-port-forwarding-feature

We are in the process of deploying an improved fix on all of our VPN gateways as well as releasing new clients. We will update this thread when the fix has been deployed and new client installers are available.

tomeworm

lrryie said:

They did fix it as they said in the linked torrent freak article but they discovered some edge cases where it still happened...

Translation: "Hey, stop telling us we didn't fix it. We did fix it, except it's still sort of broken. But trust us, we really did fix it. So now we're fixing the previous release that was fixed. So you can trust us to get it right this next time because the next release will really, for sure this time, be fixed. And when the fix is in it will even take care of those, umm, edge cases."

PIA will definitely want to include "edge case" in their newest lexicon of terms for their techs to use when they can't figure out a technical problem. "We did fix the problem. But the reason it's still not working is that this is an edge case."

Irryie, even if you don't comprehend the definition of the word "fix" the rest of us do. Let me suggest Irryie that you and PIA start using one of the commonly accepted dictionaries of the English language (e.g. Merriam-Webster, Oxford, Cambridge, etc.), rather than one of your own fanciful creation.

catcher749

Yeah they don't look very good in all of this.

p0800122

lrryie said:

p0800122 said:

And yet you can’t seem to point it out ... blah blah

and yet I did already point it out - you pointed it out yourself - the linked article pointed it out - its just that you do not know what you are talking about so you can not see it. Your statements are false.

WTF are you dribbling about ? you pointed out nothing, are you another mentally disturbed PIA troll on the PIA payroll ? i posted the linked article on reddit, im the one who tested it, they said in torrent freak article it was fixed in 12 hours, that normally means the problem is fixed and theres no more problem but it WASN’T, it was lies as i proved... they could have said (we are in process and the fix will be completed on Monday etc) but they didn’t they lied.... infact i don;t think they did lie they just didn’t test it and this sort of laxy daisy attitude is what gets people into trouble, how can you trust that mentality ?

So please stfu now -