Two weeks have passed and most affected providers still havent fixed the problem.
Perfect Privacy recommends anyone using a VPN service to ask their support desk whether this issue has been fixed.
The users connection then travels unencrypted to their final destination (a website).
This way, websites cannot see the users VPN and only see the VPNs IP address.
The security company said that they have tested this vulnerability with nine prominent VPN providers that offer port forwarding.
Currently, PIA has 3093 servers in 35 locations across 24 countries.
Published on Perfect Privacys blog along with the November disclosure, the fixes are distressingly simple.
They explained, The other option is to assign different entry and exit IPs.
Perfect Privacys blog post said its customers are not affected by Port Fail.
The victim has no way of knowing they have lost their anonymity when targeted by the Port Fail attack.
For Port Fail to work, the victim does not need to use port forwarding.
The attacker uses the same VPN provider as the target and simply sets up port forwarding.
It then redirects the victim to a port under the attackers control.
While your ISP knows exactly who you are, they are usually unwilling and hesitant to share that information.
Port Fail also allows attackers to see which websites you visit, and how often.
It may already be in the NSAs depository.
source: www.techworm.net
