Just another weblog

Security hole in itshidden.com

itshidden

Named ItsHidden, the free VPN solution has opened up a BETA test to the public, who can now privatize their Internet traffic – including BitTorrent transfers – in next to no time. ItsHidden was set up with torrent users in mind, allowing them to hide their identities from ‘third parties’ who choose to snoop on their activities.

Although, users have to be careful when connecting on their ItsHidden vpn servers, because they will be on a virtual LAN where all other users can see their computers just if they were in the same LAN. If the user has no firewall installed and enabled on his machine, then everyone else using the same vpn server with him, can see user’s Windows Sharing folders.

Here is an example:

1. I have connected to vpn server of itshidden.com

2. I have used Angry IP Scanner to scan for other PCs on the same virtual LAN with me, and for Windows Sharing folders.

Here is what I get:

ipscanner

3. Then I can see what PCs, have what Sharing Folders, and explore them. (Did you noticed that a lot of people has the C and D drives shared?)

Here are some folders:

folder1

folder2

Beware… It is a very good service (and free) but YOU HAVE to use firewall when using the vpn service of itshidden.com

Update (29/07/2009 19:00 UTC): It seems that they have fixed this security hole. I have informed them about this problem, as soon as I have first published this post.

3 απαντήσεις στο Security hole in itshidden.com

Αφήστε μια απάντηση

Η ηλ. διεύθυνση σας δεν δημοσιεύεται. Τα υποχρεωτικά πεδία σημειώνονται με *

Αυτός ο ιστότοπος χρησιμοποιεί το Akismet για να μειώσει τα ανεπιθύμητα σχόλια. Μάθετε πώς υφίστανται επεξεργασία τα δεδομένα των σχολίων σας.

Random Quote
“Oι HΠA αγόρασαν την Aλάσκα από την Pωσία προς 2,5 δεκάρες το στρέμμα και το Mανχάταν από τους Iνδιάνους με 24 δολάρια.”