VPN Flaw Shows Users' IP Addresses

AHuxley writes "A VPN flaw announced at the Telecomix Cyphernetics Assembly in Sweden allows individual users to be identified. 'The flaw is caused by a combination of IPv6, which is a new Internet protocol due to replace the current IPv4, and PPTP (point-to-point tunneling protocol)-based VPN services, which are the most widely used. ... The flaw means that the IP address of a user hiding behind a VPN can still be found, thanks to the connection broadcasting information that can be used to identify it. It's also relatively easy to find a MAC address (which identifies a particular device) and a computer's name on the network that it's on.' The Swedish anti-piracy bureau could already be gathering data using the exploit."

Re:IPv6

[vlm]

I heard, that instead of specifying addresses using hexadecimal digits 0-9 and A-F, some PHD wants to use 0-9 and A-Z. And the offshored helpdesk wants to use unicode characters instead of hexadecimal digits.

I bet there's a heck of a lot of spreadsheets and ip allocation thingys and map generation scripts and especially webpage javascript validation that won't tolerate "letters" in yer "IP addresses". Underlying OS and apps are generally OK at this point (I've been running ipv6 for many years from various tunnelbrokers)