TunnelVision: Decloaking Routing-Based VPNs

CVE-2024-3661

If you want to be safe, don't get DHCP service from anything but your own router. Don't connect to public WiFi anywhere. If you need to use a local network you don't control, connect your router to it and connect your device to your router so you get DHCP service from your router, not someone else's. It's also important that only your devices be allowed to connect to your router.

https://github.com/leviathansecurity/TunnelVision

TunnelVision is a local network VPN leaking technique that allows an attacker to read, drop, and sometimes modify VPN traffic from a targets (sic) on the local network. This technique does not activate kill-switches and does not have a full fix for every major operating system. We are using the built-in and widely supported feature DHCP option 121 to do this.\
\
Option 121 supports installing multiple routes with CIDR ranges. By installing multiple /1 routes an attacker can leak all traffic of a targeted user, or an attacker might choose to leak only certain IP addresses for stealth reasons. We're calling this effect decloaking.\
\
TunnelVision has been theoretically exploitable since 2002, but has gone publicly unnoticed as far as we can tell. For this reason, we are publishing broadly to make the privacy and security industry aware of this capability. In addition, the mitigation we've observed from VPN providers renders a VPN pointless in public settings and challenges VPN providers' assurances that a VPN is able to secure a user's traffic on untrusted networks.\
\
A fix is available on Linux when configuring the VPN users host to utilize network namespaces. However, we did not encounter its use outside of our own research. The best documentation we've found about that fix is available from WireGuard's team. It remains unclear, at the time of publishing, whether this fix or a similar fix is also possible on other operating systems such as Windows and MacOS due to neither appearing to have support for network namespaces.

#security #safety #privacy #surveillance #spying #vpn #vpns #virtual-private-network #virtual-private-networks #tunnelvision

GitHub - leviathansecurity/TunnelVision: A network technique that decloaks a VPN users traffic on a local network without disconnecting them from a VPN.

A network technique that decloaks a VPN users traffic on a local network without disconnecting them from a VPN. - leviathansecurity/TunnelVision

Demand Transparency and Safety Studies on Cloud Seeding Over Populated Areas

#Transparency #Safety ·Studies #CloudSeeding

https://www.change.org/p/demand-transparency-and-safety-studies-on-cloud-seeding-over-populated-areas?signed=true

Sign the Petition

Demand Transparency and Safety Studies on Cloud Seeding Over Populated Areas

AI danger

#AI #job #safety

Why Boeing is such a shitty company (continued)

by Robert Reich

https://substack.com/inbox/post/142674971

#Airplanes #Boeing #Safety #Manufacturing

Why Boeing is such a shitty company (continued)

Friends, On Friday, machinists at Rogue Valley International Airport in Medford, Oregon, discovered that a United Airlines plane that had landed from San Francisco was missing an external panel (see photo, above). The plane was manufactured by...

Someone "fixed" this photo adding the little girl

*

#safety #first

The science behind why people hate Daylight Saving Time so much

Can we use research and policy to change (or not change) the clocks for the last time?

https://arstechnica.com/features/2024/03/the-science-behind-why-people-hate-daylight-savings-time-so-much/

In 2022, Gentry and an interdisciplinary team of colleagues added to that body of research, publishing a study in the journal Time & Society that showed the rate of fatal motor-vehicle accidents was highest for people living in the far west of a time zone, where the sun rises and sets at least an hour later than on the eastern side. Chronobiology research shows that longer evening light can keep people up later and that, as Gentry found, morning darkness can make it harder to get going for work or school. Western-edge folks may suffer more deadly car wrecks, the team theorized, because they are commuting in the dark while sleep deprived and not fully alert.

I, for one, have always hated DST. We need year-round standard time, and those members of Congress who have voted for DST owe us an apology.

#summer-time #daylight-saving-time #dst #standard-time #human-health #safety

The science behind why people hate Daylight Saving Time so much

Can we use research and policy to change (or not change) the clocks for the last time?

https://infosec.exchange/@Lockdownyourlife/111976765284453163 Lockdownyourlife@infosec.exchange - If you're thinking about browsing more safely, DuckDuckGo for web searches, VPN (Mullvad, Proton are options), uBlock for ad blocking, Mullvad browser or Firefox (for now) to prevent most tracking.

Nothing's perfect, but these combined work right now.

#safety #privacy #security #OSINT #opsec #harassment #stalking #contentcreator #tech #infosec

Car Driving Simulators for Students, or: When Simulators Make Sense

#featured #interest #originalart #transportationhacks #drivingsimulator #flightsimulator #learning #safety #simulator #hackaday
posted by pod_feeder_v2

Car Driving Simulators For Students, Or: When Simulators Make Sense

There are many benefits to learning to fly an airplane, drive a racing car, or operate some complex piece of machinery. Ideally, you’d do so in a perfectly safe environment, even when the ins…

#travel

#safety

(https://www.usatoday.com/story/travel/2024/02/18/travel-to-us-down-gun-violence-fears/72608745007/?utm_source=flipboard&utm_content=USAToday%2Fmagazine%2FTop+Stories)

Why some travelers are skipping the US: 'You guys are not afraid of this?'

Reuters documented at least 600 previously unreported workplace injuries at Musk’s rocket company: crushed limbs, amputations, electrocutions, head and eye wounds and one death since 2014. SpaceX has been fined a mere $50K. NASA declines to comment. These are serious concerns that should warrant the immediate suspension of all SpaceX NASA contracts and the launch of an extensive investigation by NASA, FAA, and OSHA.

https://www.reuters.com/technology/space/musks-spacex-fined-near-amputation-suffered-by-worker-records-show-2024-02-13/

#NASA #Safety

Exclusive: Musk's SpaceX fined after 'near amputation' suffered by worker, records show

U.S. worker safety officials fined Elon Musk’s SpaceX $3,600 this month after an accident at its site in Washington state led to a “near amputation,” according to inspection records reviewed by Reuters.

NeMo Guardrails, the Ultimate Open-Source LLM Security Toolkit | #llms #alignment #security #safety #nemoguardrails

NeMo Guardrails, the Ultimate Open-Source LLM Security Toolkit

Exploring NeMo Guardrails’ practical use cases

How Airplanes Mostly Stopped Flying Into Terrain And Other Safety Improvements

#engineering #featured #transportationhacks #aircrashinvestigation #gps #radar #safety #warning #hackaday
posted by pod_feeder_v2

How Airplanes Mostly Stopped Flying Into Terrain And Other Safety Improvements

We have all heard the statistics on how safe air travel is, with more people dying and getting injured on their way to and from the airport than while traveling by airplane. Things weren’t al…

IAEA chief: Previously removed mines at Zaporizhzhia power plant 'back in place'

The mines which were previously identified by the IAEA team and were removed in November 2023, "are now back in place" in a restricted area inaccessible to operational plant personnel, according to Grossi.

"The presence of mines is inconsistent with the IAEA safety standards," Grossi said.

The plant also lost its immediate back-up power supply to the reactor units for several hours this week, the monitoring mission reported, in the latest incident underlining "persistent nuclear safety and security risks" at the site. The back-up power supply was reportedly restored eight hours later when two other back-up power electrical transformers were put into operation.

https://kyivindependent.com/iaea-chief-previously-removed-mines-at-zaporizhzhia-power-plant-back-in-place/

#RussiaInvadedUkraine #WarCrimes #Nuclear #ZNPP #Zaporizhzhia-Nuclear-PowerPlant #mines #LandMines #NuclearSafety #safety #IAEA #StandWithUkraine

IAEA chief: Previously removed mines at Zaporizhzhia power plant 'back in place'

The monitoring mission of the International Atomic Energy Agency (IAEA) has discovered mines along the perimeter of the Zaporizhzhia Nuclear Power Plant, in a buffer zone between the facility’s internal and external fences, Rafael Grossi, the...

#unions enforce #safety

Boeing wants FAA to exempt MAX 7 from safety rules to get it in the air | The Seattle Times

#politics #corruption #safety #Boeing

https://www.seattletimes.com/business/boeing-aerospace/boeing-wants-faa-to-exempt-max-7-from-safety-rules-to-get-it-in-the-air/

Over pilots' objection, Boeing seeks safety exemption for MAX 7

Boeing asked the FAA to exempt its 737 MAX 7 from certain safety regulations. Without the exemption, an engine anti-ice system defect will keep the jet from being certified.

https://theaircurrent.com/aviation-safety/jal-jcg-a350-airbus-news-analysis/

#aviation #safety

Haneda accident outcome the sum of decades of integrated air safety lessons

A multitude of factors, all threaded together, prevented a larger loss of life in Japan Airlines and Japan Coast Guard collision in Toyko — but lessons will be plentiful.

Scrapping furniture safety regulations will cost dozens of lives a year, warns fire union

Under the current rules – introduced as the Furniture and Furnishings (Fire) (Safety) Regulations 1988 – manufacturers must submit furniture to independent testing on flammability. The regulations are estimated to have saved between 50 and 70 lives per year.

But now the Westminster government has proposed scrapping these rules in favour of a voluntary regime. Consultation on the plans closed earlier this year and ministers are now considering proposals.

The union warned that the government was using the pretext of dealing with lithium batteries and other hazards to launch a dangerous programme of deregulation.

https://www.fbu.org.uk/news/2023/12/22/scrapping-furniture-safety-regulations-will-cost-dozens-lives-year-warns-fire-union

#corruption #ToryCorruption #Capitalism #CapitalismFails #FBU #furniture #safety #FireRegulations #deaths #ToryGreed #flammability #FireSafety #deregulation #DemocracyLost #Dystopia #DystopianUK #UK #UnitedKingdom #ToryScum

Scrapping furniture safety regulations will cost dozens of lives a year, warns fire union

https://www.bitchute.com/video/eI5GLYiX0THK/
Are you tired of the #chaos? The #uncertainty? It seems like the #world has been turned upside down. But what if I told you that this so-called " #new #normal" is not about our #safety, but about something much more #sinister? Let me #unveil the #true #purpose of the new normal.... If you don't already #know.
#WEF ARE BEYOND EVIL AS THEY GRAB ALL THE LOOT
The #Hidden #Agenda - #Think about it

The Hidden Agenda - Think about it

Are you tired of the chaos? The uncertainty? It seems like the world has been turned upside down. But what if I told you that this so-called "new normal" is not about our safety, but about something much more sinister? Let me unveil the true purpose…

Ejector Seats: The Rocket Chairs That Save Lives

#engineering #featured #aircraft #ejectorseat #safety #hackaday
posted by pod_feeder_v2

Ejector Seats: The Rocket Chairs That Save Lives

Once upon a time, escaping an aircraft was a tricky business. You had to unstrap yourself, fling open a heavy glass canopy, and try to wrench yourself out of a small opening without getting smacked…

A 20-year-old #Amazon employee #died at #work. #Indiana issued a $7,000 #fine.

Source: https://www.washingtonpost.com/technology/2023/11/26/amazon-warehouse-death-7000-fine/

After an 11-week investigation, Indiana #safety officials found that Amazon failed to ensure a #workplace “free from recognized hazards that were causing or likely to cause #death” and issued a serious safety citation.

The #penalty? A $7,000 fine, the maximum in Indiana.

This is what happens when you deregulate everything and rely on the self-regulation of the market.

#job #security #economy #politics #fail #humanRights #business #problem #usa

A 20-year-old Amazon employee died at work. Indiana issued a $7,000 fine.

Amazon’s safety record is under unprecedented scrutiny, but state and federal regulators often have limited ability to enforce policies.