The PPTP VPN protocol is not secure, try these alternatives instead

Navigation menu

Point-to-Point Tunneling Protocol
If you have a threat model that includes sophisticated adversaries then you may want to consider OpenVPN due to the leaked NSA presentations discussed above. How to upgrade from Ubuntu Especially when comes to Windows based systems. PPTP has been the subject of many security analyses and serious security vulnerabilities have been found in the protocol. Even so, the added security makes a few extra steps worth the trouble.

Alternatives to PPTP

How insecure is PPTP

The Python script used the challenge hashes to create the submission token that we then fed to CloudCracker to get the rest of the NT hash. After we entered our credit card details, the cloud service simply promised to send an email at some point.

Cross-site scripting XSS is one of the biggest problems faced by webmasters. Our associate's discovery that URLs sent through Skype are then visited by Microsoft has caused quite a stir. Service Pack 3 includes numerous enhancements for virtualisation and, by adding Secure Boot support and new drivers, beefs up support for newer hardware. Systemd now takes care of containers and assigning network names. A second SSD caching framework and support for the new Radeons' video decoder are two of the most important enhancements in Linux 3.

The news has been full of talk of spying, whistleblowing and data mining. Systems with Intel graphics will wake from standby faster. The problem of creating funding in a new software business is a major one, and doubly so for open source based companies. Michael Widenius recently described his solution to the problem, "Business Source", claiming it delivers "most of the benefits of open source". Kernel developers have toned down an over-eager feature for protecting against the Samsung UEFI bug and added a function for reducing timer interrupt overhead.

An application's version-controlled source code is stored in the repository. Why not that of the database? Consistent unit testing is a basic quality requirement in modern software rdevelopment.

Mocha is a framework for writing and executing such tests in Node. On 24 February , the Ruby community celebrated the 20th birthday of its programming language. The Linux Mint project has announced "the most ambitious release since the start of the project". Linux Mint 15 promises a focus on the desktop that Ubuntu has been neglecting lately. The Linux kernel is finally able to use SSDs as hard-disk cache. Changes to the network subsystem promise to improve the way server jobs are distributed across multiple processor cores.

For a large number of internet users the current challenge is finding a replacement for Google Reader. TrueCrypt is considered the software of choice for encrypting data. Weakened VPNs Almost two days later. GREv1, call , seq 5, ack 4, length GREv1, call , seq 6, ack 6, length GREv1, call , seq 7, ack 6, length IPsec encryption should be secure, theoretically.

There are some concerns that the NSA could have weakened the standard, but no one knows for sure. Either way, this is a slower solution than OpenVPN. It can be configured to use very secure AES encryption, which is good. Still, this is better to use than PPTP. OpenVPN seems to be the best option. Giorgio Montersino on Flickr. The Best Tech Newsletter Anywhere. Join , subscribers and get a daily digest of news, comics, trivia, reviews, and more.

Windows Mac iPhone Android. Smarthome Office Security Linux. The Best Tech Newsletter Anywhere Join , subscribers and get a daily digest of news, geek trivia, and our feature articles.

CloudCracker self-experimentation

Leave a Reply

PPTP is one of the easiest types of VPN to set up and comes pre-installed on most Windows, Mac OSX, Android, and iOS devices. Not only is it easier, it’s faster than other built-in protocols like L2TP/IPSec, SSTP, and IKEv2. Don’t use PPTP. Point-to-point tunneling protocol is a common protocol because it’s been implemented in Windows in various forms since Windows PPTP has many known security issues, and it’s likely the NSA (and probably other intelligence agencies) are decrypting these supposedly “secure” connections. PPTP is thoroughly broken. At this point nobody who cares in the least about the communications they intend to protect should be using it. And it's not a matter of choosing someone's implementation over another; its most serious flaws are in the protocol design and cannot be fixed.