"Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering."

Except, oddly, on Android, which doesn't implement the DHCP setting that the attack depends on. The exploit has existed since 2002; we can probably assume that the bad actors that matter already know about it.

I assume we'll see operating system patches relatively quickly. This is not a reason to not use a VPN: in most cases they are still fit for purpose. The worst case scenario would be if users dropped VPNs out of lack of trust. They should not do that. #Technology

[Link]