News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers
Business of Tech | Security Flaw 'TunnelVision' Compromises VPN Effectiveness

Security researchers have discovered an exploit called TunnelVision that can render any VPN useless, allowing attackers to snoop on unencrypted traffic and potentially gain valuable data. The researchers suspect that the exploit may have been used for years, and they notified VPN makers about their findings. Fixing the issue is challenging, as removing DHCP support in VPNs would cause connectivity problems, and other proposed fixes still leave room for de-anonymized traffic. 

The vulnerability, assigned CVE-2024-3661, has been available for exploitation since 2002 but has no known cases of active exploitation. Mitigation measures include using network namespaces, configuring VPN clients to deny non-VPN traffic, ignoring DHCP option 121, connecting via personal hotspots or virtual machines, and avoiding untrusted networks. VPN providers are encouraged to enhance client software to block risky DHCP configurations.

The researchers warn that relying on compromised networks with VPNs could have serious consequences, especially for individuals who rely on VPNs for safety, such as journalists and whistleblowers.

Why do we care?

This is a significant problem.  Heads up for infrastructure and security teams to get up to speed and mitigate the problem.  

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories