No it has not. Validated on Ubuntu 16.04, 18.04, 20.04, 22.04 running CrowdStrike Sensor
nightrunner
Windows Server OSes running CrowdStrike affected too
This VPN protocol usually uses a private key (client) / public key (server) combo that is used to connect through a public IP address (the 2 nodes can’t communicate it without) using the specified TCP or UDP (more often lately) and port to create the VPN tunnel that’s gets established during the handshakes.
There is a whole lot more going on with the process but that’s a high level view. But I have a WireGuard VPN service running on a raspberry pi that I put in a DMZ on my perimeter firewall.
But a port scanner would be able to see that port is open. Make sure you keep your software up to date. Hopefully the software devs of the VPN application is keeping their stuff up to date to avoid any vulnerabilities getting exposed in the code and a backdoor getting created because of it. As long as that doesn’t become an issue, no one will be able to get through without the private key. And those are usually uncrackable in a lifetime with the complexity and length of the key.
So I’m a VMware Horizon Customer / Engineer - I have a specific set of VMware Instant Clone VDIs that I created for a bunch of sales managers for the company I work for. They all use the iPad Pro 12.9s and they love them. They still need access to their green screen and spread sheets from a Windows VDI, so that’s what they have.
From what they report the experience is great. Make sure to use a keyboard with it and a Bluetooth mouse with it. Trust me, it’s worth it.
We do: Firefox, Chrome, or Edge. That’s not the problem.
The problem is with Microsofts new driver we can’t allow users to set the default browser in their VMware Instant Clone using SetUserFTA via Dynamic Environment Manager.
We have 80,000 people that work for my company. That’s not going to happen. Now we have 10,000 VMs running a combination of Ubuntu, Red Hat, Debian, and Centos. But our employees choose the OS they want to run on their own work devices whether it be Linux, MacOS, or Windows and no way is everyone is going to Linux, even if that is my own OS of choice. Especially the C-Level and board member types.
We are using Instant Clones. It’s a non-persistent Virtual Desktop.
We want to give our users the choice and then be able to persist those choices. Not force them to use just one option with a GPO that defines what they have to use.
SetUserFTA and Dynamic Environment Manager allowed it until the last Windows CU came along…
This is horrible. I run several different environments of VMware Instant Clone VDIs and use the SetUserFTA to help a users default browser and other file extension defaults to persist for a user from session to session on a non-persistent VDI. Now it’s broken.
Thanks a lot Microsoft. 😤
Talk less and listen more.
Realize that there is always someone that knows more than you do about any subject. Be humble knowing that you can always learn more.
Tempting to short the stock and say $&@# you Spez!
So I’m not sure if this is the problem affecting your friend, however, RCS messaging uses additional ports rather than just the standard tcp/443 port to send traffic. This port is specifically tcp/5223. If your friend connects to a wireless network that has a firewall that doesn’t have the port open, then the RCS messages will fail to send/receive until they are either connected to their cellular network or a wireless network that doesn’t have that port blocked.
The catch is, if you try to send a message while you are on a network where the traffic isn’t allowed, the RCS message doesn’t attempt to resend right away after changing to a network where the traffic is allowed.
I have a firewall in my house that has very strict rules and I had to enable a firewall policy to allow this traffic to be able to send / receive RCS messages when I was connected to my home’s WiFi. My wife’s company WIFi network has that port blocked so she doesn’t connect to it anymore and RCS works just fine.
If you want to see if this is the case for your friend’s phone, have them use their mobile network while sending / receiving RCS messages to test.