#1  
Old 02-14-2020, 05:32 PM
Jinx is offline
Member
 
Join Date: Dec 1999
Location: Lost In Space
Posts: 8,104

Why Is a VPN Secure?


Can a VPN be hacked, and if not, why isn't this technology a silver bullet again hacking? Can you explain to me in basic terms or analogies?
  #2  
Old 02-14-2020, 05:46 PM
friedo's Avatar
friedo is offline
Guest
 
Join Date: May 2000
Location: Las Vegas
Posts: 24,536
A VPN is an encrypted tunnel between your computer and some other network. Can it be hacked? It depends on what you mean by "it." Your computer can be compromised, which renders a VPN connection moot since it protects data only when it transit. Your password or private key for the VPN can be stolen. The remote network that the VPN connects to can be operated by bad guys. Some badly-configured node on the remote network can be compromised and used to sniff traffic after it's been decrypted.

A VPN is one tool out of many for dealing with potential security threats. There's nothing magical about it.
  #3  
Old 02-14-2020, 05:57 PM
Squink is offline
Guest
 
Join Date: Oct 2000
Location: Yes
Posts: 20,538
Rather than sending out my address all over the web, I send out some anonymous address from Chicago, or tel Aviv that thousands of others are also sending their anonymyzed addresses out from. You do need to be careful in choosing a vpn service, as they keep varying amounts of info on your wanderings. Far from all vpn providers are reputable, so it pays to do a little research. Remember the old saw, if it is free, YOU are the product.
  #4  
Old 02-14-2020, 06:09 PM
slash2k is offline
Guest
 
Join Date: Feb 2014
Posts: 2,690
Also note that a VPN's security is no better than the encryption algorithm chosen (and may be worse). Mathematically, it is possible to create algorithms that would take an NSA-level supercomputer millions of years to decrypt, but in practice decisions have to be made balancing speed and secrecy, and it is possible that some of the common algorithms have "back doors" or deliberate weaknesses. For example, it came out recently that the CIA owns an encryption company (jointly with their German counterpart).
  #5  
Old 02-14-2020, 06:22 PM
Mind's Eye, Watering is offline
Guest
 
Join Date: Jun 2009
Posts: 1,555
In fiction, I've read that multiple VPNs could be used in a chain to add additional difficulty (usually to NSA, CIA, etc.) in tracking the source of the data. Is that purely fiction?
  #6  
Old 02-14-2020, 07:20 PM
DPRK is offline
Guest
 
Join Date: May 2016
Posts: 4,548
Quote:
Originally Posted by Mind's Eye, Watering View Post
In fiction, I've read that multiple VPNs could be used in a chain to add additional difficulty (usually to NSA, CIA, etc.) in tracking the source of the data. Is that purely fiction?
This sounds like a variant of "onion/garlic/mix routing", which is supposed to increase your security under certain assumptions. For instance, maybe at least one VPN in your chain is a mysterious black box where the internal network traffic is opaque to the attacker.
  #7  
Old 02-14-2020, 08:07 PM
Defensive Indifference is offline
Guest
 
Join Date: Jul 2007
Location: St. Louis, MO
Posts: 7,579
To add to what others have said, a VPN protects your privacy, not your security from threats like malware. It makes it really difficult for someone to intercept your communications or to pinpoint your physical location, but a VPN by itself doesn't block malware or other attacks

Also note that there are anonymizing VPNs (which we're talking about here) and corporate VPNs, which allow remote users to connect to a central network.(like allowing distributed employees to connect to the HQ network). The technology is pretty much the same. but the use case is different.
  #8  
Old 02-15-2020, 09:05 AM
md2000 is offline
Guest
 
Join Date: Feb 2009
Posts: 15,413
Quote:
Originally Posted by Mind's Eye, Watering View Post
In fiction, I've read that multiple VPNs could be used in a chain to add additional difficulty (usually to NSA, CIA, etc.) in tracking the source of the data. Is that purely fiction?
This brings us back to the important questions: "how badly do they want to know, how much resources do they have, and what starting guesses do they have?"

Since way back when, the warning has always been that communications can be listened to and decrypted. However, I have yet to hear of any significant hacks using information passing through the outside networks, unless it's some group with unlimited resources like the NSA. For Joe Hacker, it's a lot easier to get established inside either the source or the destination.

A VPN is like a second router. If you have several computers behind your home router and surf normally, it is difficult for someone at the other end to tell which computer is which on the web - they all come from the same IP address. (OK, they can tell from things like which version of browser you use, cookies they stuck there earlier, what version of Java, etc.) With a VPN, you send your data packets to the VPN company, and it sends them out on the web using it's address in New York or London or wherever. Plus, you are combined with thousands of others using the same VPN, so it's harder to sort them out.

The HTTPS and similar encrypted protocols need a critical data and/or some clever tricks and are supposedly hack-proof to the typical hacker. (I have yet to hear of anyone successfully faking certificates even) Typically, these protocols can be hacked because there's a flaw, and upgrades fix the flaws.

If you are the NSA, then you can (maybe) monitor a VPN's complete input and output and match things up - when a flow come from Joe's home address to the VPN in-point in Berkley, a similar volume of data comes out the VPN endpoint in Seattle. Since all data starts with source and end IP's, now they got you. Or they could be watching you and determine which VPN in-point you send to and start watching the out-points. Again, all this mixed up with thousands of others using the same service, so not a slam-dunk.

The other protection is that possibly, your home router has a flaw that lets hackers in - since although theoretically secure most are bought off the shelf, and sometimes not even password is updated, let alone firmware. (Less likely when router is also the cable or phone companies' modem - they can do their own updates remotely.) VPN companies we hope have more powerful up to date firewalls; and don't pass unsolicited traffic to your router, don't tell strange websites your home IP address, and most likely are filtering for known hacks.
  #9  
Old 02-15-2020, 12:21 PM
The Librarian's Avatar
The Librarian is offline
Guest
 
Join Date: May 2002
Location: Delft
Posts: 1,247
Quote:
Originally Posted by Bruce Schneier
There's really no such thing as security in the abstract. Security can only be defined in relation to something else. You're secure from something or against something. (...)

A VPN is a useful extra layer when protecting remote access. It is also useful when you are accessing the internet through dodgy WiFi (anything you don’t own or know the owner of). Or If you do not trust your ISP. Or if you use P2P stuff and live somewhere with draconian copyright enforcement.

For a “normal” user accessing the internet from home a VPN is an extra single point of failure. (I trust my ISP more than most VPN providers)

So: VPNs are imminently useful, if your application requires one. For most people they are unnecessary and do not add “security”.
__________________
Oook!
  #10  
Old 02-15-2020, 01:31 PM
echoreply's Avatar
echoreply is online now
Guest
 
Join Date: Dec 2003
Location: Boulder, CO
Posts: 1,021
Quote:
Originally Posted by The Librarian View Post
(I trust my ISP more than most VPN providers)
Except when your ISP is not trustworthy. For example, I do not trust my mobile provider, AT&T, due to their past use of things like supercookies, that attempt to track all data use across multiple sites. Sure, they still know where my phone is, and how much data I use, but because of my VPN, they do not know what I'm doing with that data. (All of the major mobile providers have done stuff like this, and due to other circumstances AT&T is very inexpensive for me, so switching providers will not change my privacy/security situation, but will cost me more money.)

The primary residential ISP in my area is Comcast, and Comcast residential intercepts standard port 53 DNS requests, regardless of where they're sent, and replies to the requests themselves. I prefer to use a custom DNS for ad blocking purposes, which is not possible on Comcast residential (at least in my area). Therefore I use a VPN when I'm on a Comcast residential connection.

I will soon by hosting a conference at a hotel that uses nanny filters on their guest internet. Because such filters have errors, they have in the past blocked legitimate sites we wanted to access, such as European universities. To route around that, I may run all the data from my network at the conference through my work's non-filtered VPN.
  #11  
Old 02-15-2020, 10:23 PM
Caldazar is offline
Guest
 
Join Date: Aug 2000
Posts: 857
VPN stands for Virtual Private Network. It's a "virtual" private network because the network traffic is carried across a public network, or at least a network that contains machines other than the two communicating computers. To prevent other computers from eavesdropping on the communication, the communication is encrypted. It's like two people having a conversation in a coffee shop by speaking in code; everyone else in the coffee shop can hear the sounds of the conversation, but nobody but the two code-speakers know what the conversation means.

Properly-implemented VPN prevents eavesdropping and modification of the network traffic by unauthorized parties. It does not prevent other attack vectors.

Quote:
Originally Posted by md2000 View Post
The HTTPS and similar encrypted protocols need a critical data and/or some clever tricks and are supposedly hack-proof to the typical hacker. (I have yet to hear of anyone successfully faking certificates even) Typically, these protocols can be hacked because there's a flaw, and upgrades fix the flaws.
The NSA recently announced a flaw in Microsoft's validation of ECC Cryptography that allowed one to spoof certificates that Windows systems would accept ("D'oh"). The vulnerability was patched on January 14, 2020. Not a problem with ECC itself of course, rather Microsoft's implementation of it.
  #12  
Old 02-16-2020, 04:37 PM
The Librarian's Avatar
The Librarian is offline
Guest
 
Join Date: May 2002
Location: Delft
Posts: 1,247
Quote:
Originally Posted by echoreply View Post
Except when your ISP is not trustworthy. For example, I do not trust my mobile provider, AT&T, due to their past use of things like supercookies, that attempt to track all data use across multiple sites. Sure, they still know where my phone is, and how much data I use, but because of my VPN, they do not know what I'm doing with that data. (All of the major mobile providers have done stuff like this, and due to other circumstances AT&T is very inexpensive for me, so switching providers will not change my privacy/security situation, but will cost me more money.)

The primary residential ISP in my area is Comcast, and Comcast residential intercepts standard port 53 DNS requests, regardless of where they're sent, and replies to the requests themselves. I prefer to use a custom DNS for ad blocking purposes, which is not possible on Comcast residential (at least in my area). Therefore I use a VPN when I'm on a Comcast residential connection.

I will soon by hosting a conference at a hotel that uses nanny filters on their guest internet. Because such filters have errors, they have in the past blocked legitimate sites we wanted to access, such as European universities. To route around that, I may run all the data from my network at the conference through my work's non-filtered VPN.
Ah yes, the other important use-case for a VPN is "you live in the USA".
__________________
Oook!
  #13  
Old 02-16-2020, 05:01 PM
BeardOfBees is offline
Guest
 
Join Date: Feb 2019
Posts: 17
What's the best VPN to use?
  #14  
Old 02-16-2020, 05:44 PM
engineer_comp_geek's Avatar
engineer_comp_geek is offline
Robot Mod in Beta Testing
Moderator
 
Join Date: Mar 2001
Location: Pennsylvania
Posts: 26,163
Moderator Note

Quote:
Originally Posted by BeardOfBees View Post
What's the best VPN to use?
That's probably better asked in a separate thread in IMHO.
  #15  
Old 02-17-2020, 11:00 AM
Ruken is offline
Charter Member
 
Join Date: May 2003
Location: DC
Posts: 8,040
I recall some click-bait headlines this week about Iran hacking companies' VPNs.
  #16  
Old 02-17-2020, 11:27 AM
Ruken is offline
Charter Member
 
Join Date: May 2003
Location: DC
Posts: 8,040
Quote:
Originally Posted by Ruken View Post
I recall some click-bait headlines this week about Iran hacking companies' VPNs.
https://www.clearskysec.com/fox-kitten/
  #17  
Old 02-17-2020, 01:37 PM
bardos is offline
Guest
 
Join Date: Feb 2003
Location: Maui
Posts: 992
I have been to several websites which reject a VPN connection. They give you something equivalent to a 404, or simply do not respond. Turn off the VPN you're using and you connect perfectly. Do these websites have a list of VPN networks? How do they know one is connecting with a VPN?
  #18  
Old 02-17-2020, 05:54 PM
BigT's Avatar
BigT is offline
Guest
 
Join Date: Aug 2008
Location: "Hicksville", Ark.
Posts: 37,160
Quote:
Originally Posted by bardos View Post
I have been to several websites which reject a VPN connection. They give you something equivalent to a 404, or simply do not respond. Turn off the VPN you're using and you connect perfectly. Do these websites have a list of VPN networks? How do they know one is connecting with a VPN?
They likely do. And they know by using a list of VPN IP addresses, which are compiled in various ways. The most obvious is just to use the VPN yourself and see which IPs it uses.

That said, my experience is that most sites don't block everything. There's nothing bad about being anonymous and merely reading information. The problem is in logging in using a VPN. And, even then, they may be more concerned with creating new accounts via VPN, rather than someone just using a VPN.

I honestly can't think of a good reason to block read access to a site if you use a VPN, other than just lazily blocking everything to stop logins/sign ups.
  #19  
Old 02-18-2020, 02:48 PM
Sage Rat's Avatar
Sage Rat is offline
Member
 
Join Date: Mar 2004
Location: Howdy
Posts: 22,602
Quote:
Originally Posted by Mind's Eye, Watering View Post
In fiction, I've read that multiple VPNs could be used in a chain to add additional difficulty (usually to NSA, CIA, etc.) in tracking the source of the data. Is that purely fiction?
I would expect that it would depend on which countries and businesses you bounce through. If the US has a good relationship with a country then they might have a deal to issue warrants on the part of the US, or if a company has business in the US, then they might be willing to respond to a warrant for information on what happened in some distant land.

The quality of logs and the duration of those logs being stored would also matter.

Plausibly the NSA has hacked into a variety of telecommunications businesses around the world and are constantly synchronizing their logs and don't need to issue any warrants.

If you use big, established companies in modern countries, the logs will be better and sit around longer. The US might have very expansive deals for data sharing with them. But, on the other hand, they're going to treat your data and privacy with more respect. They're going to make sure that your data is 100% secure right up to the moment that they respond to a warrant and be more secure against the NSA.

If you use small, shoddy businesses in 3rd world countries, they'll be great for you in terms of log duration and legal ease of access to their information. They'll just thumb their nose at the US or have legitimately lost all the information. But, on the other hand, the NSA is more likely to have hacked into them, their own security will be worse, and they're more likely to be scanning their own data for nefarious activities so that they can blackmail you.

Basically, you can't have any good way of knowing what the best path is through the network. But the more layers you add, the greater the odds are that it becomes infeasible for anyone to be able to find their way through to you. Every time they have to do something to resolve one hop in the chain, there's a chance that it will require some time to accomplish and a greater chance that that time loss will allow the logs to be purged for space so that, eventually, the path can't be reconstructed.

But, at that level, your network connection will be so slow and spotty that it might be infeasible for you to do much unless you're willing to spend a few hours trying to load and reload pages to finally get a message through to your drug dealer, successfully.

You'll now, probably, have a secure network but then you run into the problem that everything in security has which is that once you make one thing secure, everyone simply circumvents it. If you add the world's strongest and most pick-lock resistant lock ever invented to your door, the bad guy will simply unscrew the hinges or use a crowbar to strip the screws.

If you evade the NSA, you now have to deal with the problem that the FBI might be watching your drug dealer and tracking every package he sends through the post. 99% of drug dealers on the web might, in fact, simply be FBI agents looking for marks.

My personal recommendation would be that if you want to stay out of jail: Don't do crime.

Last edited by Sage Rat; 02-18-2020 at 02:51 PM.
  #20  
Old 02-18-2020, 03:32 PM
Great Antibob is offline
Guest
 
Join Date: Feb 2003
Posts: 5,509
Quote:
Originally Posted by Sage Rat View Post
My personal recommendation would be that if you want to stay out of jail: Don't do crime.
No need to bring criminality into it.

Several companies (mine included) require the use of a VPN to help protect company information and the information of our clients.

And while it would not be necessary in my case, even the source of information can sometimes be considered privileged information. Even if that's the NSA/CIA/whoever (as long as they don't have a proper warrant). And non-US groups acting legally would have no reason to particularly want the NSA snooping on their communications.

In any event, always attack the weak link. That's usually the end users. Social engineering is probably the most effective way to circumvent security, which is how the 419 scammers continue to do so well.

A VPN should make it harder (hopefully prohibitively so) for others to read our data, but as mentioned above whether or not somebody can tell you are downloading malware doesn't offer any protection from the malware itself.

Last edited by Great Antibob; 02-18-2020 at 03:33 PM.
  #21  
Old 02-18-2020, 04:08 PM
Sage Rat's Avatar
Sage Rat is offline
Member
 
Join Date: Mar 2004
Location: Howdy
Posts: 22,602
As to the title question, and trying to answer that in a non-technical way:

Imagine that the way you sent messages to people was to tell a young lad your message, send him out in the street, with him shouting the message on repeat loudly, for everyone to hear, until he finds some other lad who will take the message and continue on with it, doing the exact same thing. Eventually, after eight or ten shouting lads have retransmitted the message it will get to your recipient.

You would probably like for your recipient to be able to reply to you. So we should note that one part of your message was your own name and address.

So your message, overall, might have looked like:

Sally Milligan of 123 4th Ave E in New York City would like to buy a personal massage device!

And, again, this would have been transmitted through eight to ten shouting lads who are repeating the message continually over the length of the run.

If part of your message is a secret password for how to get into your safe, then it's pretty clear how none of this is a great and wonderful way to do things from a security standpoint.

The internet was, fundamentally, designed by some bored college students and professors to be able to share programmer jokes across universities, not as a medium for secure transmission of financial information. They just went with something that was easy to make and had a lot of redundancy to ensure successful transmission.

Now, nearly everything wrong with the Internet, in terms of security, is solved through the use of something called TLS. It's what your browser uses to decide whether to show a little padlock next to the URL. We're currently trying to get the internet 100% on TLS so that the padlock symbol becomes redundant.

But there are two things that aren't solved by TLS.

1) The lads still carry your address around, shouting it the whole way.
2) Similarly, they shout the address of the place that they're sending the message to.

So, if Sally is buying a personal massage device, that will remain secret. People will simply know that she's exchanging messages with Amazon.com, but won't be able to find out anything else. They can mug the lad and he'll just have a document written in jibberish.

If, on the other hand, Sally is exchanging messages with personalMassageDevices.com, however, then TLS might still largely blow some information.

VPN, essentially, solves this last little bit of privacy violation.

Sort of.

Basically, you sign a deal with a secret network. You'll send shouty lads to the secret network, and they'll be shouting, "I'm from Sally, at 123 4th Ave E! I'm going to the shadowy secret organization who lives in yonder warehouse!"

Everyone will know that, but if they mug the shouty lads, they'll just find a piece of paper on him that's written in jibberish.

The shadowy organization has stealth submarines that can't be traced that route messages arround to their various warehouses around the world.

From the warehouses, shouty lads will emerge, saying "I'm from the secret organization! I'm going to personalMassageDevices.com!"

But there will be no mention of Sally nor where she lives. The shadow organization knows that information, but anyone not in the organization is out of luck.

Some time later, Sally will get a jibberish letter that she knows how to decode from the secret network.

Now if the secret network only connects to personal massage devices once per day and they only start doing that when Sally starts operating through them, they stop when she stops being a customer, and that only ever connect when Sally is actively interacting with them, then it may be possible to infer what she's doing. But you're basically relying on statistics, not definitive proof. And anything short of that scenario and you're not going to have any idea what's going on, by watching Sally and the secret network.

That is, unless the secret network is corrupt, poorly managed, was a front for the people you wanted to avoid, or have been compromised.
  #22  
Old 02-18-2020, 04:15 PM
Atamasama's Avatar
Atamasama is offline
Member
 
Join Date: Sep 2009
Posts: 5,196
Quote:
Originally Posted by BigT View Post
They likely do. And they know by using a list of VPN IP addresses, which are compiled in various ways. The most obvious is just to use the VPN yourself and see which IPs it uses.

That said, my experience is that most sites don't block everything. There's nothing bad about being anonymous and merely reading information. The problem is in logging in using a VPN. And, even then, they may be more concerned with creating new accounts via VPN, rather than someone just using a VPN.

I honestly can't think of a good reason to block read access to a site if you use a VPN, other than just lazily blocking everything to stop logins/sign ups.
Wikipedia is an example. You canít edit pages if they detect you have a VPN. From their perspective thatís the equivalent of walking into a bank with a ski mask and long trench coat on. Sure, maybe itís cold outside and you are bundled up for the weather but you sure look like a robber.

But you can still view pages as much as you want.
  #23  
Old 02-18-2020, 04:43 PM
Sage Rat's Avatar
Sage Rat is offline
Member
 
Join Date: Mar 2004
Location: Howdy
Posts: 22,602
Quote:
Originally Posted by Great Antibob View Post
No need to bring criminality into it.
It's difficult to envision a sane reason to use onion routing through multiple VPNs, unless you have a criminal intention. If you aren't doing anything illegal, then that's your protection against warrants, not onion routing, so a single VPN is sufficient.
  #24  
Old 02-18-2020, 04:49 PM
EdelweissPirate is offline
Guest
 
Join Date: Mar 2015
Location: Portland, OR USA
Posts: 755
Quote:
Originally Posted by Great Antibob View Post
Several companies (mine included) require the use of a VPN to help protect company information and the information of our clients.
Any company that doesn’t require a VPN for remote access to their internal network is grossly negligent. Heck, a company like that doesn’t even have an internal network—when the entire internet can access your network, the internet is your network.

I’ve never even heard of a company that did this—and I worked in network security at the turn of the century, when many companies were still coming up to to speed on network security.

ETA: I’m not trying to come down hard on The Great Antibob for that...I just wanted to address what was probably an inadvertent implication that some companies have their internal networks completely exposed to the internet.

Last edited by EdelweissPirate; 02-18-2020 at 04:51 PM. Reason: Clarity
  #25  
Old 02-18-2020, 05:07 PM
Kevbo is offline
Guest
 
Join Date: May 2005
Posts: 5,932
Quote:
Originally Posted by Great Antibob View Post
No need to bring criminality into it.

Several companies (mine included) require the use of a VPN to help protect company information and the information of our clients.
In some cases, use of the VPN or something similar may actually be a legal requirement. HIPPA compliance for healthcare workers accessing patient data from remote sites is one case I am familiar with.
__________________
-Never tell a politician they are a two-bit whore, unless you want to be beaten silly with their bag of quarters.
  #26  
Old 02-18-2020, 05:40 PM
echoreply's Avatar
echoreply is online now
Guest
 
Join Date: Dec 2003
Location: Boulder, CO
Posts: 1,021
Quote:
Originally Posted by Sage Rat View Post
It's difficult to envision a sane reason to use onion routing through multiple VPNs, unless you have a criminal intention. If you aren't doing anything illegal, then that's your protection against warrants, not onion routing, so a single VPN is sufficient.
Now you're getting into repressive regime territory, or other privacy sensitive areas. Onion routing is useful when it is undesirable to show any connection between two endpoints. There are both legitimate and illegitimate reasons for doing that.
  #27  
Old 02-18-2020, 08:55 PM
EdelweissPirate is offline
Guest
 
Join Date: Mar 2015
Location: Portland, OR USA
Posts: 755
Quote:
Originally Posted by Kevbo View Post
In some cases, use of the VPN or something similar may actually be a legal requirement. HIPPA compliance for healthcare workers accessing patient data from remote sites is one case I am familiar with.
See my post immediately above yours. Any company that opened their network to the internet would leak confidential information all over the internet within a matter of hours. And opening your network to the internet is exactly what youíre doing if you allow remote workers to connect without an encrypted tunnel.

Iíve never encountered a company that does thisónot a single one. Iím not a compliance guy, but in general, regs like HIPAA and ITAR tend to specify the end resultóno disclosures of confidential dataóand allow those governed by the regulations to meet the requirements by whatever reasonable means they like.

If HIPAA specified a particular kind of VPN or encryption algorithm and a big exploit came along (like Heartbleed) then health care IT would be obligated to use the specified-but-broken encryption, which is a situation no one wants. Iím generalizing a lot here, but the upshot is that the number of companies not using encrypted tunnels is infinitesimal. Itís not that some industries require VPNs; all industries use them, including ones not subject to the demanding regulations of HIPAA or similar laws.
  #28  
Old 02-18-2020, 11:22 PM
Sage Rat's Avatar
Sage Rat is offline
Member
 
Join Date: Mar 2004
Location: Howdy
Posts: 22,602
Quote:
Originally Posted by echoreply View Post
Now you're getting into repressive regime territory, or other privacy sensitive areas. Onion routing is useful when it is undesirable to show any connection between two endpoints. There are both legitimate and illegitimate reasons for doing that.
Under a repressive regime, yes. I was talking more about Americans.

Though, under a repressive regime, we're still talking criminal activity, even if the criminal activity is things like "saving the lives of the repressed". Į\_(ツ)_/Į
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 01:55 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.

Send questions for Cecil Adams to: cecil@straightdope.com

Send comments about this website to: webmaster@straightdope.com

Terms of Use / Privacy Policy

Advertise on the Straight Dope!
(Your direct line to thousands of the smartest, hippest people on the planet, plus a few total dipsticks.)

Copyright © 2019 STM Reader, LLC.

 
Copyright © 2017