Call me a cynic, but one thing I have learned from the using the Internet is to double-check, if not triple-check, everything you download. So many downloads have malware, adware, and scripts that perform malicious activities on your computer that it has to be a requirement to thoroughly check a download before it's used.
This point is shown in research posted by Tenable reverse engineer
Jacob Baines, where he shows how a normally harmless VPN configuration file can be used to open a backdoor on a computer that uses it.
OpenVPN configs can execute commands
In
his article, Baines explains how a simple OpenVPN configuration file can be used to execute commands on a computer after a VPN connection is made. This could also attackers to distribute OpenVPN configuration files that automatically execute commands to open backdoors through a reverse shell or perform other unwanted behavior on the computer.
OpenVPN is a popular open-source VPN program that allows you to create secure and encrypted network connection between your computer or device and another network. Due to its popularity, it has been ported to work on a variety of devices, including routers that run DD-WRT. To facilitate this, VPN providers create OpenVPN profiles that can be downloaded and installed in order to easily configure a VPN connection.
.... ...
