Articles about Vpn

botnet

Bunitu botnet crooks sell your unencrypted VPN traffic for £££

Cyber-crooks behind the Bunitu botnet are selling access to infected proxy bots as a way to cash in from their network. Users (some of whom may themselves be shady types, as explained below) who use certain VPN service providers to protect their privacy are blissfully unaware that back-end systems channel traffic through a …
John Leyden, 11 Aug 2015

A third of iThings open to VPN-hijacking, app-wrecking attacks

A trio of FireEye researchers have reported twin 'app-demolishing' iOS vulnerabilities Apple has partially fixed in its latest update that could wreck core apps such as the App Store and Settings. Researchers Zhaofeng Chen, Tao Wei, Hui Xue, and Yulong Zhang revealed the latest in five so-called Masque attacks that could wreck …
Darren Pauli, 01 Jul 2015

PureVPN calls pure BS on VPN insecurity study

Hong Kong virtual private network provider PureVPN has rejected claims in a study published this week that its service among many other popular providers are open to DNS hijacking and has pushed fixes to shore up security. Research revealed earlier this week ruffled privacy feathers after a five security bods identified that 14 …
Darren Pauli, 03 Jul 2015
Eiffel Tower Shenzhen day

China 'upgrades' Great Firewall. Oh SNAP! There goes VPN access

China's notorious "Great Firewall" is being blamed for widespread reports of virtual private network (VPN) outages in that country. China's Global Times – an English-language subsidiary of the state-run People's Daily – reports that customers of several prominent VPN services based outside the Middle Kingdom have complained that …
Shaun Nichols, 24 Jan 2015

Hackers now popping Cisco VPN portals

Crackers are popping customised Cisco virtual private networks, stealing credentials and spraying malware using a flaw reported by Aussie hacker Alec Stuart-Muirk, the company warns. Organisations running the Cisco Clientless SSL VPN portal in customised configurations risk attack if they do not update to versions released 8 …
Darren Pauli, 20 Feb 2015

Terracotta: The Chinese VPN that hides Beijing's hackers with pwned biz

BlackHat A China-based virtual private network (VPN) provider is powering some of the world's most capable hacking crews by selling infrastructure access stolen from at least 30 hacked businesses, RSA says. The company, which RSA codenamed 'Terracotta VPN', claims to have 1500 mostly-Windows nodes from 300 organisations distributed …
Darren Pauli, 05 Aug 2015

Opera buys mobe friendly VPN app bods SurfEasy

Norway-based Opera Software has set sail across the North Atlantic to acquire Toronto-based VPN-men SurfEasy, for an undisclosed sum. Opera is now producing a suite of applications through which you can "securely" read The Reg on desktop and mobile, and is set to expand its product line to include privacy-management services …
Road closed

VPN users reckon Netflix is blocking them

Netflix is being accused of planning to enforce its terms and conditions by blocking connections from services that bypass geographic blocks. If the reported blocking proves effective, users in nations not served by the media streamer would find themselves stuck with the company's limited local catalogue, rather than continuing …
Google HQ logo. Pic: Bob Dormon

Cloud DNS, VPN, HTTPS load balancing ... Google looks at rivals, thinks: Yeah, we'll do all that

Google has expanded its portfolio of network services, with the aim of ensuring that customers of its cloud infrastructure have responsive, low-latency websites. On Monday, the online ad-slinger announced general availability of Cloud DNS, its managed DNS service. For a monthly fee, Google will handle DNS requests for as many as …
Neil McAllister, 13 Apr 2015
Glorious future of China

Chinese snoops try tracking VPN users with fiendish JSONP trickery

Snoops are exploiting vulnerabilities in China’s most frequented websites to target individuals accessing web content which state censors have deemed hostile. Even users who run VPN connections to access websites that are blocked by China’s censorship technology, often called the Great Firewall (GFW), are potentially being …
John Leyden, 16 Jun 2015

Want to beat Verizon's slow Netflix? Get a VPN

Video Yet another person has stepped forward to claim that Verizon is deliberately throttling Netflix traffic, this time with video evidence. Colin Nederkoorn, CEO of software firm Customer.io, alleged in a personal blog post that his Verizon Fios internet connection in New York slows Netflix traffic to a trickle, but runs at full …
Shaun Nichols, 18 Jul 2014

'Free' VPN Hola is LITERALLY flogging access to users' devices

The VPN service Hola, which claims to have more than 9.7 million users, is now selling its access to users' machines as exit-nodes under the Luminati brand. Described as "the world's largest VPN network", Hola's Luminati brand is advertised as being simple and effective to use: "Route your HTTP, HTTPS or TLS requests to any one …
GCHQ as seen on Google Earth

Chrome OS leaks data to Google before switching on a VPN, says GCHQ

The sexy-named Communications Electronics Security Group (CESG) – the bit of GCHQ that helps Brits protect stuff from foreign spies (never mind Blighty's) – has issued fresh advice for securing BlackBerry OS 10, Android and Chrome OS 32. It also, handily, identifies "significant risks" in the operating systems. The guidelines …
Simon Rockman, 10 Jun 2014

Do you use Hola VPN? You could be part of a DDoS, content theft – or worse

Embattled "free" VPN provider Hola is facing criticism over its practice of turning its users into exit nodes in a paid-for anonymisation service which can easily be used for nefarious activities. Hola's software is also claimed to include "unpatchable" vulnerabilities allowing takeover of user machines. As the Register reported …
Evil Android

Android VPN redirect vuln now spotted lurking in Kitkat 4.4

Israeli researchers who specialise in ferreting out Android vulns have discovered a new flaw in KitKat 4.4 that allows an attacker to redirect secure VPN traffic to a third-party server. Late in 2013, the Ben Gurion University security researchers first discovered ways to persuade Android to leak data sent using VPN software. …
Evil Android

Israeli Android researchers demo VPN vulnerability

The Ben Gurion University security researchers who tangled with Samsung over its KitKat security implementation have posted a follow-up, in which they demonstrate how a malicious app could bypass some VPN protections in Android. Back in December, the university's Cyber Security Labs stated that Samsung's Knox implementation was …
A boat full of Fail

BT finally admits its Home Hub router scuppers some VPN connections

BT has coughed to a crappy glitch with its Home Hub 3A router that is blocking some VPN connections. However, the one-time state monopoly appears to have taken a long time to acknowledge customer gripes, which have been piling up for weeks. BT said it had taken a while to respond to individual complaints because it was …
Kelly Fiveash, 27 Mar 2014

First Lavabit, now CryptoSeal pulls the plug: VPN service axed

VPN service CryptoSeal has followed Lavabit's example and shuttered its consumer service, saying its CryptoSeal Privacy service architecture would make it impossible to comply with a government order without handing over the crypto keys to its entire system. The company, which will continue offering business services, made the …

Apple pulls VPN app, helps censors' job in China

Apple has come under fire in China for kowtowing to Beijing, after withdrawing an app which allowed users to circumvent the Great Firewall. OpenDoor, which markets itself as a browser and helps users circumvent local internet restrictions like a VPN, was pulled from the Chinese version of iTunes without warning in July, …
Phil Muncaster, 04 Oct 2013
Great Wall of China

Japan's free public VPN project tunnels through Great Firewall

Chinese netizens finding it increasingly difficult to bypass the Great Firewall after a recent crackdown on virtual private network (VPN) services have found an unlikely ally in a new public relay VPN service from Japan. The VPN Gate Academic Experiment Project (h/t TechInAsia) was set up by researchers at the Graduate School of …
Phil Muncaster, 12 Mar 2013
Cloud security

CloudBees straddles firewall with VPN connection

Cloud startup CloudBees has launched a technology that lets customers of the developer-oriented cloud connect their sensitive on-premises resources to the company's cloud via VPN. By building hosted OpenVPN into its infrastructure, the Java cloud has been able to launch the service which it says can assuage security concerns and …
Jack Clark, 23 Sep 2013
The Register breaking news

Mastercard and Visa block payments to Swedish VPN firms

Mastercard and Visa have reportedly put a block on payment processing services for some anonymisation and virtual private network (VPN) services. However, the move appears to be restricted to payments made to five consumer-focused VPN and anonymisation services though a single payment processor in Sweden, rather than a more wide …
John Leyden, 04 Jul 2013
The Register breaking news

Deja vote: Iran blocks VPN use ahead of elections

Iranian authorities have blocked the use of most virtual private network (VPNs) to stop people in the country from circumventing the government's internet filter, three months before the country holds its presidential election. "Within the last few days illegal VPN ports in the country have been blocked," Ramezanali Sobhani-Fard …
BBC logo 2012

Heavy VPN users are probably pirates, says BBC

BBC Worldwide, the commercial arm of the BBC that markets its products around the world, has told Australia's government that heavy users of “IP obfuscation tools” are so suspicious that internet service providers (ISPs) should consider them as likely content pirates. The organisation states that case in a submission (PDF) to …
Simon Sharwood, 09 Sep 2014
Great Wall of China

VPN ban makes for nervy times behind Great Firewall

Multinationals and foreign web users based in China to get jittery on Wednesday after pictures began circling the internet which suggested a new clamp down on the use of virtual private networks (VPNs). While VPNs in the Western world are more commonly used to enhance security, for netizens-in-the-know living in the People’s …
Phil Muncaster, 28 Nov 2012

VPNs are so insecure you might as well wear a KICK ME sign

A team of five researchers from universities in London and Rome have identified that 14 of the top commercial virtual private networks in the world leak IP data. Vasile C. Perta, Marco V. Barbera, and Alessandro Mei of Sapienza University of Rome, together with Gareth Tyson, and Hamed Haddadi of the Queen Mary University of …
Darren Pauli, 30 Jun 2015
Android for cars

Disconnect app maker runs to EU to moan about Android

Privacy app maker Disconnect has filed a formal complaint against Google with the European Commission, adding to the Chocolate Factory’s EU competition woes. “Disconnect charges Google with abusing its dominant market position by banning Disconnect’s app, a revolutionary technology that protects users from invisible tracking and …
Jennifer Baker, 02 Jun 2015
Sorry we're closed

Kiwis to farewell 'global mode' browsing

New Zealand ISPs' experiment with bundled VPN services is over: CallPlus has settled a lawsuit by agreeing to axe its Global Mode service on September 1. The on-again, off-again, on-again service let CallPlus customers get around geoblocks by giving them a US IP address, and the country's TV broadcasters were outraged and …

Hola! TV geo-block botters open bug bounties

Smarting from a barrage of criticism for botting its customers, VPN service Hola is hoping a bug bounty program will restore its security credentials. The VPN service was caught turning its 9.7 million users into Luminati exit-nodes. It advertised this service as using customers who downloaded Luminati's TV geo-block smasher …
Darren Pauli, 02 Jun 2015
The Register breaking news

Consumer VPN service could be popular as regional paywalls go up

Consumer VPN firm AnchorFree is touting mobile data cost saving through compression as well as Wi-Fi security as means to gain more users for its software: buts it's likely that many of its users will be more interested in getting around regional media paywalls - or even national government firewalls. David Gorodyansky, chief …
John Leyden, 05 Nov 2012
Bitcoin payphone

'Untraceable' VoIP caller ID-spoofing website accepts Bitcoin

A new VoIP service allows you to hide who you are by being web-based, having no registration checks, allowing you to spoof caller identity, and pay by Bitcoin. Bitphone calls itself the Bitcoin Payphone. As well as taking Bitcoin, the service accepts more than forty other altcoins. Users can pay with a Bitcoin transfer from a …
Simon Rockman, 28 Jul 2015

OpenVPN plugs DoS hole

OpenVPN has patched a denial-of-service vulnerability which authenticated users could trigger by sending malicious packets. The flaw (CVE-2014-8104) is most hurtful to VPN service providers and was reported by researcher Dragana Damjanovic to OpenVPN last month. Maintainers said in an advisory issued this morning that the flaw …
Darren Pauli, 02 Dec 2014
Parliament in the clouds

Parliament wants to splash £6m on network build 'n' run contract

The Houses of Parliament is looking to splash up to £6m on a data network management and support services network. The contract is worth between £3m-£6m over a six year period. The managed services deal will cover maintenance, support, management and monitoring of the Houses of Parliament Network Security Services. That …
Kat Hall, 23 Jul 2015

The content business wants Netflix out of Australia

Debate about copyright and virtual private networks (VPNs) has reached such a pitch in Australia that at least one voice wants a policy that, taken literally, would have the effect of closing down Netflix in this country. I don't mean “stopping Australians from accessing Netflix US via VPNs”, I mean “bye-bye Netflix, go home to …
Panic button

Biometric behavioural profiling: Fighting that password you simply can't change

Security researchers have developed a browser extension that supposedly defeats biometrics based on typing patterns, with the exercise designed, in part, to promote greater awareness about the emerging technology and the privacy risk it might pose. Biometric behavioural profiling allows a site to collect metadata about how a …
John Leyden, 28 Jul 2015
Great Wall of China

China cracks down further on VPNs as censorship intensifies

China's government is cracking down further on the use of virtual private networks to circumnavigate its Great Firewall, as part of the ongoing game of whack-a-mole between censors and an increasingly tech-savvy population. Charlie Smith, co-founder of the censorship in China monitoring site GreatFire.org, said there has been a …
Kat Hall, 03 Jun 2015
Pwned

UK politicos easily pwned on insecure Wi-Fi networks

The well-understood risk of insecure, public Wi-Fi networks has been graphically illustrated with demonstration hacks against three prominent UK politicians. The pen-testing style experiment demonstrates the ease with which email, finance and social networking details can be stolen while using free Wi-Fi in cafes, hotels and …
John Leyden, 09 Jul 2015
BlackBerry Classic QWERTY key smartphone

Have it all: BlackBerry to port crown jewels to iPhone, Android

MWC 2015 At Mobile World Congress, BlackBerry said it will port key client platform features – like its soft keyboard, Universal Search and Hub – to iPhone and Android, and also throw them into its enterprise software bundles. It marks a huge leap along BlackBerry’s transition to a software services company – but CEO John Chen denied the …
Andrew Orlowski, 02 Mar 2015
Suitcase bulging with cash

CloudFlare slurps CryptoSeal

CryptoSeal, which got itself out of the consumer VPN business last year to sidestep the fate of Lavabit, have been snapped up by CloudFlare. The Y Combinator-funded operation shuttered its consumer VPN service because it said complying with a government demand for an individual's data could only be met if it handed over the keys …
Compressed version of Log Jam

'Logjam' crypto bug could be how the NSA cracked VPNs

Updated A team led by Johns Hopkins crypto researcher Matthew Green* thinks they might have an explanation for how the NSA attacked VPN services: flaws in how TLS implements Diffie-Hellman crytography. In what's bound to be the next big branded bug, Green says servers that support 512-key “export-grade” Diffie-Hellman (DH) can be forced …
Google Cloud logo

Google adds Windows Server to Cloud Platform

Google's Cloud Platform has offered any operating system you want, so long as it's Linux. But as of this week you can also run Windows Server in the company's cloud. The company's spinning the addition as a hybrid cloud play, writing that many of its customers “ deploy and operate diverse sets of technologies in mixed Linux …
Simon Sharwood, 15 Jul 2015

China laments 'wild guesses and malicious slurs' on state hacking

Chinese president Xi Jinping visits the USA in September, a visit expected to be afforded all the pomp and ceremony of a top-level bilateral leader's meeting. Other diplomatic protocols are meanwhile being observed, including sniping through the media. In China's case, that means state-owned Xinhua, which quoted Chinese …
Simon Sharwood, 14 Aug 2015

Court flushes VirnetX's $368m check from Apple down the toilet

A US court has dashed a $368m windfall for technology hoarder VirnetX, which successfully sued Apple for patent infringement. The Federal Circuit Court of Appeals in Washington today tore up [PDF] the infringement damages figure given by a jury in a lower court – and sent the case back for reconsideration. A jury in the Eastern …
Shaun Nichols, 16 Sep 2014
Picard Facepalm

Wind turbine blown away by control system vulnerability

It had to happen, we suppose: since even a utility-grade wind turbine might ship with a handy Webby control interface, someone was bound to do it badly. That's what's emerged in a new ICS-CERT advisory: CVE-2015-0985 details how turbines from US manufacturer XZERES allow the user name and password to be retrieved from the …

Tor de farce: NSA fails to decrypt anonymised network

A new round of NSA documents snatched by master blabbermouth Edward Snowden appeared online late on Sunday, revealing spooks' internet security pet hates. The latest dump of PDFs published by Der Spiegel appeared to show what the Five Eyes surveillance buddies – the USA, the UK, Australia, Canada and New Zealand – see as …
Kelly Fiveash, 29 Dec 2014

Blackhats exploiting MacKeeper hole to foist dangerous trojan

Last month's MacKeeper vulnerability is now being exploited in the wild to hijack Apple machines, according to BAE security researcher Sergei Shevchenko. The hacker says criminals are using social engineering to trick users into installing malware capable of exfiltrating data using a then zero-day vulnerability in the notorious …
Darren Pauli, 16 Jun 2015
China censorship

China demands real names online, bans parody accounts and news article comments

From March 1, people in China must reveal their real names before they can join social networks and use other websites – or face cyber-exile. The ban on pseudonyms, plus the removal of reader comments from web articles, is a further crackdown on privacy and freedom of speech in the Middle Kingdom. According to the Cyberspace …
Iain Thomson, 04 Feb 2015

Google offers cheap and easy network hookups with Cloud Interconnect

Google has unveiled Google Cloud Interconnect, a new set of networking options designed to make cloud customers' connections to Google's data centers more reliable and secure. At the Google Cloud Platform Live event in San Francisco, Google cloud product director Greg DeMichille said the Chocolate Factory will offer three …
Neil McAllister, 05 Nov 2014
drone

Spyware-spewing Wi-Fi drone found on Hacking Team, Boeing's to-do list

Leaked emails have exposed plans by Hacking Team and a Boeing subsidiary to deliver spyware via drones for sale to government agencies. The scheme proposed the use of unmanned aerial vehicles (UAVs or drones) to deliver Hacking Team's Remote Control System Galileo spyware via Wi-Fi networks from above. Boeing subsidiary Insitu …
John Leyden, 20 Jul 2015

Insert 'Skeleton Key', unlock Microsoft Active Directory. Simples – hackers

Miscreants have forged a strain of malware which is capable of bypassing authentication on Microsoft Active Directory (AD) systems. Hackers can use arbitrary passwords to authenticate as any corporate user, Dell SecureWorks warns. The malware, dubbed Skeleton Key, is deployed as an in-memory patch on a victim’s AD domain …
John Leyden, 13 Jan 2015