Jump to content

Search the Community

Showing results for tags 'VPN'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

  1. Dear friends, Nowadays our privacy is very important. I am interested to know which VPN service do you use and which is the best according to your opinion. Not to all vpn services are enough secure. Recently, has been discovered that HotSpot Shield in some cases could show your real ip. Have a look here : 1.Android 2. Windows Thanks for your time spent with this poll ! :)
  2. A series of ads created by a New Zealand-based ISP has been rejected by Sky TV on copyright grounds. The ban on the ads, which contain references to a VPN-like service providing access to geo-blocked content such as Netflix, has been decried as "unjustified and petty" by ISP Slingshot. For millions of Internet users around the world the Internet has broken down geographical borders like no other invention in history. Nevertheless, for those looking to consume entertainment online, digital checkpoints still exist in many countries. Restricting content availability to certain ranges of IP addresses, or ‘geo-blocking’ as it’s know, allows content providers to dictate who gets access to films, TV shows and music, at what price, and when. As a result, citizens of countries such as Australia regularly complain that they’re denied content quickly and then charged more for it when it arrives. As expected, however, many citizens choose to break down these borders by using VPNs and proxies, which enable them to access services such as Netflix regardless of their region. Last month, Kiwi ISP Slingshot admitted that its VPN-like ‘Global Mode’ service was actually designed to provide its customers with access to Amazon Prime, Hulu, Netflix US, and BBC iPlayer. Now it appears that the admission will have consequences for Slingshot after a major broadcaster refused to run its ads on copyright grounds. A spokeswoman for Sky TV confirmed to Stuff that a series of advertisements containing references to Slingshot’s Global Mode were rejected by the company. “We are a business that pays people who create television so we are against any form of piracy or the undermining of intellectual property rights,” Sky TV spokeswoman Kirsty Way said. Slingshot general manager Taryn Hamilton decried the move as “unjustified and petty” and said there would be no need for Global Mode if providers would offer content in a timely fashion at a fair price. “When and if local companies manage to finally crack that, then there will be no need for the service. But, until that time, people will use services like Global Mode so that they can see decent TV without having to get a second mortgage,” Hamilton said. Source: TorrentFreak
  3. SlimRock

    Hotspot Shield 3.31

    Hotspot Shield 3.31 Hotspot Shield creates a virtual private network (VPN) between your laptop and the wireless router. Free, Reliable Wi-Fi Security, 100% Security Through a VPN. This impenetrable tunnel prevents snoopers and hackers from viewing your email, instant messages, credit card information or anything else you send over a wireless network. Which means you remain anonymous and protect your privacy. Sure, public Wi-Fi hotspots are great. After all, what would life be without checking your email each morning at your favorite café? But while you’re enjoying your latte and a bagel, some hacker might be accessing your passwords, credit card numbers, sensitive company data and much more. And standard antivirus software won’t protect you. That’s why AnchorFree is pleased to offer Hotspot Shield. Hotspot Shield security software is free to download, employs the latest VPN technology, and is easy to install and use. This security software keeps your Internet connection secure at public hotspots, home or work. Hotspot Shield ensures your private, secure, and anonymous work online! • Secure your web session, data, online shopping, and personal information online with HTTPS encryption. • Protect yourself from identity theft online. • Hide your IP address for your privacy online. • Access all content privately without censorship; bypass firewalls. • Protect yourself from snoopers at Wi-Fi hotspots, hotels, airports, corporate offices. • Works on wireless and wired connections alike. Provides Unlimited Bandwidth. • Works on the PC and the MAC, including new operating systems (Windows 7 and Snow Leopard) Homepage Size: 8.36 MB Download Hotspot Shield Elite Offline Installer Download Hotspot Shield Offline Installer Download Hotspot Shield Online Installer Download Hotspot Shield VPN for Android
  4. NexusG

    Need of Best VPN's

    Anyone suggest me a Good Vpn (Free / Pirated ) which suits my Requirements As follows 1.Free / Pirated 2.Unlimited Speed / Bandwidth / Traffic 3.No Logs (Anonymity) 4.Support for Downloading & Torrenting My ISP : Tikona Digital Networks (TDN) My Server Location : Chennai India Any Suggestions :rolleyes:
  5. WiFi HotSpot VPN - Protecting your internet surfing experience. Protect yourself from hackers on public wifi hotspots. Surf anonymously. Bypass country restrictions. All you need - is to register on the site! Wi-Fi HotSpot VPN secures your internet connection by establishing an encrypted VPN (Virtual Private Network) tunnel between your computer and our servers. Every web request you make is done first by our servers on our public IP addresses, thus also hiding your IP address information, then encrypted and sent back to your browser - blocking any attempts from hackers to intercept your information. Is it secure?Yes! Your VPN connection is always encrypted by AES encryption. Does it hide my IP address?Yes! Every web request you make is hidden by our IP address. Does it make me anonymous?Yes! Every web request you make is first done by our servers then encrypted and sent back to you. How many locations can I connect to?1 Currently we are only supporting one location for beta users. We plan on expanding to 5 more datacenters once we go 100% live. Is the beta free?Yes! You won't pay a penny and we won't collect any credit card information until we go live. How do I get started?Simply signup for the beta by clicking here and follow these steps: Download the Remote Access Server dialer from here.Extract the ZIP file to a directoryDouble click on the dialer and click on "Connect". You will be asked to enter your credentials.You should now be connected to the VPN. Enjoy!Manual Setup To setup the VPN client manually, simply point your PPTP VPN dialer (on Windows, OSX or other operating system) to east.usa.wifihotspotvpn.com. You must route your internet traffic through the tunnel. Unfortunately at the moment we ONLY support the Windows VPN dialer on Windows XP, Vista, 7 and 8. The easiest way to protect your connection.(Now offering VPN servers in New York and Amsterdam!) Malware FreeAll of our applications are 100% free of malware. Check our SiteLock™ badge below for details. Easy to InstallInstalls in just a few minutes with minimal effort for a hassle free installation experience. SecureSafe guard your internet connection with AES encryptions standards. Email SupportRegister to gain access to unlimited email support with our friendly support staff. Homepage
  6. TV networks in Australia are expressing fresh concern that local viewers are 'pirating' Netflix with help from VPN services. Officially unavailable Down Under, Netflix reportedly has up to 200,000 Aussie subscribers who evade geo-blocking mechanisms to happily pay for the service. While Netflix is without doubt a hit service credited for doing something positive in the battle against piracy, it needs to spread its wings even more widely. There is one region in particular that would love to see it arrive on its shores, but probably won’t for some time. Australia is often criticized for its appetite for unauthorized downloading but it’s a country with a better ‘excuse’ than most for engaging in it. Not only is legal content much more expensive than in the US, the region is continually under-served, meaning that locals resort to file-sharing networks for shows such as Game of Thrones and Breaking Bad, turning Australia into a per-head piracy front-runner. Netflix is blocked in Australia, partly because the big US studios have an exclusive deal with media giant News Corp to show content. On the Internet, however, news travels fast. Googling “netflix australia” turns up dozens of articles explaining how to circumvent the Netflix geo-blocking mechanism to (shock, horror) actually PAY to watch Netflix in Australia using VPN services and proxies. Naturally there are no official figures on how many people watch Netflix this way but estimates range from 20,000 up to 200,000 subscribers. Highlighting how the TV networks view these people, an article this morning in News Corp-owned The Australian went as far as labeling subscribers as “pirates”, even though they are paying for the service. “There is concern at local networks about the growing impact of the US company flouting international regulations by accepting payments from Australian credit cards, despite maintaining a geo-block that is easily bypassed by VPN manipulation or spoof IP addresses,” the paper said. But do subscribers deserve to be called pirates when they are showing the clearest possible buying signals? In 2011, then Attorney-General Robert McClelland gave his opinion. “In relation to the use of VPNs by Australians to access services such as Hulu and Netflix, on the limited information provided there does not appear to be an infringement of copyright law in Australia,” McClelland told The Australian, the same News Corp-owned publication now calling Aussie Netflix subscribers “pirates”. But with Netflix not having to go to the expense of setting up in Australia in order to service the region, rivals in the same market area are also feeling uneasy. “The studios have licensed Netflix to distribute content on particular terms in the US and other larger markets, they haven’t licensed Netflix for Australia,” said Quickflix chief executive Stephen Langsford this morning. “I have no doubt that the studios are in discussions with Netflix about VPNs because it is blatantly in breach of terms and Netflix is essentially getting a free ride into Australia.” Quickflix currently has around 100,000 full subscribers so if the highest estimates are to be believed, the company has potentially half the 200,000 “unauthorized” subscribers Netflix already has in Australia. The only real solution to the situation with Netflix, VPNs, piracy and the Australian content problem is to properly service the region with legal video in a timely fashion and at a reasonable price. By now it’s a stuck record, but anything else simply won’t work. Source: TorrentFreak
  7. Read about five most popular and chosen by community as the most secure/trusted VPN Service Providers: Private Internet AccessTorGuardIPVanishDIYCyberGhostThere is a vote as well in order to determine the winner. Source
  8. selesn777

    Platinum Hide IP

    Platinum Hide IP Use Platinum Hide IP, to keep your real IP address hidden, surf anonymously, secure all the protocols on your PC, provide full encryption of your activity while working in Internet, and much more. With Platinum Hide IP, you can surf anonymously, send anonymous messages through any web-mail system, access blocked websites or forums, get protected from any website that wants to monitor your interests and data on a computer to run a spy through your unique IP address, etc. What's more, Platinum Hide IP allows you to choose your fake IP address, for example, in the United States, Britain, France, etc. from the Choose IP Country window. The program works with Internet Explorer, Firefox, Opera, Maxthon, MyIE and is compatible with all types of routers, firewalls, home networks, wireless networks, etc. Main features of Platinum Hide IP: Protects from any site that tries to "monitor" of your preferences or follow you on a unique IP addressHelps avoid the use of your personal information to send spam and other debrisProtects against hackers by hiding IP addresses, as well as information about the operating systemAbility to frequently change IP addresses increases safetyEnable and disable Hide IP as you wish in one clickAllows you to bypass the limitation of the owners of some resources on users from certain countries or geographical regionsUsed with the mail-service to send anonymous lettersWebsite: http://www.platinumhideip.com/ OS: Windows XP / Vista / 7 / 8 Language: English Medicine: Patch Size: 2,84 Mb.
  9. selesn777

    Auto Hide IP

    Auto Hide IP Auto Hide IP - allows you to surf anonymously, change your IP address, and guard against hacker intrusions. Your IP address - your identity and can be used by hackers to break into your computer, steal personal information, or commit other crimes against you. Auto Hide IP allows you to surf anonymously, change your IP address, prevent identity theft, and guard against hacker intrusions, all with the click of a button. Opportunities Auto Hide IP: Protects from any site that tries to "monitor" of your preferences or follow you on a unique IP addressHelps to avoid the use of your personal information to send spam and other debrisProtects against hackers by hiding IP addresses, as well as information about the operating systemAbility to frequently change IP addresses increases safetyEnable and disable Hide IP as you wish in one clickAllows you to bypass the limitation of the owners of some resources on users from certain countries or geographical regionsUse with mail-service to send anonymous lettersWebsite: http://www.autohideip.com/ OS: Windows XP / Vista / 7 / 8 Language: English Medicine: Patch Size: 2,93 Mb.
  10. selesn777

    Hide IP Privacy

    Hide IP Privacy Hide IP Privacy provides you with the most efficient online cloaks for your true IP address to guard your computer against hackers, protect your privacy while surfing the Internet, un-ban yourself from forums or blogs, and More! Why Hide IP Privacy is the best? The Most Simple And EffectiveIt only takes the touch of a finger, then the program will immediately find and acquire a spoof IP for you. Auto IP ChangingFor your web surfing being more free and secure, Hide IP Privacy could automatically change your IP address at any frequency at your will. Compatible With Various Servers And PlatformsSupports Internet Explorer, Firefox, and Opera, and works with Windows 2000/2003/XP/Vista/7. 100% Clean And SafeNo any forms of malware risk. No advertising or spam on our anonymous proxy servers, safe to install and run. Refund GuaranteeIf you are not satisfied with the product, then let us know within 30 days of purchase, and we will give you a full refund. Website: http://www.hideipprivacy.com/ Platform: Windows XP / Vista / 7 / 8 Language: Eng Tablet: Patch Size: 3,09 MB
  11. How To Build Your Own VPN By Alan Henry Even if you have no idea what a VPN is (it’s a Virtual Private Network), the acronym alone conjures visions of corporate firewalls and other relatively boring things, right? While a VPN is a common corporate security tool, it’s also one of the coolest things you can set up for personal use that you have probably never tried. Browsing the web from a cafe can be dangerous, but you know that already. Gaming with friends over the internet is great, but it’s better when it’s just you and your friends, right? Wouldn’t it be nice if you could surf the web anywhere as if you were at home, and game with friends like you were all in the same room? That kind of functionality is at the very heart of a VPN, and we’re going to show you how to set one up. Here’s how to get started. What’s a VPN? A VPN, or Virtual Private Network, is just a network of computers that are all connected securely even though they’re in different locations and all using different connection methods. The biggest benefit to a VPN is that all of the computers on one are securely connected to one another and their traffic encrypted and kept away from prying eyes. Another great benefit to a VPN is that all of the computers on one are effectively on the same network, meaning they can communicate as if they were right next to one another, plugged in to the same router. Photo by cloki (Shutterstock). If security is all you want, sure you can sign up for a free or paid VPN service that will encrypt your traffic only, but why throw your money (and trust your privacy and security) into the hands of a third party when you can roll your own? It’s incredibly easy, and once you have your own personal, private VPN, you can browse securely on any network by leveraging your home internet connection, get a group of friends together for LAN gaming, get access to all of your music and movies from home with ease and more. Why You Should Roll Your Own We’ve often discussed the dangers of using unsecured internet connections at cafes, airports or other public places, especially if you’re planning on doing any browsing or surfing that may be considered private. We’ve warned you of the ubiquitous “Free Public Wi-Fi”, explained how you can stay safe when you do use public networks, and even outlined how to set up your own private VPN with Hamachi. We’re going to build on that second story, where Adam Pash showed us how to set up a proxy and Hamachi to protect ourselves when browsing from public places, and extend Hamachi’s functionality to not just secure surfing, but LAN gaming with friends, secure remote access to your home computers and files when you’re on the road and more. Rolling your own VPN — while ideal for security — also gives you access to your home network at any time, and all of the great things that come with effectively sitting at home using your Wi-Fi there, when you’re actually at home, in a cafe, or across the country. Before You Get Started Hamachi isn’t the only utility that does this — most notably OpenVPN, which is one of our favourite VPN tools. However, for our purposes, Hamachi wins for being the most hands-off, zero-configuration VPN tool to configure. The others aren’t terribly difficult, but Hamachi really is easy to install. Before we get started, there are a few prerequisites that will make this solution work best for you: ◾You have to have an always-on computer at home ◾You don’t trust or don’t want to use third-party VPN services ◾You don’t have an office or school that offers free VPN services If the above sounds about right, and you have a nice sturdy broadband connection at home (remember, when you’re connected to it, you’ll be sending your traffic to your home network and then out again, so you may feel a performance hit by double-hopping) then it’s time to get started. Set Up and Configure Hamachi Hamachi runs on Windows, Mac OS X and Linux, so grab the installer for your OS of choice. It comes in two flavours: a free (for non-commercial use) version that gives us everything we want (the ability to leverage to our home network from anywhere over a secure, encrypted connection), and a paid, managed version that does more than you’d likely ever need. We don’t want to rehash all of the steps that Adam walked through in his post on setting up Hamachi and Privoxy for secure browsing — so here’s the quick version: 1.Download Hamachi 2.Run it. If it’s your first time, click the Blue power button to power it on. 3.Click the Network menu, then select Create a new network, giving your network a name and a good, strong password. 4.Done! After you’ve set up your network on your always-on computer at home, grab your laptop, netbook or any other system you plan to travel with, and install the client there. Instead of creating a new network, this time join the one you created (Network > Join an existing network), using the network name and password you just generated. That’s all there is to it — it really is zero-configuration security. Make a note of that network name and password — you’ll need it again later. Now those two computers can securely access one another from anywhere, and do so as though they’re on the same local network. (You can add as many computers as you want to the network you just created.) Protect Your Web Browsing, Anywhere You Roam Most people use VPNs to protect their browsing when they’re using an unsecured network, like the one at your local library or cafe. With Hamachi, you can turn turn your always-on system at home into a proxy that you can securely browse through when you’re there. We suggest (and help you set up) Privoxy to handle this, and while it takes a little work, once you’re finished, you’re good to go. You’ll effectively be connecting to your home computer, and then asking your home computer to feed you any sites or services you want to access, so your browsing may slow down a bit based on that — but if you have broadband at home and a good connection to the internet from your always-on computer, the slowdown will be worth the added security. The knowledge that you’re largely protected from snooping by people who may be using tools like Firesheep or Faceniff to sniff out your credentials on public networks is a great feeling, and knowing that your connection is secured and encrypted goes a long way towards making it more comfortable to check your email, log in to your social networks, and generally use the web through your proxy when you’re out and about as though you were at home (because, effectively, you are!) Photo by Ed Yourdon. Bring Your Friends In On Private LAN Gaming Secure browsing isn’t the only thing you can do with Hamachi though. Connecting to your home computer with Hamachi puts you on an on-demand mesh network with any other computers connected to the same network, which is ideal if you and your friends want to effectively LAN party it up without lugging your computers to each other’s houses. You have the choice with Hamachi to either give out the network name and password you created earlier, or you can set up a specific network just for your friends to play LAN games together, without forcing you all to try and find slots on a public server or desperately try to find each other in whatever matchmaking service your favourite games offer. Photo by dbgg1979. Every computer in your virtual LAN will have to have Hamachi installed, and they’ll all have to log in to the network with the credentials you supply. One system will have to host the game server (and with most games, it’s best if that system is the most powerful one with the fastest connection to the internet, and ideally one you’re not actually using to play the game) and all of the other systems, including yours, will connect to it as clients. As far as Hamachi is concerned, as long as it’s running in the background of all of those systems, you’re all set. Keep in mind that here too your connection to your friends will be as slow as the slowest system in the group, but again, if you all have broadband you should be fine. Use Hamachi for Zero Configuration Remote Access and Streaming Along with secure browsing, running Hamachi at home while you’re travelling gives you a great way to get access to your files at home without the need for remote desktop tools. If it’s just movies, music or photos you’re looking for, a shared folder on your home computer will do the trick. If you use iTunes, you can use Home Sharing to stream anything in your library at home to the computer you have. That means you can relax in your hotel room across the country and stream the movies you have downloaded to your HTPC, or stream the music you have stored on your home PC, effortlessly, as though you were right there. Photo by myvector (Shutterstock). You may not care about streaming music if you’re already using a cloud-based music service when you’re away from home, but when it comes to movies, TV shows, photos or other media that’s too much for your Dropbox account, using Hamachi when you’re on the go is a great option. Speaking of bandwidth, it’s worth mentioning here that when you stream movies to your PC while connected via Hamachi, you’re limited to your upload speed at home, and you are using bandwidth on your home connection — so if you have an ISP that throttles after a certain bandwidth limit, you may want to exercise some caution. You can also get out from under services like GoToMyPC or even LogMeIn Free, made by the same people who now manage Hamachi. With Hamachi installed and active, you can remote desktop natively or use VNC to connect to any computer on your home network if you want to use it as though you were there, all without worrying about port forwarding or tweaking your router to make sure you can connect from outside of your network. Enjoy the Benefits These uses just scratch the surface of some of the things you can do with a tool like Hamachi. There are caveats, like using bandwidth on your home connection as well as where you are, and the potential slowness that comes with being limited by your upload speed at home, but the benefits of a VPN go past just accessing the files on your home network and connecting to the internet as though you were sitting right there at home. LAN gaming, collaborating on an ad-hoc network with friends or coworkers, secure browsing, they’re all easy to set up once you have your own VPN up and running. What are some of your favourite uses for Hamachi — or your favourite VPN client — beyond simple secure tunnelling? Let us know in the comments below. Source
  12. VPN services are often advertised as tools to get uncensored access to the Internet, but this is not always the case. Ironically, many VPN providers ban BitTorrent traffic on U.S. and U.K. servers over piracy concerns. BitTorrent is a great technology to share large files with a massive audience, but it’s also one of the least private tools for communicating on the Internet. It therefore makes sense for frequent BitTorrent users to use anonymity services such as VPNs and proxies. But those who sign up with a VPN should take a good look at the fine print, as not all VPN providers allow BitTorrent traffic across their entire network. TF is currently compiling our latest overview of logging policies at various VPN providers, and by popular demand we also asked whether these services allow BitTorrent and other file-sharing traffic. The responses received thus far confirm that BitTorrent traffic is not welcome everywhere. While VPN providers often have BitTorrent-friendly servers, many have chosen to block file-sharing traffic on U.S. and U.K. servers. The main reason for these policies is piracy related. VPNs Blocking File-sharing traffic It appears that companies who offer VPN services in the US are often flooded with DMCA notices. This causes issues with the ISPs, as Unspyable explains. “The issue is simply that the U.S. ISPs forward all the DMCA complaints to us. This forces us to deal with them which wastes time and effort, as we do have to send them a response,” Unspyable says. “Since we don’t track anything we have nothing to give them in the response to the DMCA. However, many times that is not sufficient and we have had ISPs shut down our servers several times. This results in having to find new ISPs and the expense of setting up new servers,” the company adds. NexTGenVPN notes that they block file-sharing traffic in the U.S. and U.K. because of bandwidth restrictions. The company also mentions that banning this type of traffic helps them to prevent being flooded with DMCA requests. “The reason is quite simple actually. UK and U.S. are the only two locations where our bandwidth allocation is not really extendable at the moment, and we cannot accommodate massive transfers speeds there. Also, this prevents us from being flooded with DMCA complaints. Not that we really care, but it gets annoying in the end,” NexTGenVPN explains. HideIPVPN doesn’t allow file-sharing traffic on all servers either. The company notes that downloading copyrighted content is prohibited by law in the US, UK and Canada, so has decided to block both legal and unauthorized BitTorrent traffic on these servers. “As you know uploads and downloads of copyrighted content via P2P and torrent networks is considered illegal in the U.S. With that in mind and also the fact that we do not wish to monitor traffic and data exchanged by our users, the simplest solution was to ban such traffic on some servers,” HideIPVPN tells TF. While unauthorized file-sharing is against the law in most countries, rightsholders mostly send their takedown notices to U.S. ISPs. This is one of the main reasons why several VPN providers block BitTorrent traffic there. NordVPN provides a similar explanation. The company currently blocks all file-sharing in several places. “We only allow P2P traffic on servers that are located in the countries where there are no restrictions on the content downloaded via BitTorrent or other file-sharing applications,” NordVPN informed us. File-sharing traffic is a no-go on EarthVPN‘s U.S. servers as well. The company mentions the DMCA as the main reason for this decision. “Torrent and other file-sharing traffic is only allowed on Canada, Panama, Netherlands, Germany, Sweden, Luxembourg and Romania locations as of now due to the DMCA,” the company explains. PureVPN takes it a step further. In addition to blocking file-sharing traffic on their servers in the United Kingdom, United States, Canada, Australia and elsewhere, they also block various torrent sites on these connections. “We have blocked torrents on some of our servers. If users want to use BitTorrent, they can connect to our servers in Turkey, Sweden, Romania, Luxembourg, the Netherlands, Germany (Frankfurt only) or Russia and enjoy P2P/file-sharing there. Non-blocking ISPs Not all VPN providers are blocking file-sharing traffic in the U.S. and elsewhere though. Private Internet Access, for example, prides itself on providing unrestricted access to the Internet on all servers. “We do not discriminate against any kind of traffic/protocol on any of our servers, period. We believe in a free, open, and uncensored internet,” PIA notes. Ipredator, the VPN that was launched by a founder of The Pirate Bay, doesn’t have any file-sharing restrictions either. “Besides filtering SMTP on port 25 we do not impose any restrictions on protocols our users can use on the VPN, quite on the contrary. We believe our role is to provide a net-neutral access,” the company told us. The same is true for BlackVPN, Mullvad, Proxy.sh, VikingVPN and many others. TF’s full report on the BitTorrent and logging policies of several dozen VPN providers will be published next week. Source: TorrentFreak
  13. Hi all, I recently have an issue while using Chrome browser, Google.com doesn't load in Chrome, other sites work fine!, it's not a DNS issue because everything is working fine in Firefox, can someone suggest sth?, thanks in advance Screenshot
  14. Encrypted Internet traffic is surging worldwide according to data published by Canadian broadband management company Sandvine. After the Snowden revelations the bandwidth consumed by encrypted traffic doubled in North America, and in Europe and Latin America the share of encrypted traffic quadrupled. Over the years we have been following various reports on Internet traffic changes, mostly focusing on file-sharing traffic. A new report published by Sandvine this morning sheds light on the most recent developments. As in previous years, the trend is one of BitTorrent losing its share of peak Internet traffic in the U.S. while continuing to grow in Europe. However, there is a far more interesting trend hidden in the report, something which the traffic management company itself appears to have missed entirely. Comparing this year’s data to that of last year reveals that encrypted Internet traffic is booming. The change is most pronounced in Europe where the percentage of encrypted Internet traffic during peak hours quadrupled from a measly 1.47% to 6.10% in a year. Since overall Internet traffic increased as well, the increase is even greater for the absolute bandwidth that’s consumed. Top 10 Peak Period Applications (Europe, Fixed Access) In North America the percentage of encrypted Internet traffic during peak hours increased as well, from 2.29% early last year to 3.80% this year. Keeping in mind that absolute Internet traffic increases between 20% and 40% each year the bandwidth consumed by encrypted traffic doubled in this period. Top 10 Peak Period Applications (North America, Fixed Access) The increase in encrypted traffic is a global phenomenon. In Latin America the share of bandwidth consumed by SSL shot up from 1.80% to 10.37% in a year. Also, a similar pattern emerges on mobile networks, where encrypted traffic is also booming. The changes in encrypted traffic can be directly linked to the surveillance revelations of Edward Snowden. As a result, the number of users of VPN services and other anonymizers increased sharply. In addition, Google and other web services turned on SSL by default. In previous years we revealed a similar trend among BitTorrent users, who increasingly searched for options to hide their download footprints in response to anti-piracy measures. A survey among Pirate Bay users, for example, revealed that 70% utilize a VPN or proxy, or are interested in doing so in the future. It will be interesting to see how these trends develop in the years to come. In any case, it’s clear that Internet services and their users are becoming more aware of their privacy online, which is generally a good development. Source: TorrentFreak
  15. Hotspot Shield VPN 3.40 Elite Edition Hotspot Shield VPN offers you much better security and privacy protection than a web proxy. Hotspot Shield VPN encrypts your internet traffic, and enables you to access any blocked or geo-restricted site wherever you are, and more. Features Benefits of Hotspot Shield VPN Homepage: http://www.hotspotshield.com OS: Windows XP / Vista / 7 / 8 Language: ML Medicine: Crack Size: 10,87 Mb.
  16. Hulu, the largest public movie and TV streaming service in the United States, began blocking VPN users this week. The move is an attempt to prevent "pirates" from overseas from accessing videos without permission, but it is also blocking many legitimate users from surfing the Internet securely. Free and legal streaming services such as Hulu have been proven to slow down piracy rates in the United States. At the same time, however, they also created a new problem. With a relatively cheap VPN subscription, people from all over the world can connect to the site via a U.S.-based IP-address and bypass its geographical restrictions. In an effort to deal with these unauthorized users, Hulu has started to block visitors who access the site through an IP-address that’s linked to a VPN service. This blockade also applies to hundreds of thousands of U.S. citizens. Hulu’s blocklist was implemented this week and currently covers the IP-ranges of all major VPN services. People who try to access the site through one of these IPs are not allowed to view any content on the site, and receive the following notice instead. “Based on your IP-address, we noticed that you are trying to access Hulu through an anonymous proxy tool. Hulu is not currently available outside the U.S. If you’re in the U.S. you’ll need to disable your anonymizer to access videos on Hulu,” the notice reads. Hulu Blocked for VPN users The sudden blockade hasn’t been announced publicly by Hulu, but it’s clear that the service wants to lock out all foreign users. The main reason for this is most likely to please TV networks and movie outlets. Previously, entertainment industry sources in Australia complained bitterly that “VPN-pirates” were hurting their business, as tens of thousands of potential subscribers were using the U.S. version of Netflix. However, the problem with Hulu’s blanket ban on VPN services is that U.S. citizens are forced to give up their privacy as well. They can still watch Hulu, but not securely. TorrentFreak has contacted several providers, who dealt with dozens of complaints on this issue yesterday. VikingVPN was one of the first to notice the change, and TorGuard and Private Internet Access have been dealing with the fallout too. The latter is currently engaged in discussion with Hulu hoping to find a solution. “Private Internet Access exists to protect the privacy of netizens everywhere. Many of our customers leave their Private Internet Access accounts enabled 24/7/365. It is unfortunate that Hulu is blocking VPN service IPs,” Andrew Lee, CEO of Private Internet Access told TF. “We have an existing relationship with Hulu and are reaching out to them directly to see what we can do about fixing this issue,” Lee adds. VikingVPN is disappointed with Hulu’s decision as well, and rightfully points out that the streaming service could at least implement SSL to protect the privacy of its visitors. “We’re upset that our users would have to disconnect from our service in order to access Hulu. We encourage users to remain connected in order to guard their privacy, 24/7. Hulu could mitigate a small portion of this concern if they would at least implement SSL on their website,” VikingVPN’s Micah Greene tells TorrentFreak. TorGuard informs us that not all of their shared IP-addresses have been blocked yet. When this happens, they plan to role out more dedicated IPs which are likely to remain undetected. “In the event of wide-spread IP blocking a quick fix for the problem is to use a dedicated VPN IP. This ensures that no other user on the network has registered an account under that same IP address,” TorGuard’s CEO Ben Van Pelt informs TF. “TorGuard has thousands of dedicated IPs on hand in our US locations and we’ve already seen an increase in purchases for this add-on today,” Van Pelt adds. The above makes it clear that there may be ways to circumvent the Hulu blockade, so U.S. citizens can still keep their VPN connection alive while watching. However, it’s clear that Hulu is taking a stand against foreign “pirates” who use their service without permission. Source: TorrentFreak
  17. Changelog Apr 25th 2014, 12:40pm - Changing the language during an active connection will no longer ask for a connection restart - Opening the settings during an active connection will no longer ask for a connection restart - Copy & paste within textfields is now allowed - Fixed some rarely displayed certificate warnings - The size of the main window is now correctly stored, even when CyberGhost is quitted while the main window is minimized Website: http://www.cyberghostvpn.com/en_us Beta Area: https://community.cyberghostvpn.com/index.php/Board/172-Windows-Beta/ D/L: http://www.cyberghostvpn.com/download/CG_5.0.13.13.exe
  18. Millions of BitTorrent downloaders use proxies or VPN services to protect their privacy. These tools offer anonymity by replacing one's residential IP-address with that of the privacy service. But do they really work? Luckily, there's now an open source tool people can use to test their setup. Every day dozens of millions of people share files using BitTorrent, willingly exposing their IP-addresses to the rest of the world. For those who value their privacy this is a problem, so many sign up with a VPN provider or torrent proxy service. This is fine, but some people then forget to check whether their setup is actually working. While it’s easy enough to test your web IP-address through one of the many IP-checking services, checking the IP-address that’s broadcasted via your torrent client is more complex. There are a few services that offer a “torrent IP check” tool, but for the truly paranoid there’s now an Open Source solution as well. The developer, who goes by the nickname “cbdev”, found most of the existing tools to be somewhat “fishy,” so he coded one for himself and those who want to run their own torrent IP checkers. “I’d rather have something I can control entirely,” cbdev tells TF. “So, I wrote a tool people can install on their own servers, with the added bonus of it using magnet links, so ‘Tracking torrent’ files are required,” he adds. The ipMagnet tool allows BitTorrent users to download a magnet link which they can then load into their BitTorrent client. When the magnet link connects to the tracker, the user’s IP-address will be displayed on the site, alongside a time-stamp and the torrent client version. Alternatively, users can check out the tracker tab in their torrent clients, where the IP-address will be displayed as well. For users who are connected to a VPN, the IP-address should be the same as the one they see in their web browser, and different from the IP-address that’s displayed when the VPN is disconnected. Proxy users, on the other hand, should see a different IP-address than their browser displays, since torrent proxies only work through the torrent client. People are free to use the ipMagnet tool demo here, but are encouraged to run a copy on their own server. The whole project is less than 500 lines of code, so those with basic knowledge of PHP, JavaScript and HTML can verify that it’s not doing anything nefarious. If you’re setting up a copy of your own, feel free to promote it in the comments below. Those who want more tips can read up on how to make a VPN more secure, and which VPN providers and torrent proxies really take anonymity seriously. Source: TorrentFreak
  19. Do you (always) use VPN or other similar services for Torrent Downloading?
  20. Hotspot Shield VPN 3.41 Elite Edition Hotspot Shield VPN offers you much better security and privacy protection than a web proxy. Hotspot Shield VPN encrypts your internet traffic, and enables you to access any blocked or geo-restricted site wherever you are, and more. Features Benefits of Hotspot Shield VPN Homepage: http://www.hotspotshield.com OS: Windows XP / Vista / 7 / 8 Language: ML Medicine: Crack / Patch Size: 10,87 Mb.
  21. The world's most trusted free VPN with over 200 million downloads. Built by AnchorFree™. Try it now for FREE!Access media, video and messaging apps from around the world | Unblock social networks | Keep your mobile activities safe & private | Enjoy unlimited VPN bandwidth Hotspot Shield VPN for Android offers Wi-Fi security, Internet & online privacy, as well as access to blocked content & apps such as Facebook, Netflix, BBC, Skype and YouTube. Activate with 1 simple click, then you’re safe. FEATURES * AutoShield: Detects unsecured Wi-Fi to automatically enable HTTPS protection, as well as it automatically unblocks content when you access certain apps or sites. At other times, the VPN is kept off (currently, this feature is available for part of users only) * Full protection: Encrypts traffic in and out from your device for ultimate privacy * Secure your Wi-Fi connections with banking-level HTTPS encryption; your Wi-Fi network can be vulnerable even if the device is secure * Prevent hackers from stealing your private information * Mask your IP address to browse the web privately & anonymously * Switch countries with ease; dedicated servers in US, UK and Japan * Unblock websites or apps such as Facebook, YouTube, BBC, Netflix and Hulu at work, school, while traveling or even through airplane Wi-Fi spots * Give unrestricted access to mobile VOIP and messaging services such as Skype and Viber around the world * Works like a proxy but with richer functionality PS: This app has popup advertisements. Use Lucky Patcher to remove ads. More Info:https://play.google.com/store/apps/details?id=hotspotshield.android.vpn Download: http://www.tusfiles.net/fips4odbqyov http://www.indishare.com/ogp2d5t0x00i
  22. Requirements: 4.0.3 and up, Overview: FAST VPN for Android, full PRO version of Hideninja VPN. Protect your privacy online, unblock sites wherever you are. Safe and private browsing, protect your identity and IP. Know more benefits from installing Hideninja VPN ★ Protect yourself from sniffing and cracking while using Wi-Fi hotspots ★ Unblock all sites and apps restricted in your local area (school, cafe, geographically restricted) ★ Protect your private data, identity and credentials from tracking and theft WORKS WITHOUT ROOT ACCESS and AD FREE HIDENINJA VPN PRO ADVANTAGES ★ More VPN servers in different countries (USA, UK, Netherlands, Germany, France and so on) ★ Autoconnect when Wi-Fi is On setting ★ Autoconnect when 3G/LTE/GSM is On setting ★ Autoconnect at Android startup setting ★ 100% unblocked Facebook, Skype, YouTube, Twitter, Flickr, Netflix, Hulu, Pandora, VoIP and other services wherever you are What's New Increased stability of the application Update: It's reportedly working "only" on a few devices. More Info: https://play.google.com/store/apps/details?id=com.hideninja.vpn Download: http://www.tusfiles.net/5kpukbapjuwy http://www.indishare.com/qzyqgde8xn8s
  23. VPN services operate in an industry that has security and trust as its hallmarks. So when a major security threat such as Heartbleed is revealed, they should be among the first to address the issue. TorrentFreak reached out to several popular VPN services to find out how they responded to Heartbleed. A month has passed since the Heartbleed security bug was first disclosed. At that time, hundreds of thousands of “secure” webservers were at risk of leaking personal information, including many popular websites. Heartbleed is a bug in the open-source OpenSSL library that allows outsiders to read and dump encrypted data. When it was first made public it caused widespread panic with many experts describing it as “catastrophic.” Among the affected services were a great number of VPN providers. At least momentarily, users of those affected services risked having their passwords and usernames intercepted, as well as other data they sent over a secure connection. Perhaps even more worrying, successful hackers could have gotten their hands on private keys and certificates of VPN servers. For network adminstrators this was nearly undetectable before the bug was disclosed, and with the information the hacker could potentially decrypt users’ traffic. With the keys and certificates in hand, hackers can still target live sessions of individual VPN users after the OpenSSL vulnerabilities are patched. That is, in cases where OpenVPN is used without ephemeral keys. While not everyone agrees on the likelihood that these exploits are being used in the wild, they certainly are possible. For this reason, it’s important for VPN providers to take several steps. To the best of our knowledge the most crucial ones are the following: Update all vulnerable software components using OpenSSL (if statically linked) or OpenSSL itself.Replace all SSL certificates for all affected components and properly revoke the old certificatesGenerate new private keys for all affected components.TorrentFreak inquired among the companies listed in our VPN provider overview to see how they responded to Heartbleed, and how this was communicated to their users. They all agreed that Heartbleed posed a significant threat but the countermeasures, posted at the bottom of this article, vary from provider to provider. As for the future, more should be done to prevent these critical bugs from putting millions of Internet users at risk. Heartbleed has shown that more in-depth peer reviews are needed to ensure that critical infrastructure software such as OpenSSL is built on clean and secure code. In addition, it might not be a bad idea to move away from the OpenSSL monoculture, and look at alternative such as PolarSSL, LibreSSL, or GnuTLS. Of course, these alternatives have to be carefully reviewed as well. — Below is the list of responses we received from various VPN providers, between April 22 and early May. The fact that these answers are posted here is not an endorsement, nor is it an indication that the steps taken were the rights ones. That’s not up to us to judge, we merely strive to get as much information out to the public as possible. All VPN services answered the following questions. 1. What steps has your company taken in response to Heartbleed? 2. In your opinion, what were the risks users faced before these steps were taken? 3. How did you communicate the above to your users? — Private Internet Access 1. Heartbleed was an eye opener which helped to make the public more aware of the insecurities that exist in un-audited code. Regardless of being open or closed source, there will always be insecurities in systems. However, the best that companies can do is to strive to achieve 100% security. In our case, when the Heartbleed exploit was announced, we reacted immediately. It was publicly disclosed at or about UTC 19:00:00 on April 7, 2014. We patched our VPN gateways within 4 hours at or about UTC 23:17:15 on April 7, 2014 by upgrading our OpenSSL libraries to version 1.0.1g from 1.0.1f. Our website was not exploitable given that we use a hardware load balancer that is not using a vulnerable version of OpenSSL. Immediately after patching our VPN gateways, we then setup a non-production gateway that we attempted to exploit using the Heartbleed exploit POCs (proof of concepts). While it was recently announced that OpenVPN is exploitable, it is our best belief that our private keys were never leaked given that we have systems in place that make the exploitation of our servers very unlikely. That being said, within 24 hours we are rolling out updates to our clients as well, even though it is highly unlikely that our keys were ever leaked. 2. The likeliness of our gateways being exploited prior to us rolling out these patches are extremely low. However, as stated earlier, at Private Internet Access, we strive to achieve 100% security, so we went through the motions as it is our policy to do so in best practice. 3. We waited to announce anything to our users until we were 100% certain of everything we were stating. That said, we posted on our blog after we performed our patches. Additionally, we will be sending out a mass e-mail within 24 hours to our clients as certain users (DD-WRT, stock OpenVPN, etc.) will need to manually apply updates in order to connect to our service. TorGuard 1. Upon hearing of the OpenSSL vulnerability our staff took immediate action to preserve the integrity and security of TorGuard services. This included a full audit of our VPN network, software, and websites. All VPN servers have now been updated to a non vulnerable version of OpenSSL and these new connections have been automatically downloaded in all TG VPN clients. TorGuard’s Pro VPN client software has also been updated to the latest patched OpenVPN version and pushed to all users. Our company’s website infrastructure, client area, and email services were not vulnerable even in the months prior when this bug was out in the wild. 2. While the threats posed by the OpenSSL HeartBleed vulnerability are wide reaching and potentially very serious, our team can confidently say this development had no impact on the security of TorGuard’s users. Rest assured, we won’t let your heart bleed. 3. TorGuard posted the findings of the network audit on our blog and immediately emailed all clients a direct link. Ipredator 1. Once the vulnerability was made public we instantly started to patch all affected systems. This particular bug was present on our IPv6 VPN machines, a subset of the IPv4 VPN servers that were using OpenSSL 1.0.1 and all of our external SSL services like the website, the tor exit node, or jabber server. After the upgrade to the latest OpenSSL version was finished we decided to replace the private keys from all affected components because the confidentiality of those keys could not be guaranteed anymore. The window of opportunity for an attacker who had this bug as a 0day up his/her/its sleeve was simply too long. Due to the nature of the bug it is very difficult to say retrospectively if it was used to gain access to possibly sensitive memory contents of the affected machines. Since we had to replace all affected VPN server certificates we decided to deploy a new key management scheme for those machines. Each OpenVPN instance now uses one time private keys, cert and DH keys that are cycled on process restart. In the same way we have seen the emergence of special purpose hardware for Bitcoin mining we should also assume that the entities that have the means to compromise cryptography also possess special hardware to deal with encryption. As an additional precaution against this scenario we deployed server and DH keys with variable lengths instead of sticking to the “well known” lengths/constants of 2048 and 4096 bit. We are still working on making sure that all OpenSSL 1.0.1 components support the EC curve 25519 from DJB since any EC constants put forth by the NIST (or NSA) should be considered compromised. 2. Total exposure. 3. Users were informed through the usual channels (Twitter, blog, IRC). Mullvad 1. We upgraded OpenSSL on all servers and client downloads. We created new keys on all servers. We revoked all old keys. We released a new client program with the revocation list that also creates new client keys. For those not using our client program we published new OpenVPN configuration files with the revocation list and new client keys for all users. 2. It was unknown how vulnerable OpenVPN was in practice so we decided to find out by trying to exploit the bug on a test server. We repeatedly succeeded in extracting the server’s private key. These findings were sent in full detail to the OpenVPN team and published in less harmful form e.g. here. The conclusion is that before the fixes above all OpenVPN communication were at risk of decryption by anyone knowing about the bug *at the time*. Due to perfect forward secrecy they can’t be decrypted with a key leaked at a later time. So anyone who did not know about the bug but managed to snatch a key after the bug was published can’t go back and decrypt traffic they may have stored. 3. We put a big red warning banner on our website that is still there and published a news item explaining the situation and urging all users to upgrade. VikingVPN 1. We learned about the vulnerability at 9:17PM CST on April 7th. From that point forward, we did not sleep until the vulnerability was closed and every server was penetration tested against all known forms of the exploit to ensure that the vulnerability was closed. At the time we found out about the vulnerability, there wasn’t even a CVE entry in the database explaining the nature of the vulnerability or the attack. We knew that because of the integration of OpenSSL into the Windows OpenVPN open-source client, and the default builds of OpenSSL installed into almost all distros of Linux/BSD that this was going to be huge. As more information unfolded and the OpenSSL updates hit the verified repositories, we began the patching process on our servers. After the main vulnerability was closed and a rolling restart was issued to the server clusters, we went to work with notifying clients of the bug and advising them to update their clients to current. The servers were patched and confirmed safe by 7:00AM CST on April 8th. This is when we released our transparency post advising our users on the situation, and how they can respond to close the bug client-side. A mass email was sent shortly after advising our clients to read the post, and had instructions on updating their clients. 2. The bug is catastrophic in scale. We avoided disaster by having a very strong security model and not allowing clients to change security settings. During the vulnerable period where the bug was unknown publicly, there was no way for a VPN provider to detect if they were attacked. It is possible that server keys and certs were lost although we have had no evidence of this. Our root CA was not exposed. Our website was unaffected. Our load-balancers were unaffected. The worst case scenario for our security topology is that keys and certs and the tls-auth server key were lost to a nefarious attacker who was subscribed to the service. (because of TLS-Auth, there was no way to exploit heartbleed from outside of the network, only inside). If this were to occur, an attacker could attempt to impersonate a VPN server. In order for the attack to work they would have to take many specific steps to circumvent various load-balancing and routing steps that place during the connection process. We think that this is highly unlikely to have happened, but is not impossible, so we are disclosing it to be as open and transparent as possible. Note that a VPN service that claims zero exposure to Heartbleed is almost certainly lying or has so little knowledge about network security that they should not be in the business. Heartbleed hit everyone, it is a matter of how badly. 3. We responded publicly here, and also also had a Heartbleed article here. We also made informational posts to the community at /r/VPN on Reddit and reached out to other VPN services we are close to in order to discuss countermeasures and implementations. We also made an effort to educate the /r/VPN community on proper countermeasures. IVPN 1. We revoked all VPN server certificates and generated new 4096 bit certificates within a few hours of the announcement. We’ve also had our websites EV certificate reissued. Most of our client software was not using a vulnerable version of OpenVPN but where necessary we patched the client software as well. 2. A successful attack could reveal the server’s private key which could be used to impersonate the server in a MITM attack or to passively decrypt the session keys during SSL negotiation. Although we implement tls-auth this doesn’t mitigate the risk substantially since the auth keys are visible to all customers. Its important to understand that a successful attack prior to the announcement would likely only be possible from a very sophisticated and well funded adversary targeting a specific individual. Such adversaries almost certainly continue to possess undisclosed vulnerabilities that they can use to exploit targets. 3. We sent out a tweet immediately after installing the new certificates. We then emailed all our customers with information about the vulnerability and instructions on how to update the client software where required. We also made an infographic to help customers understand what passwords to change on other services. PrivateVPN (was PrivatVPN) 1. Yes, we have updated OpenSSL on both OpenVPN servers and the website. The certificate for the VPN server has been updated as well. 2. Hard to say. Worst case is that information has been leaked when we had the old version of OpenSSL. 3. We posted two updates on our website. tigerVPN 1. We constantly monitor all upstream software providers and keep current with the upgrades they provide. As such, as soon as a fix was made available that would suit our platform as well as our internal security standards, we took all steps necessary to upgrade our systems. Following a routine audit we’ve concluded that none of our critical systems were affected during the period between the public release of the proof of concept and the date at which the necessary fixes were applied. 2. As our systems are being actively monitored there is no reason to believe that our customers were affected by the Heartbleed attack in any way. Since the exploit seems to work on both server software and client software, there is a slight chance that, if some of our users are also using other providers, they would be affected in case a malicious provider – by choice or having been affected themselves – were to attempt to extract information from them. The information – from what we’ve seen in the behavioral analysis of the exploit by various security professionals – that they would be able to obtain would be pertinent only to their specific connection to that provider. Also, from a client’s perspective, running a Windows machine the only service potentially affected by this bug would be OpenVPN as the others are key services provided by Microsoft in the core OS and do not share anything in common with the OpenSSL library. 3. We constantly run security audits, monitor our network and improve TigerVPN. Although the incident was hyped on a big scale, we did a lot of upgrades, fixes and improvements throughout the month. If we would inform our customers about every single time we work on our software or hardware, they’d unsubscribe and report us as spam :-). We understand this is in the nature of our responsibility to pro-actively react to events such as Heartbleed. In case we ever noticed any kind of breach, all our customers would get notified immediately as with a single click. BlackVPN 1. Our website was running an unaffected version of OpenSSL (0.9.8g) however we updated OpenSSL there anyway. Some VPN servers were vulnerable so we updated all servers on April 8th to protect against further attacks. On April 17 we issued new VPN configs with new 4096 bit certificates. We were working on this after we found out about Heartbleed but as soon as it was proven that the bug can be used against OpenVPN we immediately made the new configs + certificates available to everyone. On the VPN server side all the certificates, keys and DH keys have been replaced. 2. It has been proven that Heartbleed can be used to steal the private key and impersonate a VPN server (if the VPN server was running a vulnerable version of OpenSSL). People connecting to what they thought was their real VPN provider could actually be connecting to a fake VPN server or honeypot – although this would take the resources of a powerful government agency or similar. 3. In order to be as open and transparent as possible we started a new blog to warn people of the potential dangers and to update them of the changes we made. We echoed this message on all our social media channels (1, 2), Facebook (1, 2), Google+ and Reddit (1, 2) ) as well as emailing all our current and previous customers (in case a previous customer renewed without being aware that they should update). Anonymizer 1. The website itself was not vulnerable at all, at any time. Our OpenVPN servers though, were changed to a different version of OpenSSL that was vulnerable on 2/27/2014. So, a vulnerability existed on our servers from 2/27/2014 through 4/8/2014, for a total of 39 days. We replaced/regenerated the certs on all clients and servers, since they were potentially exposed, within the day. 2. Small, but of course possible. We use HMAC-based TLS authentication at both ends of the connection, using separate halves of a shared key, as recommended by OpenVPN. This creates a signature of each packet which is attached to the packet. The server drops any packets that are unsigned or incorrectly signed. In the past, this has primarily been used to prevent / slow down a DDoS attack, since the attacker would need to securely hash each packet using the right half of the shared key in the way that the OpenVPN client does. Even with the suggestion from OpenVPN that TLS auth could form a kind of protection against Heartbleed, it isn’t foolproof, given that we have to distribute the key with each client or no one would be able to connect to our servers. As the researcher who created the OpenVPN penetration test earlier this week noted, it wouldn’t be that difficult for a determined hacker to discover the TLS auth key and modify his attack to use it. It does, however, prevent a drive-by attack where we are hit more or less randomly as a VPN services provider. The worst case scenario is that someone obtained our older server private key and was able to decrypt live data and create a man-in-the-middle attack against our users during the 39 days we were using OpenVPN 2.3.2. Account credentials could have been compromised, and the private key could have conceivably been as well. Once we replaced OpenVPN to a non-vulnerable version and the server certificate was replaced, that vector was closed. 3. We sent out an email notice to our customers. BolehVPN When the Heartbleed announcement first broke, on the 7th April, we reviewed our servers and customer portal system and found that they did not utilize the affected OpenSSL versions. When OpenVPN released their patch to fix HeartBleed, we immediately implemented this in our own client and released this on the 10th April 2014. Moving forward, our next client release will use OpenVPN 2.3.3 which we hope to release in the coming week. We are also in the midst of an entire customer portal revamp to improve security and usability which we hope to release in a month or so and are considering a complete reissue of all keys when this is released. The revamp was initiated many months ago and was not as a result of the HeartBleed bug but is in line in our continuing efforts to improve our system’s security. Our OpenVPN implementation implements tls-auth with Perfect Forward Secrecy (PFS) would protect past communications from retrospective decryption so the risk is mitigated. In this scenario an attacker can not attack OpenVPN instances without the TLS-auth key. Our customer portal processing system never used the affected OpenSSL versions and remained with the older OpenSSL 0.9.8. Users may request for a manual regeneration of their keys if they wish to be overly cautious by opening a ticket with us. We sent out an email announcement to all users immediately, as well as a Facebook and Blog post on the 8th April 2014 3.22 PM GMT+8. We then pushed an update to our VPN clients on the 10th April with the patched OpenVPN version as well. NordVPN 1. In a response to Heartbleed, NordVPN has changed private keys for all servers. Also, the main NordVPN’s certificate has been revoked and a new one has been added. Our OpenSSL libraries have been upgraded from version 1.0.1e to a safe 1.0.1g. 2. For users: potential user detail leaks such as user names and passwords, but this is very unlikely as data that malicious people could get was in random locations in a server memory and user details are not kept in the memory for an entire session. For servers: Private SSL certificate keys are used to encrypt and decrypt data communications between user and a VPN server. If anyone could have received a certificate and perform a man in the middle attack, all data which was sent from a VPN server to the user could have been decrypted. 3. The information was constantly shared to our users via our live chat and e-mails. Also the pop-up, an announcement line and the blog records were used to inform the steps we were taking in a response to Heartbleed. Here was the latest blog record about Heartbleed: https://nordvpn.com/blog/heartbleed-vulnerability-has-been-removed/ Proxy.sh 1. When the Heartbleed security news broke, our engineering unit immediately scanned all our servers and upgraded to latest version the few servers (about 4% of our infrastructure) that were using vulnerable versions of OpenSSL. Our team then progressively patched absolutely all our servers in an attempt to enjoy other bugfixes (unrelated to security) accompanied with the successive new versions of OpenSSL. Vulnerable servers were patched within less than one hour and the non-vulnerable ones progressively got all upgraded within 24 hours. We then researched about the implication of this bug and with the security community, we came to the conclusion that it was beyond reasonable doubt, even though most of our servers were non-vulnerable, that a new re-generation of private keys was indeed necessary. Indeed, extraction of private keys on vulnerable servers proved possible. Since re-generating complete new sets of private and public keys undeniably involves a downtime and reconfiguration on user end, we also took this ‘opportunity’ to completely upgrade our encryption scheme, now leading the industry with CBC mode of AES with 256-bit as cipher, hash algorithm of 512-bit SHA (SHA512) and control channel of 4096-bit RSA through TLSv1/SSLv3 and with 256-bit AES, enforced to all customers by default. The latest move does not necessarily respond to Heartbleed, but at least it makes it 100% theoretically impossible that the Heartbleed bug has any implication on the current VPN network, as the latter is using not only new private and public keys, but also completely new encryption algorithms. 2. It is very complex to answer with certainty what truly happened. But basically, a hacker who knew about this security hole before it went public (or within the few minutes between the time the news broke and the time we patched vulnerability), could have hacked the 4% of our servers infected with the vulnerable version of OpenSSL. They could have retrieved our private keys, and thus would potentially be able to decrypt the traffic that has been generated by our services before they have been updated with new private keys. Any service that did not either re-generated new private keys (and offered new certificate files to customers) or upgraded completely its encryption scheme (or optimally having done both), is at risk of being exposed to full decryption because the keys could have been stolen at anytime before the patch was enforced on vulnerable servers, and vulnerability across any network of more than a hundred servers built over the course of several months or years was undeniably present at sporadic levels. Now, factually, only a very close circle of white hat hackers were aware of this security hole and exploiting it in relation to keys vulnerability took us or anyone with security experience several days to figure out (wisely we applied precautionary principle and upgraded the keys well before). That means it would take at least some hours for most experienced hackers to have been able to exploit Heartbleed, hence the keys have had a thin chance of being compromised since the vulnerable servers were patched few minutes after 0day news. 3. We offered a public blog article within less than 24 hours after OpenSSL released new version and Heartbleed bug came out to public. This article can be found here and we explain in it that we successfully updated our OpenSSL software to latest version, even though most of our servers were using non-vulnerable versions of OpenSSL. The upgrade itself started few minutes after the security news broke. Twenty four hours later, we published another article to warn customers that we will be shutting down the entire network for less than 5 minutes (with downtimes of few seconds for each server) as we will be both re-generating new private and public keys, as well as upgrading our cipher and authentification encryption. Seventy eight hours later, we published a final article to explain that the upgrade has now been undertaken and that all users should download again the new configuration and certificate files in order to be able to connect to our network. All these articles were advertised on our Twitter account. Finally, we sent a mass e-mail (the first time in our history) to all our customers to explain again to them that they should download new configuration and certificate files, as well as preferably change their passwords. HideIPVPN 1. We are using Ubuntu on all servers. We have updated all our 12.04 Ubuntu versions next day, we are also using older Ubuntu where we use unaffected OpenSSL version. 2. We think the only risk is that it was possible to steal the username and passwords for the client area. We think that getting these details from the memory would be very complicated. 3. We published an article here. SlickVPN All of the gateway servers were updated to a non-exploitable version of OpenSSL as soon as we heard about the issue, within hours of the initial public notice. We do not believe any of our key information could have been exploited in such a short amount of time, but we’re still planning to re-issue keys with the next client version, which should be updated by this weekend. We are also issuing new .ovpn files on our website. Once the updated client has been issued, we will be creating a blog post informing our clients about the changes.fanon OctaneVPN 1. What steps has your company taken in response to Heartbleed (website, servers etc)? 1. In summary, our website was running on an older server with OpenSSL libraries that pre-dated the introduction of the Heartbleed bug into OpenSSL, so we feel our customer confidential information was not at risk due to Heartbleed. Among our VPN network gateways, many were on a vulnerable version of OpenSSL or a vulnerable build of OpenVPN server. Those that were vulnerable were updated and restarted within hours of the public announcement. Due to the short time between public announcement and our updates, we feel the risk of key disclosure was very small, but as a precaution the next release of Octane OpenVPN client will update the client keys. In addition, this vulnerability in a key internet platform spurred us to consider a number of other scenarios which has resulted in us adding some cool new features and options in our OctaneVPN client which will be released soon. 2. Straight up, this was a serious bug in a major internet platform. The risk and vulnerability is same for all websites and services that relied on OpenSSL for encryption. In general, based on research others have posted, it appears the worst case would be that a private encryption key could be obtained by an untrusted third party. In addition, it appears this would leave no traces. Assuming others were not exploiting the Heartbleed vulnerability before its public announcement, we feel the risk of a private key release was very small due to the short time window between public announcement and us applying patches to our gateway servers. There is no evidence or unusual patterns that would lead us to suspect our gateways were targeted. Our website was not vulnerable to Heartbleed since it was running an older OpenSSL version prior to when the Heartbleed bug first entered the OpenSSL code. Remember, most sensitive web traffic is already encrypted by the end website/browser via SSL before it is encrypted again by a VPN network, so an attacker would need both a VPN private key and also the end website’s private key (say Amazon.com or gmail.com keys) to even start to have a chance. The possibility of obtaining one key through Heartbleed is remote, but doing it for two keys and the correct two keys for a given data packet before those sites were patched or new keys issued is that much harder. 3. How we communicated the above to our users. a) We developed a dedicated web page B) We have worked with individual customers through our support channel to answer specific questions c) Our OctaneVPN client will notify customers automatically as new releases are available d) A comprehensive email will be pushed to customers once the new client features are placed in production IPVanish 1. The Heartbleed bug potentially exposed data being passed over the OpenSSL encryption protocol using TLS extension 15. IPVanish did not and continues not to support the TLS extension 15, meaning all IPVanish users were and are safe from this bug. 2. In addition to our point above, our entire Network Operations team conducted a deep dive to verify and confirm that no steps were needed in response to Heartbleed. We also continue to monitor the situation and will take the necessary steps if and when necessary. 3. We proactively communicated to our users via our homepage, blog, social media handles (including Twitter, Facebook and Google+), and affiliate network, that all IPVanish users have been and continue to be safe from Heartbleed. We additionally notified users that even though IPVanish itself never had a breach of security, we recommend they update their passwords if they use the same credentials across different services. LiquidVPN 1. The first step was taken almost immediately. Our intrusion prevention system was updated with the Heartbleed signature within 2 hours of the announcement. We performed an audit and identified the vulnerable systems. The last vulnerable VPN node was patched at 9:00 AM on 4/7/2014. The affected servers had new keys created from an unaffected CA. We used to use two CA’s. 1 for our shared only server clusters and the 2nd one for our shared, dynamic and modulating server clusters. Our Shared IP CA had their certificates revoked and is no longer used anywhere. We already had a plan in progress to do an overhaul of our OpenVPN configurations that will include a standardized configuration across the three different VPN server builds we use. It includes an update to our network security, lowers our key re-negotiation time from 60 minutes to 30 minutes or less and uses a dedicated offline server purchased recently to serve as our air-gapped CA. When this rolls out we will issue new certificates across the network for the final time. Our webserver was patched later that morning. We requested a new SSL certificate on 4/8/2014 and it was applied on 4/9/2014. We use Viscosity by Sparklabs as our VPN client. As soon as they released their OpenSSL patch it was pushed out to the clients. 2. This was a major vulnerability. No matter how much some providers downplayed it. For LiquidVPN an attacker could have signed up to our service and got their hands on our shared TLS-Auth key. With that in hand they could decipher portions of user VPN session data but every 60 minutes keys are re-negotiated so their access would be limited. Website usernames and passwords could be compromised. Users were susceptible to man in the middle attacks. VPN usernames/passwords could be stolen. 3. We wanted to take a very proactive and transparent approach to this problem. However we had to secure users session data first. So we issued several updates beginning on April 7th. There is a handful of twitter posts they can be found @liquidvpn. Our basic announcements (there were several) can be found on the website. The network status section has more information than the announcements. Finally after everything was secured and our updates were complete we published a blog post. AirVPN As soon as the vulnerability became known to us, between late night of April the 7th and early morning of April the 8th in Italy, we immediately started to get documentation. We began to work on the system minutes after we fully understood the problem and how the buffer over-read could be provoked and exploited. Luckily our setup which involves Perfect Forward Secrecy both with OpenVPN and on the web server and the fact that our VPN servers do not keep any database or other data pertaining to users made the vulnerability not very risky for our VPN users. Most of our VPN servers already were running non-vulnerable OpenSSL branches, as well as the various backend servers (a vital part of our infrastructure). On top of that VPN servers, web server and clients never contact directly backend servers, so we found ourselves in a very favorable situation. Our frontend web servers on the contrary were vulnerable. We proceeded to make sure that OpenSSL version on the VPN servers was not vulnerable, patch OpenSSL in our web sites and revoke the SSL certificate, reboot all the web servers to make sure that no vulnerable in-memory OpenSSL was still loaded, install new key and new SSL certificate on every frontend web server, change internal use keys and certificates, change every administrative password on every server, patch OpenSSL on the couple of VPN servers which ran OpenSSL 1.0.1f and reboot them. We performed attacks against all of our own servers to make sure that the vulnerability was not there. For this we must thank very much external, trusted reviewers who with dedication and passion continuously search for vulnerabilities in our servers and report to us the results – you know who you are, thanks again! All of the above was completed between 11.00 AM and 11.00 PM April the 8th CEST. However, we soon realized that we had to keep into account that the vulnerability is client-side too, so the fact that our servers were “secured” could not be considered sufficient. Therefore we had to face the non-trivial problem to reach and inform our users, which was solved with a “dramatic” decision about a radical upgrade to the system which would have been performed after only a few days. The upgrade would have forced users to get informed because from a certain point in time they could not connect anymore to VPN servers until they upgraded. Under a marketing point of view it appeared as an extremely risky decision, but now that two weeks have passed by we can say that this decision was wise, and anyway it was the right thing to do regardless of any marketing consideration. And it was also a good chance to switch to bigger keys and perform some radical optimizations that we could not perform without disconnecting users for several minutes. About information to the public, we started with a public announcement on April the 8th, as soon as we had clear ideas on what users needed to do. This was linked also through Twitter and Facebook. The post was updated in real time while we were working on the system. The final steps were to renew the users keys. We needed first to find an effective way to “encourage” users to upgrade their systems. We decided to switch to 4096 bit RSA and DH keys, with new certificates, in a precise moment in the future (after just few days), to maximize the probability that when a user was forced to regenerate configurations, keys and certificates, he/she would have been brought more easily to upgrade any possible vulnerable part of his/her system. This was announced here. And we sent via PM and e-mail (to those users who entered a valid e-mail address in their account data) a link to the announcement. At the same time we powered up the customer service for any clarification and to face any possible, massive wave of support requests. Since we do not outsource the customer service we did not need to impart lessons to customer care personnel in order to make them understand the problem, saving us many hours and allowing us to be confident that customers were correctly supported in case of need. Additionally we could count on our competent, supporting and very active community in our forums. VPN.S 1. We have scanned all services and devices, our web servers and OpenVPN server installations do not use the vulnerable version of OpenSSL affected by Heartbleed. The tools we used: OpenVPN: https://github.com/falstaff84/heartbleed_test_openvpn Webserver installations:https://sslabs.com Manual checks were done on all other equipment such as Cisco routers. We have opened a internal review on the possibility of switching our SSL solution to PolarSSL. 2. Risk is only associated with users sharing passwords between VPNsecure accounts on services that were affected. We have advised users to change the password on the account which automatically regenerates the openvpn keys. 3. Facebook notifications were sent out, along with a news article and email. VPN.ac 1. We’ve been very quick addressing the issue, and we started patching everything immediately after the public vulnerability disclosure (Twitter announcement). - First we added a firewall rule to temporarily block and log all Heartbleed probes against our servers, allowing us to run the upgrades and issue new encryption keys while not being exposed - Website’s SSL certificate has been changed and we asked the issuer of the old certificate to revoke it; it was revoked one day later - The upgrade process of all affected servers running the vulnerable OpenSSL libraries was completed and all services restarted in the next few hours - After finishing the updates, we generated new encryption keys for our OpenVPN service and pushed them on all servers - Our Client Software has been updated on April 8 to include the non-vulnerable OpenVPN binaries 2. We don’t believe that the risks our users faced were of high importance until then, but once the vulnerability became public – taking all necessary measures to mitigate the risks and protect our infrastructure was obviously the best thing a responsible company would do. 3. We announced on Twitter minutes after the vulnerability public disclosure that we’re already updating the servers. Once everything was secure on April 8, we issued a detailed statement on our website and it was sent by email to all our customers. Unspyable 1. Our servers operate under versions of Linux that were not affected by this. Our OpenVPN servers use a custom build of OpenVPN that use non affected versions of OpenSSL. We use TLS which also minimizes the risk 2. The risks were minimal, since on the server side nothing was vulnerable. 3. Other than advising customers to upgrade their OpenVPN there was nothing else to be done. Seed4.me 1. Our experts evaluated possible risks, replaced the certificate and published a blog post. 2. Fortunately we are not severely affected. Possible men-in-the-middle attacks, the same as all other websites on the web. VPN services are not affected and we could not expose any private user information. More details are in the blog post. 3. We published a blog post, notified all our followers in Facebook and Twitter, asking to change password for other affected services. There is no need to change passwords for Seed4.Me accounts. Source: TorrentFreak
  • Create New...