ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections.
The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating systems and can be exploited against both IPv4 and IPv6 TCP streams. Since the vulnerability does not rely on the VPN technology used, the attack works against widely implemented virtual private network protocols like OpenVPN, WireGuard, IKEv2/IPSec, and more, the researchers confirmed.
A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections.
The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating systems and can be exploited against both IPv4 and IPv6 TCP streams. Since the vulnerability does not rely on the VPN technology used, the attack works against widely implemented virtual private network protocols like OpenVPN, WireGuard, IKEv2/IPSec, and more, the researchers confirmed.
Around 20% of today's top VPN solutions are leaking the customer's IP address via a WebRTC bug known since January 2015, and which apparently some VPN providers have never heard of.
The discovery belongs to Paolo Stagno, a security researcher who goes by the pseudonym of VoidSec, and who recently audited 83 VPN apps on this old WebRTC IP leak.
Stagno says he found that 17 VPN clients were leaking the user's IP address while surfing the web via a browser.
The researcher published his results in a Google Docs spreadsheet. The audit list is incomplete because Stagno didn't have the financial resources to test all commercial VPN clients.
The researcher is now asking the community to test their own VPN clients and send him the results. For this, he set up a demo web page that users must access in their browser with their VPN client enabled. The code running on this page is also available on GitHub, if users want to test the leak locally, without exposing their IP on somebody else's server.
WebRTC leak known since 2015 Stagno's code is based on the WebRTC bug discovered in January 2015 by security researcher Daniel Roesler. Back then, Roesler found that WebRTC STUN servers, which intermediate WebRTC connections, will keep records of the user's public IP address, along with his private IP address, if the client is behind-NAT network, proxy, or VPN client.
The problem was that STUN servers would disclose this information to websites that had already negotiated an WebRTC connection with a user's browser.
Since then, many advertisers and law enforcement agencies have used this WebRTC-related bug to acquire a site's visitor's IP address.
The researcher published his results in a Google Docs spreadsheet. The audit list is incomplete because Stagno didn't have the financial resources to test all commercial VPN clients.
The researcher is now asking the community to test their own VPN clients and send him the results. For this, he set up a demo web page that users must access in their browser with their VPN client enabled. The code running on this page is also available on GitHub, if users want to test the leak locally, without exposing their IP on somebody else's server.
WebRTC leak known since 2015 Stagno's code is based on the WebRTC bug discovered in January 2015 by security researcher Daniel Roesler. Back then, Roesler found that WebRTC STUN servers, which intermediate WebRTC connections, will keep records of the user's public IP address, along with his private IP address, if the client is behind-NAT network, proxy, or VPN client.
The problem was that STUN servers would disclose this information to websites that had already negotiated an WebRTC connection with a user's browser.
Since then, many advertisers and law enforcement agencies have used this WebRTC-related bug to acquire a site's visitor's IP address.
A flaw in Hotspot Shield can expose VPN users, locations The virtual private network says it provides a way to browse the web "anonymously and privately," but a security researcher has released code that could identify users' names and locations.
A security researcher has found a way to identify users of Hotspot Shield, a popular free virtual private network service that promises its users anonymity and privacy.
Hotspot Shield, developed by AnchorFree, has an estimated 500 million users around the world relying on its privacy service. By bouncing a user's internet and browsing traffic through its own encrypted pipes, the service makes it harder for others to identify individual users and eavesdrop on their browsing habits.
But an information disclosure bug in the privacy service results in a leak of user data, such as which country the user is located, and the user's Wi-Fi network name, if connected.
That information leak can be used to narrow down users and their location by correlating Wi-Fi network name with public and readily available data.
"By disclosing information such as Wi-Fi name, an attacker can easily narrow down or pinpoint where the victim is located," said Paulos Yibelo, who found the bug. Combined with knowing the user's country, "you can narrow down a list of places where your victim is located," he said.
ZDNet was able to independently verify Yibelo's findings by using his proof-of-concept code to reveal a user's Wi-Fi network. We tested on several machines and different networks, all with the same result.
VPNs are popular for activists or dissidents in parts of the world where internet access is restricted because of censorship, or heavily monitored by the state, as these services mask a user's IP addresses that can be used to pinpoint a person's real-world location.
Being able to identify a Hotspot Shield user in an authoritarian state could put them at risk!!!
A flaw in Hotspot Shield can expose VPN users, locations The virtual private network says it provides a way to browse the web "anonymously and privately," but a security researcher has released code that could identify users' names and locations.
A security researcher has found a way to identify users of Hotspot Shield, a popular free virtual private network service that promises its users anonymity and privacy.
Hotspot Shield, developed by AnchorFree, has an estimated 500 million users around the world relying on its privacy service. By bouncing a user's internet and browsing traffic through its own encrypted pipes, the service makes it harder for others to identify individual users and eavesdrop on their browsing habits.
But an information disclosure bug in the privacy service results in a leak of user data, such as which country the user is located, and the user's Wi-Fi network name, if connected.
That information leak can be used to narrow down users and their location by correlating Wi-Fi network name with public and readily available data.
"By disclosing information such as Wi-Fi name, an attacker can easily narrow down or pinpoint where the victim is located," said Paulos Yibelo, who found the bug. Combined with knowing the user's country, "you can narrow down a list of places where your victim is located," he said.
ZDNet was able to independently verify Yibelo's findings by using his proof-of-concept code to reveal a user's Wi-Fi network. We tested on several machines and different networks, all with the same result.
VPNs are popular for activists or dissidents in parts of the world where internet access is restricted because of censorship, or heavily monitored by the state, as these services mask a user's IP addresses that can be used to pinpoint a person's real-world location.
Being able to identify a Hotspot Shield user in an authoritarian state could put them at risk!!!
Der Sicherheitsstandard WPA2, der insbesondere zur Verschlüsselung von WLAN-Netzwerken empfohlen wird, ist über kritische Schwachstellen verwundbar. Betroffen sind demnach alle derzeit aktiven WLAN-fähigen Endgeräte in unterschiedlichen Ausprägungen. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) rät dazu, WLAN-Netzwerke bis zur Verfügbarkeit von Sicherheits-Updates nicht für Online-Transaktionen wie Online Banking und Online Shopping oder zur Übertragung anderer sensitiver Daten zu nutzen.
"Nutzen Sie Ihr WLAN-Netzwerk so, als würden Sie sich in ein öffentliches WLAN-Netz einwählen, etwa in Ihrem Lieblings-Café oder am Bahnhof. Verzichten Sie auf das Versenden sensibler Daten oder nutzen Sie dazu einen VPN-Tunnel. Auch das kabelgebundene Surfen ist weiterhin sicher. Unternehmen sollten ihre Mitarbeiter sensibilisieren und geeignete Maßnahmen zur Absicherung ihrer Firmennetzwerke ergreifen. Sicherheitsupdates wurden bereits von verschiedenen Herstellern angekündigt und sollten umgehend durch den Nutzer eingespielt werden, sobald sie zur Verfügung stehen," erklärt Arne Schönbohm, Präsident des BSI.
Der Sicherheitsstandard WPA2, der insbesondere zur Verschlüsselung von WLAN-Netzwerken empfohlen wird, ist über kritische Schwachstellen verwundbar. Betroffen sind demnach alle derzeit aktiven WLAN-fähigen Endgeräte in unterschiedlichen Ausprägungen. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) rät dazu, WLAN-Netzwerke bis zur Verfügbarkeit von Sicherheits-Updates nicht für Online-Transaktionen wie Online Banking und Online Shopping oder zur Übertragung anderer sensitiver Daten zu nutzen.
"Nutzen Sie Ihr WLAN-Netzwerk so, als würden Sie sich in ein öffentliches WLAN-Netz einwählen, etwa in Ihrem Lieblings-Café oder am Bahnhof. Verzichten Sie auf das Versenden sensibler Daten oder nutzen Sie dazu einen VPN-Tunnel. Auch das kabelgebundene Surfen ist weiterhin sicher. Unternehmen sollten ihre Mitarbeiter sensibilisieren und geeignete Maßnahmen zur Absicherung ihrer Firmennetzwerke ergreifen. Sicherheitsupdates wurden bereits von verschiedenen Herstellern angekündigt und sollten umgehend durch den Nutzer eingespielt werden, sobald sie zur Verfügung stehen," erklärt Arne Schönbohm, Präsident des BSI.
Le Wi-Fi n'a pas été conçu pour résister aux défis du XXIe siècle en matière de cyber sécurité. De nombreux experts recommandent donc la prudence lors de son utilisation.
Une bonne nouvelle, toutefois.
En réalité, les internautes ont déjà, depuis de nombreuses années, affaire aux dangers des connexions Wi-Fi non-sécurisées… Mais ils peuvent sécuriser leur réseau en prenant quelques précautions de base. Voici les meilleures façons de se protéger de KrackAttacks ou d’autres menaces ciblant les internautes via leurs connexions Wi-Fi :
Utilisez un VPN
Un VPN (réseau privé virtuel), tel que FREEDOME de F-Secure, chiffre vos données en transit. Il s’agit d’une excellente façon de sécuriser vos informations lorsque vous utilisez le Wi-Fi. Cet outil est même indispensable à votre sécurité lorsque vous utilisez un réseau Wi-Fi public.
Le Wi-Fi n'a pas été conçu pour résister aux défis du XXIe siècle en matière de cyber sécurité. De nombreux experts recommandent donc la prudence lors de son utilisation.
Une bonne nouvelle, toutefois.
En réalité, les internautes ont déjà, depuis de nombreuses années, affaire aux dangers des connexions Wi-Fi non-sécurisées… Mais ils peuvent sécuriser leur réseau en prenant quelques précautions de base. Voici les meilleures façons de se protéger de KrackAttacks ou d’autres menaces ciblant les internautes via leurs connexions Wi-Fi :
Utilisez un VPN
Un VPN (réseau privé virtuel), tel que FREEDOME de F-Secure, chiffre vos données en transit. Il s’agit d’une excellente façon de sécuriser vos informations lorsque vous utilisez le Wi-Fi. Cet outil est même indispensable à votre sécurité lorsque vous utilisez un réseau Wi-Fi public.
Since the US Government has passed the bill that vows to effectively shake up the internet privacy rules, the web users are left with no choice other than doing something on their own to protect their online privacy and keeping their online data safe from the prying eyes. With the emergence of best free VPN services in the market, it’s high time users paid attention to conceal their online privacy from the invaders.
Internet Privacy Rule Repealed
The US House of Representatives has unabashedly repealed the internet privacy law in the US, causing users to become worried about their online security. The repercussions of internet privacy law revocation might not go down well for the users because this revocation allows internet service providers and internet giants to collect, share, or even sell their personal data to other marketing agencies to gain profits.
Since the US Government has passed the bill that vows to effectively shake up the internet privacy rules, the web users are left with no choice other than doing something on their own to protect their online privacy and keeping their online data safe from the prying eyes. With the emergence of best free VPN services in the market, it’s high time users paid attention to conceal their online privacy from the invaders.
Internet Privacy Rule Repealed
The US House of Representatives has unabashedly repealed the internet privacy law in the US, causing users to become worried about their online security. The repercussions of internet privacy law revocation might not go down well for the users because this revocation allows internet service providers and internet giants to collect, share, or even sell their personal data to other marketing agencies to gain profits.
Auf PCs wissen wir inzwischen Bescheid: Kaum jemand geht noch ohne Antiviren-Schutz und Firewall ins Internet. Doch auf dem Smartphone sind die Nutzer wesentlich sorgloser - leider zu Unrecht.
Auf PCs wissen wir inzwischen Bescheid: Kaum jemand geht noch ohne Antiviren-Schutz und Firewall ins Internet. Doch auf dem Smartphone sind die Nutzer wesentlich sorgloser - leider zu Unrecht.
“Know your enemy”, said Sun Tzu in around 500 B.C, although probably not referencing risk management in wireless data transfer. This well-known piece of wisdom does however apply perfectly to avoiding cyber-attacks on public Wi-Fi: the threats you face are invisible to the naked eye, and can be best avoided with awareness of their existence. With that in mind, here are the three most common ways public Wi-Fi can be used maliciously to hijack passwords, drain bank accounts or make someone’s life miserable in any number of ways. Thankfully, it only takes a few easy precautions to avoid them and ensure your surfing is private, secure & carefree.
“Know your enemy”, said Sun Tzu in around 500 B.C, although probably not referencing risk management in wireless data transfer. This well-known piece of wisdom does however apply perfectly to avoiding cyber-attacks on public Wi-Fi: the threats you face are invisible to the naked eye, and can be best avoided with awareness of their existence. With that in mind, here are the three most common ways public Wi-Fi can be used maliciously to hijack passwords, drain bank accounts or make someone’s life miserable in any number of ways. Thankfully, it only takes a few easy precautions to avoid them and ensure your surfing is private, secure & carefree.
Le VPN (virtual private network) est une technologie qui permet aux employés de se connecter à distance et en toute sécurité à leur réseau d'entreprise via l...
Connecting to an open wireless network can be convenient — and it help you avoid data overage fees from your carrier. There’s a dangerous trade-off, however. You’re exchanging security for that convenience and that’s never a good idea in today’s rapidly-evolving threat landscape.
Using a free, unencrypted Wi-Fi network “is an open invitation for bad actors to access your device,” says the Bureau. Hackers “can load malware, steal your passwords and PINs, or even take remote control of your contacts and camera,” the warning continues.
Connecting to an open wireless network can be convenient — and it help you avoid data overage fees from your carrier. There’s a dangerous trade-off, however. You’re exchanging security for that convenience and that’s never a good idea in today’s rapidly-evolving threat landscape.
Using a free, unencrypted Wi-Fi network “is an open invitation for bad actors to access your device,” says the Bureau. Hackers “can load malware, steal your passwords and PINs, or even take remote control of your contacts and camera,” the warning continues.
Besonders datenschutzbewusste Nutzer greifen gerne auf einen VPN-Dienst zurück. Untersuchungen zeigen jedoch immer wieder, dass viele Anbieter die Sicherheit nur vorgaukeln. In Wahrheit werden über die Apps genauso Daten getrackt und übermittelt.
Wie die Sicberheitsexperten von Trend Micro herausgefunden haben wollen, verfügen über ein Drittel der angebotenen VPN-Dienste über direkt mitgelieferte Malware.
(Quelle: Trend Micro ) Über ein Drittel aller angebotenen VPN-Apps beinhalten Malware, so die Sicherheitsexperten von Trend Micro. Andere VPN-Dienste tracken das Nutzerverhalten oder übertragen Daten an Drittanbieter. Experten raten deshalb dringend dazu, die AGB und Nutzungsbedingungen der Dienste genauestens zu lesen. Bei Versprechungen wie etwa einer "100-prozentigen Anonymität" sollten die Alarmglocken schrillen.
Nutzer, die viel Wert auf ihre Privatsphäre legen, greifen gerne auf ein Virtual Private Network (VPN) zurück. Egal ob am Desktop oder mobil auf dem Laptop, Tablet oder auch am Smartphone ist die Einrichtung eines VPN mithilfe eines entsprechenden Dienstes meist in wenigen Minuten erledigt.
Aber bei der Auswahl des Anbieters sollte man vorsichtig sein. Darunter tummeln sich auch viele schwarze Schafe, die weniger den Schutz der Privatsphäre des Einzelnen im Sinn haben. Lukrativer ist es da, die vermeintlich geschützten Daten abzugreifen und zu monetarisieren.
Besonders datenschutzbewusste Nutzer greifen gerne auf einen VPN-Dienst zurück. Untersuchungen zeigen jedoch immer wieder, dass viele Anbieter die Sicherheit nur vorgaukeln. In Wahrheit werden über die Apps genauso Daten getrackt und übermittelt.
Wie die Sicberheitsexperten von Trend Micro herausgefunden haben wollen, verfügen über ein Drittel der angebotenen VPN-Dienste über direkt mitgelieferte Malware.
(Quelle: Trend Micro ) Über ein Drittel aller angebotenen VPN-Apps beinhalten Malware, so die Sicherheitsexperten von Trend Micro. Andere VPN-Dienste tracken das Nutzerverhalten oder übertragen Daten an Drittanbieter. Experten raten deshalb dringend dazu, die AGB und Nutzungsbedingungen der Dienste genauestens zu lesen. Bei Versprechungen wie etwa einer "100-prozentigen Anonymität" sollten die Alarmglocken schrillen.
Nutzer, die viel Wert auf ihre Privatsphäre legen, greifen gerne auf ein Virtual Private Network (VPN) zurück. Egal ob am Desktop oder mobil auf dem Laptop, Tablet oder auch am Smartphone ist die Einrichtung eines VPN mithilfe eines entsprechenden Dienstes meist in wenigen Minuten erledigt.
Aber bei der Auswahl des Anbieters sollte man vorsichtig sein. Darunter tummeln sich auch viele schwarze Schafe, die weniger den Schutz der Privatsphäre des Einzelnen im Sinn haben. Lukrativer ist es da, die vermeintlich geschützten Daten abzugreifen und zu monetarisieren.
Les applications Hotspot Shield, PureVPN et ZenMate exhibent des vulnérabilités
Qui laissent les adresses IP des utilisateurs filtrer Le 14 mars 2018, par Patrick Ruiz, Chroniqueur Actualités Des services VPN populaires exhibent des failles de sécurité qui permettent la divulgation des informations sensibles de leurs utilisateurs. L’information est de vpnMentor, un site qui a vocation à les classer ; ce dernier pointe Hotspot Shield, PureVPN et ZenMate du doigt. Le site dit s’être appuyé sur l’expertise de trois chercheurs en sécurité spécialisés en la matière. Dans le détail technique publié par ces derniers, on peut d’ores et déjà dire que les vulnérabilités sont liées à des soucis avec des scripts de configuration de proxy.
Le rapport des chercheurs crédite Hotspot Shield de trois entrées dans la base de données du projet Common Vulnerabilities and Exposures (CVE). La faille référencée CVE-2018-7880 illustre clairement le propos des chercheurs. Une analyse du script de configuration de proxy (d’une version non corrigée du plugin Chrome de Hotspot Shield) a révélé qu’il suffit qu’une URL contienne une interface logique de réseau (un hôte local) pour contourner le VPN.
Dit autrement, il suffit qu’un attaquant amène un internaute à visiter une adresse du type localhost.test.com pour que le VPN cesse de le protéger. Dans ce cas, le navigateur se connecte directement à la cible sans suivre les règles inscrites dans le fichier de configuration de proxy.
Les applications Hotspot Shield, PureVPN et ZenMate exhibent des vulnérabilités
Qui laissent les adresses IP des utilisateurs filtrer Le 14 mars 2018, par Patrick Ruiz, Chroniqueur Actualités Des services VPN populaires exhibent des failles de sécurité qui permettent la divulgation des informations sensibles de leurs utilisateurs. L’information est de vpnMentor, un site qui a vocation à les classer ; ce dernier pointe Hotspot Shield, PureVPN et ZenMate du doigt. Le site dit s’être appuyé sur l’expertise de trois chercheurs en sécurité spécialisés en la matière. Dans le détail technique publié par ces derniers, on peut d’ores et déjà dire que les vulnérabilités sont liées à des soucis avec des scripts de configuration de proxy.
Le rapport des chercheurs crédite Hotspot Shield de trois entrées dans la base de données du projet Common Vulnerabilities and Exposures (CVE). La faille référencée CVE-2018-7880 illustre clairement le propos des chercheurs. Une analyse du script de configuration de proxy (d’une version non corrigée du plugin Chrome de Hotspot Shield) a révélé qu’il suffit qu’une URL contienne une interface logique de réseau (un hôte local) pour contourner le VPN.
Dit autrement, il suffit qu’un attaquant amène un internaute à visiter une adresse du type localhost.test.com pour que le VPN cesse de le protéger. Dans ce cas, le navigateur se connecte directement à la cible sans suivre les règles inscrites dans le fichier de configuration de proxy.
Faille Wi-Fi : Microsoft a déjà patché Windows 10, 8.1 et 7
Les systèmes Windows ont déjà été modifiés par son éditeur lors de la précédente vague de mise à jour mensuelle distribuée en début de mois pour corriger la faille WPA2.
Plus tôt cette semaine les utilisateurs de réseaux Wi-Fi ont été alerté d'un problème dans la sécurisation de la plupart des appareils. Microsoft avait déjà anticipé le problème et a diffusé des correctifs il y a quelques jours.
La faille KRACK Attack concerne le protocole de sécurisation WPA2 largement utilisé pour connecter les appareils aux routeurs et points d'accès Wi-Fi. Tous les appareils capables de se connecter à un réseau sans fil sont donc potentiellement concernés : smartphones, tablettes, TV, objets connectés et bien entendu les ordinateurs qu'ils soient de bureau ou portables.
Faille Wi-Fi : Microsoft a déjà patché Windows 10, 8.1 et 7
Les systèmes Windows ont déjà été modifiés par son éditeur lors de la précédente vague de mise à jour mensuelle distribuée en début de mois pour corriger la faille WPA2.
Plus tôt cette semaine les utilisateurs de réseaux Wi-Fi ont été alerté d'un problème dans la sécurisation de la plupart des appareils. Microsoft avait déjà anticipé le problème et a diffusé des correctifs il y a quelques jours.
La faille KRACK Attack concerne le protocole de sécurisation WPA2 largement utilisé pour connecter les appareils aux routeurs et points d'accès Wi-Fi. Tous les appareils capables de se connecter à un réseau sans fil sont donc potentiellement concernés : smartphones, tablettes, TV, objets connectés et bien entendu les ordinateurs qu'ils soient de bureau ou portables.
Here's what you need to know about KrackAttacks, and what you can do to protect yourself.
And there’s the silver lining.
We’ve actually been living with the risks created by insecure Wi-Fi connections for many years, and users can protect themselves by taking some basic security precautions. Here’s the best ways to stay safe from KrackAttacks and other threats targeting people through their Wi-Fi connections:
Use a VPN
A VPN (virtual private network), such as F-Secure Freedome encrypts your data while it’s in transit. This is a great way to secure your information when using Wi-Fi, and should be considered essential when using a publicly accessible Wi-Fi network.
Update your devices
Attacking routers is a means to an end for attackers. What they’re really after are your devices. They want to steal your credit card info, passwords, and other data. And that’s what the KrackAttacks are actually doing. Updating your devices’ software and operating systems is sound security advice, so use this as a reminder to make sure your desktops, laptops, phone, and tablets are all updated.
Update your routers
Routers have a long history of security problems. They’re often poorly supported by device vendors (and in some cases not at all). You should check your router’s settings to see if there’s a firmware update available, or possibly the website of your router’s manufacturer or vendor. If you’re not getting security updates for your router, consider getting one built to be secure.
Here's what you need to know about KrackAttacks, and what you can do to protect yourself.
And there’s the silver lining.
We’ve actually been living with the risks created by insecure Wi-Fi connections for many years, and users can protect themselves by taking some basic security precautions. Here’s the best ways to stay safe from KrackAttacks and other threats targeting people through their Wi-Fi connections:
Use a VPN
A VPN (virtual private network), such as F-Secure Freedome encrypts your data while it’s in transit. This is a great way to secure your information when using Wi-Fi, and should be considered essential when using a publicly accessible Wi-Fi network.
Update your devices
Attacking routers is a means to an end for attackers. What they’re really after are your devices. They want to steal your credit card info, passwords, and other data. And that’s what the KrackAttacks are actually doing. Updating your devices’ software and operating systems is sound security advice, so use this as a reminder to make sure your desktops, laptops, phone, and tablets are all updated.
Update your routers
Routers have a long history of security problems. They’re often poorly supported by device vendors (and in some cases not at all). You should check your router’s settings to see if there’s a firmware update available, or possibly the website of your router’s manufacturer or vendor. If you’re not getting security updates for your router, consider getting one built to be secure.
F-Secure Freedome VPN: This is one of the few VPNs CSIRO mentioned with approval. Besides providing secure VPN, it also includes built-in third-party ads and trackers blocking functionality. F-Secure is available for both Android and iOS. It's unlimited data plan starts at $49.99 a year for up to three devices.
NordVPN: Besides being a great PC VPN, NordVPN does well for both Android and iOS devices. Unlike many Apple-approved VPNs, NordVPN supports OpenVPN services. This is a must if you're running your own OpenVPN servers. Its annual plan enables you to run six devices at a time for $69 a year.
KeepSolid VPN Unlimited: This program boasts it has no ads, no tracking, and no logs. Its client app works well on Android and iOS. VPN Unlimited lets you connect up to five devices at the same time for $39.99 a year. It also offers a lifetime plan for $449.99 (currently on sale for $149.99).
Private Internet Access: With thousands of VPN servers scattered across the globe, Private Internet Access offers Android and iOS users the widest choice of geographical locations of any VPN. This service costs $39.95 annually for up to five devices simultaneously.
TorGuard: Despite its name, TorGuard is not connected to the anonymous internet Tor Project. Instead, it refers to the fact that the Android and iOS apps support BitTorrent torrents. TorGuard, however, keeps no logs whatsoever. It also supports pretty much all VPN protocols. The program runs $59.99 per year for five clients.
Even if privacy isn't a top priority for you, I urge you to get a VPN for your smartphone or tablet. Unlike your home PC, you will be using public Wi-Fi access points from time to time -- whether it's at a restaurant, airport, or hotel. None of these are particularly trustworthy, and those that don't even require a password are wide-open for attackers. A mobile VPN isn't just a good idea, it's a necessity.
F-Secure Freedome VPN: This is one of the few VPNs CSIRO mentioned with approval. Besides providing secure VPN, it also includes built-in third-party ads and trackers blocking functionality. F-Secure is available for both Android and iOS. It's unlimited data plan starts at $49.99 a year for up to three devices.
NordVPN: Besides being a great PC VPN, NordVPN does well for both Android and iOS devices. Unlike many Apple-approved VPNs, NordVPN supports OpenVPN services. This is a must if you're running your own OpenVPN servers. Its annual plan enables you to run six devices at a time for $69 a year.
KeepSolid VPN Unlimited: This program boasts it has no ads, no tracking, and no logs. Its client app works well on Android and iOS. VPN Unlimited lets you connect up to five devices at the same time for $39.99 a year. It also offers a lifetime plan for $449.99 (currently on sale for $149.99).
Private Internet Access: With thousands of VPN servers scattered across the globe, Private Internet Access offers Android and iOS users the widest choice of geographical locations of any VPN. This service costs $39.95 annually for up to five devices simultaneously.
TorGuard: Despite its name, TorGuard is not connected to the anonymous internet Tor Project. Instead, it refers to the fact that the Android and iOS apps support BitTorrent torrents. TorGuard, however, keeps no logs whatsoever. It also supports pretty much all VPN protocols. The program runs $59.99 per year for five clients.
Even if privacy isn't a top priority for you, I urge you to get a VPN for your smartphone or tablet. Unlike your home PC, you will be using public Wi-Fi access points from time to time -- whether it's at a restaurant, airport, or hotel. None of these are particularly trustworthy, and those that don't even require a password are wide-open for attackers. A mobile VPN isn't just a good idea, it's a necessity.
A bill that has now passed both the U.S. Senate and House of Representatives would repeal a Federal Communications Commission rule issued last year that allows consumers to decide how internet service providers use their information.
“Your ISP can already monetize you based on your demographics,” Sean Sullivan, Security Advisor at F-Secure, tells me. “Still, they feel that they’re behind Facebook and Google’s ad technology — and arguably they are. But the difference is you can avoid Google and Facebook. You can’t avoid your ISP.”
There is still something that you can do that gives you more control over who has access to your browsing history.
“Your ISP is privy to all the web destinations you visit, unless you’re using a VPN,” Sean says. “Then they’re only privy to seeing that you went to, for instance, VPN.F-Secure.com.”
A VPN is a virtual private network and it puts all of your browsing data in the hands of one provider who encrypts it.
A bill that has now passed both the U.S. Senate and House of Representatives would repeal a Federal Communications Commission rule issued last year that allows consumers to decide how internet service providers use their information.
“Your ISP can already monetize you based on your demographics,” Sean Sullivan, Security Advisor at F-Secure, tells me. “Still, they feel that they’re behind Facebook and Google’s ad technology — and arguably they are. But the difference is you can avoid Google and Facebook. You can’t avoid your ISP.”
There is still something that you can do that gives you more control over who has access to your browsing history.
“Your ISP is privy to all the web destinations you visit, unless you’re using a VPN,” Sean says. “Then they’re only privy to seeing that you went to, for instance, VPN.F-Secure.com.”
A VPN is a virtual private network and it puts all of your browsing data in the hands of one provider who encrypts it.
Le hacking, désormais, est d’une simplicité enfantine.... Même les non-hackers s'y amusent ! Prenons le Wi-Fi public, par exemple. Pour espionner la navigation web de clients qui sirotent tranquillement leur café dans une brasserie avec Wi-Fi gratuit, pas besoin d’être un pro.
Le hacking, désormais, est d’une simplicité enfantine.... Même les non-hackers s'y amusent ! Prenons le Wi-Fi public, par exemple. Pour espionner la navigation web de clients qui sirotent tranquillement leur café dans une brasserie avec Wi-Fi gratuit, pas besoin d’être un pro.
Viele Nutzer wissen aber laut Avast nicht, dass Hola sie selbst zu einem Exit Node für andere Hola-User macht. Das heißt, wenn etwa jemand über Hola auf illegale Inhalte zugreift, dann ist er eventuell mit Ihrer IP-Adresse im Internet unterwegs. Strafverfolgungsbehörden würden dann zuerst bei Ihnen anklopfen.
Des Weiteren verweist Avast auf eine Analyse von Vectra Research, laut der die Hola-Erweiterung weitere Programme auf Ihrem PC installieren kann – ohne dass Sie es bemerken.
„Browser-Erweiterungen sehen alles, was Sie im Browser sehen, inklusive aller Eingaben und Passwörter“, warnt Thomas Salomon von Avast. „Nicht vertrauenswürdige Erweiterungen können diese Daten leicht missbrauchen. Sie sollten deswegen sehr vorsichtig dabei sein, welche Erweiterungen Sie installieren“, so Salomon weiter.
Der Sicherheitsexperte empfiehlt Avast Browser Cleanup, um den Browser zu bereinigen.
Viele Nutzer wissen aber laut Avast nicht, dass Hola sie selbst zu einem Exit Node für andere Hola-User macht. Das heißt, wenn etwa jemand über Hola auf illegale Inhalte zugreift, dann ist er eventuell mit Ihrer IP-Adresse im Internet unterwegs. Strafverfolgungsbehörden würden dann zuerst bei Ihnen anklopfen.
Des Weiteren verweist Avast auf eine Analyse von Vectra Research, laut der die Hola-Erweiterung weitere Programme auf Ihrem PC installieren kann – ohne dass Sie es bemerken.
„Browser-Erweiterungen sehen alles, was Sie im Browser sehen, inklusive aller Eingaben und Passwörter“, warnt Thomas Salomon von Avast. „Nicht vertrauenswürdige Erweiterungen können diese Daten leicht missbrauchen. Sie sollten deswegen sehr vorsichtig dabei sein, welche Erweiterungen Sie installieren“, so Salomon weiter.
Der Sicherheitsexperte empfiehlt Avast Browser Cleanup, um den Browser zu bereinigen.
To get content containing either thought or leadership enter:
To get content containing both thought and leadership enter:
To get content containing the expression thought leadership enter:
You can enter several keywords and you can refine them whenever you want. Our suggestion engine uses more signals but entering a few keywords here will rapidly give you great content to curate.
Your new post is loading...
A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections.
The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating systems and can be exploited against both IPv4 and IPv6 TCP streams.
Since the vulnerability does not rely on the VPN technology used, the attack works against widely implemented virtual private network protocols like OpenVPN, WireGuard, IKEv2/IPSec, and more, the researchers confirmed.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=VPN