Opera Browser Introduces Free Integrated VPN

Norwegian internet browser Opera now includes a free, unlimited VPN natively, meaning that its users “don’t have to download VPN extensions or pay for VPN subscriptions to access blocked websites and to shield your browsing when on public Wi-Fi,” according to the official announcement.

Opera’s blog post reads:

According to Global Web Index*, more than half a billion people (24% of the world’s internet population) have tried or are currently using VPN services. According to the research, the primary reasons for people to use a VPN are:

  • To access better entertainment content (38%)
  • To keep anonymity while browsing (30%)
  • To access restricted networks and sites in my country (28%)
  • To access restricted sites at work (27%)
  • To communicate with friends/family abroad (24%)
  • To access restricted news websites in my country (22%)

According to the research, young people are leading the way when it comes to VPN usage, with almost one third of people between 16-34 having used a VPN.

The in-browser VPN is only available as part of the most recent developer version, but set to arrive in the release version following successful testing and refinement.

Opera’s in-browser VPN follows its native ad-blocker, released as part of its last developer version last month, in an effort to centralise its user’s needs in one package.

Opera 38 developer version can be downloaded here.

New Service Lets You Test Whether Your VPN Leaks

Millions of users around the world use VPN or proxy services to hide their real location. This can be for a multitude of reasons, may it be to stay anonymous while downloading torrents or to get around geoblocking restrictions, legal or illegal. But users should be aware that the services might not be as secure as thought and that they still could leak their information in several ways. A new service, fittingly named ‘Do I Leak?’, sets out to give you peace of mind by letting you test whether your secure connection actually is secure or whether it is leaking information.

There can be two reasons why your VPN or proxy leaks your location or at the very least reveals that you’re trying to hide it: Either the service you are using isn’t as secure as advertised or you have missed a thing or two in your setup. Especially torrent users need to take a closer look at their settings and disable features such as DHT and PEX in order to fully stay anonymous behind their tunneled connection, otherwise, your real IP might still be visible to everyone.

While services to check these things have been around for a while, none of them have been very complete and most of them fail to take every point of leak into consideration. The new Do I Leak service aims to remedy this by added all the individual tests into a simple package that is easy for any user to deploy. On of the most notable differences to other services is the included torrent check for both HTTP and UDP trackers. UDP is one of those things that often is missed by most of these tools. It will also check whether your DNS is leaking and thereby giving away that you’re trying to tunnel – one of the methods used by NetFlix, for example, to block out VPN users in their recent crackdown.

You can easily run the tests from the official site in two ways, with or without additional torrent checks. If you are a VPN user, then it might be worth to check up on – just to be on the safe side.

Paypal Blocks VPN and UnoTelly Payments

Paypal is the default setting for a lot of people and companies when it comes to online payments, easy to implement and with a safety net of features people feel comforted by while doing online banking. With Paypal’s purchase of digital money company Xoom, it seemed like Paypal wanted to take all the money but they’ve now started blocking payments using the Candian company UnoTelly.

Under Paypal’s Acceptance use policy states that it cannot be used to send payments “for items that infringe or violate any copyright, trademark, right of publicity or privacy, or any other proprietary right under the laws of any jurisdiction”. UnoTelly offers smartDNS and VPN access, techniques which have been used to remove geo-blocks from websites, a technique that lets you watch or use sites that are often blocked in particular areas of the world. Copyright holders have often argued that VPN networks could be used to bypass copyright, enabling you to access and watch videos through services like Netflix in regions where the show is blocked.

The problem with this decision is that a lot of people, such as large businesses, use VPN’s for legitimate reasons and putting a blanket ban on VPN users making purchases through Paypal would surely only end with the services use declining.

uNoGS Shows VPNs That Can Still Bypass Netflix Geoblocks

The excitement of Netflix expanding into 190 countries worldwide has sadly been tempered by the news that the video-on-demand platform has started restricting VPN “pirates” from bypassing geographical locks to access more content, especially since Netflix’ international catalogue pales in comparison to that of the US, the preferred region for VPN users.

However, a new site has sprung up that not only allows users to search for Netflix content across the globe, revealing exactly where a film, TV show, or documentary is available, but also informs you of which VPN works to access a particular region or country. uNoGS, or unofficial Netflix online Global Search lets you search for content by title, Netflix rating, IMDB rating, year, genre, actor, and even audio options and subtitles. A dropdown menu on selected content will then let you see if your VPN will allow you to view it.

For example, I was delighted to find that I could watch Star Trek: Deep Space Nine on the US Netflix from the UK using my preferred VPN, Private Internet Access:

“uNoGS is very much a one man show juggled as a hobby between work and family life. I initially built the site just for myself because the few sites that were providing a service like this were extremely limited in terms of search functionality,” Brian, the operator of uNoGS, told TorrentFreak. “I wanted to be able to see what was available in every country, when it was added, when it was supposed to expire and when it actually expired. Once I completed the initial build for myself I decided to share it with everyone and uNoGS went live in early May 2015.”

The surge in interest in uNoGS since being featured on TorrentFreak, though, means that the website is rather slow at present.

US Military Personnel Rail Against Netflix VPN Block

Netflix has faced a furious backlash from users since it initiated its new program to prevent users from accessing geoblocked content using VPNs. Amongst this, one the forgotten victims of the VPN ban are military personnel serving abroad. Stars and Stripes reports that US servicemen and women will be left without one of their few comforts because of Netflix’s VPN block.

While Netflix is aware that military personnel use VPNs to access US content when stationed in foreign bases – “Netflix always exempts U.S. military bases around the world,” Anne Marie Squeo, a spokeswoman for Netflix, said. “They will still be able to access the U.S. catalog.” – there are a great number of servicemembers abroad that don’t live on-base.

“For me Netflix is a way of being home. It boosts your morale by letting you watch the things you would be able to see at home,” Petty Officer 2nd Class Shaundell Wright, a quartermaster with Yokosuka Navy Base’s Port Operations Dispatch, said. “We are already in a foreign country and everything is so different. So, to be able to watch Netflix feels good.”

Accessibility to more countries around the world is great, Petty Officer 2nd Class Jesse Fowler, a hospital corpsman, added, “but I’m mad if I can’t change where my Internet is so I can’t watch my own shows.”

“My VPN hasn’t been blocked,” Petty Officer 1st Class Eric Cutright, a Navy counselor, agreed. “But if it does, I will be pissed. Netflix Bahrain is trash.”

It remains to be seen if Netflix will take its VPN ban seriously, or whether the move is simply a gesture to placate content providers that are concerned about regional licensing agreements being violated.

Security Firm Sued For Incorrect Forensics Report

Remember when you are watching those TV shows, you know the ones, where government agencies are trying to track down bad guys who have breached a “secure” network? Happens in real life too, with companies like Affinity Gaming finding out the hard way.

Affinity gaming is a Las Vegas-based casino operator who discovered back in 2013 that their network had been breached and people were able to get to the credit card data. Sounds familiar right? Affinity Gaming hired the security firm Trustwave to investigate and isolate the breach, effectively fixing the problem. At the end of the investigation, they claimed that the data breach was “contained”, then adding comments on how to “fend off future data attacks”.

Affinity Gaming then found that they were suffering another data breach, for which they hired the data security firm Mandiant to investigate. It was during Mandiant’s investigation that they worked out the work previously done was only on a “subset of Affinity Gaming’s data security”. This coupled with the fact that they “had failed to identify the means by which the attacker had breached” their systems meant that overall Affinity Gaming believes Trustwave was responsible for “misrepresentations and grossly negligent performance” which in turn they believe cost them “significant out of pocket losses”.

Listing 76 steps outlying their interactions between the three companies and now the complaint, you can see why if one company promised to protect your data and then was found to have failed this task, you would want your money back.

Australian Netflix Users Threaten to Cancel Accounts over VPN Crackdown

Following the announcement by Netflix that it will begin cracking down on VPN ‘piracy’ to bypass geoblocked content, a number of Australian users have threatened to cancel their accounts with the video-on-demand platform, citing sub-standard native content, news.com.au reports.

Others argue that the move, in the absence of legitimate options, will only encourage illegal downloading:

https://twitter.com/SpaceCrazy/status/685873122260705280

While Netflix’s original shows – including the likes of House of Cards, Orange is the New Black, and Narcos – is available in all territories, independent of its geographical locks, it marks only a small fraction of the company’s content, much of which is tied to regional licensing agreements.

“If all of our content were globally available, there wouldn’t be a reason for members to use proxies or “unblockers” to fool our systems into thinking they’re in a different country than they’re actually in,” David Fullagar, Vice President of Content Delivery Architecture at Netflix, wrote in his announcement of the VPN crackdown. “We are making progress in licensing content across the world and, as of last week, now offer the Netflix service in 190 countries, but we have a ways to go before we can offer people the same films and TV series everywhere.”

“We are delivering Netflix to 190 countries around the world. Our diverse slate of Originals and licensed programming should provide a service members find valuable no matter where they’re watching,” a Netflix spokesman told news.com.au. “As we continue to strive towards licencing content on a global scale, along with our slate of originals which launch globally simultaneously, the use of VPNs will become redundant.”

Netflix Begins VPN Crackdown

Netflix has announced that it is beginning its first widescale crackdown on VPN ‘piracy’ to view geoblocked content in other countries. David Fullagar, Vice President of Content Delivery Architecture at Netflix, revealed the move on Thursday evening (14th January) via the Netflix blog.

Fullagar blames existing territorial licensing agreements for the move, but expresses the hope that, one day, Netflix will be able to offer the same content to all users on a global scale. Until that happens, though, it will no longer turn a blind eye to customers that bypass global content locks using VPN services.

“If all of our content were globally available, there wouldn’t be a reason for members to use proxies or “unblockers” to fool our systems into thinking they’re in a different country than they’re actually in,” Fullagar writes. “We are making progress in licensing content across the world and, as of last week, now offer the Netflix service in 190 countries, but we have a ways to go before we can offer people the same films and TV series everywhere.”

“Some members use proxies or “unblockers” to access titles available outside their territory,” Fullagar adds. “To address this, we employ the same or similar measures other firms do. This technology continues to evolve and we are evolving with it. That means in coming weeks, those using proxies and unblockers will only be able to access the service in the country where they currently are. We are confident this change won’t impact members not using proxies.”

The move comes in the wake of Ted Sarandos, Chief Content Officer for Netflix, claiming at CES 2016 last week that it was “not obvious” how to block VPN usage to sidestep geoblocking.

Netflix Debates Geoblocking and VPN Use

Following its global rollout to over 130 countries, Netflix has been discussing the reality of its users bypassing geoblocked content via VPN services, admitting that it’s “not obvious” how to prevent it, The Globe and Mail reports. The technique of using VPNs, proxies, and DNS spoofers to access Netflix content in other countries has become widespread, especially in territories like Canada, citizens of which have access to only limited Netflix TV and movies, for which Ted Sarandos, Chief Content Officer for Netflix, blames “sliced and diced” territorial rights deals.

“Our ambition is to do global licensing and global originals, so that over maybe the next five, 10, 20 years, it’ll become more and more similar until it’s not different,” Neil Hunt, Netflix’s Chief Product Officer, during CES 2016 in Las Vegas last week. “We don’t buy only for Canada; we’re looking … for all territories; buying a singular territory is not very interesting anymore.”

Netflix in Canada also has to deal with cable providers such as Bell Media, which ‘protects’ its content to a fault, with CEO Mary Ann Turcke shopping her own daughter for bypassing Netflix’s geoblocking with a VPN, accusing her of “stealing”.

“We do apply industry standard technologies to limit the use of proxies,” Hunt added. “Since the goal of the proxy guys is to hide the source it’s not obvious how to make that work well. It’s likely to always be a cat-and-mouse game. [We] continue to rely on blacklists of VPN exit points maintained by companies that make it their job. Once [VPN providers] are on the blacklist, it’s trivial for them to move to a new IP address and evade.”

Netflix, however, hopes that users bypassing its geoblocks will become a thing of the past with global licensing deals. “When we have global rights, there’s a significant reduction in piracy pressure on that content. If a major title goes out in the U.S. but not in Europe, it’s definitely pirated in Europe, much more than it is if it’s released simultaneously,” Hunt said.

Juniper Still Hasn’t Removed Backdoor Vulnerability from Its Software

Last month, Juniper Networks – a company that supplies security software to the likes of AT&T, Verizon, NATO, and the US Government – reported that it had found what it described as “unauthorised code” – effectively a backdoor – in its NetScreen firewall software, through which it was possible for a third-party to decrypt data sent through it using an encrypted VPN (Virtual Private Network), and that had existed since at least 2012.

Now, Wired reports that Juniper has fallen silent on the matter, refusing to discuss an insecure encryption algorithm within the software that essentially allowed the backdoor to be inserted. Juniper refuses to explain why Dual_EC, a pseudo-random number generator, was included in NetScreen, or why it still exists within the software even after the backdoor revelation.

Stephen Checkoway, a Computer Science lecturer from the University of Chicago, discovered that Juniper knowingly added the insecure Dual_EC to its software, despite having a more secure ANSI algorithm in place. Dual_EC was added to NetScreen version 6.2.0 in either 2008 or 2009, while the vulnerabilities in Dual_EC were revealed in 2007.

Even more explicably, Juniper then changed the nonce (random number string) size within the algorithm, from 20 bytes to 32 bytes. 32 bytes was the optimal size for exploitation by hackers, according to the data revealed in 2007.

“The more output you see [from the generator], the better [it is to crack the encryption],” Checkoway said. “Anything you see over 30 bytes is very helpful. Anything you see less than 30 bytes makes the attack exponentially harder. So seeing 20 bytes makes the attack basically infeasible. Seeing 28 bytes makes it doable, but it takes an amount of time, maybe hours. Seeing 32 bytes makes it take fractions of a second.”

While it was Juniper that revealed the existence of this backdoor, it seems that it facilitated its creation, and has done nothing to fix it since.

Juniper Networks Finds ‘Unauthorised’ Code in Its Software

Cyber security and the integrity of applications are essential for consumers to have confidence their details will be kept safe and not intercepted by a third-party. Well known internet hardware company Juniper networks have issued a warning concerning a discovery it has made within its firewall software, which could have led to a third-party being able to decrypt data which has been sent through an encrypted VPN (Virtual Private Network)

During a recent internal code review, it was discovered that “unauthorised code” had somehow made its way into Juniper’s ScreenOS software, it’s interesting to note that many ISPs (Internet Service Providers) and also large firms implement the companies routers and network switches. The vulnerability could have allowed a third-party, or as the company refers to the threat as a “Knowledgeable attacker”, could be 12-year-old for all we know, to gain administrative access to NetScreen devices and to decrypt VPN connections.

The unwanted slice of extra code has been present within different versions of ScreenOS since 2012. Juniper has confirmed that it is not aware or received any reports of the vulnerabilities being exploited and urges everyone running the affected devices to quickly apply the released patches with the aim of stripping the unauthorised code out of its firewall software ASAP.

It’s a serious breach and questions will surely be asked concerning how the code managed to make its way into the software.

Image courtesy of smarteranalyst

WatchGuard Firebox T30 And T50 UTM Now Available

We’ve seen a lot of attacks in the recent months where both online technology resellers as well as universities and even the DNS Root Servers being attacked. In such a time you’ll want the best possible protection for your connected devices and Wick Hill just announced the shipping of their WatchGuard T30 and T50 Firebox appliances for enterprise-strength unified threat management (UTM). The Firebox T30 and T50 are aimed at small and medium-sized enterprises (SMEs) and distributed enterprises and are essential a hardware firewall and VPN connection.

Faster internet connections make decentralized organizations more flexible, but connecting all the branches with each other in a secure fashion can be a challenge, and that is where the Firebox comes into play. It is easy to deploy and can be preconfigured before deployment. WatchGuard’s T-series of tabletop UTM are ideal for remote branches where there isn’t a dedicated server room. They are small and have versatile placement options away and out of sight. The are also easily expandable with Wi-Fi access points of security cameras thanks to the built-in POE port.

Both the T30 and T50 feature AC1200 wireless network abilities with UTM security speeds up to 165 Mbps. The Advanced Malware Detection can catch malware that signature-only AV solutions miss. Next-generation sandboxing in the cloud with full system emulation (CPU and memory) provides visibility into every instruction that malware executes and not just the operating system calls That exposes evasive behavior that other sandbox solutions might not see. The WatchGuard series also features a centralised real-time view into all network activity with the power to take immediate action against harmful sites and users. The UTM also features a crypto co-processing unit for SHA-2.

The WatchGuard Firebox T30 starts around €620 and the T50 starts out around €1000, both prices without VAT.

Popcorn Time Ramps Up For Full Comeback

When the main fork of popular torrent video-on-demand app Popcorn Time closed in October, citing legal issues and splits within the development team, many suspected that the so-called “Netflix for pirates” was a goner.

But it seems that reports of Popcorn Time’s demise has been greatly exaggerated, with the developers releasing a new version of the platform, utilising new APIs to display content – and replacing the now-defunct YTS with TorrentsAPI as its movie provider – via reddit.

The new Popcorn Time also features a new VPN service to protect users and bypass countrywide blocks on sources used by the streaming app. VPN.ht is owned by Wally, who just happens to be the head developer for Popcorn Time. Wally told TorrentFreak that, by pairing the two programs, he could envision a fully functional Popcorn Time again very soon.

“I am still considering a full comeback, I just do not want to release a half working version,” Wally said.

While Popcorn Time allows users to view copyrighted content for free, Wally sees the service not as opportunist theft but instead as a lesson to Hollywood as to what film lovers want and how to give it to them. “The popularity of Popcorn Time should be an example for the MPAA to a build a future streaming platform that will be open to the entire world,” Wally asserts.

PIA Running Traffic Through Second VPN to Avoid BitTorrent Ban

After a number of large datacentres are now banning heavy BitTorrent traffic on their networks, popular VPN provider Private Internet Access (PIA) has started routing its traffic through another VPN which, while slowing connection speeds, ensures its customers are not prevented from downloading torrents.

Many BitTorrent users implement VPN services to keep their downloading private and prevent their IP address from being tracked by ISPs or third-party copyright infringement enforcers. Since it is one of the few VPNs to not keep logs on its users, meaning there is no data to hand off if served with a warrant, PIA is a favourite amongst torrenters.

“Certain regimes/regions and data centers have strict discriminatory policies towards the BitTorrent protocol. In order to provide a free and open internet to everyone, we were forced to create a technical fix,” a PIA spokesperson told TorrentFreak.

PIA believes that its “double VPN” solution is the best compromise for its customers, as it does not require invasive techniques, such as DPI.

“Due to the fact that packets were routed in an unidentifiable manner and double hop is a known and accepted technology by privacy advocates, we believe this technical solution adheres to the strongest of privacy ideals,” the spokesperson said.

“We want to make clear, that privacy is in fact our single policy. However, in order to help our users who are censored in certain regions, we needed to find a way to provide close servers while still being able to provide users with true and free/open internet access,” they added. “This was our solution and we still think that using technology to create a solution is better than waiting for politicians to fix this problem.”

PIA has posted a full statement on the matter to its website.

Image courtesy of FreedomHacker.

BBC iPlayer is Now Blocking UK VPN Services

The BBC has decided to restrict access to its iPlayer service if you’re using a VPN in the UK for legitimate privacy concerns. Despite the BBC’s bizarre reasoning, there are many legitimate circumstances where a VPN is essential especially in the modern age of data collection. A BBC spokesperson told TorrentFreak:

“We regularly make updates to our technology to help prevent access to BBC iPlayer from outside the UK which breaks our terms of use,” 

“BBC iPlayer is freely available to users across the UK without a VPN, and we also seek to ensure users of private VPNs such as those used by schools and companies in the UK have access.”

The broadcaster is now sending out e-mails in regards to disgruntled customers which reads:

“You have reported that your IP address is incorrectly being recognised as outside of the UK when using BBC iPlayer. However we cannot support users using VPN networks as we cannot be confident of the location of the end user. This is because our database will give us the location of the associated VPN or proxy server, rather than of the actual end user. For this reason our Geo IP database will block access to UK-restricted content.”

In the UK, residents are required by law to purchase a license fee to access traditional television broadcasts and the iPlayer streaming service. Many argue this is an outdated notion and the BBC is under extreme pressure to try to offer the taxpayer value-for-money. Putting the politics aside, the BBC is consistently displaying messages on the iPlayer service informing users that they need a TV license to continue viewing. This kind of messaging is similar to purchasing a DVD which contains copyright disclaimers before you can watch the film.

As a result, the BBC has to be very careful not to frustrate the viewing audience and create a poor user experience. Companies need to realize that the internet has no borders, and blocking can often lead to people engaging in piracy.

Tor Network Receives Anonymity Boost

The Tor network is commonly referred to as ‘The Dark Web’ and perceived as an encrypted space to exchange illegal goods or engage in unscrupulous activities. While this is generally true, it only accounts for a specific portion of TOR users and there are legitimate case scenarios. This viewpoint is shared by the Internet Assigned Numbers Authority (IANA), Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Engineering Task Force (IETF).

These are three major internet regulators publicly advocating the use of Tor in certain circumstances and designated the .onion domain, for sites hosted on the Tor network. Additionally the .onion domain was described as a “Special use Domain” which enhances its legitimacy. Richard Barnes, Mozilla’s security head for Firefox told Motherboard:

“This enables the Tor .onion ecosystem to benefit from the same level of security you can get in the rest of the web,”

“It adds a layer of security on top.”

This also means that sites can be verified to see who the real owner is through SSL and TLS security certificates. Using Tor is a contentious issue as many users feel it’s a mysterious and unknown portion of the internet. Governments have overstepped the mark and intruded on people’s privacy in the last couple of years. Therefore, Tor could bring about improved privacy and protect individual’s data. Although, there are concerns about the type of individuals using ‘The Dark Web” including drug smugglers and other criminals.

Thank you Motherboard for providing us with this information.

Thecus NAS Adds Extra Security With VPN Server Support

VPN services are becoming very attractive with needs for networking capabilities expanding. You might be working away from the office but still need a secure connection and VPN’s solve just that. Likewise, users away from home can safely connect to the local home network while they’re on the road.

Thecus has just announced support for VPN servers on all Thecus NAS running ThecusOS 5. You can now easily turn your Thecus NAS into a WPN server where users with authorization to the NAS will have secure remote access to resources shared within your local area network where the NAS is located.

The Thecus NAS devices utilize the L2TP VPN protocol which is an extension of the Point-to-Point Tunneling Protocol (PPTP). L2TP combines the features of PPTP and L2f to generate a hybrid protocol and take advantages of the best of both worlds. This allows for advanced encryption and certification and can provide a secure connection for Thecus owners.

If you’re already running a VPN server on another machine, then you don’t need to worry or switch. You can also turn your Thecus NAS into a VPN client and join any existing Virtual Private Network server via PPTP.

The VPN Server support is now available on all Thecus NAS running ThecusOS 5. VPN Server and VPN Client User Manual can be found on Thecus website.

A New Kind Of ProxyHam Coming to DefCon

Ok you now think I have been lying in 35 degree heat all day and have crossed a privacy tool with a local butcher. I can assure you I am not hallucinating and that purple leprechaun agrees with me, only kidding, it’s green. I am quite sane and am here to talk about a possible new proxy tool which could be a game changer for privacy conscious Individuals.

At the upcoming DefCon hacker conference in Las Vegas, a new tool by the name of ProxyHam is set to be unveiled, this device has been invented and developed by an individual by the name of Ben Caudill who aims to make it that little bit harder for network spies. This device is essentially a hardware proxy which is designed to use a radio frequency. By utilizing this form of connection, the device adds a physical layer of obfuscation to an internet user’s location

According to Google, obfuscation is defined as making something obscure which means your location is not transmitted over the Internet. This invention has been built for $200 dollars (£128) but the clever bit is still to come, the device connects wirelessly from a 900 megahertz antenna which is plugged into the Ethernet port of a PC, to a Raspberry Pi box which has been placed in a different location via a radio connection. This in turn means that any traceable location data is not from a person’s physical location, but from the ProxyHam box said individual has placed somewhere else.

This means that if the FBI come knocking or any other malevolent with power organization, they will think you live within a 2.5 mile radius of your actual address, and this means if you placed the box in Burger King, the fast food joint will be raided and not you. Here at eTeknix we are impartial and therefore would like to point out there are many other corrupt governments with which to be spied on and fast food joints with which to enlarge your liver.

At this stage these devices are still very much at the development and improvement stage, but if it can capture the mainstream, expect many boxes to pop up with confused officials staring at them to a town near you soon.

Thank You Wired for providing this information

Canadian Telecoms Boss Publicly Shames Daughter For Netflix VPN “Piracy”

The new President of Canadian telecoms company Bell Media has branded her daughter a “thief” and reprimanded her for watching US Netflix through a VPN. Mary Ann Turcke found out that her 15-year-old daughter was accessing the US Netflix, rather than make do with the inferior Canadian service, but Turcke rebuked the girl for “stealing” and put a stop to it, an audience at the Canadian Telecom Summit heard.

Turcke recalled her daughter asking her, “Mom, did you know that you can hack into U.S. Netflix and get so many more shows?” Rather than question a system that restricts content based on exclusive deals based on geographical lines, the Bell Media boss instead chose to overreact, telling the Toronto audience, “She is 15 and she was stealing. Suffice to say, there is no more VPNing.” Sounds like a fun household.

“It has to become socially unacceptable to admit to another human being that you are VPNing into U.S. Netflix,” she continued. “Like throwing garbage out of your car window, you just don’t do it. We have to get engaged and tell people they’re stealing.”

Watching Netflix via a VPN might contravene the streaming service’s terms and conditions, but it is not illegal – certainly not “stealing, as Turcke puts it – and points to a larger problem with geo-blocking and the availability of content. The fault lies with studio policy regarding their properties, studios that have indicated that they have little interest in tackling piracy.

These people want to pay for content; “Netflix pirates” have to subscribe to the service in order to bypass region locks, and instead of being celebrated they are chastised and treated like criminals. If all these “thieves” cared about was getting content by any means, they’d be downloading torrents for free. Watching Netflix through a VPN is unethical, at worst. Not a crime. But I’m sure Turcke’s daughter really appreciated being publicly shamed by her mother for the sake of a flimsy political point.

Thank you TorrentFreak for providing us with this information.

Image courtesy of Computing.co.uk.

Hola CEO Responds to Botnet Controversy

Hola, the peer-to-peer (P2P) VPN provider, was recently accused of allowing its customers’ network to be used to form botnets to launch malicious cyber-attacks. A group of researchers, under the banner Adios, discovered that up to 47 million people could have been inadvertently providing hackers with enough bandwidth to launch massive DDoS attacks. Now, Hola’s CEO Ofer Vilenski has spoken out about the controversy, insisting that accusations of negligence against the company are unfair, denying that its customers form part of a botnet, and that its policy for sharing user bandwidth through P2P was transparent from the start.

“There have been some terrible accusations against Hola which we feel are unjustified,” Vilenski said in a post on Hola’s website. He went on to explain what he calls the “three issues” regarding the allegations:

1. Hola is about sharing resources

We assumed that by stating that Hola is a P2P network, it was clear that people were sharing their bandwidth with the community network in return for their free service. After all, people have been doing that for years with services like Skype. It was not clear to all our users, and we want it to be completely clear.

We have changed our site and product installation flows to make it crystal clear that Hola is P2P, and that you are sharing your resources with others. This information is now “in your face” – and no longer appears only in the FAQ.

2. Does Hola make you part of a botnet?

No! Hola makes its money by selling its VPN service to businesses for legitimate commercial purposes, such as brand monitoring (checking the prices of their products in various stores), self test (checking how their corporate site looks from multiple countries), anti ad fraud (ensuring that the adverts are not inserted enroute to use), etc.

There was some concern that by selling our VPN services to enterprise customers, we were possibly exposing our users to cyber criminal traffic that could get them in trouble (Thus the ‘botnet’ accusation). The reality is that we have a record of the real identification and traffic of the Luminati [Hola’s commercial name] users, such that if a crime is committed, we can report this to the authorities, and thus the criminal is immediately identified. This makes the Hola/Luminati network unattractive to criminals – as opposed to Tor for example, which provides them complete anonymity for free.

Last week a spammer used Luminati by posing as a corporation. He passed through our filters and was able to take advantage of our network. We analyzed the incident, and built the necessary measures in our processes to ensure that such incidents do not occur, and deactivated his service. We will cooperate with any investigation of the incident to ensure that he will be punished to the fullest extent.

3. Vulnerability of the Hola client

Part of the growing pains of creating a new service can be vulnerability to attack. It has happened to everyone (Apple iCloud, Snapchat, Skype, Sony, Evernote, Microsoft…), and now, to Hola. Two vulnerabilities were found in our product this past week. This means that there was a risk of a hacker being able to operate remote code on some devices that Hola is installed on. The hackers who identified these issues did their job, and we did our job by fixing them. In fact, we fixed both vulnerabilities within a few hours of them being published and pushed an update to all our community. We are now undergoing an internal security review, as well as an external audit we have committed to with one of the big 4 auditing companies’ cyber auditing team.

It’s a strong defence, but is contradicted by the findings of numerous security firms that the VPN is still riddled with security holes that can be easily exploited by hackers.

Image courtesy of TechRadar.

Hola Founder Confirms VPN Sells Users’ Bandwidth

The operator of 8chan says the bandwidth of millions of Hola users is being sold for reuse, with some of it even being used to attack his site. Speaking with TorrentFreak, Hola founder Ofer Vilenski says that users’ idle resources are indeed utilized for commercial sale, but that has been the agreement all along.

Faced with increasing local website censorship and Internet services that restrict access depending on where a user is based, more and more people are turning to services such as Hola designed to overcome such limitations by sending your internet traffic via other networks. This then makes it appear that you’re located in another country – such as America.With prices plummeting to just a few dollars a month in recent years, VPNs are now within the budgets of most people. However, there are always those who prefer to get such services for free, without giving much consideration to how that might be economically viable.

With prices plummeting to just a few dollars a month for the service, VPNs and proxies are now within the budgets of most people. However, there are always those who prefer to get such services for free, without giving much consideration to how that might be economically viable.One of the most popular VPN/geo-unblocking solutions on the planet is operated by Israel-based Hola. It can be added to most popular browsers in seconds and has an impressive seven million users on Chrome alone. Overall the company boasts 46 million users of its service.

Now, however, the company is facing accusations from 8chan message board operator Fredrick Brennan. He claims that Hola users’ computers were used to attack his website without their knowledge, and that was made possible by the way Hola is setup.

“When a user installs Hola, he becomes a VPN endpoint, and other users of the Hola network may exit through his internet connection and take on his IP. This is what makes it free: Hola does not pay for the bandwidth that its VPN uses at all, and there is no user opt out for this,” Brennan says.

This means that rather than having their IP addresses cloaked behind a private server, free Hola users are regularly exposing their IP addresses to the world but associated with other people’s traffic – no matter what that might contain.While this will come as a surprise to many, Hola says it has never tried to hide the methods it employs to offer a free service.“Hola has gotten greedy. They recently (late 2014) realized that they basically have a 9 million IP strong botnet on their hands, and they began selling access to this botnet (right now, for HTTP requests only) at

“Hola has gotten greedy. They recently (late 2014) realized that they basically have a 9 million IP strong botnet on their hands, and they began selling access to this botnet (right now, for HTTP requests only) at https://luminati.io,” the 8chan owner said.

Thank you to TorrentFreakfor providing us with this information

Image courtesy of  Itproportal

Logjam Can Hijack Your HTTPS Connections

There are a lot of techniques involving malware, trojans or other sort of attacks, but this one seems to affect the common and widely used HTTPS protocol, making it more ‘nasty’ than the rest. Logjam is a cryptographic attack that targets the Diffie-Hellman key exchange in HTTPS, SSH, SMTPS and other sort of negotiation protocols used by the server and browser.

So why is it so important for us to know about? It’s simple. The technique uses a man-in-the-middle approach to break the 512-bit encryption and make it readable. An academic team said that it was even able to beat a 768-bit encryption, but word is that even a 1024-bit encryption can be taken down with enough effort. What this means is that hackers using the latter technique can easily spy on the top 1 million HTTPS domains and even 66% of VPN servers.

Security specialists say that users should upgrade their browsers to the latest version and server owners should disable support for external cypher suites that generate 2048-bit Diffie-Hellman group along with updating to the latest OpenSSH. They say that the technique at hand can even be used by government agencies to easily spy on your web traffic, so hackers aren’t your only concern.

So, are you keeping everything up to date?

Thank you macnn for providing us with this information
Image courtesy of PSDGraphics

TunnelBear VPN Now Available as a Chrome Extension

TunnelBear, one of the most intuitive and best-looking VPNs on the market, is now available in the form a very handy Google Chrome extension. TunnelBear for Chrome works within the browser itself to mask the user’s location with a false location, ideal for citizens of countries that, say, don’t have access to Netflix or Spotify.

Although TunnelBear offers an entry-level free service alongside paid options, it still offers an impressive 500MB allowance with its free membership, which can be upgraded to 1GB with a single endorsing Tweet. Though free TunnelBear for Chrome currently tops out at 750MB, the makers insist that the figure will soon rise to 1GB. Paid subscribers will be able to use the extension unrestricted.

“Our goal is to make [using a VPN] as easy and accessible as possible,” Ryan Dochuk, co-founder of TunnelBear, told TechCrunch. “The extension is so fast and so easy that you should be using it in your everyday internet activity.”

Since the TunnelBear for Chrome extension is designed for convenience, it drops some of the main program’s privacy options, but the 14 global VPN destinations remain.

“For people who didn’t feel ready to use a full VPN, we think that this is the easiest option,” Dochuk added.

Thank you TechCrunch for providing us with this information.

Pirate Movie Streaming App Popcorn Time Blocked by UK Court

The High Court ruled yesterday that popular movie streaming platform Popcorn Time be blocked by the UK ISPs. Sky, BT, EE, TalkTalk, and Virgin Media will be forced to block access to five URLs that offer the Popcorn Time app for download.

In his ruling, Judge Briss did a marvellous job of stating the obvious regarding Popcorn Time’s legal status, stating, “It is manifest that the Popcorn Time application is used in order to watch pirated content on the internet and indeed it is also manifest that is its purpose.” Though his follow-up “No-one really uses Popcorn Time in order to watch lawfully available content” is not entirely correct, since movies on Popcorn Time are usually DVD or BluRay rips, meaning that they have to be “lawfully available” in order to be streamed. Users are just accessing them without paying for them via illegal means.

Popcorn Time has issued the following statement:

We’re pretty disappointed from the judicial system in the UK and feel pretty sorry for the citizens of England for their basic rights, like the freedom of speech and net neutrality being revoked so easily.

We hope to see some sort of protest from the citizens of the UK against this order, but given how easy it is for the judicial system there to hurt their basic rights, we doubt they will do so

We find this move they made pretty predictable and we’re sure that this is not the last of it. We’re working full force now even more than ever on making Popcorn Time fully p2p and soon the software will not be depended on any domain or centralized server to operate.

Since no ISP has challenged the order, it will come into effect soon, with access to popcorntime.io, flixtor.me, popcorn-time.se, and isoplex.isohunt.to denied to UK users. However, anyone who already has Popcorn Time installed should not see any disruption to their service. Regardless, as with the spate of blocked torrent sites over the last few years, the move is sure to prove futile, with proxies and VPNs offering savvy internet users access to any blocked content.

Thank you Engadget for providing us with this information.

TV Companies to Sue VPN Providers “In Days”

Two New Zealand internet providers who refused to disable their VPN services are to be sued by television providers within days. CallPlus and Bypass Network Services, both ISPs that provide their customers with VPN functionality, will face legal action from media companies SKY, TVNZ, Lightbox, and MediaWorks for continuing to allow users to bypass geo-restricted content.

SKY, TVNZ, Lightbox, and MediaWorks contacted the two ISPs – as well as a number of other New Zealand-based providers – earlier this month, threatening legal action unless they cease VPN services. Both ISPs refused to comply, though Unlimited Internet was one ISP that, when challenged, dropped its VPN service.

Using VPNs to access region-locked content – as many Australians were doing to access Netflix before the on-demand streaming giant expanded its service into their territory – has become a common practice which, despite being referred to as “VPN pirates”, is not illegal (yet).

Patrick Jordan-Smith, CEO of Bypass Network Services, responded to the initial threat by TV companies with a letter, calling them bullies and reminding them that no law was being broken.

Jordan-Smith wrote, “To receive without warning a grossly threatening legal letter like that from four of the largest companies in New Zealand is not something we are used to. It smacks of bullying to be honest, especially since your letter doesn’t actually say why you think we are breaching copyright.”

He continued, “[We provide our service] on our understanding that geo-unblocking to allow people to digitally import content purchased overseas is perfectly legal. If you say it is not, then we are going to need a lot more detail from you to understand why. Simply sending us a threatening letter, as frightening as that may be, does not get us there and is not a fair reason for us to shut down our whole business.”

The TV companies were unmoved by the letter, with Kevin Kendrick, Chief Executive of TVNZ, saying, “Our position has not changed and unless they remove the unlawful service we will begin court action in the next few days.”

Thank you TorrentFreak for providing us with this information.

Thecus Releases New Firmware Update for ThecusOS 5.0

Thecus just released a firmware update for the ThecusOS 5.0 software that runs on its NAS servers. The new version 2.05.08 addresses several vulnerabilities and exposures and updates some features.

The new version 2.05.08 is compatible with the following NAS servers:

  • N16000, N12000, N16000PRO, N12000PRO, N16000V, N12000V, N8900V, N8900
  • N6850, N8850, N10850
  • N7710, N7710-G, N8810, N8810-G, N7700PROV2, N8800PROV2
  • N2800, N4510U, N4510UPRO, N4800, N4800ECO, N5550, N7510

Also from the press release:

The newest version, 2.05.08, includes Disk Clone and Wipe for seamless data replication and destruction, enhanced security with VPN server and Kodi (select devices) for optimal media streaming. Also included is support for 4K native HDD, VAAI UNMAP, VPN and PPTPclient/server as well as compatibility with D-Link’s DXE-810S 10 Gigabit Ethernet SFP+ adapter.

Updates for 2efsprogs (1.42.12), Xfsprogs (3.2.2), Thecus ID wording, and Linux kernel (3.10.66) are available along with improvements for the booting process, IE browser and WD60EFRX compatibility, and Japanese UI language.

Several vulnerabilities and exposures are also addressed with the new firmware including email notification password, jumbo frame, Samba Recycle Bin and share folders, as well as several other issues that are described in the release notes included with the download.

The new firmware is now available to download direct from the Thecus website (here). As is always recommended, backup all data before updating to the new firmware to avoid any data loss.

Netflix CEO Wants to Make VPN Use Obsolete

Following Netflix’s launch in Australia, a region that was previously full of Netflix ‘VPN pirates’, company CEO Reed Hastings has said that he aims to make the VPN loophole redundant by offering all available content to all locales.

Though many countries around the world have access to Netflix, the films and TV shows they are able to watch are restricted by geographical licensing agreements. For this reason, the US Netflix remains a goldmine, streaming content that is not available in other parts of the world.

Hastings says, “The basic solution is for Netflix to get global and have its content be the same all around the world so there’s no incentive to [use a VPN]. Then we can work on the more important part which is piracy.”

“The VPN thing is a small little asterisk compared to piracy,” Hastings adds. “Piracy is really the problem around the world.”

The idea, in theory, would be mana to all non-US-based Netflix customers, but it is wholly dependent on Hollywood adopting global licencing deals. If pitched to studios as a fix for piracy, they may be receptive.

“The key thing about piracy is that some fraction of it is because [users] couldn’t get the content. That part we can fix. Some part of piracy however is because they just don’t want to pay. That’s a harder part. As an industry, we need to fix global content,” Hastings said.

Source: TorrentFreak