June 29, 2018
Hey all! We know a lot of people out there do not know what WireGuard is, nor do they trust it. However after some extensive testing – we decided that Jason, the creator of WireGuard, was creating the future of VPN protocols. So we went all in on it. And now, it seems that the US Government is about to do the same switch. In recent days (June 28th) – Ron Wyden, a senator from Oregon, wrote a letter to the United States Senate, in which he discusses the current technologies, used by the United States Senate. In there, he rightfully calls OpenVPN and IPsec aging technologies. So in this letter – he urges the director of the National Institute of Standards and Technology (NIST) to work with stakeholders to evaluate appropriate replacements of the aging IPSec and OpenVPN with the prominent WireGuard, for government use. Here is what the letter contains: I write to ask that the National Institute of Standards and Technology (NIST) evaluate and then encourage government use of modern encryption technology to secure remote network communications. Virtual private networks (VPNs) protect the confidentiality and integrity of data as it travels across the internet by authenticating and […]
May 4, 2018
You need VPN! In the past few years, PCMag has seen VPN services go from being fringe security utilities to red-hot, must-have cyber accessory. The popularity (and necessity) of the once-lowly VPN is certainly due to the ever-growing legal and technological challenges to individual privacy. Virtual private networks are a tool whose time has clearly come. That’s why it’s so surprising that a poll conducted by PCMag found that, despite understanding the threats to their privacy, the vast majority of respondents don’t use VPNs and never have. Unsecured Traffic Of the 1,000 people polled by PCMag between Feb. 7-9, 71 percent have never used a VPN. That struck me for two reasons. First of all, the search volume we receive at PCMag for VPN-related articles is enormous. Second, many companies require the use of a corporate VPN when working remotely. That might explain why 15 percent had used a VPN in the past, but don’t currently log on. Most people, I assumed, would have crossed paths with a VPN at some point. And yet, the vast majority of respondents not only do not currently use a VPN, they have never laid hands on one. New (and Old) Threats to Privacy […]
April 23, 2018
Net neutrality’s protracted, multi-phase death scene has finally come to an end with a whimper as the FCC rules proposed in May, voted on in December and entered in the Federal Register in February finally come into effect today. But as before, don’t expect some big fanfare by broadband providers and a sudden ratcheting up of prices. Things are going to stay quietly tense for a while. Update: Although new rules do indeed take effect two months after entering the Federal Register (i.e. today), those taking effect are only part of the full package. The Office of Management and Budget still has to sign off on the new rules, after which time there will be yet another delay as they are filed in the Register again before taking effect. So although the new rules have taken partial effect, they are are still awaiting final final approval. Should you be worried? No. But you should stay angry. “Restoring Internet Freedom” may have taken effect, but the truth is that the 2015 net neutrality rules have been out of effect since the FCC was shuffled under the new administration. Under Chairman Ajit Pai’s FCC, those rules were unlikely to be enforced from […]
March 29, 2018
Around 20% of today’s top VPN solutions are leaking the customer’s IP address via a WebRTC bug known since January 2015, and which apparently some VPN providers have never heard of. The discovery belongs to Paolo Stagno, a security researcher who goes by the pseudonym of VoidSec, and who recently audited 83 VPN apps on this old WebRTC IP leak. Stagno says he found that 17 VPN clients were leaking the user’s IP address while surfing the web via a browser. The researcher published his results in a Google Docs spreadsheet. The audit list is incomplete because Stagno didn’t have the financial resources to test all commercial VPN clients. The researcher is now asking the community to test their own VPN clients and send him the results. For this, he set up a demo web page that users must access in their browser with their VPN client enabled. The code running on this page is also available on GitHub, if users want to test the leak locally, without exposing their IP on somebody else’s server. WebRTC leak known since 2015 Stagno’s code is based on the WebRTC bug discovered in January 2015 by security researcher Daniel Roesler. Back then, Roesler […]