Category Archives: VPN

Popular free Android VPN apps on Play Store contain malware

By Waqas

If you want to ensure optimal privacy while surfing the web, a VPN (virtual private network) is the only reliable option. In this regard, a majority of web and smartphone users rely upon free VPN services, which according to the latest research is a risky step. In 2017, researchers identified that 38% of Android VPN apps on […]

This is a post from HackRead.com Read the original post: Popular free Android VPN apps on Play Store contain malware

What is a firewall?

You’ve probably heard the word “firewall” a few times in recent years. There was even a 2006 Hollywood movie of the same name starring Harrison Ford, Paul Bettany and Virginia Madsen.

But what is a firewall, and why do they matter?

Keeping the bad guys out

At the most basic level, a firewall is a system that prevents unauthorised access to a network. The firewall acts like a bouncer at the entrance to the network, checking the identification of everyone who tries to enter. Any unauthorised access attempt is blocked automatically.

How does a firewall work?

Before you can properly understand why firewalls matter, you first need to understand a tiny bit about how data is sent between computers.

Say you email a document to a colleague. Your computer splits the document into tiny pieces called packets which are then sent one at a time to your colleagues computer. Each packet contains additional information that tells the recipient’s computer how to rebuild the document from the packets – and where the packets are coming from. This whole process can be completed in a matter of seconds.

Network data transfers aren’t fool proof though. Packets can get corrupted or lost during transfer. Or they can be intercepted and modified by hackers.

A firewall adds an important layer of protection into the data transfer mechanism. The firewall sits between your computer and the recipient’s, checking every packet that passes through. Any network traffic that has been faked, is coming from an unauthorised or unrecognised source, or is otherwise suspicious is blocked automatically.

The firewall does a lot more besides too. It monitors all network traffic, preventing hackers from breaking into your computer or other internet-connected devices.

Why do firewalls matter?

In a business environment, the firewall is installed at the edge of the network; all network traffic has to pass through the firewall, and is analysed in transit. And the same is true of application firewalls like those included with Panda Dome that are installed on home computers.

Effective network security works on the principle of blocking suspicious traffic before it reaches your computer. In a corporate network, that means stopping hackers before they can access the network. At home, you need to drop/block bad network traffic before it can reach the data stored on your computer.

A firewall is not the same as antivirus – it does not check to see whether incoming packets contain malware. But it does automatically block the most suspicious network traffic to keep criminals out. Like antimalware systems however, a good firewall is also regularly updated so that it is capable of blocking the latest threats and suspicious activities.

And this automated checking is an important tool for raising the overall level of protection for your home computer and data.

To learn more about firewalls, please take a look at the Panda knowledgebase. And if you’d like to protect your computer with a firewall now, please download a free trial of Panda Dome Security.

Download Panda FREE VPN

The post What is a firewall? appeared first on Panda Security Mediacenter.

The VORACLE OpenVPN Attack: What You Need to Know

Many of us know that using a VPN (Virtual Private Network) adds an extra layer of security to our Wi-Fi networks. But VORACLE, a recently discovered vulnerability that was announced at a security conference by security researcher Ahamad Nafeez, is making some people reconsider this this steadfast safety tip. Let’s look under the hood at this vulnerability to understand what was impacted and why, and what we should do in the future when it comes to safely connecting to Wi-Fi.

Under the Hood of a VPN

A VPN is a connection between a secure server and your mobile device or computer. Through the VPN your activity and information on the internet is encrypted, making it difficult for anyone else to see your private information. Many of us use a VPN for work when we travel, some of us use them to watch videos online, and more and more of us use them as a best practice to help keep our information safe any time we want to use a Wi-Fi connection that we’re not sure about.

About the VORACLE VPN Vulnerability

At a high level, VORACLE leverages a vulnerability found in the open-source OpenVPN protocol. OpenVPN is an open-source protocol used by the majority of VPN providers, meaning many VPN products are affected.

The VORACLE attack can recover HTTP traffic sent via encrypted VPN connections under certain conditions, the first being that the VPN app in use enables compression via the OpenVPN protocol. A  hacker must be on the same network and able to lure you to an HTTP (not HTTPS) site with malicious code through phishing or a similar other tactic. The attack can happen on all web browsers but Google Chrome, due to the way in which HTTP requests are made.

Luckily the McAfee Safe Connect VPN was not built on the vulnerable OpenVPN code. That said, I want to take this opportunity to remind you of something we talk about a lot in the security industry: relying on only one layer of security is simply not enough today. Here are some tips and best practices to stay safe.

  • Set up multi-factor authentication whenever possible. This tip is especially important for valuable accounts like email or social media, which might be connected to financial information. With multi-factor authentication in place, you’ll be better protected by combining your usual login information with another layer of protection, such as a one-time-password sent to your phone, bio metrics (say, a thumb print), or a security token that you’ll need to confirm before getting access to your account.
  • Use secure websites (HTTPS) whenever possible. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted. Most websites are moving toward this standard practice, so if you notice yourself landing on a website with just HTTP, stay alert.
  • Avoid making financial transactions until you’re on a network you trust. Sharing personal data like your credit card information can lead to unnecessary vulnerabilities. The best bet is to wait until you’re on your home network with additional layers of security such as McAfee’s Secure Home Platform already in place.
  • Consider using your mobile network and being your own hotspot. If your mobile or IoT data plan includes a hot spot, consider using that over Wi-Fi to avoid some of the challenges that come with it in the first place.
  • Do continue to use a personal VPN when you’re on the go and using Wi-Fi– just be sure to do so while having an additional layer of security in place so that if a similar vulnerability is discovered, you’ll already have a backup.

Looking for more mobile security tips and trends? Be sure to follow @McAfee_Home on Twitter, and like us on Facebook.

The post The VORACLE OpenVPN Attack: What You Need to Know appeared first on McAfee Blogs.

"Hide My Ass" Comes Out of Hiding


The Internet has a chequered history with the humble ass. Kim Kardashian attempted to “break the Internet” with hers, and now we see VPN service “Hide My Ass” sold for
£40 million to AVG. This subscription driven VPN service is an interesting case study. Many VPN services are surprisingly coy about where they get their revenue, and about why they exist. HMA, on the other hand, are pretty up front: It was started as a way to bypass school filters, and it is subscription based. It’s nice to see the articles finally showing what we’ve long known - these services are, in the main, used for bypassing school or workplace filtering, and not only by oppressed revolutionaries in a far off land. Nor is Hide My Ass a way to avoid the long arm of the law, they have, in the past, given up users’ browsing details under court orders. What of other VPN providers - the “free” ones? Even subscription supported HMA admit freely they use affiliate marketing schemes to help keep the cost of plans down - what are the others doing to support the cost of bandwidth? Selling data, perhaps? For those with client software, they could be inspecting your secure connections! There’s even been cases where proxy/VPN software has inserted malware. Our advice - block ‘em all - and think twice if you are a user attempting to connect to a VPN service. Despite the name, and the youth of its creator, HMA is a pretty grown-up VPN system - the others, well - who knows?
 

Security: Hard to Get Right!

Couple of interesting articles doing the rounds this week, which are worthy of a quick comment!

Heartbleed: the bug that keeps on giving
Reports suggest that the Heartbleed vulnerability was involved in a breach of over 4 million records from a health provider in the US — we won't see many of these, as identifying the culprit as Heartbleed is really difficult in most cases. That instances like this are still cropping up reminds us of the need to ensure we're patched, and not just in the obvious places like a web server. This time it seems to have been SSL VPN at the heart of the issue, so to speak.

Passwords: why are we still so rubbish at this?
Apparently 51% of people share a password. This is properly daft. Really, crazier than a box of weasels. Even if you trust the other person, there's no telling what accidents might occur, or where they may re-use that password themselves. I always get gyp from my wife that I won't tell her my passwords, but I won't — and believe me, I do pretty much everything else she tells me!

EU "right to be forgotten" rule still here, still a waste of time?!
Internet numptys are still asking Google to remove them from searches in their droves. Happily the BBC is kind enough to reveal who they are by linking us to the relevant articles. When will people realise that once you publish something on the Internet, it is there forever. Unless it's that really useful document you bookmarked last week, which now 404s and was never in the Internet archive. Yes, that one.