63 technology companies ask for permission to release more data about US authority security requests

Following Edward Snowden’s scathing revelations about the NSA and the extent of the US’s spying capabilities, several large technology companies have asked that the US authorities allow them to release more details about security requests.

Companies including Apple, Google, Facebook and Twitter want permission to release regular statistics about the number and size of the data requests they receive. 63 organisations have sent a letter outlining the proposal to President Obama, Congress and NSA Director, General Keith Alexander on Thursday, with the action also supported by campaign groups including the Human Rights Watch and the Electronic Frontier Foundation.

Current permissions allow businesses to release some data about security requests, but in many cases they are required to ask the courts for permission first and restrict the extent of the information made available. Alexander acknowledged the public anger at Snowden's revelations, and argued that the companies are not culpable for complying with the data requests:

‘[These companies] don’t have a choice. Court order, they have to do this. What they want is the rest of the world to know that we’re not reading all of that email, so they want to give out the numbers.’
He went on to indicate that the proposals were something that the authorities would consider, but stressed that it was important to make sure that things like this were carried out correctly, and did not impact on ongoing FBI investigations.

Elsewhere, Anthony Romero, the executive director of the American Civil Liberties Union, has insisted that Snowden 'did [America] a service' by opening up questions regarding governmental access to private data, although this statement was immediately countered by several others attending the same national security conference in Colorado.  Snowden himself remains in limbo, stuck in Moscow airport where he has been for nearly a month as his disclosures continue to make waves all around the world.

If you have concerns about your online privacy, then a VPN service could be just what you’re looking for. A VPN provides your computer with an extra level of security while you’re using the internet to help ensure your connection stays safe and protected.

How to create secure passwords

When choosing a password for whatever purpose, you might use something personal like your pets
name or your birthday. But that’s far from being a secure password!

Sure, keeping a strong, complicated and long password in mind is not easy – that’s why many users make the mistake of using a rather weak password. But why not just making a compromise there? This weeks weekly tip will teach you a bit about passwords, their security and good ways to select a password.

First, the longer a password is and the more different and uncommon characters it contains, the more secure it will be. That’s why your first step should be thinking about possible risks you take when using a comparatively weak password; what damage can be done if your password gets stolen, your account used?

For example: If all that can happen is that someone else is able to play a specific flash-game with your account, then there’s not much to lose. Using a strong password here wouldn’t make much sense.

A whole different story is if your online-banking password gets stolen, or someone gets access to your website administration – this could result in real big damage, financial or legal consequences. Using a strong password here is essential!

In addition, using a weak password can be considered negligent. Should someone have used your WLAN for illegal purposes, you might be responsible for his actions simply because you did not secure it properly.

So after you decided if a strong password is needed, you need to choose what type of password you want to use. You can either use a personal password, or a generated password.
 Personal passwords: As mentioned, many people are using personal passwords like their pets name, their partners middle name, something like that. This alone brings 2 possible problems:

1. The password would certainly not be unique. It’s likely that the password is listed in so-called dictionaries. That means a hacker would only need to try often enough, and sooner or later he would have guessed your password and gained access to your account.

2. Anyone who knows you personally would be able to guess your password. Even a stranger could theoretically fetch personal information about you from the web, your friends or your family and then just keep trying different combinations and possibilities till they succeeds.

 Examples for passwords and terms you should not use:

• your birthdate: No birthdate is unique, and it’s not much effort to find out when you were born
• your pets name: No name is unique, and finding out your pets name is not that difficult
• short and common terms: Terms like “master”, “123456”, “qwerty”, “jesus” or even “password” are the worst possible choices for a password

So using a password that is simply a term of your private life is never a good idea – but that does not mean that you can’t use it. Why not just making it stronger?

You could add a number behind, before or in the middle of that term. For example, if you consider to use the password “buddy”, a stronger version would certainly be “buddy9642” or “bud9642dy”.

Remember: the longer a password is, the better. Many online services fortunately don’t accept weak or short passwords and so force you to select a stronger one.

If supported by the service you are registering for, feel free to use special characters like “@%/()$§?!”.

Using upper/lowercase characters in different combinations also makes sense. You should always keep in mind that each password has a certain chance to get guessed, either by a human or by a computer program.

Obviously a password like “buddy(1924)!” is less likely to get guessed than “buddy”.

A far more secure method for selecting a strong password is to generate one. There are countless password generators on the web with different generator settings.

The mystery of the security researcher and the Apple Development Centre

On Thursday 18^th July, the Apple Developer portal appeared to be offline, with users presented with an apologetic message explaining that, 'maintenance is taking longer than expected.' However, over the next few days a peculiar story emerged about the real reasons behind Apple's downtime. As the portal, which holds information for over 275,000 third-party developers, remained unaccessible, rumours began to spread suggesting that this was far from a routine maintenance check. The evidence pointed to either a database crash, or a serious security breach. 

 

As The Hacker News reports, Apple released a statement on Monday seeming to acknowledge the real reasons for the outage. The maintenance sign was replaced with the explanation that 'an intruder attempted to secure personal information of our registered developers from our developer website.' While Apple assured customers that their encrypted data couldn't be accessed, they were unable to guarantee that names, addresses and emails had not been stolen. Many users also received suspect password reset request emails, suggesting that the hackers were still after information. 

 

The Guardian, however, presented a slightly different version of events after interviewing Ibrahim Balic, a Turkish security researcher who claimed responsibility for the hacking. While admitting to the act itself, Balic claims his intentions were not criminal but honourable, seeking to point out flaws in Apple’s system and push himself as a researcher. While sceptics may suggest he is changing his tune after being caught, Balic outed himself not only to the public, but also to Apple, via a YouTube video complete with screenshots. The security expert found 13 separate areas of alarm, and filed a report with Apple, the same day the company closed the developer portal. 

 

So, was this a well-intentioned research mission, or a serious criminal intrusion? Apple has declined to comment on Balic's announcement, but one distinct possibility remains: he wasn't the only person delving into the company's security systems that day.

 

While Apple continues to review its systems, you can help secure your personal computer by using a VPN service. The VPN works as an additional layer of protection that stands between the data stored on your devices and anyone else attempting to access it.

News Roundup: Hackers exploit Android ‘master key’ in wild, five men indicted in massive hacking scheme and former Japanese poker champion arrested over distribution of malware

Hackers exploiting Android ‘master key’ in wild
At the beginning of July we reported that security research firm BlueBox had uncovered a ‘master key’ that would allow cyber criminals to gain unlimited access to any Android device. BlueBox had planned to release more details on this vulnerability at the Black Hat hacker conference next month, but it seems that the cyber criminals have beaten them to it and are already exploiting the key in the wild. The bug allows an attacker to install codes on any phone that runs on Google’s mobile operating system and then take control of the handset. Researchers from Symantec say that they’ve already uncovered two infected legitimate apps that are distributed throughout China and advise users that they should only be downloading software through Google’s Play store.

Five men indicted in large hacking scheme
Five men from Russia and the Ukraine have been indicted in the US for conspiring together to pull off a worldwide hacking scheme that compromised more than 160 credit card numbers and caused $300 million in losses over five years. Several companies were attacked by the men including Nasdaq, 7-Eleven, JCP and Dow Jones between 2005 and 2012. Two of the men are supposedly specialists when it comes to getting through network security and gaining access to victims’ systems, while another man specialised in mining data. The defendants hid their actions behind an anonymous web-hosting service in a bid to avoid detection.

Former Japanese poker champion arrested on malware charges
Masaaki Kagawa, a former Japanese poker champion who won around $1.5 million in tournaments, has been arrested by the Japanese authorities on suspicion of distributing Android malware. Symantec claims that Kagawa is one of nine who are accused of sending out spam emails with links to the Android malware ‘Android.Enesoluty’ embedded in them. The group registered about 150 domains to host the malware and managed to collect around 37 million email addresses from about 810,000 Android devices. It’s estimated that they earned around $3.9 million through the running of a fake online dating service called Sakura site.

HMA Perception over the proposed UK Internet Safety Bill.

Two days ago UK Prime Minister David Cameron proposed a new law to impose default Internet filtering for both adult and sensitive subjects. This law would require people to ‘opt-out’ of these default Internet filters rather than make an informed choice about what filters they would like to put in place.

Here at Hide My Ass!, we truly believe that the internet should not be censored and attempts to make so-called “inappropriate content” inaccessible, freedom of expression will be seriously compromised. Automated internet filtering software is usually over restrictive and therefore ineffective. For example, use of this filtering software in an attempt to censor pornography, could easily lead to sex education advice or materials on sexually transmitted diseases being blocked.  We fully support anyone who wishes to control the internet in their own home – but a government sponsored “one-size-fits-all” filter is bound to restrict the options of parents who want to make use of smarter filters, as it will become completely unviable for private companies to develop and maintain these products.

Our biggest concern with the proposals is the lack of information on what happens to the list of people who opt-out of the filter? It is inevitable that a list of those who opt-out will be created. Will the police or indeed GCHQ have access to this list? How will this list be secured and how will privacy be protected? With the growing prevalence of large-scale data mining – what safeguards will be in place to prevent commercial ISPs from exploiting the data?

These questions have been left unanswered or worst still, unconsidered. Even with the best possible intentions, more detail is required to understand why the government wants to place online users on official lists and go against the open spirit of the Internet.

Without the answers to these questions it is not appropriate that these proposals become law – the privacy and freedoms of internet users is at stake.

8 servers, 782 IP addresses and 2 NEW countries to the Hide My Ass! VPN Network

We’ve added 8 servers, 782 IP addresses and 2 NEW countries to the Hide My Ass! VPN Network

1. Saudi Arabia, Riyadh (31 IPs)
2. New Zealand, Auckland (71 IPs)
3. Thailand, Bangkok (124 IPs)
4. USA, New York, Albany (LOC1 S10) (124 IPs)
5. USA, New York, Albany (LOC1 S9) (124 IPs)
6. USA, New York, Albany (LOC1 S8) (124 IPs)
7. Taiwan, Taipei (LOC2 S1) (124 IPs)
8. Italy, Pordenone, Porcia (60 IPs)

You may have spotted that we have 2 brand new countries in our database. Please welcome Saudi Arabia and New Zealand to our VPN server network!
Random Fact about Saudi Arabia 

Many of the words we use today originate from Arabic, among them alcohol, alkali, admiral and alchemy.
Random Fact about New Zealand 
New Zealand was the first major nation to have universal suffrage. In 1893 it became legal for all male and female citizens of New Zealand to vote.

Golden Frog VyprVPN Review

Golden Frog VyprVPN

We reviewed Golden Frog VyprVPN to see how it compared to other leading personal VPN services and were impressed by a number of features
that set it apart from its competitors.

Golden Frog VyprVPN- No 3^rd party servers

Other VPN services employ hosted server solutions that use third parties. Golden Frog uses their own server clusters that offer greater reliability and performance. For example, if a server has an outage, the user automatically gets connected to another server in the cluster.
Server clusters also make it easier to connect to Golden Frog VyprVPN. Rather than having to scroll through a long list of servers, we were able to simply select a location to establish a connection.
VyprVPN’s server clusters ensure that servers are never overloaded or unavailable. Golden Frog writes their code, and their entire VPN server infrastructure is built around state-of-the-art hardware. They have dedicated in-house network engineers available 24x7x365 to ensure Golden Frog’s VyprVPN operates at peak performance.

 

 

Golden Frog VyprVPN- Server locations in strategic locations around the world

At the time of writing this review, Golden Frog VyprVPN listed 712+ servers spread throughout their 17 server country locations in the United States, Europe and Asia. VyprVPN also boasts a staggering 200,000+ IP addresses. There are no restrictions on speed, bandwidth or server switching with Golden Frog’s VyprVPN.

                                                   Golden Frog VyprVPN Server Map

• Asia - Hong Kong
• Canada – Toronto
• Denmark – Copenhagen
• Europe - Luxembourg
• France – Paris
• Germany – Frankfurt
• Ireland – Dublin
• Italy – Rome
• Malaysia – Kuala Lampur
• Netherlands – Amsterdam
• Romania – Bucharest
• Singapore – Singapore
• Russia – Moscow
• Sweden – Stockholm
• Switzerland – Zurich
• U.K. – London
• U.S. – Austin
• U.S. – Los Angeles
• U.S. – Washington, D.C.

Golden Frog has launched many new server locations this year and their website states “We will continue to roll out new servers throughout 2013.”  Don’t forget to check their website for any new servers that have been recently added.

Golden Frog VyprVPN- Multiple VPN Protocols

Golden Frog VyprVPN supports multiple VPN Protocols including PPTP, L2TP/IPsec and OpenVPN. Each protocol supports a different level of encryption so you have complete control over the level of security that you want to use.

Golden Frog VyprVPN- VPN Apps for Every Device

A great feature of the VyprVPN service is that it supports more devices than other VPN providers, offering desktop and mobile apps for Windows, Mac, iOS and Android.  The apps are  simple to use and allow users to easily switch between server locations and protocols with a single click or tap.

 

 

Golden Frog VyprVPN- NAT Firewall

Golden Frog also offers a NAT Firewall option to their users as an additional layer of security when using VyprVPN. The NAT Firewall blocks unrequested inbound traffic when you’re connected to VyprVPN, preventing third parties from exploiting security vulnerabilities. No additional configuration or software is required because the NAT Firewall runs on the VyprVPN servers. NAT Firewall protects any device connected to VyprVPN.

Golden Frog VyprVPN- Bonus Feature: 5 GB of Free Online Secure Storage
Accessing files from wireless hotspots can be dangerous. Golden Frog gives all Golden Frog VyprVPN users 5GB of free secure online storage via Dump Truck (another Golden Frog product) to securely store and share files, photos, documents and videos with other users and devices.

Golden Frog VyprVPN- 24x7x365 Support

Golden Frog VyprVPN has 24x7x365 customer support via live chat and email. Their response time for email support is under 15 minutes. Best

of all, their support representatives are trained to deal with a multitude of issues and can provide you with the assistance necessary to optimize your settings or reroute traffic.

Golden Frog VyprVPN- Plans and Pricing
Golden Frog VyprVPN currently offers two account plans: Their basic account for $9.99/mo. and VyprVPN Pro for $14.99/mo. Both plans allow you to add NAT Firewall for an additional $5/mo. and include a generous 7 day money back guarantee. Payment options include credit cards and PayPal.

Golden Frog VyprVPN- Final thoughts
Golden Frog VyprVPN is a powerful personal VPN with truly unique features and it is easy to see why VyprVPN is a leader in the Personal VPN market. The creators of VyprVPN, Golden Frog, are Internet veterans who have owned and operated Internet businesses since the dawn of the public Internet in 1994. We particularly like that Golden Frog uses their own servers and do not outsource to third parties. In our opinion, VyprVPN is the best approach to protecting your security and privacy online