VPNs.co.uk

Can a VPN prevent my data being harvested?

Posted 23rd August, 2018 @ 12:21 pm | by Neil Cumins | inGuides

Data harvesting has taken centre stage in recent months, from Facebook’s ongoing travails to high-profile leaks involving firms like Yahoo and Equifax.

As consumers lose enthusiasm for volunteering intimate details of their lives to faceless marketing companies, data harvesting has become a popular topic of discussion.

Most people now appreciate social media platforms, web browsers and search engines spy on every keystroke and page view, looking for information they can sell to third-party agencies.

But do VPNs provide greater privacy, or are they something of a fig-leaf?

Do VPNs prevent personal data harvesting?

The simple answer is – it depends what you’re doing.

A VPN is great for passively consuming content without letting the world and its appointed ad agency know where you’ve been.

However, anonymous browsing only takes you so far.

If you log into a website – which you’ll need to for gated content and ecommerce portals – you’re still generating activity logs.

A VPN is therefore only beneficial when browsing websites as an unregistered guest, such as watching publicly accessible media streams or looking at archived Reddit threads.

Logging into an account won’t be picked up by the VPN, but that website will track your activity even if you’ve accessed it via a securely encrypted tunnel protocol.

Similarly, it’s possible to conduct searches in Google and Bing through a VPN without leaving an electronic footprint.

But you’ll need to be logged out of any accounts, which means access to Google Docs and YouTube histories won’t be possible.

As soon as you log in, everything you do is monitored through your account rather than your web browser.

And once Google knows you like using VPNs, it’ll start displaying adverts for VPN providers – ironic, but inevitable.

Once more unto the breach

At least using a VPN prevents data harvesting by criminals.

Even a mediocre hacker could eavesdrop on someone sitting in a café, once their phone or laptop is logged into the free WiFi network.

Conversely, a VPN creates an encrypted connection between host and recipient devices, ideally using uncrackable 256-bit encryption keys and advanced authentication certificates.

This is particularly advantageous when seeking to avoid geolocation settings, such as the ones used to block local radio stations or live sporting events.

Logging an enquiry

Another issue with data protection centres on the moral ambiguity of VPN services keeping user logs.

We recently revealed how a href=https:// vpns.co.uk/can-i-trust-my-vpn-not-to-spy-on-me a quarter of VPN providers were collecting log files on users, potentially enabling the identification of individual users.

This data could then be resold, used to identify users prior to criminal proceedings, or simply left in a ‘secure’ data centre for an unspecified time period.

Avoid VPN products from companies who claim they need to retain Personally Identifiable Information, or who collect ‘anonymous’ data about site visits.

Read consumer reviews, choose uncapped (or unlimited) VPN packages, and scrutinise the VPN’s privacy policy for a definitive guarantee no logs will ever be made or retained.

Can I trust my VPN not to spy on me?

Posted 10th July, 2018 @ 9:11 am | by Neil Cumins | inGuides

In today’s security conscious age, a private connection to the internet is viewed as vitally important by many people.

There have traditionally been two ways to enjoy complete anonymity online – the Tor browser, or a virtual private network.

However, VPN security was called into question earlier this year by revelations that almost a quarter of VPN providers were quietly collecting log files.

Some of the biggest names in the industry were implicated, often because of tacit admissions buried away within their privacy policies.

So how can you tell if VPN security is up to scratch?

Ways to investigate VPN security

While this list isn’t definitive, it should minimise any possibility of your chosen VPN provider storing information that might be used to identify online activities in future:

• Firstly, read every word of a VPN provider’s privacy policy before signing up. Ensure they aren’t keeping any data at all – visited websites, IP addresses, etc. Even connection times and device types might be noted and stored
• Look for definitive logging policy statements. If a company promises it doesn’t keep any logs of any kind, you’re probably safe. A vague promise not to record the contents of communications could mean your activities end up stored on their servers
• Don’t be fooled by companies claiming they need a small amount of Personally Identifiable Information, such as names, for account creation purposes. There’s no legal requirement for PII to be stored
• Equally, shun any company claiming it only collects anonymous data about website visits. If you’re the only user visiting a particular website on a specific day, it wouldn’t take Sherlock to figure out which VPN user paid that website a visit
• Look for consumer reviews before signing up. Virtual private networks tend to attract tech-savvy consumers, who are well-placed to critique the quality of service they’re receiving. Are other people happy with VPN security and service?
• Consider the VPN’s home country. Many EU nations participate in an intelligence sharing program called 14 Eyes, with the US and Canada, Australia and New Zealand. You may be safer choosing a VPN based in a different country – or continent
• Don’t be reassured by a warrant canary. This regularly-updated webpage is used to note a lack of State interference – if it disappears, action has been taken. However, a truly log-free VPN wouldn’t require a warrant canary in the first place
• Try to avoid capped services. An unlimited VPN has no reason to record connection time or bandwidth usage, whereas a capped one does. This is benign rather than malicious, but it still necessitates user activity records being kept.

The final thing to be aware of is the fluid nature of VPN policies.

Companies are taken over or merge, acquire new owners or revise their T&Cs.

Even if you have a preferred VPN, periodically check its privacy and logging policies – studying the small print – to ensure your activities are still anonymous.

A beginner’s guide to VPN jargon

Posted 25th June, 2018 @ 9:25 am | by Neil Cumins | inGuides

Virtual private networks can seem quite mysterious if you’re not computer savvy, and VPN jargon might sound like a different language.

Yet a VPN is simply a secure connection between two computers, enabling information to be transmitted discreetly without being seen by anyone else.

Imagine having a choice between crossing a busy road in sight of other people, or using an underpass that hides you from view.

Both routes achieve the same outcome, but one is much more discreet.

With a VPN, the tunnel is exclusively yours, and nobody else can see it – or use it.

Why would I want to use a VPN?

The most common reason is to achieve greater privacy when sending and receiving information.

This is particularly relevant when using WiFi, as public networks offer little protection against prying eyes. Even domestic broadband hubs are easily spied upon.

That’s a problem, since cyberspace is awash with criminals who would love to know which characters you use to access your online banking, or what your social media passwords are.

VPNs also enable you to circumvent geolocation restrictions, so you can listen to a local radio station from a different county, or watch a movie that’s not been released in the UK yet.

The A-U of VPN jargon

This is some of the most common VPN jargon you’ll encounter:

• AES. Short for Advanced Encryption Standard, most industry observers regard this as the safest form of encryption
• Asymmetric encryption. A two-step key exchange before data is shared – one key is public and the other is private. By contrast, symmetric encryption uses a single key
• BitTorrent. This protocol enables people to share files with each other. It’s typically used through VPNs to preserve the anonymity of individual file sharers
• Connection logs. Non-specific information about connections, usually relating to the length of time a connection has been established and which servers were involved
• Encryption. A form of code that turns digital data into seemingly random characters, so third parties can’t understand it
• Encryption key. The lengthy alphanumeric string generated to ensure previously unconnected devices can safely encrypt (and decrypt) data
• Geo-spoofing. When a VPN pretends a user is in a different place. Used to avoid location restrictions on content that’s only intended for certain audiences or regions
• HTTPS. A secure version of the HyperText Transfer Protocol used across the World Wide Web. HTTPS is ideal for ecommerce transactions or distributing sensitive material
• IPSec. Internet Protocol Security individually encrypts each data packet before it’s dispatched. That makes it very secure, and a favoured protocol among VPN providers
• Kill switch. VPNs occasionally go offline, but a kill switch ensures any programs using the VPN will be closed down immediately. Switches could be automatic or manual
• L2TP. Layer 2 Tunnelling Protocol is used in tandem with IPSec. Because no software is involved, L2TP is easy to set up even by a VPN novice
• Network lock. Another term for kill switch. (Also known by other titles like internet block, they all ensure a device won’t continue accessing data if the VPN drops out)
• OpenVPN. This is the most common protocol used by VPN services, and it’s considered largely uncrackable, even by security agencies
• Peer-to-peer. Abbreviated to P2P, and often known as torrenting, a P2P network sees users sharing files with each other without any central database or corporate oversight
• PPTP. The Point-to-Point Tunnelling Protocol was devised by Microsoft for VPNs. It’s universally recognised, but major security flaws mean it isn’t recommended any more
• Proxy. Think of this as a PO Box for information sent from a server to your device. A proxy server reroutes data, to cloak the source or destination of information it receives
• Shared IP address. Every internet connection should have a dedicated IP address, but VPN providers share addresses among clients to disguise which IP account did what
• SSL/TLS. These interchangeable terms describe the protocol employed to secure HTTPS websites. SSL is used heavily by OpenVPN to secure individual user connections
• Tor. The Onion Router is the main alternative to a VPN for encrypted and anonymous online activities. This popular web browser was co-developed by the US military
• Tunnel. The secure and encrypted connection between a user device and a network, most commonly a VPN
• Usage logs. Some VPN providers record basic information about user activity. These firms are generally worth avoiding, as logs could be used to identify individual users.

Image: WonderWoman0731

The differences between Tor and a VPN

Posted 18th June, 2018 @ 11:35 am | by Neil Cumins | inGuides

If you want to use the internet in complete privacy, today’s web browsers probably aren’t for you.

The likes of Google Chrome and Microsoft Edge are constantly monitoring and recording user activity, using vast amounts of collated information for various unspecified purposes.

Safari’s privacy policy states Apple can use customer data to “create, develop, operate, deliver, and improve our products, services, content and advertising.”

That’s not always a reassuring message in these privacy-conscious, post-Facebook times.

Fortunately, there are alternatives, in the form of a Virtual Private Network or the Tor browser.

Both disguise an individual user’s location, supporting discreet information transmission without leaving an electronic trail behind.

So are the Tor Browser and VPNs the same?

Not at all.

The Onion Router is a web browser designed and part-funded by the American Government.

It distributes data randomly through numerous nodes, making it almost impossible for third parties to determine who viewed what information, when or where.

However, in other respects, Tor is a conventional (if slow and dated-looking) browser.

A VPN is a standalone piece of software, creating a secure connection between two computers so encrypted data can be shared.

VPNs are commonly used for remotely accessing another device, or sharing content over a peer-to-peer network.

Tor will load any normal website, whereas a VPN is more like the dedicated window used to access online banking – more focused yet less versatile.

Which offers greater privacy?

This depends on which VPN you’re planning to use.

There are different types of data transfer protocols, including ones specifically designed for mobile networks or online streaming.

OpenVPN uses almost uncrackable 256-bit encryption keys, while the SSTP protocol in Windows 10 couples this with 2048-bit authentication certificates.

Even so, Tor offers plenty of privacy-focused features as well.

Its slow loading times are attributable to information being bounced all round the world, preventing eavesdroppers or Government agencies monitoring user activity.

Tor doesn’t store session data or site histories, and it can view .onion sites contained within the Deep Web – where privacy is paramount.

One size doesn’t fit all

Depending on your personal circumstances and requirements, there may not be a choice between the Tor Browser and a VPN:

• VPNs work equally well on mobile device and MacBooks, which isn’t true of the desktop-focused Tor
• Tor also has to be downloaded and installed, so it’s unsuitable for devices where someone doesn’t have administrator privileges
• A VPN is far better for transferring large files or live streaming – Tor is almost unusable as a streaming portal
• However, Tor is the only gateway to the Deep Web’s unique attractions
• It offers the same level of protection to everyone for free, whereas VPN users often have to pay for premium services
• Tor also champions the deletion of tracking data like cookies, while some VPN providers store session logs that could identify user activity at a later date.

If privacy is paramount, you should only use a VPN that explicitly promises not to store session logs.

Best VPNs for Spotify 2018

Posted 5th June, 2018 @ 7:21 pm | by Neil Cumins | inFeatured Deals

Music streaming has come a long way since the days of peer-to-peer piracy platforms like Kazaa and Morpheus.

Today, you’re far more likely to download songs and albums from a legitimate platform – very possibly Spotify.

In just a decade, this Swedish streaming service has acquired 36 per cent of the world’s streaming music subscriptions.

That’s particularly impressive considering Spotify has yet to conquer much of the globe.

And while its share valuation remains controversial, having never made a profit, people around the UK rely on Spotify’s curated playlists and high-quality audio output.

But what if you find yourself unable to listen to certain podcasts or broadcasts, because they’re not permitted in your region?

After all, Spotify isn’t available in many Asian countries, and it currently has no presence in Africa.

Regional restrictions are employed to protect copyright in countries where Spotify doesn’t have a licence to play music.

Attempting to access the service will result in a message saying “Spotify is currently not available in your country”.

That’s quite disappointing if you pay a monthly subscription and then find yourself in a restricted territory.

Fortunately, a VPN could represent a solution.

What’s a VPN?

For the uninitiated, a virtual private network establishes an encrypted connection between your device and a remote server.

A secure link is confirmed by exchanging encryption keys, ensuring third parties can’t view or intercept the contents.

A VPN can also be used to cloak your location, by spoofing the IP address that indicates where you are.

You could be in Mumbai (where Spotify isn’t allowed to operate), listening to it through a VPN that’s informing Spotify’s servers you’re actually in Manchester.

How do I install a VPN?

A VPN is a standalone piece of software used to establish a secure internet connection, like the minimalist windows you use to log into online banking.

Usually found on mobile devices, they can be installed as apps or downloaded as a program file that can then be installed onto your device.

VPNs come in a variety of free and paid-for versions, but the additional security features offered by paid platforms tend to make them a safer choice.

You should also avoid VPNs with small data limits, which will quickly be consumed by a continual stream of high-quality music files.

Below, we’ve listed five of our favourite VPNs for Spotify, though it’s worth noting VPN providers (especially free ones) come and go fairly frequently.

Top five VPNs for Spotify

• 1. ExpressVPN. With over 1,500 servers in almost a hundred countries, you’re never going to be far from an ExpressVPN server. This market-leading VPN can be installed on everything from Kindle e-readers and Linux computers to Windows and Mac OS X desktops, plus Apple and Android mobile devices. It’s relatively expensive, but you do get round-the-clock technical support and a strong focus on user privacy
• 2. Buffered. Gibraltar-based Buffered has a presence in barely a third of the nations already colonised by ExpressVPN. Even so, it supports high-speed connections on up to five devices simultaneously, with its own 24/7 technical support. Buffered may store connection logs, which the best VPN providers don’t tend to keep on file
• 3. PrivateVPN. If the absence of connection/user logs is important, Sweden’s PrivateVPN might be worth considering. It has a larger global footprint than Buffered, using military-grade encryption and high-speed connections to ensure music is delivered without interruption (apart from the ads on Spotify’s free service)
• 4. NordVPN. Despite the Scandinavian connotations of its name, NordVPN is actually based in Panama. As such, they are under no obligation to store customer logs or data. With a thousand servers in 60 countries, NordVPN’s ultra-fast server connections ensure a seamless distribution of content. Their 256-bit encryption is impressive, and proprietary technology guarantees to resolve any attempts Spotify makes to block streams
• 5. VyprVPN. Our final entry on this list, and another VPN keeping user connection logs. In theory, these could permit Spotify to identify which users have been dodging geolocation restrictions. Even so, VyprVPN has excellent encryption, 700 international servers, impressive connection speeds and compatibility with all the popular hardware platforms.

Why VPNs Are Even More Important In the Age of GDPR

Posted 10th May, 2018 @ 9:41 am | by Jenny Morrison | inNews

What is GDPR?

If you’ve noticed an influx of emails, website and app notifications about privacy notices, you’re already seeing a small effect of the new General Data Protection Regulation (GDPR) laws.

In a nutshell, the EU’s GDPR laws are concerned with how companies collect, store, process, use, and safeguard data they have about individuals. The law is designed to protect the privacy of all EU citizens and give them more control over how companies use and store their data and use their personal information to communicate with them. The UK is set to adopt and retain these laws for the future, so regardless of leaving the EU, GDPR will still be a legal requirement and protection for UK citizens.

The key takeaway is that this is about safeguarding the individual’s data, so it doesn’t matter where a company is based or who it targets in its marketing; if any EU citizen’s data is collected, stored or processed, it needs to be in line with GDPR regulations. As a result, almost all websites and companies worldwide are affected by GDPR in one way or another as they have very little control over who visits their website or subscribes to their mailing list.

GDPR has thrown businesses across the globe into a frenzy as they race to understand the law and take the actions they need to take in order to be compliant. As well as analysing the extensive and ambiguous regulation information, all websites and communication methods need to be reviewed and modified accordingly to meet GDPR compliancy standards.

With everything from emails to cookies under scrutiny, there‘s no room for error. Companies of all sizes, from sole traders to large corporations, are subject to extensive fines if they do not meet the data storing, handling and processing requirements of GDPR.

What does GDPR mean for VPN users?

GDPR is an important step in the right direction for personal privacy, so you may think there’s less need for VPN services. In fact, they are more important than ever before for two key reasons:

1. You can avoid blanket EU and UK IP blocking

Under GDPR, IP addresses are classed as personally identifying data. Therefore many small non-EU websites and businesses, particularly those in the USA, are debating whether or not to just block EU IP addresses from accessing their websites altogether. They are seeing it as better than spending the time and money trying to comply with GDPR. The worst case scenario for businesses is that they run the risk of being charged millions of Euros in penalties, so their concern is understandable.

If you’re looking to continue to visit international websites that have decided to block European Union IP addresses (along with those of third countries like the UK who are still adopting GDPR laws in their entirety), a VPN is a lifesaver. You can enjoy the same access to all the same websites regardless of your actual location, IP address, and citizenship.

2. Keep your personal data protected no matter what

If you’re concerned that many websites won’t take the extensive actions needed to comply with GDPR, particularly those based outside the EU, then you can take matters into your own hands and make sure you’re protected with a VPN.

In addition to avoiding the risk that many websites won’t be fully compliant or may not even attempt to comply, you’re also minimising the amount and types of data that third parties can collect about you and your browsing interests.

As many elements of GDPR are related to transparency and awareness rather than banning data collection outright, third party tracking, cookies and retargeting will still be permitted. Therefore, in order to avoid being tracked all over the web and to prevent websites collecting information about you, you will still want the protection a VPN provides. This will ensure that all websites are unable to track you beyond your single current session on a single website, and companies certainly will not be able to build up a long-term and intrusive picture of your interests, traits, and personal data as you browse the web.

While many people see GDPR as a welcome advancement for protecting individuals’ rights to privacy, others are concerned that it doesn’t go far enough in blocking data collection and storage.

To make sure you have the maximum possible privacy when browsing the web, regardless of whether a specific website does or doesn’t comply with GDPR, a VPN is vital. It costs just a few pounds per month to protect yourself, so take a look at our top VPN deals and reclaim your privacy today.

Main Image: Descrier

Free VPN or paid VPN? Which should you choose?

Posted 30th March, 2018 @ 10:20 am | by Neil Cumins | inGuides

As concerns grow about our leaky governments and shoddy online privacy, Virtual Private Networks are growing in popularity – but will a free VPN or paid VPN do the job of keeping your data private?

A survey last year suggested 44 per cent of people in the UK have used a VPN to create a completely secure connection between their device and a host server.

We often use VPNs without even realising, from internal company networks to pupil portals in schools and colleges.

Then there are personal connections, which may be set up for a number of reasons:

• Exchanging sensitive information, such as a patient uploading personal medical data
• Increasing the security of a public network like a café’s free WiFi
• Reducing exposure to malware, phishing or viruses
• Avoiding geolocation restrictions on video, streaming TV on Hulu or Netflix, or other online content
• Remotely accessing other devices, like offsite IT personnel fixing a problem
• Streaming or torrenting content through a BitTorrent or similar

Results may vary

Like many things in life, VPNs come in different varieties. And one of the biggest differences is cost.

When you’re choosing between a free VPN or paid VPN, this is what you need to know.

Paid versions are the norm, though it’s possible to get a free VPN.

Running a VPN is a considerable technical and financial undertaking, which has to be paid for somehow.

If you’re not paying a small monthly subscription you should take it as read that you will end up paying in other ways.

Anything free online when it’s providing a service is never actually free. Take Facebook for example. A nominally cost-free service backed up by harvesting your personal data to target advertising to your phone, laptop and anywhere else social media can follow you.

Choosing the best option as a consumer depends on your specific requirements, as we explain below.

Free VPNs

Free VPNs are widely available, but they lack useful features found in their paid-for cousins.

One of the biggest issues involves the commonly-used Point-to-Point Tunnelling Protocol (PPTP) connection method.

More: VPN protocols – which is safest to use?

Rather than getting bogged down in the specifics of how this works, it’s enough to note PPTP’s 128-bit encryption isn’t considered fully secure any more.

It’s fine for streaming video content, but less suitable for spending a week doing online banking and shopping through a hotel’s unsecured WiFi network.

It’s important to realise you get nothing for free, particularly given the costs of running a VPN service.

Providers cover their infrastructure and marketing costs with unblockable third-party advertising or data caps, while some throttle bandwidth speeds or force log-offs after a certain amount of time.

There’s also a higher risk of disconnections, particularly if the network is over-subscribed or experiencing significant traffic volumes.

And if something does go wrong, don’t expect much help from a free VPN provider. Many won’t have a customer service department.

It’s much easier to snare customers with a free ‘VPN’ that’s actually a spoof program designed to spy on user activity and fraudulently gain access to personal data like online banking.

Paid VPNs

Subscription-funded VPNs generally reinvest in faster infrastructure and better service.

Stronger encryption methods might slow data transmission a little, though this rarely matters given the additional bandwidth available.

Plus, the benefits of greater privacy through a virtual private network ought to outweigh any delays incurred.

A more pertinent issue is the requirement to register personal details when setting up payment.

A free VPN can often be used anonymously, which isn’t true when a user account and direct debit are registered in your name.

Nonetheless, paid VPNs offer many advantages.

They tend to offer a choice of connection types, including SSL protocols and 256-bit encryption.

Because they have greater revenue streams to draw on, paid service providers almost always offer larger volumes of connection nodes around the world.

There’s no risk of connection speeds being throttled to redirect bandwidth elsewhere. If anything, you’ll benefit from this happening to other people.

Technical support should also be readily available, though paid-for platforms require less assistance anyway because they’re designed to meet expectations of service among their customers.

And paid VPNs tend to last longer than free ones that occasionally vanish overnight.

The last word

The choice between a free VPN or paid VPN depends largely on whether anonymity and affordability outweighs service quality and reliability.

Either way, it’s crucial to ensure a potential VPN provider won’t keep activity logs to identify what you’ve been doing.

If a potential provider doesn’t clearly stipulate a no-logs policy, it’s probably best to go elsewhere.

Finally, VPN regulation is often more lax in less democratic countries like China or Russia, even though the state tends to pay closer attention to individual activities.

Find the right VPN in under 30 seconds

MAIN IMAGE: Herve/CC BY-SA 2.0

Microsoft Windows 7 patch for Meltdown just made things 10 times worse

Posted 29th March, 2018 @ 10:48 am | by Tom Rodgers | inNews

Microsoft’s security patch to fix a critical flaw in its systems has made it less rather than more secure, researchers are warning.

News broke in January 2018 that a in-built weakness in Intel computer chips and ARM smartphone chips could affect billions of devices, from laptops to the hardware that powers server farms and data centres.

Google’s Project Zero security researchers found that the bugs, dubbed Meltdown and Spectre, were side-channel attacks against CPU microprocessors that allow code to read data it should not have access to.

The Spectre of doom

The threat is so great that the UK’s cybersecurity lead at the National Cyber Security Centre – part of GCHQ – issued this warning: “Processors in most devices employ a range of techniques to speed up their operation. The Meltdown and Spectre vulnerabilities allow some of these techniques to be abused, in order to obtain information about areas of memory not normally visible to an attacker. This could include secret keys or other sensitive data.

“In the worst case, code running on a device can access areas of memory it does not have permission to access. This can result in compromise of sensitive data, including secret keys and passwords.”

Meltdown affects laptops, desktop computers and internet servers with Intel chips, while Spectre affects some chips in smartphones, tablets and computers powered by Intel, ARM and AMD.

Nigel Houden, the head of technology policy for the UK’s Information Commission Office (ICO) explains the flaw: “In essence, the vulnerabilities provide ways that an attacker could extract information from privileged memory locations that should be inaccessible and secure.

“Depending on the specific circumstances an attacker could gain access to encryption keys, passwords for any service being run on the machine, or session cookies for active sessions within a browser.

“The implications for data controllers are clear. If these vulnerabilities are exploited on a system that is processing personal data, then that personal data could be compromised.

“Alternatively, an attacker could steal credentials or encryption keys that would allow them to access personal data stored elsewhere.”

But while manufacturers have been scrambling to produce fixes, their efforts are producing more vulnerabilities rather than fewer.

Microsoft make Windows 7 leak

Ulf Frisk, an independent cybersecurity researcher, discovered that while fixing the defect for Windows 7. Microsoft opened up a whole host of other problems.

He writes: “Did you think Meltdown was bad? Unprivileged applications being able to read kernel memory at speeds possibly as high as megabytes per second was not a good thing.

“Meet the Windows 7 Meltdown patch from January.

“It stopped Meltdown but opened up a vulnerability way worse … It allowed any process to read the complete memory contents at gigabytes per second, oh – it was possible to write to arbitrary memory as well.”

It’s understood that the problem affects machines running the 64-bit version of Windows 7 or Windows Server 2008 R2.

Microsoft issued a statement to SecurityWeek to say they are aware of the issue, with security teams looking closely for a fix.

MAIN IMAGE: Ulf Frisk

VPN protocols – which one should you use?

Posted 27th March, 2018 @ 5:00 pm | by Neil Cumins | inGuides

A Virtual Private Network is a relatively simple way of sharing data between two computers.

It creates a secure data connection, which is commonly used for one of the following tasks:

• Exchanging confidential information
• Remotely accessing a device
• Accessing content through a peer-to-peer network
• Bolstering security over public WiFi networks

Guide: How to use torrents safely and securely

Even though they’re relatively simple in principle (and often in practice), VPNs often seem confusing to beginners.

One of the main reasons involves the sheer diversity of VPN protocols, which determine how information is shared between connected devices.

Some protocols encrypt the whole IP packet being distributed, including its header. This is known as a tunnelling protocol.

Transport protocols only encrypt the data payload – not the header. They’re simpler and more efficient, designed for client-to-site communications rather than two-way conversations.

To the uninitiated, these protocols can seem daunting, yet they’re all variations on a theme.

Common VPN protocols

The list below isn’t exhaustive, but it covers the VPN protocols you’re likely to encounter in 2018.

We’ve also included a couple of older protocols, still soldering on in the face of ever-evolving threats. Think of them as the Nokia 3310 (or Rick Grimes) of VPN protocols.

Most protocols are better known by acronym abbreviations, listed in brackets after the name:

• Internet Protocol Security (IPSec). Like most of the entries on this list, IPSec authenticates a data transfer session before encrypting each data packet. Specifically designed for IP traffic, it’s also compatible with other security protocols.
• Layer 2 Tunnelling Protocol (L2TP). In tandem with IPSec, L2TP creates a secure connection between two devices. As its name suggests, this is a tunnelling protocol rather than an encryption one. It has also largely replaced its predecessor, PPTP
• Point-to-Point Tunnelling Protocol (PPTP). PPTP was built into Windows 95 for dial-up modems, but various security flaws have been exposed in recent years. Its lack of encryption means PPTP is still handy for swerving geolocation restrictions when streaming content
• Secure Sockets Layer (SSL). Invented by defunct web browser firm Netscape, SSL is largely obsolete and shouldn’t be confused with the titular certificates. These have 2048-bit encryption for web traffic, and are acknowledged by a green browser address bar
• Transport Layer Security (TLS). Launched in 1999 and based on SSL version 3.0, TLS has supplanted its predecessor even though the two acronyms are still used interchangeably. It turns http web traffic into a private conversation started and ended by the client device
• OpenVPN. This open source software can be modified by users. It’s based on SSL/TLS, offering compatibility with operating systems from Linux and Windows to BlackBerry and iOS. OpenVPN does run slowly, but its 256-bit key encryption is almost impenetrable
• Secure Socket Tunnelling Protocol (SSTP). SSTP is more platform-specific, bundled with Windows since Vista and now integrated into Windows 10. Its 2048-bit authentication certificates and 256-bit encryption keys make it secure to use – and hard to block
• Secure Shell (SSH). Sometimes known as Secure Socket Shell, SSH creates a VPN tunnel for transporting data and then encrypts it. It’s commonly used when a remote IT expert wants to access your device by taking control from a separate location
• Internet Key Exchange version 2 (IKEv2). A tunnelling protocol rather than an encryption one, IKEv2 is useful for mobile networks where connectivity keeps being lost. It’s also stable when switching from WiFi to mobile data, making it great for smartphones
• Multi-Protocol Label Switching (MPLS). A protocol you’re unlikely to come across, since it’s designed for scalably integrating several users into site-to-site connectivity. Benefits include reducing latency – the delay between data’s distribution and its receipt.

How to set up VPN protocols

The process of setting up a protocol will vary by provider, but it’s usually as simple as installing a client and choosing a username and password combination.

Some protocols will even be set up on your behalf, like remote logins to your desktop PC from a network specialist trying to resolve a technical problem.

SSL/TLS are handled through a web browser, without needing any additional software or interfaces.

You can improve any protocol’s reliability by rebooting your device prior to use, and ensuring only one active VPN client is running at any given moment.

Software conflicts may prevent VPN protocols working with antivirus software or firewalls, but you should only disable these if strictly necessary.

MAIN IMAGE: Masakasu Matsumoto/CC BY 2.0

UK gov sets up Spy School for Threat Hunters

Posted 26th March, 2018 @ 10:39 am | by Sam Newman | inNews

They’ve been dubbed the ‘Threat Hunters’: the Ministry of Defence is stepping up national cybersecurity to meet growing threats from Russian and North Korean hackers.

A new Defence Cyber School has opened at the Defence Academy in Shrivenham with funding from the National Cyber Security Strategy – a Government initiative spending £1.6 billion to keep the UK at the bleeding edge of cyber defence technology.

At the opening of the school, Minister for the Armed Forces, Mark Lancaster, warned of the “constantly evolving” threats to UK security: “That’s why the Defence Cyber School is so important. It’s a state-of-the-art centre of excellence that will train more personnel across Defence and wider government in dealing with emerging threats.”

It makes us WannaCry

Last year NHS departments across the country faced meltdown when their computer systems became a victim of the May 2017 WannaCry attack.

A North Korean ransomware cryptoworm disabled thousands of NHS computers, locking records and stopping Accident and Emergency systems from processing new patients.

Help yourself: How to avoid ransomware

The attack affected over 200,000 Windows devices across 150 countries, and demanded Bitcoin ransoms to release corrupted records.

Despite the severity and urgency of the WannaCry threat, both UK and international defence agencies failed to stop the worm’s spread. Instead, the attack was halted accidentally by a researcher from a small cybersecurity firm as he routinely investigated the software.

Rapid, rapider, rapidest

The MOD has announced the upcoming establishment of “Rapid Response Teams” to counter emergency situations, such as WannaCry, and prevent widespread damage to national systems.

Late last year the National Cyber Security Centre warned the public against using Kaspersky antivirus programs for fear they were linked to Russian state-sponsored spying.

Cyberattacks present as much of a threat to national security as any military force.

As well as actively destabilising vital services, hack attacks can compromise critical data and empower the intelligence communities of hostile states.

Going on the offensive

The MOD ‘spy school’ will also train personnel in “offensive cyber” – creating malicious software themselves to attack “serious threats” to the UK.

It appears that we are entering an age of cyber warfare, and a ‘land, sea, and air’ military is no longer enough to protect the country.

It is important to remember that the internet has connected us to our enemies, as well as our friends – and that it remains a largely undefended front.

General Sir Chris Deverell, Commander of Joint Forces Command, gave words of assurance: “Defence has a number of very highly-trained military personnel on hand to deal with emerging and complex cyber threats.

“Our threat-hunters give us the ability to identify, isolate and respond to these threats, whenever and wherever they might arise.”

From April, Threat Hunters will begin deployment at key locations across the UK and overseas.

MAIN IMAGE: Tactical Technology Collective/CC BY-SA 2.0

‘Breaking Bad’ students who sold £1.3m drugs on Dark Web jailed

Posted 22nd March, 2018 @ 3:53 pm | by Tom Rodgers | inNews

A gang of men dubbed the ‘Breaking Bad students’ have been jailed for more than 50 years after being caught dealing huge amounts of drugs on the Dark Web.

The group included computer science, petrochemical engineering and pharmacology students at the University of Manchester.

26-year-old Elliot Hyams, Jaikishen Patel, Basil Assaf and 25-year-old James Roden were inspired by fictional meth kingpin Walter White from Breaking Bad, according to court notes from the trial.

Based at a flat in Manchester city centre, the four men took payments in untraceable Bitcoin from all over the world for ecstacy, powerful psychadelics LSD and 2CB and popular party drug ketamine.

Over the course of two and a half years from May 2011 to October 2013 the gang made millions.

Each took lavish holidays in Amsterdam, Jamaica and the Bahamas with their massive drug profits.

In March 2018 Manchester Crown Court heard that the operation dealt solely with buyers on the Dark Web, including the sale of nearly 17kg of liquid ecstacy valued at £750,000.

Go deeper: What is the Dark Web?

How were the Breaking Bad students caught?

The FBI tracked the gang over the course of two years with support from Britain’s top organised crime cops at the National Crime Agency.

Assaf and his gang set up shop on the notorious Silk Road, a shopping site modelled on Amazon and eBay that dealt in illegal or dangerous goods too hot for the surface web.

Who did what in the Breaking Bad gang?

Basil Assaf was considered the gang leader, controlling the money and making payments to his ‘staff’.

James Roden scoured Silk Road for drug deals, while junior member Joshua Morgan, was known as ‘the mule’, packaging up and shipping out drugs packets all over the globe.

Elliot Hyams and Jaikishen Patel were both heavily involved until they and Assaf fell out and were ‘sacked’. It was noted that Hyams made off with large amount of drugs as compensation. In a bitter text exchange Assaf told Hyams: “I won’t hesitate to ruin your life. Your mother will find out the truth.”

Under the brand-name Ivory they made over 6,000 sales to become one of Silk Road’s most successful businesses.

They posted out more than 1.2kg of 2CB and more than 1.4kg of ketamine, as well as bottled LSD and individual doses on paper, stamps and in sweets.

In October 2013 the FBI shut down the Silk Road and seized its servers.

When the FBI shared information with the National Crime Agency, armed officers took the Breaking Bad students by surprise, raiding the Manchester base of operations.

Officers found four sets of scales, heat sealing devices, envelopes and jiffy bags, label printers, £4,500 in cash and more than 11,000 individual doses of LSD.

56 years in jail

The five were sentenced at Manchester Crown Court on 21 March 2018. Assaf received 15 years and three months, Roden was given a 12 year sentence, Patel 11 years and two months, Hyams 11 years and three months and Morgan a sentence of 7 years and two months.

Ian Glover, senior operations manager at the NCA, said: “These five men were interested only in making money. They had no regard whatsoever for the harm these drugs could do to their users.

“The FBI’s excellent work shut the site down in 2013 in a globally significant operation and information they shared with us enabled us to identify, arrest and successfully build this case.

“Sites on the dark net represent a new variation on old crimes and are dealt with accordingly.

“The NCA has the capability and determination to bring offenders targeting the UK to justice regardless of how secure they feel hiding behind technology.”

Young people refuse to get hacked by sloppy security

Posted 20th March, 2018 @ 8:53 am | by Tom Rodgers | inNews

Teenagers and those born in the digital era are 10 times less likely than their parents to get done over by dodgy security online, new research reveals.

From phishing to spoof emails and spam, fake logins to scams, the average 30-year-old is much more at risk than his juniors through poor online habits.

Despite anti-youth sentiment the truth is that younger people are more careful about their personal data by practice and routine.

New research from IBM shows how the younger you are, the more likely you are to prioritize security over convenience when logging in to apps and devices.

It’s not all good news from younger people though.

While fewer teenagers try to create strong passwords than their risk-averse parents, they are more likely to use eye or fingerprint scanners or password managers to protect their personal security.

A study by cybersecurity researchers Irdeto Perspective revealed the top 20 passwords by keyboard pattern – those easiest to guess include QWERTYUIOP, QWEASDZXC and 1QAZ2WSX.

So when your dad thinks he’s being clever by creating an apparently random string of letters based on the position on the keyboard, really he’s putting himself and his data at greater risk.

Convenience is not king

The study took in responses from over 1,000 people from the UK and Europe, 1,976 people from the US and 977 people from India and Singapore.

• Biometrics becoming mainstream: 67 percent were comfortable using biometric authentication today, while 87 percent said they would be comfortable with these technologies in the future.
• Technology still catching up: While high-end phones like the iPhone X have biometric features built in, the applied science is not yet good enough to protect younger teenagers. Apple themselves made the shocking admission that the FaceID scanner on their £999 flagship device would not work for under 13s. FaceID could in fact confuse the facial features of brothers and sisters and allow devious siblings to unlock the gateway to all their personal messages and data: a nightmare scenario for image-conscious teens.

Biometrics

The use of fingerprint technology to open a phone or tablet has made devices more secure.

But over-30s are more likely to be suspicious of this technology than take it up.

Habit rules: growing up with biometrics means you’re more likely to trust it to keep you safe.

Passwords dying a slow death

While 75 percent of people born before 1985 are comfortable using biometrics today, less than half are using complex passwords, and 41 percent reuse passwords across apps, websites and different machines.

IBM say this is not particularly surprising. It’s widely known that evolving threats online tend to challenge traditional login methods that rely heavily on passwords.

Go deeper: 1.4bn personal credentials found for sale on the Dark Web

Around the world, Europeans have the strongest password practices. 52% of those in the UK and Germany use complex passwords compared to just 41% of Americans.

The average internet user now has to manage over 150 online accounts that require a password. This is expected to double to over 300 accounts over the next two years.

In a statement, IBM Security’s Executive Security Advisor Limor Kessem noted: “In the wake of countless data breaches of highly sensitive personal data, there’s no longer any doubt that the very information we’ve used to prove our identities online in the past is now a shared secret in the hands of hackers.

“As consumers are acknowledging the inadequacy of passwords and placing increased priority on security, the time is ripe to adopt more advanced methods that prove identity on multiple levels and can be adapted based on behavior and risk.”

MAIN IMAGE: US Army/CC BY 2.0

Blockchain’s new use – to resolve African elections

Posted 16th March, 2018 @ 9:53 am | by Sam Newman | inNews

Blockchain is not just for cryptocurrency. Sierra Leone has played host to an exciting new use for the technology: the world’s first presidential election verified by blockchain.

The elections of unstable African nations are often a bloody affair.

In the run-up to Sierra Leone’s 2018 elections, the SLPP opposition party leader came under attack in Kamalo, riots broke out at a rally in the country’s capital, and the votes of entire communities were bought out with free female genital mutilation procedures.

Agora, the company behind blockchain voting, saw the instabilities of Sierra Leone as the perfect testing ground for their “digital democracy” technology.

Blockchain for good

Working with Sierra Leone’s National Electoral Commission, Agora registered votes on an “unforgeable” blockchain ledger, and made the verified results available to the public two hours before the official count announcement.

This is certainly a show of force for blockchain developers – demonstrating the efficiency and security of the system in one of the world’s most unstable nations.

A blockchain is a digital record of assets that are continuously counted by separate systems involved in the ‘chain’ of transactions. It is most commonly used as the foundation for cryptocurrencies, but can be used to keep a record of any kind of data – be it coins or votes.

This avoids the need for centralized verification from the likes of governments or banks, which is especially valuable when those organisations cannot be trusted.

“A country like Sierra Leone can ultimately minimize a lot of the fall-out of a highly contentious election by using software like this,” says Jaron Lukasiewicz: chief operating officer, Agora.

Although digital platforms have been used in elections before, typically in the form of “black box” recorders, Agora claim that “none of these systems have provided a secure and transparent platform for recording votes”.

Not acting alone

U.S foreign aid agency, MCC, report Sierra Leone as having one of the most corrupt governments in the world.

As blockchain is defined by its incorruptibility and decentralization, it seems to be the perfect tool to counter such entrenched political corruption. By design, blockchain ledgers are impossible to manipulate, and verified by multiple, independent bodies simultaneously.

Blockchain succeeds where institutions fail. It is no coincidence that the rise of cryptocurrencies followed the banker-built financial crisis. The potential of the technology still remains largely untapped, but it has the potential to revolutionize the way that all data is stored.

Financial and political institutions have been the cornerstones of civilization throughout human history.

If blockchain can replace these archaic and corruptible systems, the possibilities could be revolutionary.

MAIN IMAGE: DFID/CC BY 2.0

How to use torrents

Posted 15th March, 2018 @ 11:38 am | by Neil Cumins | inGuides

If you’re not sure how to use torrents you’re not alone. This method of distributing data across the internet used to be the preserve of tech-savvy youngsters, with an in-depth knowledge of computers and networking.

That’s a shame, since torrents are actually relatively simple – and many people have used them in the past without even realising.

How do torrents work?

Traditionally, downloading a file over the internet involves an unbroken stream of data being sent from a device storing that file to another device wishing to view it.

By contrast, a torrent is broken into separate pieces and shared across several host devices.

This is known as a peer-to-peer protocol, or P2P.

The recipient device will grab sections of the file from whichever host happens to be online and accessible at that moment.

The final portion of data might download before the first section turns up, but everything will be stitched back into a single file ready for viewing offline.

This method of data transfer offers a number of advantages:

1. Rather than relying on a single host provider, files are accessible via multiple sources.
2. Large files can be downloaded more quickly than a single host might allow.
3. If the download is interrupted, it seamlessly resumes once a connection is re-established.
4. Once a file is downloaded, the recipient device becomes part of the community sharing it – helping other people to access the file more quickly.

Torrents first rose to public prominence during the early Noughties, thanks to music sharing services like Napster and Kazaa.

Now, as then, using a torrent involves downloading a piece of software (called a client) onto a computer or mobile device.

The client finds, downloads and reassembles each chunk of a selected torrent from different devices.

When multiple devices share a file, they’re known as a swarm. The physical act of making a file available for other people to download is called seeding.

It only takes one device and one copy of a file to start seeding, allowing other people to replicate it on their own devices. A swarm quickly develops.

The best torrents to use

Due to the prevalence of illegal content, torrents are constantly being launched and taken down.

The UK’s internet service providers have also clamped down on certain high-profile services.

A Virgin Broadband customer attempting to visit The Pirate Bay will be redirected to a page displaying a High Court order, explaining why access is not permitted.

Despite these associations with pirated content, installing a torrent is entirely legal.

These are some of our recommended platforms:

BitTorrent. Created by the founder of torrent protocols and often referred to as Mainline, BitTorrent is the oldest client in existence.

Features include multiple simultaneous downloads, graphical displays of current activity and the ability to create (and share) torrent files.

Zooqle. Currently listing over three million torrents, Zooqle focuses on TV and cinema releases.

A variety of resolutions are typically offered (from SD to 1080p), while thumbnails and a brief synopsis of each file make it easy to find specific content.

µTorrent. This client occupies just 2MB of space once downloaded, which is less than an MP3 file.

Four versions of µTorrent are available – a free platform and three paid-for versions that strip out adverts (Ad-Free), provide virus/malware protection (Pro) and add a virtual private network for anonymous downloading (Pro+VPN). We consider the merits of a VPN below.

How do I find torrents to download?

Like any P2P network, files aren’t located on a centralised server waiting to be accessed.

Instead, each client publishes ever-changing lists of files, available for transfer from peers who are currently online.

Usually, clicking on a file is enough to start the download.

Should I use a VPN as well?

Although torrents draw information from multiple sources, they do so publicly.

As a result, anyone accessing copyrighted material could be at risk of identification and prosecution.

A virtual private network establishes a secure internet connection between host and recipient, which prevents anyone else seeing what’s going on.

It ensures a device’s IP address is hidden, and encrypts any sent or received data – including torrents.

However, a VPN may slow down file transfer times, and many VPN providers introduce fees once a certain amount of bandwidth has been used.

MAIN IMAGE: nkrbeta/CC BY-SA 2.0

Password Security: Top 20 most common passwords revealed

Posted 9th March, 2018 @ 2:44 pm | by Jenny Morrison | inGuides

If you find your own in this list of the UK’s most common passwords, you’re in trouble and should change it straightaway.

While you might think you’re being smarter than the average bear by using keyboard patterns to remember your passwords, it’s really not that simple.

Hackers and online troublemakers can make it very difficult for you to secure your personal data if you use one of the most common passwords, especially if you use the location of keys on your computer keyboard to keep it all in hand.

Go deeper: UK’s 10 most used passwords – is yours here?

A password manager might stop most of the attacks and inadvertent leaks on your accounts.

But knowing what you’re doing wrong really is half the battle.

Security researchers Irdeto Perspective produced this handy cheat sheet of the most common passwords by keyboard pattern.

Password Security: Why do keyboard patterns not work?

If you’ve ever looked down at your computer keyboard and chosen a password based on a series of keys that are next to each other, you’ve created what’s known as a keyboard pattern password.

One of the most common keyboard patterns is the first five letter keys on the top row, ‘QWERTY’, after which the standard keyboard layout is named, but there are many other combinations.

Keyboard pattern passwords are easy to remember, but they’re also very easy to guess by both humans and computers.

The above image highlights the most commonly used keyboard patterns, as determined by information from the world’s largest ever personal data leak, identified by security researchers 4iQ.

More information about keyword patterns and their role as the most easily hacked passwords can be found in this Mark Mulready article for Irdeto Perspective: Password Tips From The Largest Stolen Credentials Database.

Additionally, it also covers information about what hackers do with your passwords once they have them, and how you can better protect yourself and reduce your chances of being targeted.

The most common password mistakes

Insecure and vulnerable passwords are not just limited to keyboard patterns, however. There are many different ways passwords can have easily exploitable flaws, for example being very short in length or only consisting of dictionary words.

Many websites now encourage the creation of strong passwords through using automatic checks and basic requirements such as a mix of capital letters and lowercase; however, there are still many people out there using the same password across different websites.

There are also flaws with many password security checkers as they are often programmed to follow a specific set of rules that do not including checking for keyboard patterns.

One major problem is that you can inadvertently use common keyboard patterns that pass the filter checks with a couple of minor adjustments to your password, for example Qw3rty.

This lulls you into a false sense of security because you mistakenly believe that your password is strong and secure, when instead it can be easily forced.

How to choose a strong password

Other than avoiding common keyboard patterns, what can you do to ensure you’re using strong passwords? Here are our top tips.

• Avoid using common dictionary words and phrases in your passwords
• Don’t use anything similar to your username
• Use a mix of upper and lower case characters throughout your password
• Utilise special characters such as ! and & where possible
• Don’t include personal information such as your address or memorable dates such as your birthday
• Don’t include anything you might use as an answer to a secret question, e.g. your first pet’s name or your first school
• The longer your password is, the harder it is to crack: aim for at least 10 characters
• Change your passwords regularly
• Never use the same password for multiple accounts
• Always change any default passwords and any passwords sent via email
• Be creative: try using different languages, made-up words, and original rhyming phrases

Furthermore, it helps to be vigilant in keeping up to date on security breaches in the news.

You should immediately change your password for any website that is hacked and suffers from a data leak, even if the password you have chosen meets the security requirements listed above.

What to do now

If any of your passwords break the rules above – particularly if they follow a common keyboard pattern – it’s never too soon to change them.

Choosing a strong password that can’t be easily guessed and is not in common use is a vital part of staying safe online.

Now you’ve read this guide, you should be confident that you know what keyboard patterns are, the dangers of keyboard pattern passwords and how easy it is for hackers to get into your accounts without warning.

If you know someone who would benefit from the information in this article, please share it with them to help them create better passwords and stay safe online.

MAIN IMAGE: Scott Schiller/CC BY 2.0

The best Android VPN in 2018

Posted 6th March, 2018 @ 11:20 am | by Neil Cumins | inGuides

VPNs have naturally evolved to suit today’s methods of data consumption, such as streaming region-locked media content from around the world.

As a result of streaming’s growing popularity, several hundred VPN services are available on Android – the operating system powering almost half of UK mobile devices.

Choosing the best Android VPN can be tricky, particularly since quality and reliability varies widely.

Even worse, a formerly dependable VPN can begin attracting large numbers of negative reviews – this is currently happening in the Google Play store to the recently-rebranded HMA! (formerly HideMyAss!).

Below we consider what the best Android VPN should offer, before listing five of the best options presently available to UK consumers.

Why use a VPN for Android?

There are many reasons why it might be advantageous to establish a virtual private network on a mobile device:

1. A VPN provides a secure connection across a public WiFi network. This is great for sensitive activities like online banking when hacking could compromise user security.
2. It grants access to geographically-restricted content that might otherwise be barred from broadcast in certain locations, such as regional sports coverage.
3. It ensures anything you do is confidential, and can’t be monitored or reported on.

Most of us rely heavily on our smartphones and tablets, so it makes sense to extend the highest level of security to them – not just to our antivirus-protected desktop computers.

Key attributes to look for in an Android VPN

While many virtual private networks are compatible with numerous devices, some are specific to the Android platform.

However, being exclusive or multi-platform doesn’t affect a VPN’s quality nearly as much as its design and reliability.

Regardless of its origins, any good Android VPN will contain a number of features:

• It will offer round the clock customer support and assistance
• It will be accessible from multiple devices – some VPNs allow a single user to connect via eight devices providing they have the appropriate login credentials
• It won’t store session logs, which may be used to enable third parties to track your history
• It will be able to connect with servers around the world, enabling you to cloak your position and bypass domestic copyright or broadcasting restrictions.

Our recommendations for virtual private networks

These are our top five VPNs for Android. We’ve chosen them according to the factors above, as well as ease of use and integrated security features:

ExpressVPN

Downloaded over five million times, ExpressVPN ticks many of the boxes associated with a good Android VPN, including 256-bit encryption and unlimited bandwidth.

ExpressVPN has over 1,500 servers scattered across almost a hundred countries, helping to circumvent local broadcasting restrictions.

There is round the clock support, and a money-back guarantee for the first 30 days of any new accounts.

It maintains a connection even when the device’s screen goes off (commonly triggered by a screen saver), or when switching between WiFi and mobile connections.

The user interface is simplicity itself, and is familiar from iOS, Mac and Windows applications, making this a good option for beginners.

PureVPN

PureVPN packs a great deal into a straightforward user interface, including content filtering and the ability to block potentially harmful apps.

This proactive protection encompasses antivirus provision, parental control over access to particular websites or content, and a firewall that prevents network or device infiltration.

PureVPN has servers in 180 global cities for rapid internet access.

Premium features include multiple protocols and five account logins.

There is the usual 24/7 live support, and it’s even possible to pay for the service with Bitcoin.

IPVanish

IPVanish is a highly sophisticated VPN, featuring a more detailed (and arguably more complex) interface is than others on this list.

Users can disguise their identities with 40,000 shared IP addresses.

A variety of connection options are offered, including Point to Point Tunnelling Protocol and Layer 2 Tunnel Protocol. The former is great for speed, whereas the latter serves up more advanced security.

IPVanish bills itself as “the world’s fastest VPN network”, with 850 global servers in 60 countries.

Unusually, the company owns all these VPN servers, keeping customer data entirely in-house with no logs of any kind.

Ivacy

Hong Kong-based Ivacy also offers PPTP and L2TP connection settings.

Customers benefit from unlimited data and bandwidth.

Multi-platform compatibility means account holders can switch between up to five Windows, Mac, iOS or Android devices.

There’s 256-bit encryption across 3G, 4G and WiFi, with servers in 50 countries; a single tap is enough to unblock any geo-restricted content.

Files are scanned with integrated antivirus and malware software as they’re downloading, ensuring devices aren’t compromised by Trojans or viruses.

Ivacy also offers an unusual split tunnelling feature, enabling VPN traffic to be kept separate from normal internet content.

NordVPN

With three quarters of its Google Play Store reviews classed as Excellent, NordVPN is a popular choice.

A single licence covers up to six devices, providing military-grade 2048-bit encryption.

Geo-restricted content is accessed via 3,000 servers in 60 countries, while an ad-free premium version ensures uninterrupted playback.

It’s possible to get online with a single tap, while the Account Settings page hosts more technical issues like whether or not to use obfuscated servers (which bypass geographic restrictions).

User security is enhanced by an anti-malware shield that detects and blocks harmful websites.

MAIN IMAGE: Uncalno Tekno/CC BY 2.0

Tor vs VPN – which is best?

Posted 3rd March, 2018 @ 10:38 am | by Neil Cumins | inGuides

If you want to go online anonymously, there are two main options.

Tor – named for The Onion Router – is a conventional, if rather dated-looking, web browser.

A VPN, by contrast, creates a secure internet connection between your device and another machine.

Both options provide greater privacy and security than accessing the web using a standard browser like Google Chrome or Apple’s Safari.

They’re also great for receiving secure communications over a potentially insecure public network, such as a cafe or hotel’s free WiFi service.

Below, we consider the relative merits of both options.

What is Tor?

The Onion Router – download link here is a web browser that deliberately bounces individual packets of data around the world en route to its destination.

This prevents the normal traffic analysis used by ISPs and Governments to identify what information is being sent to specific devices.

Tor is popular with people exploring the deep web, and many deep websites feature .onion URLs that may only be viewed in this browser.

Go deeper: What is the Dark Web, and what’s on it?

Despite these dubious associations, Tor is entirely legal. It’s part-funded by the American Government, and is popular with dissidents and activists in politically unstable countries.

Tor’s interface resembles a 1990s web browser like Netscape Navigator, and its indirect method of data transfer makes it far slower than today’s streamlined browsers.

What is a VPN?

A virtual private network uses a website or piece of software to establish a secure connection from your device to a host server.

It’s like logging into online banking and then viewing content through a customised webpage portal.

Encryption keys establish a confidential link, which can’t be hacked or viewed by third parties.

A VPN provides rapid internet access over conventional broadband networks, opening up more bandwidth as needed.

VPNs are popular with academic institutions, giving students a secure location to upload work or receive feedback and results in confidence.

Our guide to five essential features for any VPN highlights important attributes including apps so you can use your service on Android/iPhone, along with 24/7 professional customer service.

So which is best?

While Tor and VPNs can both spoof your location (to circumvent issues like geographic restrictions on local radio station broadcasts), each platform offers distinct advantages over the other:

Tor

• Tor is completely free to use, whereas VPN worth using are always paid-for, usually per month
• Tor is as simple to operate as any other web browser
• It provides the same level of anonymity to everyone, without requiring the premium subscriptions associated with high-security VPNs
• Tor actively helps users to avoid cookies or identifying information, whereas more poorly-rated VPN providers store session logs that could be used to identify specific users.

VPNs

• VPN software is widely available, and is even embedded into Microsoft Windows
• A VPN works on any device, but Tor has to be downloaded and installed – which isn’t practical if you don’t have administrator privileges for a specific device
• It’s better suited to streaming content, whereas Tor struggles at peak times
• A VPN can be used on a phone or tablet just as easily as a desktop or laptop

See the latest list of top UK VPNs here

MAIN IMAGE: Dennis van Zuijlekom/CC BY-SA 2.0

What is the Dark Web?

Posted 1st March, 2018 @ 5:42 pm | by Neil Cumins | inGuides

You might have heard of the Dark Web, without really understanding what it is or how it works.

Rather like the ocean, the World Wide Web we see every day is merely the surface of a far larger and more mysterious ecosystem.

Beneath its surface lies the Deep Web, where content not accessible through search engines is located.

This includes company intranets and online banking portals, product databases for ecommerce websites, draft webmail messages and unsaved amendments to websites.

Deep Web material isn’t designed to show up in search engines for all sorts of legitimate reasons.

But below the Deep Web lies its shadowy cousin – a place of impropriety and illicit information, also concealed from Google and Bing’s web search crawlers.

Known as the Dark Web, this murky netherworld requires specialist software to access and hosts the internet’s most disturbing secrets.

However, it’s also home to fascinating content that would never be found on surface websites.

Why does the Dark Web exist?

Any content hosted on the surface web can be viewed by almost anyone. It’s also generally hosted by reputable companies who are accountable for not offending or upsetting the general public.

Yet a great deal of content is generated every day that would shock companies with concerns about their reputation or share price.

The Dark Web is the ideal venue for such material.

Individuals who descend below the surface need to accept they can’t hold anyone accountable for stumbling across shocking – or illegal – data.

Dark Web content is hosted by private individuals and browsing habits go unrecorded.

Cryptocurrencies like Bitcoin, Litecoin or Monero offer instant, untraceable payments for goods and services, so they’re ideal for anyone who wants to keep their secret shopping list away from prying eyes.

That’s why the Dark Web is widely associated with the sale and purchase of firearms, stolen merchandise, drugs from cannabis to crack cocaine and pornography too extreme for the surface web.

Go deeper: Hackers use unsafe Starbucks WiFi to mine Bitcoin from your laptop

Why can’t I access the Dark Web through my everyday web browser?

As Governments and Internet Service Providers improve their ability to monitor our internet activity, web browsers like Chrome and Safari discreetly record our browsing habits.

This is not good for viewing content that might be illegal in a particular country, or where accessing such information may attract the attention of security services or ISPs.

As a result Dark Web content is accessed exclusively through Tor.

Tor was designed by the American military, who continue to part-fund it because of its benefits to people living under the yoke of anti-democratic leaders in foreign countries.

The anonymity it provides to dissidents and whistle-blowers comes from bouncing data packets around the world, to prevent their origin or destination being traceable by third parties.

Most Dark Web addresses end in a .onion suffix, because data is passed through numerous nodes. Each node peels away a layer of secrecy about its final destination, like onion layers.

Likewise, Tor is an acronym of The Onion Router.

More: Ransomware up 90%, now ‘tool of choice’ for black hats

So what’s out there?

The Dark Web is home to the internet’s most scurrilous and illicit content, from drug dealers to prostitution, and child pornography rings to hitmen.

It’s perhaps most famous for the Silk Road website – the Dark Web’s largest black market.

While around two thirds of Silk Road’s product listings comprised illicit drugs, it also sold items considered legal in most countries, including jewellery and cigarettes.

The site’s alleged founder and owner Ross Ulbricht was arrested in 2013 in San Francisco, charged with everything from computer hacking to conspiracy to traffic narcotics.

His trial was marred by corruption charges against two former federal agents responsible for his arrest, but Ulbricht was found guilty and is now in prison serving multiple life sentences.

Silk Road is no more though its legacy lives on in smaller Dark Web marketplaces that are proving more successful at avoiding the FBI’s spotlight.

Does this mean the Dark Web is illegal?

Not at all. Dark Web content can be viewed by anyone – providing it isn’t illegal, which it often is.

Installing the Tor browser isn’t a criminal offence, either. Nowadays, it’s not even considered suspicious, as growing numbers of people seek greater online privacy.

Some people use the Tor browser entirely for surface content (that’s everything starting with the www prefix).

After a series of high-profile data thefts during 2017, people are more cautious than before about distributing potentially sensitive information across the surface web.

However, delving into the Dark Web is dangerous, and occurs entirely at your own risk.

MAIN IMAGE: Neal Fowler/CC BY 2.0

57% of torrent downloaders also pay for Netflix, Prime

Posted 27th February, 2018 @ 3:03 pm | by Tom Rodgers | inNews

A survey of users on the invite-only bittorrent service HDbits.org has revealed that over half of people who illegally download torrents of prime-time, overseas TV or films also shell out for Netflix and Amazon Prime subscriptions.

News website Torrentfreak revealed the info showing how more than 5,000 people had responded to an on-site survey

HDBits.org is one of the most exclusive pirate sites on the net and notoriously difficult to get access to.

As one of the largest private torrent trackers it enjoys a status that not many others can match. While places like the Pirate Bay, KickAss Torrents and ettv are open to all, you need an invite from a current HDBits member to grant you a login.

And while memberships hover around the 20,000 mark, users jealously guard access to the site and new slews of invitations are extremely rare. Users occasionally sell invites to HDBits for upwards of $300, clearly against the site’s wishes.

Too little, too late?

When asked about how much they use legal streaming services, over a quarter of those surveyed said they use Netflix, Hulu or Prime more frequently that HDBits itself.

With nearly a quarter of a million high-quality releases available at any one time, that’s a stunning rebuke for torrent sites.

57%, or 3,036 people said they subscribe to at least one legal streaming service.

Why pay Netflix money when you torrent for free?

HD and 4K quality streams are hard to come by from public torrent trackers, because they are relatively expensive and technically difficult to reproduce.

And alongside the fact that there’s no monetary gain for uploaders, the percentage of hit-and-run users who download a torrent but don’t stick around to seed it to others remains relatively high, cutting the incentive for encoders to produce quality work.

Seeders are more common on these private trackers and stick around for longer, meaning you can access well-worn classics at the same speed as current shows.

But sites like HDBits are too hard to get into for common folk like you or I. So not everything is available all the time, and it’s certainly not as easy to stream shows or movies on multiple screens as it is with a premium Netflix or Prime account.

MAIN IMAGE: Coline Buch/CC BY-ND 2.0

500m downloads but Hotspot Shield VPN leaks data, expert claims

Posted 15th February, 2018 @ 12:06 pm | by TG Bamford | inNews

According to independent cybersecurity researcher Paulos Yibelo, an information disclosure vulnerability discovered in Hotspot Shield VPN Service has led to users’ data being inadvertently leaked. The vulnerable data includes IP addresses, WiFi network names, users’ location as well as other sensitive information.

Hotspot Shield is an extremely popular VPN service and is available for free on both Google Play Store and Apple Store. The company’s own website claims it is the ‘world’s most popular VPN’. At the last count it had an impressive 500 million users worldwide.

According to Mr Yibelo, the vulnerability resided in the local web server that Hotshot installs on a user’s device. He found the server was vulnerable to unauthenticated requests and could reveal sensitive data about the active VPN service, including its configuration details.

Top five essentials: How to choose a VPN

AnchorFree GmbH, the company that produces Hotspot, did admit that while the vulnerability exposed some generic information it insisted it did not leak the user’s real IP address.

Shield cracked

This is not the first time Hotspot has faced data issues. Back in August the company made headlines when it was accused by the non-profit advocacy group, the Centre for Democracy and Technology (CDT) of tracking, intercepting and collecting its customers’ data.

This followed hot on the heels of the revelation that Kaspersky’s Secure Connection VPN Service had also been embroiled in controversy after questions were asked about the permissions it requests upon installation. This included access to locations, calls and contacts, along with device and app history.

VPN vs Incognito: Which wins?

The latest Hotspot Shield VPN revelation once more throws up the question of how far we can trust our VPN services. Some amass your data such as connection times, dates, IP addresses and keep track of how long you’re connected.

And, while they are secure there may be a question of what they will do with that data. Whether that information could be vulnerable itself or whether they will sell it on to a third party.

Free is never free

Experts have long recommend doing your homework before deciding on a VPN. Particularly for free VPNs.

Free ones have to make money somehow, so you should assume they will make money from your data, logging your activity and using it for marketing purposes.

Paid-for VPNs are a different matter. It is always worth checking their policies on data usage.

Some VPNs will state they do not keep logs and purge them weekly or daily. Some will try to dance around the issue by saying they keep ‘whatever logs are required by law.’ Which can mean anything law enforcement agencies desire.

It is worth looking at review articles that discuss a company’s logging policies and if you can’t find the answers contact them directly and ask.

Finally, always remember that while VPNs are a useful security service they are a huge source of valuable data and, sadly there are cases emerging of VPNs exploiting their customers’ data.

Do your research to find the right services and you’re much more likely to put your valuable personal data beyond the reach of prying eyes.

Ransomware up 90%, now ‘tool of choice’ for hackers

Posted 6th February, 2018 @ 11:08 am | by Sam Newman | inNews

Research from anti-malware specialists MalwareBytes reveals a worrying trend in the evolution of cybercrime: ransomware attacks rose by 90% in 2017, with businesses, organisations and regular consumers all now targets.

Ransomware is a type of malicious software that encrypts the files stored on an infected computer.

Once the files are encrypted, it is impossible to access them until they unlocked by the correct encryption key – which the hackers will give you, for a price.

The term is now so well-recognised that it has been added to the Oxford English Dictionary.

A successful ransomware attack means your computer, and the files stored on it, are completely unusable until the ransom is paid.

Popular ransomware is often disguised as antivirus or law enforcement software that is ‘legitimately’ locking your computer – don’t be fooled.

Increased interest in bitcoin and other currencies has led to a sharp spike in malicious cryptomining tools, a type of malware that uses the hijacked computer to remotely mine for cryptocurrenices. Due to the anonymity afforded by currencies like Bitcoin, tracking down the criminals profiting from these attacks is practically impossible.

So called ‘drive-by-mining’ attempts have exploded in frequency. Malwarebytes reports blocking around 8 million of these attacks a day throughout September. Unchecked cryptomining can physically damage your PC and make your electricity bill spike noticeably, as the malware constantly drains away your computer’s resources.

As well as being contained in malware, cryptomining tools can be embedded into webpages as ‘cryptojackers’ – Java scripts that force your browser to mine for Bitcoin when you visit malicious webpages.

These rapidly growing threats have contributed to an increase of 12% to overall consumer threat in 2017.

Businesses are under threat from banking Trojans and system hijackers, both of which can compromise sensitive customer information.

“What cybercriminals could not hold for ransom, they stole from businesses,” says Marcin Kleczynski: CEO, Malwarebytes.

“The last year has certainly thrown us a few curveballs, with massive ransomware attacks, changes in malware distribution and the significant increase in cryptocurrency miners… these findings can help pave the wave for increased awareness, C-level participation and enhanced technologies to better protect both consumers and businesses.”

How to protect yourself

Keeping up-to-date antivirus software and strong firewall settings are vital to defending your PC from malware and spyware attacks.

Regularly scanning for threats and keeping an eye on your computer’s performance can help identify an attack before too much damage is done.

Additionally, backing up your files externally, either through physical or cloud storage, is a sure defense from ransomware attacks.

MAIN IMAGE: Christiaan Colen/CC BY-SA 2.0

UK mass surveillance of Snooper’s Charter ruled unlawful

Posted 5th February, 2018 @ 12:23 pm | by Sam Newman | inNews

The Court of Appeal has decided that the controversial Snooper’s Charter is indeed illegal in its current form and violates the human rights of all UK citizens.

The Snooper’s Charter, officially known as the Investigatory Powers Act, is an Act of Parliament that expands the electronic surveillance powers of British law enforcement and intelligence agencies.

Some of the most impactful aspects of the Act include the provisions for the bulk collection and interception of communications data, and demands for internet and mobile providers to record and store an entire year’s worth of connection history for all customers – records which can be accessed by law enforcement without the need for a warrant from the courts.

Due to the Act’s indiscriminate nature, numerous concerns have been raised regarding the privacy and freedoms of citizens, as the legislation effectively treatis everyone in the UK as a potential terrorist or pedophile.

The Snooper’s Charter, which was first introduced as the Draft Communications Data Bill in 2012, has been a pet project for Theresa May since commencing her role as Home Secretary. The finalised Charter was given royal assent in early December 2016, the final step in becoming UK law.

It was Labour deputy leader, Tom Watson, who brought the Snooper’s Charter to court, with backing from human rights advocacy group, Liberty.

In defense of the bill the government argued that mass communications data surveillance was necessary to fight serious and organised crime.

Security minister, Ben Wallace, said that communication data has been “used in every major security service counter-terrorism investigation over the last decade. It is often the only way to identify paedophiles involved in online child abuse.”

The ruling declares that access to the mass collection of data is not sufficiently restricted to fighting serious crime and that police and other agencies could authorize their own access without adequate oversight.

On these grounds it was decided that the Snooper’s Charter was “inconsistent with EU law” – mirroring the sentiments given by the European Court of Justice in 2016.

The Internet Services Providers’ Association expressed frustration over the Snooper’s Charter’s many revisions and amendments over the years, commenting that “it is imperative that the Government fully and unambiguously meet the requirements of the court’s judgment… failure to do so could lead to a situation in the near future where the UK’s regime is again open to further challenge and has to be revisited once more.”

MAIN IMAGE: GCHQ Defence Images/CC BY-SA 2.0

The top five VPN essentials

Posted 5th February, 2018 @ 11:02 am | by Neil Cumins | inGuides

VPNs are more popular than ever nowadays, but the sheer variety of services on offer makes it tricky to decide which features your network needs to have.

Some people are primarily concerned with security, while others want to optimise their streaming abilities across a slow internet connection.

Whether your decision to adopt a VPN has been inspired by privacy concerns or a love of torrents, some attributes are universally important.

These are five VPN essentials, starting with something that’s crucial for protecting your personal information…

1. A ‘no logs’ policy

If your VPN logs your IP address, it’s storing information about your online activities.

Elements of your browsing history and habits might be stored by the VPN for months at a time.

This data could potentially be passed onto the police or security services, compromising the privacy of your actions.

Under the Digital Economy Act, UK government departments can request your website history and personal information.

While you might expect the security services to have unrestricted access, even minor departments like the DVLA could request and obtain your VPN logs.

Most VPNs don’t take logs, but it’s worth noting steering clear of the ones that do if you don’t want third parties being able to view your history.

Some VPNs claim they don’t keep any data despite storing session logs, so check their privacy policy for clarification on whether ‘no logs’ really means no logs.

2. Varied server locations

VPNs are often used to circumvent geo-blocking, where website or streaming media providers arbitrarily restrict access to particular locations.

For example, local radio stations often elect not to broadcast live sporting events outwith a particular locality. These boundaries are often fairly quite arbitrary, creating a two-tier service across counties or regions.

If your chosen VPN has servers in multiple locations, they can create the impression you’re in a different geographic location.

This is especially useful for international websites, such as shopping platforms that are restricted to a particular country.

Another advantage of multiple server locations is data spikes are less likely to affect connection speeds, providing more dependable performance.

3. Port forwarding

If you have more than one device in your home network, port forwarding tells the VPN which particular machine incoming connections should be directed towards.

It enables a VPN to bypass network firewalls or IP addresses assigned to broadband routers, directly connecting the VPN to a specific device.

Port forwarding may significantly improve connection speeds, which is useful for people whose internet connection struggles to cope with torrents or online gaming.

4. Apps for Android and iPhone

The majority of internet traffic is carried on mobile devices nowadays, and we are increasingly relying on tablets and smartphones rather than PCs and Macs.

People want to be able to enjoy the benefits of a VPN away from their desktop or laptop computers.

While any VPN will offer Windows software, the best providers will also provide Android and iOS support.

Customer support needs to extend beyond compatibility into areas like customer service – which brings us onto our final must-have recommendation…

5. Round-the-clock customer service

A VPN is complicated by nature, and things can often go wrong.

Many people don’t fully understand how these private networks send and receive data, so they’re unprepared for issues like a connection being rejected.

Even regular users may find themselves struggling to change settings or troubleshoot a new problem when it arises.

For that reason, it’s important to choose a VPN with dependable round-the-clock customer service.

Our guide to the best VPN deals lists the levels of customer support on offer. Ideally, this should include live chat and email – at any time of the day or night.

VPNs with a reputation for solving problems quickly and easily tend to retain the most customers, who will be more likely to recommend the service to their family and friends.

Choose the VPN that’s right for you

On top of the factors listed above, a good VPN should offer affordable pricing plans. Some people would suggest a kill switch is also important, for turning off unencrypted connections.

To find the VPNs offering the best deals for your requirements, check out the latest reviews and ratings on our homepage.

UK firms, NHS face £17m fines for lax cybersecurity

Posted 31st January, 2018 @ 3:25 pm | by Tom Rodgers | inNews

The UK government has laid heavy criticism on companies in leading industries for leaving gaping holes in their cybersecurity practices.

Fines of up to £17 million could be levied against electricity, transport, water, energy, transport, health and digital companies if they fail to put robust safeguards in place.

While it admitted that fines would be a last resort, the Department for Digital, Media, Culture and Sport said regulators would be regularly assessing the critical infrastructure that keeps the country running.

The NHS was the most notable victim of a huge upsurge in ransomware attacks in 2017, when its computer systems were hit with the Wannacry variant bug.

Cybercriminals linked to North Korea’s spy agency locked down the Windows XP-based NHS systems for nearly 6 hours, demanding payment in Bitcoin to restore patient records.

The Wanna Decryptor or WannaCry malware infected targets in 11 countries, shutting down computer systems and phones in Spanish telecoms company Telefonica and bank Santander.

“Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world,” security experts at Russia-linked Kaspersky Lab wrote in a blog post.

[Editor’s Note: The UK’s National Cyber Security Centre has warned against using Russian antivirus programs</a> like Kaspersky for fears they are linked to state-sponsored spying.]

“In these attacks, data is encrypted with the extension “.WCRY” added to the filenames.

“Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows.

“This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on 14 April 2017 and patched by Microsoft on 14 March 2017.”

To ensure the general public are not affected by cybersecurity blowups like these, the DCMS is seeking to put the Network and Information Systems (NIS) Directive into force from 10 May 2018.

The NIS will also cover other cyber-related threats such as hardware failures and power outages. The regulator will then have the power to issue fines to the companies involved.

“Today we are setting out new and robust cyber security measures to help ensure the UK is the safest place in the world to live and be online,” says Margot James, Minister for Digital and the Creative Industries,“we want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services.

The 5 puzzles UK girls must solve to become a spy

Posted 22nd January, 2018 @ 12:11 pm | by Suzi Marsh | inNews

It wasn’t so long ago that a young girl considering her career choices would have found herself with a distinct lack of options. While boys were encouraged to dream of being astronauts and fighter pilots, girls were gently pushed towards cookery, sewing and other home making skills.

Now, however, times are changing, and more women than ever are flocking to previously male-dominated fields.

But as far as the National Cyber Security Centre and the Government Communications Headquarters are concerned, it’s not enough – and they want to encourage even more young girls to start looking at a career in computer science and related fields.

In fact, according to the NCSC there is currently a global shortage of women working in cybersecurity.

In an attempt to redress this balance, they have teamed up with GCHQ to launch a competition aimed at finding the UK’s most tech-savvy girls.

Open to girls between the ages of 12 and 13, the online competition invites participants to solve a number of head-scratching challenges – each designed by experts to test students’ codebreaking skills.

By encouraging youngsters to take part in teams of up to four, the organisers hope that they might inspire them to pursue a career in cybersecurity.

“Too often, society limits girls in what they aspire to achieve. Our CyberFirst Girls Competition will give teams the opportunity to develop new skills, meet new people and gain an exciting insight into the world of national security. I hope many of you and your friends will be inspired to enter – and perhaps take the prize.” – Jeremy Fleming, Director – GCHQ

But the puzzles are certainly no walk in the park. In fact, the five samples released to the press invite participants to complete logic gates, crack coded messages and solve cryptic crosswords.

In total, entrants to the competition will be asked to submit the solutions to a brain-busting 100 challenges.

Last year, as many as 8,000 girls entered the competition, with a similar uptake expected this time around.

Out of all submissions, the top 10 teams will be invited to take part in a live final in Manchester in March 2018. The winners will receive £1,000 towards IT equipment for their school, along with individual prizes for each member.

Registration for the competition is open now, while the online challenges will go live on 29 January 2017. Entrants will have until 5 February to complete the tasks.

Carphone Warehouse hack sees UK’s biggest ever fine

Posted 19th January, 2018 @ 2:56 pm | by Sam Newman | inNews

After admitting to a large-scale hack which occurred in 2015, Carphone Warehouse has been fined £400,000 for shocking security failures which lead to valuable customer and employee data being exposed.

This fine is the largest single penalty issued to a company by the industry regulator, the Information Commissioner’s Office (ICO).

The 2015 data breach exposed the personal data of over 3 million customers and 1000 employees to criminals, including names, phone numbers, dates of birth, marital status and payment card details.

The ICO said the leaked info would “significantly affect individuals’ privacy”, and that the exposed data was at “risk of being misused”.

Multiple failings in the data security of Carphone Warehouse were uncovered in the investigation and the ICO concluded that the company had not fulfilled its obligation to effectively protect the data of customers.

Carphone Warehouse is the UK’s largest independent electronics retailer and has around 1,100 high-street stores nationwide.

The Information Commissioner, Elizabeth Denham, gave scathing comments about the case:”A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks. Carphone Warehouse should be at the top of its game when it comes to cyber-security, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures.”

The primary point of attack was an out-of-date WordPress site running outdated security software. Once a valid login was obtained, hackers could freely access the current and historical data of thousands of employees and millions of customers. Additional layers of security were also found to be running out-of-date software, as well as exposing the Carphone Warehouse’s lack of checks and tests on their systems.

Speaking to VPNs.co.uk, a spokesperson for Carphone Warehouse said: “We accept the decision by the ICO and have co-operated fully throughout its investigation… we moved quickly at the time to secure our systems, to put in place additional security measures and to inform the ICO and potentially affected customers and colleagues.”

The company added that it had agreed early payment on the £400,000 fine, which was then reduced to £320,000.

The ICO investigation also concluded that none of the compromised details have been used in cases of identity theft or fraud.

Beginning on 25 May 2018, stricter rules on data protection will come into effect.

The General Data Protection Regulation (GDPR) is a set of new EU regulations that demand companies take better steps to protect the details of employees and customers. Any companies found to be non-compliant will face ‘heavy fines’.

MAIN IMAGE: Morebyless/CC BY 2.0

Ad trackers are now on 75% of all websites

Posted 16th January, 2018 @ 7:33 pm | by Suzi Marsh | inNews

In this day and age, most of us are aware that what we do online is rarely private. But did you know the extent to which companies are harvesting your data while you browse? According to recent research, more than 75% of all websites now feature ad trackers that monitor your activity.

The survey, conducted jointly by browser Cliqz and security extension Ghostery, examined over 144 million web pages across more than a dozen countries.

They were looking for third-party trackers – and they found them in alarming amounts.

Normally, websites use tracking techniques to keep tabs on the browsing habits of visitors. However, third-party tracking happens when external companies with no connection to the site itself want to get in on the action.

By placing their own trackers in different locations around the web, they are able to build up a scarily accurate picture of individual users.

As the research by Cliqz and Ghostery reveals, these monitoring techniques have now spread across the internet at an alarming rate.

In fact, 77.4% of the websites surveyed had at least one third-party tracker.

What’s more, a significant minority – 16.2% – featured 10 or more, while 43.6% had between two and nine. Finally, 17.6% were found to have just one third-party tracker.

But who is collecting this data? Google is the biggest culprit, with trackers from the company’s Analytics service cropping up on 46.4% of the websites studied.

Additionally, trackers related to other services such as DoubleClick and AdSense also occurred regularly across the sampled sites.

Unsurprisingly, Facebook was also found to be a big user, with 21.9% of the websites featuring trackers from its Facebook Connect service.

And according to some industry insiders, the prevalence of web monitoring could be contributing to the current spike in the amount of people using ad blockers when browsing online – with some 30% of US users predicted to install them in 2018.

So what can you do if you don’t want companies like Google and Facebook spying on your activity online?

If you don’t like the idea of seeing the same adverts over and over again – or if you simply want to keep your browsing away from prying eyes – a VPN is the best solution.

MAIN IMAGE: Ali T/CC BY 2.0

Forever 21 hack exposed credit card details for 7 months

Posted 16th January, 2018 @ 1:18 pm | by Sam Newman | inNews

Clothing giant Forever 21 has confirmed that customers’ credit card info was freely available to hackers from April until November 2017.

Most shocking was the confession that the company’s encryption software had been turned off entirely at many locations, some of which were left completely defenseless for the entire seven-month period.

As a result of failing to encrypt their data, Forever 21 reported that malware had been installed on some till devices in their stores.

This malware could dig through Forever 21’s stored logs of customers transactions and extract the payment card data of customers.

The data breach was revealed to Forever 21 by “a third party” in October 2017. The company responded with an investigation, employing security firms and leading payment technology to uncover the extent of the damage.

The investigation revealed that “in most cases” hackers were able to obtain the card number, expiration date, and internal verification code of a given transaction, stressing that only “occasionally” was the cardholder name also found.

Forever 21 was unable to confirm if the data breach has occurred in stores outside of the USA, although it has said that transactions on their online store were unaffected by the hack.

Due to the nature of the discovered malware, and the unclear extent of their problem with encryption software being ‘not always on’, it is possible that customer card data from transactions prior to April 2017 may have also been stolen.

There are still no details on exactly how many people have been affected by the breach.

The only information Forever 21 is willing to reveal is a vulnerability at “some devices in some US stores at varying times”.

Considering that Forever 21 is one of the largest clothing retailers in the world, with 800 stores operating in 57 countries, including three locations in the UK, the potential damage could be huge.

Back in 2008, Forever 21 was notified of another security breach when the credit card data of almost 100,000 customers was stolen in nine separate attacks.

In response to this most recent failing, the company had this to say: “Forever 21 is continuing to work with security firms to enhance its security measures.  We also continue to work with the payment card networks so that the banks that issue payment cards can be made aware of this incident. Lastly, we will continue to support law enforcement’s investigation of this incident.”

If you have been a customer at a Forever 21 store in 2017, it is strongly advised that you get your payment cards checked and change the PINs and passwords to your associated accounts.

If you notice any unauthorized transactions on your account, notify your credit card company or bank immediately.

In many cases, you will not be held liable for fraudulent use of your card.

MAIN IMAGE: Dan De Luca/CC BY 2.0

VPN vs Incognito: The Pros and Cons

Posted 8th January, 2018 @ 3:35 pm | by Jenny Morrison | inGuides

If you’ve ever had your personal identity stolen online or been irritated by the same adverts following you everywhere you go on the web, you’re not alone.

The terrifying amount of information that companies of all sizes are collecting about us every day on the internet is increasing exponentially as time goes on.

Now more than ever, it’s important to browse the internet as privately and securely as possible, safe in the knowledge that hackers and advertisers aren’t using your personal information for their own gain.

More and more people are choosing to anonymise their online browsing activity through VPNs (virtual private networks) or web browser privacy modes such as Google Chrome’s Incognito. But which is the better choice, and why?

Incognito’s key features and limitations

Since it’s already built into Google’s Chrome browser, Incognito mode is a quick make-do option for anonymous browsing.

It will stop tracking cookies being dropped as you surf the web, and therefore advertisers aren’t able to follow you around websites or build up a picture of your personal interests, behaviours, and browsing history.

It’s an extra layer of much-needed security and a good habit to get into if you’re logging into sensitive online portals like your bank accounts. Going Incognito is also great if you do screen sharing or presentations because it saves the potential awkwardness of prefilled suggestions or your browser history being on display.

However, that’s about Google Incognito’s limit. It doesn’t hide your IP address, location, or your browsing activity from your ISP. The same is true for the private browsing modes built into Firefox, Safari, and all the other popular web browsers. For truly private and secure browsing, a VPN is the only option you can really trust.

Next level security with Virtual Private Networks

Unlike Incognito, a VPN hides your location and IP address so that you can lift restrictions on international content and access more of the Internet, connect to your office network securely, access UK web content from abroad, and much more.

Even better, with a VPN you can rest assured that not even your ISP is tracking your browser use or micromanaging your internet connection, enabling you to bypass deliberate speed throttling and avoid network congestion.

VPN vs Incognito

The main advantages of using Google Chrome’s Incognito browsing mode are:

• It’s prebuilt into the Chrome browser free of charge, with minimal setup required
• It stops tracking cookies being dropped so advertisers can’t build up a profile of you or use your habits to make predications about your interests, life, or behaviour
• Incognito hides your browser history from public view
• It provides extra security for online banking and other sensitive login portals by not saving any input information
• It’s a reasonably safe way to let a friend use your computer, with minimal supervision needed

Incognito’s significant limitations are that your ISP and Google can still track your activity as they wish, and your IP address and location remain exposed.

The main advantages of VPNs are:

• Other than cost and setup, all the advantages that Incognito has, plus:
• Hiding of your IP address so hackers and corporations such as Google can’t utilise your information or habits
• Hiding of your location to enable you to access more of the web, including international media content
• Greater connectivity options for connecting to other networks, such as your home or office
• Better security and privacy when browsing than Google Incognito
• Your ISP can’t throttle your internet speed
• You can bypass ISP congestion (particularly important for faster Internet speeds during peak hours)

There are only two minor disadvantages to using a VPN: there’s a small cost involved, and you need to set up the VPN connection on your computer yourself.

However, both of these points are mitigated by the fact that VPNs are extremely affordable – in fact they’re one of the cheapest digital services you can buy – and take only a minute or two to set up, so the significant advantages of enhanced security, privacy, and freedom far outweigh the minor niggles.

In conclusion, VPNs are much more advantageous for optimising both your web browsing experience and your online privacy simultaneously. Take a look at our at-a-glance comparison table of the best VPNs and ensure your web browsing is completely secured today.

Windows 10: Stop your computer auto-connecting to WiFi

Posted 25th December, 2017 @ 8:38 am | by Tom Rodgers | inGuides

Insecure public WiFi is difficult to spot. It could be in a cafe, an airport or even at the local library or community centre.

But if your computer auto-connects to WiFi you could be putting your data in danger without even realising it.

Just this week we heard Starbucks admit that criminals had hijacked its internal public WiFi to use people’s computers and phones to mine cryptocurrency.

It was only when one coffee drinker, who happened to run a technology company, spotted a 10-second delay in connecting to the chain’s WiFi service and picked out the criminal intent.

The rule is: if you want to stay safe in public – use protection.

This means picking a good quality VPN to hide your connection and your traffic from prying eyes.

On a more simple level, your computer might already be set up to automatically connect to available WiFi networks.

If you’re not sure, don’t connect.

What to do: In Pictures

What to do: Instructions

1. Click the Windows logo in your toolbar
2. Click on Settings. Depending on your menu setup this may appear as a graphic of a cog, or simply the word ‘Settings’
3. Open Network & Internet
4. Click to open WiFi
5. You’ll see an option with a slider bar to Connect to suggested open hotspots. Switch the slider from ‘On’ to ‘Off’

That’s it. Job done. If you’ve got a tech question you need answering or you’re just looking for help, email us at info@vpns.co.uk.