LiquidVPN https://www.liquidvpn.com VPN Service and Software Fri, 11 Apr 2014 04:37:33 +0000 en-US hourly 1 http://wordpress.org/?v=3.9 LiquidVPN Update on the OpenSSL Heartbleed Bug TLS/SSL Vulnerability https://www.liquidvpn.com/heartbleed-bug-update/?utm_source=rss&utm_medium=rss&utm_campaign=heartbleed-bug-update https://www.liquidvpn.com/heartbleed-bug-update/#comments Thu, 10 Apr 2014 18:29:05 +0000 https://www.liquidvpn.com/?p=15547   On 4/7/2014 we received an SMS alert about the OpenSSL 1.0.1a vulnerability and promptly began an audit to identify vulnerable systems and take any necessary corrective actions. The effect of the Heartbleed bug on LiquidVPN’s systems were very minimal because of several design elements in our infrastructure. Nevertheless to minimize any potential damage before…

The post LiquidVPN Update on the OpenSSL Heartbleed Bug TLS/SSL Vulnerability appeared first on LiquidVPN.

]]>
 

On 4/7/2014 we received an SMS alert about the OpenSSL 1.0.1a vulnerability and promptly began an audit to identify vulnerable systems and take any necessary corrective actions. The effect of the Heartbleed bug on LiquidVPN’s systems were very minimal because of several design elements in our infrastructure. Nevertheless to minimize any potential damage before writing this we felt that a complete audit and peer review was necessary. The original ticket from 4/7/2014 can be found here. Here are the highlights

  • Some of our OpenVPN servers used 1.0.1f which was a vulnerable OpenSSL version. On 4/7/2014 at 3:00 EDT we began patching all of our affected VPN servers. At 9:00 EDT the last OpenVPN server was patched. If you were on a vulnerable OpenVPN server you are not in jeopardy of having your OpenVPN data channel compromised because LiquidVPN uses ephemeral session keys and perfect forward secrecy. There is a chance that VPN username and passwords could be compromised but this would only allow a 3rd party to use one of your VPN sessions. We do highly recommend users change their username and password from the client area.
  • Our web server used a vulnerable OpenSSL version and was upgraded at 9:00 EDT. This poses minimal risk to anyone unless they are manually forcing their browsers to not support Perfect Forward Secrecy or are using Yandexbot 3, IE 6, IE 8.

 

Other actions taken by LiquidVPN.

  • On 4/7/2014 from 3:00 EDT to 9:00 EDT we replaced any vulnerable OpenSSL version with non vulnerable versions and reset any open sessions.
  • On 4/7/2014 we setup two test nodes and began testing the latest OpenVPN server images and concluded that it would be best to reboot the servers instead of just resetting the services.
  • Starting at Midnight on 4/8/2014 we began reboot all of our OpenVPN servers.
  • On 4/8/2014 we began the process to reissue our SSL certification for the web server. It was finalized at 1:00 AM EDT on 4/9/2014
  • We changed all of the administrator passwords.
  • On 4/8/2014 new configurations were pushed out to the Liquid Viscosity users.
  • On 4/8/2014 new configurations were uploaded for standard OpenVPN users. We have been waiting for a chance to consolidate our CA keys and have taken this opportunity to do so. If you are on OpenVPN you are urged to download the latest configuration files to protect against a possible MitM attack (very unlikely) if you are using PFSense/DDWRT/Tomato and your connection stopped working then you must download the new configuration files.

Actions you should take.

  • Change your VPN username and password so that a hacker can not use your account for free.
  • Update your OpenVPN configuration files and at the very least delete the old stacked ca.crt and use the new one included in our configuration files.
  • Start using a modern browser that support Perfect Forward Secrecy
  • Change your passwords on any important websites.

Actions LiquidVPN plans on taking.

  • Liquid Viscosity users will be promoted to update their clients. We suggest you do the update as soon as you are notified to patch the vulnerable version of OpenSSL on your client.
  • Our scheduled upgrade to standardize TLS-Auth across all of our servers was put on hold. It will now move forward. TLS-Auth makes any MitM attack impossible unless the attacker has your TLS-Auth key. Currently users share a TLS-Auth key which does not protect attacks coming from other LiquidVPN users. We will not finish the TLS-Auth standardization until we have a way to provide more protections with the TLS-Auth keys.
  • We will send mail to all users asking them to reset their passwords (or usernames and passwords)

The post LiquidVPN Update on the OpenSSL Heartbleed Bug TLS/SSL Vulnerability appeared first on LiquidVPN.

]]>
https://www.liquidvpn.com/heartbleed-bug-update/feed/ 0
New 10Gbit UK & Canada VPN Servers https://www.liquidvpn.com/uk-canada-vpn-servers/?utm_source=rss&utm_medium=rss&utm_campaign=uk-canada-vpn-servers https://www.liquidvpn.com/uk-canada-vpn-servers/#comments Sat, 29 Mar 2014 06:06:40 +0000 https://www.liquidvpn.com/?p=15324 LiquidVPN Expands its Coverage Area by Offering Canada VPN Servers We are very proud to announce 3 new VPN servers in Canada. Users can choose between dynamically assigned public IP addresses, shared IP addresses and our exclusive modulating IP addresses in Toronto Canada. The data center is P2P friendly and the servers are on a…

The post New 10Gbit UK & Canada VPN Servers appeared first on LiquidVPN.

]]>
LiquidVPN Expands its Coverage Area by Offering Canada VPN Servers

We are very proud to announce 3 new VPN servers in Canada. Users can choose between dynamically assigned public IP addresses, shared IP addresses and our exclusive modulating IP addresses in Toronto Canada. The data center is P2P friendly and the servers are on a very fast uplink. USA users should consider using Canada as their VPN end point because of the favorable privacy laws in Canada. There is a total of 256 new IPs at this location. So it could be very useful for anyone wanting to play online poker. Remember to use a dynamically IP VPN connection if you are going to play online poker from our Canada network. The servers in Canada are all Dells with Xeon 1240v3 processors, 8GB of DDR3 RAM, SATA III SSD drives. Each one has at least 1x 1Gbit uplink.

 

UK Bottleneck has been Eliminated with a 10Gbit UK Server

During the last week there has been a massive increase in traffic to our UK network. We used virtually all of our 10TB bandwidth there within 14 days. We really had to make a quick decision on how to remedy the situation and there was not enough time to setup a complete cluster with IP Modulation, dynamically assigned public IP VPNs and shared IP VPNs so instead we went for 1 very high power dual Xeon server with 32 GB of RAM and dual SSD drives. We went for a high power server with a 10Gbit uplink here because we will eventually convert this system into our UK router. It needs a lot of power to push 10Gbits through it. The UK is pretty strict about copyright laws. We do not condone sharing copyright material but especially not in the UK where the laws are so strict.

 

Older configuration files have been updated to support perfect forward secrecy

Some of you have noticed that some of our old configuration files have been updated. This is in line with our new security standards in place. LiquidVPN by defaults rekeys every hour. Meaning even if our system ever becomes compromised only an hours worth of data can be deciphered before the system will re-negotiate your keys.

 

You can download our new configuration files, dialers and 3rd party tools in our downloads section.

The post New 10Gbit UK & Canada VPN Servers appeared first on LiquidVPN.

]]>
https://www.liquidvpn.com/uk-canada-vpn-servers/feed/ 0
New Feature – Intrusion Prevention System Add-on https://www.liquidvpn.com/intrusion-prevention-system/?utm_source=rss&utm_medium=rss&utm_campaign=intrusion-prevention-system https://www.liquidvpn.com/intrusion-prevention-system/#comments Sat, 29 Mar 2014 04:41:38 +0000 https://www.liquidvpn.com/?p=15256 Introducing LiquidVPN’s Optional Intrusion Prevention System (IPS). The Intrusion Prevention System now being offered as an add-on is the exceptional open source network security app Suricata. When you sign up for the add-on our security appliance will scan incoming traffic destined for your device looking for suspicious traffic that poses a serious security risk to your…

The post New Feature – Intrusion Prevention System Add-on appeared first on LiquidVPN.

]]>
Introducing LiquidVPN’s Optional Intrusion Prevention System (IPS).

The Intrusion Prevention System now being offered as an add-on is the exceptional open source network security app Suricata. When you sign up for the add-on our security appliance will scan incoming traffic destined for your device looking for suspicious traffic that poses a serious security risk to your device. This type of scanning is important to have now that you are bypassing your ISP’s own IPS implementation and in many cases your home routers built in firewall. It is especially useful when connecting to any of our dynamically assigned public IP addresses because they forward traffic to you by default. It is also very useful when your connecting from less secure devices like smartphones and tablets. Our new IPS engine integrates with our VPN connections seamlessly and has very little impact on throughput. This is largely due to the fact that it is a multi-threaded device sitting behind our firewall and in front of our server clusters scanning traffic sent to your device in real time. Originally put in place to safeguard our VPN clusters from emerging threats we have been so pleased with the performance that we felt it would be a valuable addition to our suite of online privacy and cyber security services. Suricata is continuously updated with the latest emerging threats. Currently there are well over 1500 signatures looking for popular vulnerabilities used by some of the latest maleware, hackers, trojans, viruses, worms, hijackers, malicious scripts, and greyware on the web. We add 15-30 new signatures each day. It does not discriminate between an action taken by a file, hacker or infected service and works very well with your current antivirus and firewall.

Begin Actively Blocking Incoming Threats with our Intrusion Prevention System for 3.00 Per Month.

Current users can upgrade their existing account from the client area.

IPS Signatures

 

New users will have an option to sign up for our IPS upgrade during checkout.

IPS Signatures

 

The post New Feature – Intrusion Prevention System Add-on appeared first on LiquidVPN.

]]>
https://www.liquidvpn.com/intrusion-prevention-system/feed/ 0
VPN Provider Jurisdiction vs VPN Server Jurisdiction https://www.liquidvpn.com/vpn-provider-jurisdiction-server-jurisdiction/?utm_source=rss&utm_medium=rss&utm_campaign=vpn-provider-jurisdiction-server-jurisdiction https://www.liquidvpn.com/vpn-provider-jurisdiction-server-jurisdiction/#comments Fri, 21 Mar 2014 03:55:50 +0000 https://www.liquidvpn.com/?p=15223 VPN provider jurisdiction vs VPN server jurisdiction   A question that gets bounced around regularly is if VPN providers based in the US are more or less secure than providers based elsewhere. What is most likely true is regardless of the location of the actual VPN company more importantly we should be looking at the…

The post VPN Provider Jurisdiction vs VPN Server Jurisdiction appeared first on LiquidVPN.

]]>

VPN provider jurisdiction vs VPN server jurisdiction

VPN provider jurisdiction vs VPN server jurisdiction

 

A question that gets bounced around regularly is if VPN providers based in the US are more or less secure than providers based elsewhere. What is most likely true is regardless of the location of the actual VPN company more importantly we should be looking at the location of its servers and the policies for such aspects as logging & copyright violations on a per server basis.

So much emphasis is placed upon location of the company. Are they a US based provider or aren’t they? It’s a dilemma that is never agreed upon with two camps of thoughts, one being that US VPN providers are some how superior to Non-US ones which is argued mainly due to the fact that the US has no data retention laws. However the other camp suggests that regardless of the requirements to log the government agencies from the United States and elsewhere have shown time and time again that they are well prepared to violate each and every law in the interest of “National Security”

So I ask myself, do the US have no data retention requirements because they can hop in and out of whatever system based in the US that they see fit? It has been proven that large corporations have been instructed to install back doors or weakened security so that agencies such as the NSA can gain access through the most easiest of avenues and no matter how much security or encryption we as individuals put in place the weakest link in the chain is always going to be the one exploited by the powers that be. This can be as simple as access via your operating system, with the ability to access your desktop discretely this removes any further protection that we enable ourselves.

So there are no data retention requirements in the US, but what if the hosting providers in the US are required to allow blanket access to everything stored on them and without being able to publicly talk about it? Doesn’t it seem odd that the most covert and suspicion laden country is one of the few that has no mandatory data retention? Why make it mandatory when you can take a peek in to anything whenever you see fit.

The argument continues that EU VPN providers are somehow required to have data retention although this is a very loosely written document that has been taken out of context on many occasions, it is clear that ISPs are bound to keep certain data logs but how this pertains to VPN providers and hosting facilities is not as clear.

Regardless of your thoughts on the merits of location of the VPN provider the importance should be stressed on the location of the VPN server. You may be signed up to a VPN provider based in the middle of nowhere with no data retention, copyright or other laws that most western countries adhere to but if you’re connecting to a server located, for example, in the same country as yourself would you be foolish enough to consider that just because the jurisdiction of the parent company is “Outer Mongolia” that your own government would not think twice of snooping upon the server that you’re actually making access from or even requesting a look at the server in another country should it be the type that has similar laws.

LiquidVPN themselves recently dropped servers in Russia for a very similar reason being that they were concerned about what type of data could be intercepted and at such a low level. Just because they are a US based company wouldn’t stop the Russian government from snooping on what was coming in and out of the server and even tying it to the user should they be a citizen of Russia and violating local laws.

One classic example of how things can go wrong was with EarthVPN who although specify they keep no logs it was possible for the Dutch authorities to catch a criminal on their own soil by going straight to the hosting companies thus bypassing any claim, term or condition from the actual VPN provider. So when a provider claims they keep no logs the truth behind it may not be all that it seems, if the provider is US based, EU based or anywhere else based the logging policy of the company no matter how well meaning may not always be worth the paper it is written on. Over the past year or two many providers have popped up out of the blue and while they aim to offer the same service it appears that there is a disparity between what is logged, claimed to be logged and actually logged. Moving forward it would seem the best solution is for providers to be as honest and clear about what types of logging or protection they can offer the consumer. A small minority of users berate providers who clearly state their logging policy yet champion those who claim no logs, as has been suggested in this article it is not always enough for a provider to just log nothing as there are many other factors, organisations and bodies who can possibly access your data in a variety of ways, even without the authorisation of the VPN provider themselves.

So as providers of VPN services we expect research to be given to a) the countries that you open nodes in and b) the possible logging policies or back doors of the hosting partners that would allow unscrupulous government and even scrupulous ones to sniff around your most private data when they see fit. It appears that the buck stops with the hosting provider and any possible intervention by them should be set clear for users to understand before signing up or as an alternative a guarantee that the VPN provider themselves has done the due diligence to ensure that they are not putting our data at risk of access.

While the argument for US and Non-US providers will undoubtedly rage on, the smart ones amongst us will be considering the countries that we connect to and the hosting providers who house the servers which the VPN companies make use of, either that or looking for assurances from the VPN companies themselves that they have fully researched the locations of their servers.

The post VPN Provider Jurisdiction vs VPN Server Jurisdiction appeared first on LiquidVPN.

]]>
https://www.liquidvpn.com/vpn-provider-jurisdiction-server-jurisdiction/feed/ 0
Disconnect.me, the All in One Key to Privacy Online https://www.liquidvpn.com/disconnect-me-privacy-online/?utm_source=rss&utm_medium=rss&utm_campaign=disconnect-me-privacy-online https://www.liquidvpn.com/disconnect-me-privacy-online/#comments Mon, 10 Mar 2014 09:08:17 +0000 http://www.liquidvpn.com/?p=14966 Disconnect.me, the Free Key to Privacy Online What you do online is no ones business. At least that’s what LiquidVPN and Disconnect.me believe. Disconnect.me is a powerful tool to stop online tracking. Starting in February 2011, Disconnect already has hundreds of thousands of users in the last few years alone. Disconnect is a small add-on…

The post Disconnect.me, the All in One Key to Privacy Online appeared first on LiquidVPN.

]]>
disconnectmeDisconnect.me, the Free Key to Privacy Online

What you do online is no ones business. At least that’s what LiquidVPN and Disconnect.me believe. Disconnect.me is a powerful tool to stop online tracking. Starting in February 2011, Disconnect already has hundreds of thousands of users in the last few years alone. Disconnect is a small add-on that attaches to your browser, and will block the trackers, also known as the invisible web. In short, the invisible web is the layer under the internet where sites hide programs to track users. The list of things the invisible web can do goes on and on. Its called the “invisible web” for a reason.

What does Disconnect.me do?

Disconnect is a great piece of software to disconnect you, the online user, from the underlying trackers on the web. Trackers can simply be cookies telling the website owner how you got to the site, to vigorously creating online profiles about your visits, views, clicks, and every piece of info submitted into the website. Popular trackers are installed on multiple sites that you may visit everyday. This will initially create a tracking profile as, Tracker A, can see you visit websites A, B, and C, and what you do on those websites. It eventually turns into trackers harvesting your data, and then eventually selling it online. This is also known as data mining. Data mining is a multi-billion dollar per year industry. You have no control and automatically opt into these programs the second you open up your web browser. Disconnects job is to take all of these trackers, advertising networks, and data-miners, and mute them. Blocking trackers can increase the pleasure of your web browsing experience.

1. Disconnects Block All Trackers – Disconnects main job is to block all trackers compromising your privacy online. The interface is built right into your favorite browser and is very friendly. Personally using the past interface, there were some bugs, and it was quite brutal at times. Now the Disconnect interface works very smoothly, and executes commands as it should. The interface blocks all third party networks, along with blocking the three main tracking companies, Google, Facebook, and Twitter.The disconnect tab has three special icons specifically just to show how many Google, Facebook, and Twitter trackers its blocking in real time. Along with blocking advertisers, analytic software, and social sites, they also block requests. Some requests online can be malicious or unknown to the user. Blocking requests does something similar to NoScript, but Disconnect does it in a smoother fashion. The request blocker is easy to enable and is easy to disable in case it breaks any page. Request blocking is great on top of tracker blocking. Disconnect has been able to stay one step ahead of trackers, and the competition.

2. Disconnect Search, Private Search – Disconnect’s other online privacy tool is a private built in search feature. Private Search allows users to search Google, Bing, Yahoo, and more with online privacy in mind. Disconnect routes you through their special proxy, and returns un-bubbled searches for you. The disconnect search is great, and can be a vital tool to help combat the mega corporate search engines from harvesting your data 24/7. They take search data, websites visited, ads viewed, along with many other pieces of data and trace you together creating a bigger online profile on you, than you know about yourself. Private searches are great, and again its totally %100 free. Disconnect adds the proxy with one simple click, and can be kept on by default, or turned off by default. Disconnect search is a great feature if you are using search engines that don’t value online privacy.

3.Disconnect Kids, Mobile, and other Features – Disconnect offers some other great features packed into the small client. Not only does disconnect protect your online privacy at home. With Disconnect Kids it protects you on the go while learning about online privacy, and block trackers on your mobile devices. Install the app, follow the instructions, and it will begin to protect you while you are on the go. Disconnect Kids, with its unique and entertaining educational tools are a great way to get the whole family involved with protecting their privacy online. Disconnect also offers some other fun features inside the desktop client. You can see how much faster the page loads now that the trackers are begin blocked, how much bandwidth was saved, and how many resources were encrypted over HTTPS. The features go to show just how clogged up webpages are becoming without your knowledge.

Top top it all off, Disconnect.me is open source!

Overall

Overall Disconnect.me packs a punch in such a small plugin. I have personally used many tracker blocking plugins and disconnect continues to stay one step ahead. Along with packing multiple plugins into one small interface, Disconnect is offering free privacy tools that could appear to be paid. Features including, secured searches, tracker blocking, and other small features that show just how bloated the web really is While disconnect blocks trackers and help secure online connections where possible, it does not make the web completely private. To further enhance your online privacy, a VPN should be used alongside Disconnect. Disconnect is a must have for anyone who wishes to increase their privacy online.

Check out the official Disconnect.me site and install it on your web browser!

The post Disconnect.me, the All in One Key to Privacy Online appeared first on LiquidVPN.

]]>
https://www.liquidvpn.com/disconnect-me-privacy-online/feed/ 0
Our Ethics, Transparency and VPN Privacy https://www.liquidvpn.com/ethics-transparency-vpn-privacy/?utm_source=rss&utm_medium=rss&utm_campaign=ethics-transparency-vpn-privacy https://www.liquidvpn.com/ethics-transparency-vpn-privacy/#comments Tue, 04 Mar 2014 03:28:21 +0000 http://www.liquidvpn.com/?p=14819 Our Ethics, Transparency and VPN Privacy A company’s values are most often a direct reflection of the executives and CEO that run the company. One could argue that this statement is never truer than for companies that provides data privacy services. When a data privacy service potentially has access to your most private thoughts and…

The post Our Ethics, Transparency and VPN Privacy appeared first on LiquidVPN.

]]>
vpn-privacy-ethics

Our Ethics, Transparency and VPN Privacy

A company’s values are most often a direct reflection of the executives and CEO that run the company. One could argue that this statement is never truer than for companies that provides data privacy services. When a data privacy service potentially has access to your most private thoughts and secrets you would be wise to always keep an eye out for signs that the company does not have your best interest at heart. Sometimes it can be very hard to determine the values of the company you are trusting to secure your data and provide VPN privacy. Snowden trusted Lavabit and Mr. Levison decision to shut Lavabit down instead of playing ball with the USA Government shows that Snowden at least in this instance picked a good privacy service. Snowden clearly broke the law. Some say he even committed treason by blowing the whistle. Clearly Mr. Levison’s code of ethics was such that he could not willingly hand over the keys to Lavabit’s network without its users knowing so he choose to close shop and continue the fight in court. When VPN privacy is talked about often times the discussion of the company’s ethics is left out of the conversation completely. In a perfect world the ethics of a VPN privacy company should not be factored into the equation because in a perfect world the only person with any reason to fear their government is that one guy with insider knowledge about extraterrestrial technology being reversed engineered at Area 51 and let’s face it no one is actually going to take him seriously anyway. There are different schools of thought on “privacy services” like LiquidVPN, Lavabit, TorMail, Proxysh, Hide My Ass and <Insert Any Provider> when it comes to their terms, policies and conditions.

 

VPN Privacy & Blanket Policies

Many if not all VPN privacy services openly state what they do not allow on their network. Some take it a step further and assure users that they do not monitor what subscribers are doing on the network. Often times when asked about their ethics they will simply provide a blanket statement about not sharing information with law enforcement unless there is a valid court order no matter what the situation is. I believe blanket statements like this are detrimental to a VPN subscriber concerned with privacy. I do not say this because I have something against VPN providers that make these claims. I say it because VPN & privacy services that rely on blanket statements frequently use the same approach for their Terms of Service.

This is the most common method used by VPN and privacy services when implementing policies because it is provides a simple method of handling abuse in a private way and gives the VPN service plausible deniability.

 

 

Adding the Code of Ethics

Including an ethics policy is a newer school of thought taking hold in the VPN & privacy service industry. Until recently cyber criminals, Area 51 alien whistleblowers fearing for their life and hackers had more incentive to go out and seek ways to protect their privacy online. That changed when WikiLeaks and Snowden news broke. With the huge increase in every day mostly law abiding citizens signing up for privacy services like LiquidVPN many VPN privacy advocates warned that the blanket “we can do what we want with any data created on our network whenever we want and without telling you” policies of the past must be adjusted even if the VPN privacy service does not keep records. With this in mind some privacy minded VPN providers worked with foundations like the EFF to come up with policies and procedures that would allow them to be more transparent but still keep the power to deal with complaints. This resulted in the implementation of three key new features (ethics policy, warrant canary and transparency reports) put in place to verify the privacy of the network, secure the subscribers usage details and to provide the subscribers a method to keep track of what is being done to combat all forms of abuse on the network. One of the main advantages of having a code of ethics is the inclusion of a clearly defined policy that dictates what is required to file a complaint and the possible actions (if any) that the privacy service will take if the complaint is found to be valid. Some services like LiquidVPN has taken it a step further by providing a contractually binding statement to uphold the terms laid out in the code of ethics.

The Other White Meat

A lot of privacy VPN’s and services in general have chosen to tell their users that they keep a certain amount of logs. Usually in the form of time stamps, IP Addresses and other miscellaneous AAA data. This method of operating is very popular. Many of these VPN services take a lot of heat because of the amount of logging perceived but it is their network and they can run it how they see fit. The good thing about these types of services is the fact that they are being honest in what data they retain and how that data is being used. So for the most part users on these services tend to be the ones that just want to encrypt guest networks, stream Netflix content and get on twitter while they are at work. Some would argue that this is exactly what a VPN should be used for.

LiquidVPN Privacy & Ethics

Which one is right and which one is wrong is really a matter of opinion. I was of the opinion that full disclosure is and always will be the best option. After a lot of internal meetings with the LiquidVPN team, discussions with our loyal subscribers and a couple chats with the law firm that represents LiquidVPN. I felt like most of the people I spoke with agreed with me and so I decided to take LiquidVPN down the path of full disclosure. Some of you have already commented on the new sections of the website but if you have not seen them then I recommend you take a look at the transparency reportsnetwork status reportswarrant canary and ethics policy. The reason we have decided to publish our ethics policy is because we wanted to be perfectly clear about what we do not allow on our network and to provide details on exactly how the various types of complaints we may receive are handled. This policy has given us the opportunity to create an obligation to be transparent. As part of that obligation we have voluntarily created a daily warrant canary. Our thinking behind this is if there ever comes a time when there is any type of intervention on or network by law enforcement that we are unable to report as a transparency report then until we can relocate to another jurisdiction we can stop updating the warrant canary and users can infer from that about the true status of our network. The network status reports will allow you to view issues regarding our network. Whether it be temporarily blocked services on a VPN server, a node being taken offline or even a problem on the website these public reports will be for all to see. I invite you to comment on our policies and welcome any and all questions.

The post Our Ethics, Transparency and VPN Privacy appeared first on LiquidVPN.

]]>
https://www.liquidvpn.com/ethics-transparency-vpn-privacy/feed/ 2
VPN, Privacy, Encryption but at what cost? https://www.liquidvpn.com/vpn-privacy-encryption-cost/?utm_source=rss&utm_medium=rss&utm_campaign=vpn-privacy-encryption-cost https://www.liquidvpn.com/vpn-privacy-encryption-cost/#comments Sun, 02 Mar 2014 18:32:33 +0000 http://www.liquidvpn.com/?p=14822 VPN, Privacy, Encryption but at what cost?   In light of recent revelations from the likes of Edward Snowden the abbreviation “VPN” has now entered the consciousness of many intermediate computer users. As time progresses the chance and the ability to understand the technology by the layperson increases with advances such as custom software and…

The post VPN, Privacy, Encryption but at what cost? appeared first on LiquidVPN.

]]>

The original spokesman for VPN privacy encryption

VPN, Privacy, Encryption but at what cost?

 

In light of recent revelations from the likes of Edward Snowden the abbreviation “VPN” has now entered the consciousness of many intermediate computer users. As time progresses the chance and the ability to understand the technology by the layperson increases with advances such as custom software and other avenues of explanation such as guides, articles and the like in terms which non technical users can understand.

One of the most important aspects moving forward for VPN use is to dissipate the understanding to the widest areas of our online community so not only can we, the lucky ones who understand how to connect using OpenVPN or custom software but also to increase the understanding to the every day man so the likes of your parents, or even grandparents can understand the reasoning behind its use and how it can help us protect our privacy, something that many of us in the western world take for granted and those in less fortunate locations fight for on a daily basis.

Never before have we been in a situation where we understand so much about what is being recorded about our online lives but with this also comes the opportunity to take back our freedoms and privacy and protect them in a way which is suitable and dictated by ourselves. The world is full of crack pots and conspiracy theorists who assume every action they do online is of interest to the government or spy agencies, the truth is, the majority of what we do is mundane and uninteresting, as much as we like to think we lead an interesting life the simple fact is that there is no real interest to any of the above and unless you’re someone of importance if you’re looking up kinky bondage gear or exposing your hairy rear live over webcam, no one really cares.

That said, just because you are of little importance to the powers that be doesn’t mean that just because they may not be interested in your intimate details that they should be allowed blanket access to your life to be stored away and pigeon holed in a box baring your name. I recently saw a small cartoon strip which highlighted this fact in which a man is repeating a conversation he had the day before with his friend online about all the recent revelations and that he has no concern because he has nothing to hide, a spy sat close responds with “I know” and here is a prime example of why protecting your privacy is a paramount concern even if you aren’t of interest, food for thought…

A huge misconception is that a VPN can protect you from everything and anything and time after time we see providers being berated for falling fowl of the unwritten rule of what should not be done by a VPN provider. I am all for privacy and I do understand there is a very thin line between what is acceptable for a VPN provider to do and what is not. Many “fiascos” have been reported from HideMyAss, to Proxy.sh, EarthVPN and more recently even LiquidVPN. When you take a step back and look at some of these from outside of your rose tinted glasses there are those that could be avoided and fall fowl of what the provider promised to provide and those that are unavoidable and should be considered a necessary evil.

There is never going to be a one size fits all solution that is not only completely anonymous with the highest level of encryption but also open and accessible to the mass. Services range from too basic to too complicated and those that fall in to the latter become an exclusive club that dissuades the “VPN uneducated” from taking a look and in turn    ignore the huge requirement to make use of such a service.

Further consideration should be given to the ill conceived theory that regardless of what you do that  a provider should and can protect you from all sorts of repercussions. There are two camps of thoughts, one that the service should be provided to all regardless of their use and intentions with no questions asked and another train of thought that a service should be provided to protect the privacy of the honest and law abiding citizens but not enable criminals to carry out heinous crimes. Both theories have their merits and in an ideal world it would be the first thought process that would win, but unfortunately we don’t live in an ideal world and I can guarantee I wouldn’t be comfortable with a system that not only protects my privacy to the n’th degree but also as a byproduct allows the likes of terrorist acts to be planned without retribution.

When most people sit down and seriously think of the consequences of such a situation most sane people will come to the conclusion that privacy needs to be upheld as a most important aspect of a service but not at the detrimental possibility of another 9/11, or <insert other terrible terrorist act here> being carried out in the name of “privacy”.

Luckily while a VPN service can protect your privacy and obscure linking your personal actions from being associated with yourself there are plenty of ways and means which any spy agency could track you down if they so wanted and the possibilities are near endless from basic bugging of your physical location to you tripping up when connecting to a service. If they can catch DPR who was accessing the internet via a library then very few people are actually capable of completely removing themselves from the relationship to what they do online and personally I see this only as a good thing. When systems exist to improve the privacy of the honest user we must also realise that these systems are also available to those less than desirable people in the world.

I applaud VPN providers who uphold our privacy and stop blanket recording unnecessarily of our data, it is unjust and unwarranted, however do I want the extreme of living in a world in which no one is protecting me from the wrong doer’s I’m just not sure I’m ready to take that chance in the name of privacy…

The post VPN, Privacy, Encryption but at what cost? appeared first on LiquidVPN.

]]>
https://www.liquidvpn.com/vpn-privacy-encryption-cost/feed/ 0
360 Million Credentials Stolen in February 2014 https://www.liquidvpn.com/360-million-credentials-stolen-february-2014/?utm_source=rss&utm_medium=rss&utm_campaign=360-million-credentials-stolen-february-2014 https://www.liquidvpn.com/360-million-credentials-stolen-february-2014/#comments Sat, 01 Mar 2014 05:46:07 +0000 http://www.liquidvpn.com/?p=14796 360 Million Credentials Stolen in February 2014 With cyber crime always on the rise stolen credentials online are nothing new. Cyber Security firm, Hold Security, has identified that in the first three weeks of February 2014, 360 million credentials were found stolen. Along with the large amount of credentials obtained, they also found over 1.25…

The post 360 Million Credentials Stolen in February 2014 appeared first on LiquidVPN.

]]>
360 Million Credentials Stolen in February 2014

With cyber crime always on the rise stolen credentials online are nothing new. Cyber Security firm, Hold Security, has identified that in the first three weeks of February 2014, 360 million credentials were found stolen. Along with the large amount of credentials obtained, they also found over 1.25 billion email addresses for sale online. Such credentials could be useful for spamming or malicious purposes.

While these credentials remain in the dark corners of the internet, Hold Security is unsure how these records were obtained. Most can conclude these records have been stolen from companies who have fallen victim to data breaches this year. 2013 ended with some very large data breaches, and 2014 continued bringing a new wave of data breaches. Just seven days ago the University of Maryland had over 300,000 records breached.

What comprised records contain is not clear but it ranges from bank accounts, to corporate networks, to access to email addresses Alex Holden, chief information security officer at Hold Security, told Reuters, “E-mail addresses in the credentials are from all major services, including Gmail and Yahoo, and almost all Fortune 500 companies and nonprofit organizations,” and that Hold Security is working on discovering where such credentials came from.

With such credentials begin leaked online there is no way to protect yourself against vicious cyber criminals attacks. These attacks are breached data from companies. Passwords only offer front end protection, but backend protection us up to companies to secure. The only solid way to be sure your credentials don’t get stolen in the future is to mask your online identity. Mask me Premium by Abine offers you to mask your credit card, email address, phone number, address, and many other sensitive pieces of information. If such credentials got breached you would be at no risk because of the masked credit card and Abine’s credentials were submitted.

Securing your online identity can be hard but as cyber criminals attack at rapid rates. It is up to companies to secure their own data. While you can’t do much to defend yourself, you can secure your online identity with a VPN.

The post 360 Million Credentials Stolen in February 2014 appeared first on LiquidVPN.

]]>
https://www.liquidvpn.com/360-million-credentials-stolen-february-2014/feed/ 0
Banking Malware Dispensed via YouTube Ads https://www.liquidvpn.com/banking-malware-dispensed-youtube-ads/?utm_source=rss&utm_medium=rss&utm_campaign=banking-malware-dispensed-youtube-ads https://www.liquidvpn.com/banking-malware-dispensed-youtube-ads/#comments Wed, 26 Feb 2014 06:52:05 +0000 http://www.liquidvpn.com/?p=14761 Banking Malware Dispensed via YouTube Ads Over one billion active viewers watch YouTube for over 6 billion hours every month in recent YouTube statistic studies. While viewing videos many users will have to wait 5 seconds for an ad to display before viewing the desired video, or one may receive a pop up ad in…

The post Banking Malware Dispensed via YouTube Ads appeared first on LiquidVPN.

]]>
Banking Malware Dispensed via YouTube Ads, LiquidVPN

Banking Malware Dispensed via YouTube Ads

Over one billion active viewers watch YouTube for over 6 billion hours every month in recent YouTube statistic studies. While viewing videos many users will have to wait 5 seconds for an ad to display before viewing the desired video, or one may receive a pop up ad in the middle of the video. While advertisements are a great source of revenue for YouTube artists, the YouTube ad network was recently hijacked serving rouge ads.

A recent study from bromium found that YouTube in stream ads were redirecting users to a rouge website serving the Styx Exploit Kit. The exploit kit relies on a Java vulnerability, and performs a drive by in the browser exploiting the computer, initially infecting it. Users begin streamed ads were redirected to the rouge advertisement serving up the Caphaw Banking Trojan. The Caphaw Banking Trojan is not a new banking trojan and has been around for some time.

The exploit has since been removed from YouTube and Google has notified users they are taking any security precautions needed. Google told The Hacker News

“We don’t yet know the exact bypass which the attackers used to evade Google’s internal advertisement security checks. Google has informed us that they’re conducting a full investigation of this abuse and will take appropriate measures.” researchers said.

The scale of this cyber attack is unknown and how many malicious ads have been served also remains unknown. Eset and many other antivirus companies have reported on this banking malware in the past, and are still marking it as malicious and potentially dangerous.

The exploit the hacker/s used to perform the drive by in browser was using a year old Java vulnerability. The Java developers, Oracle patched this in the past. It is recommended users always keep their Java and Adobe Flash player up to date, and only update their programs from their official website.

The post Banking Malware Dispensed via YouTube Ads appeared first on LiquidVPN.

]]>
https://www.liquidvpn.com/banking-malware-dispensed-youtube-ads/feed/ 1
VPN Policy & Server Updates https://www.liquidvpn.com/liquidvpn-policy-updates/?utm_source=rss&utm_medium=rss&utm_campaign=liquidvpn-policy-updates https://www.liquidvpn.com/liquidvpn-policy-updates/#comments Sat, 22 Feb 2014 05:42:35 +0000 http://www.liquidvpn.com/?p=14710 Less than two weeks after someone used our service to attempt to gain unauthorized access into Bank of America owned resources and we made a very hard decision about our USA South network segment (We no longer have a USA South network segment) we have seen an outpouring of support from our subscribers and a…

The post VPN Policy & Server Updates appeared first on LiquidVPN.

]]>
Less than two weeks after someone used our service to attempt to gain unauthorized access into Bank of America owned resources and we made a very hard decision about our USA South network segment (We no longer have a USA South network segment) we have seen an outpouring of support from our subscribers and a notable increase in new sign ups. While it meant compiling 3 new Gentoo server kernels to replace our lost assets in Texas and the development of some complex layer 7 filters it has been worth it because we were able to take this opportunity to initiate a dialogue with our subscribers to get their feedback and suggestions. Because of this dialogue some changes have already been made to our terms of service and our transparency reports section has been created. Some harder to implement changes like a Warrant Canary and new VPN software that is easier to use for beginners are things we have started to work on.

 

New Server Location – New Jersey

We have just added 3 VPN servers in New Jersey. They support dynamic, shared and modulating IP addresses. The servers are also the first to use our newest configuration file revisions. The network is extremely fast with very good europe throughput. We are still running at a fuller capacity than before the attempted Bank of America attacks. We are currently seeking another location that is suitable for the next LiquidVPN service expansion.

 

Advanced Guides & Scripts

We have added a DDWRT configuration guide and guide and a PFSense guide for the more advanced users. We are publishing more advanced guides in the upcoming days so check back frequently for information on how to do setup some more advanced Operating systems. Four new scripts are being added to the script library that will allow VPN users to effectively add or remove the routes on your PC to keep from accidentally displaying your real IP address. These scripts will work with any VPN connection and will work much better than any other method to block your real IP address from being displayed.

The post VPN Policy & Server Updates appeared first on LiquidVPN.

]]>
https://www.liquidvpn.com/liquidvpn-policy-updates/feed/ 0