Why do you need a VPN? (Don’t miss these 3 key security benefits.)

A virtual private network (VPN) encrypts all the data sent and received by a device connected to the internet. It does this by routing that data through the VPN’s private server. The core value of using a VPN is to prevent cybercriminals or internet service providers (ISPs) from snooping on or exploiting your unsecured internet activity.

A VPN protects you from this in three key ways, by allowing you to:

1. Encrypt unencrypted communications sent to and from your device
2. Disguise your browsing history
3. Connect anytime, anywhere, from any device

Dashlane’s VPN is available to all paying customers as part of our suite of digital identity protection and control features.

1. Encrypt unencrypted communications sent to and from your device

Public WiFi is very convenient for people who like to connect on the go. If you’ve ever connected to WiFi at an airport, hotel, or coffee shop, you’ve used public WiFi. But make no mistake—there is a security/convenience trade-off every time you connect to a public WiFi network.

Public WiFi networks are unsecured, which means that any unencrypted site or service you use on public WiFi could be compromised by man-in-the-middle (MitM) attacks. An MitM attack happens when a cybercriminal sits on an unsecured network and intercepts and/or modifies your unencrypted internet activity. This includes the ability to see unencrypted HTTP websites you visit and the information you submit on those websites, like your passwords. It also means a cybercriminal can modify a page or URL to trick you into submitting credentials for a normally secured site, like Gmail—otherwise known as phishing.

HTTP websites aren’t the only thing you may use online visible to a cybercriminal in a MitM attack. A number of voice over IP (VoIP) services are unsecured and unencrypted as well. VoIP is the technology that allows you to make audio calls over the internet instead of through your cellular provider’s network.

Any unencrypted internet activity can easily be intercepted and/or modified by cybercriminals via MitM attacks. A VPN encrypts all your unencrypted internet activity, from web surfing to VoIP calls and everything in between, blocking potential phishing opportunities available in a MitM scenario.

But aren’t most sites protected with HTTPS protocol?

While most popular sites use encrypted HTTPS protocol (instead of the unencrypted HTTP protocol), many of those popular websites don’t automatically redirect unsecure requests to the secure HTTPS protocol. That puts you at risk. This is also true with your email account settings. There are unsafe protocols used to receive, access, and send email, like POP3, IMAP, and SMTP. Using a VPN ensures that your browsing is always routed with encryption, and your email account settings use secure encryption protocols, like POP3S, IMAPS, and SMTPS. (The ‘S’ in all these acronyms stands for “secure”!)

2. Disguise your browsing history

What you do on the internet is private, right? Well, not really.

As it currently stands, internet service providers (ISPs) like Verizon or AT&T can have complete visibility into all of your browsing history.

They can do that because they attach your internet activity to your device’s IP address, which is a unique identifier for each device connected to the internet. This information includes your exact geographical location. They can collect personal data and may even use it to serve you ads.

A VPN disguises your device’s IP address, because all your traffic is routed through the IP address of the VPN’s server. So, your ISP can no longer see what websites you’re visiting or searches you’re making, since the traffic routed through the VPN is now encrypted.

3. Connect anytime, anywhere, from any device

A VPN is an incredibly useful tool for securing your online activity and protecting your privacy. But it would be useless if it only worked on certain devices or in specific geographic locations.

Dashlane’s VPN works instantly across all your devices, in any location around the globe, so you can stay connected and protected, no matter the situation.

via dashlane

Is Your Router Vulnerable to VPNFilter Malware?

Below is a list of routers vulnerable to VPNFilter, malware that can brick your device.

The Justice Department last week urged everyone with a small office home office (SOHO) or NAS device to reboot their gadgets immediately in order to thwart VPNFilter, a new strain of malware that can brick your router.

The FBI seized a domain used to send commands to the infected devices, but it can't hurt to reboot anyway.

As Symantec outlines, VPNFilter is "a multi-staged piece of malware." Stage 1 makes the connection, Stage 2 delivers the goods, and Stage 3 acts as plugins for Stage 2. "These include a packet sniffer for spying on traffic that is routed through the device, including theft of website credentials and monitoring of Modbus SCADA protocols. Another Stage 3 module allows Stage 2 to communicate using Tor."

VPNFilter "is unlike most other IoT threats because it is capable of maintaining a persistent presence on an infected device, even after a reboot," Symantec says.

Still, "rebooting will remove Stage 2 and any Stage 3 elements present on the device, [temporarily removing] the destructive component of VPNFilter. However, if infected, the continuing presence of Stage 1 means that Stages 2 and 3 can be reinstalled by the attackers."

Those who believe they're infected should do a hard reset, which restores factory settings. Look for a small reset button on your device, though this will wipe any credentials you have stored on the device.

Below is a list of routers Symantec identified as vulnerable to VPNFilter. MikroTik tells Symantec that VPNFilter likely proliferated via a bug in MikroTik RouterOS software, which it patched in March 2017. "Upgrading RouterOS software deletes VPNFilter, any other third-party files and patches the vulnerability," Symantec says.

• Linksys E1200
• Linksys E2500
• Linksys WRVS4400N
• Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
• Netgear DGN2200
• Netgear R6400
• Netgear R7000
• Netgear R8000
• Netgear WNR1000
• Netgear WNR2000
• QNAP TS251
• QNAP TS439 Pro
• Other QNAP NAS devices running QTS software
• TP-Link R600VPN

"No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues," according to Cisco Talos, which first reported the bug.

To date, Cisco Talos estimates that at least 500,000 in at least 54 countries have been hit by VPNFilter.

The feds are pinning this attack on Fancy Bear, a hacking group also known as APT28 and Sofacy Group, among other monikers. The group is notorious for attacking governments across the world and stealing confidential files from the Democratic National Committee during the 2016 election.

via PCMag

New router-based solution protects home IoT devices

As we bring more and more smart devices into our homes, we potentially open ourselves up to a variety of new risks with devices opening back doors into networks or falling prey to botnets.

German antivirus company Avira is launching a new approach to home security which needs no new infrastructure on the domestic network and no configuration done by the user.

SafeThings sits within the home router and works with cloud-based machine learning. Avira licenses the product to router manufacturers and internet service providers, enabling them to protect networks from misuse and to deliver value-added IoT security services directly to end users.

"At Avira, we have been at the forefront of Artificial Intelligence innovation for a decade, being the first vendor within the security industry to identify how to apply AI to our field and to do it," says Travis Witteveen, CEO of Avira. "We have a wealth of experience in protecting both the privacy of end-users and the security of their traditional devices. Today we stand alone in the cyber security industry with the introduction of Avira SafeThings, an innovative router app and behavioral threat intelligence platform that secures all IoT devices in the home. We've designed SafeThings to effectively solve the IoT vulnerabilities without being too invasive, expensive, or complicated for the end user -- and we've done this in a way that provides additional benefits for the internet service providers and router manufacturers."

SafeThings is made up of a number of modules, Protection Cloud builds category and individual device profiles to create device management and rule definitions and automatically protect the device functionality. By analyzing metadata on gateway traffic, no invasive deep packet inspections are needed.

The Sentinel module is a software agent positioned at the gateway to each smart home, embedded in the firmware on the router, Sentinel fingerprints IoT devices and collects packet header metadata for AI analysis. After communicating with Protection Cloud, Sentinel enforces protection and communication rules.

A web-based user interface shows users in real time what each IoT device in their network is doing and enables them to see and modify firewall policies and device rules. There's also a Data Forefront API service that lets service providers and OEMs access and control SafeThings functionality, for example to drill down into specific details and control rules and actions to be taken in case of a compromised device.

It also allows for custom plugins to let SafeThings clients offer their end users additional security apps via a branded secure app store. These integrated services such as VPN or parental controls would operate at router level with management in the cloud.

"We see SafeThings as a 'B2B2C' product, providing consumers with the security and privacy protection they need while delivering it to them via the internet service providers and router manufacturers. As an embedded software solution, SafeThings is imminently flexible according to each client’s technical and marketing needs,” adds Witteveen.

You can find out more on the Avira website.

Image Credit: lucadp / depositphotos.com

via betanews

WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping

A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack.

The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network.

That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.

In other words: this flaw, if exploited, gives an attacker a skeleton key to access any WPA2 network without a password. Once they're in, they can eavesdrop on your network traffic.

The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices -- putting every supported device at risk.

"If your device supports Wi-Fi, it is most likely affected," said Vanhoef, on his website.

But because Vanhoef hasn't released any proof-of-concept exploit code, there's little risk of immediate or widespread attacks.

News of the vulnerability was later confirmed on Monday by US Homeland Security's cyber-emergency unit US-CERT, which about two months ago had confidentially warned vendors and experts of the bug, ZDNet has learned.

The warning came at around the time of the Black Hat security conference, when Vanhoef presented a talk on networking protocols, with a focus on the Wi-Fi handshake that authenticates a user joining a network.

The cyber-emergency unit has since reserved ten common vulnerabilities and exposures (CVE) records for the various vulnerabilities.

Cisco, Intel, Juniper, Samsung, and Toshiba are among the companies affected.

At its heart, the flaw is found in the cryptographic nonce, a randomly generated number that's used only once to prevent replay attacks, in which a hacker impersonates a user who was legitimately authenticated.

In this case, an attacker can trick a victim into reinstalling a key that's already in use. Reusing the nonce can allow an adversary to attack the encryption by replaying, decrypting, or forging packets.

Windows and latest versions of Apple's iOS are largely immune from the flaws, according to security researcher Kevin Beaumont, in a blog post.

However, Vanhoef said the security issue is "exceptionally devastating" for Android 6.0 Marshmallow and above.

via zdnet

Here is every patch for KRACK Wi-Fi attack available right now

Monday morning was not a great time to be an IT admin, with the public release of a bug which allowed WPA2 security to be broken.

As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates.

The security protocol, an upgrade from WPA, is used to protect and secure communications between everything from our routers, mobile devices, and Internet of Things (IoT) devices, but there is an issue in the system's four-way handshake which permits devices with a pre-shared password to join a network.

According to security researcher Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks (MiTM) and eavesdrop on communication sent from a WPA2-enabled device.

US-CERT has known of the bug for some months and informed vendors ahead of the public disclosure to give them time to prepare patches and prevent the exploit from being utilized in the wild -- of which there are no current reports of this bug being harnessed by cyberattackers.

The bug is present in WPA2's cryptographic nonce and can be utilized to dupe a connected party into reinstalling a key which is already in use. While the nonce is meant to prevent replay attacks, in this case, attackers are then given the opportunity to replay, decrypt, or forge packets.

In general, Windows and newer versions of iOS are unaffected, but the bug can have a serious impact on Android version 6.0 Marshmallow and above.

The attack could also be devastating for IoT devices, as vendors often fail to implement acceptable security standards or update systems in the supply chain, which has already led to millions of vulnerable and unpatched IoT devices being exposed for use by botnets.

The vulnerability does not mean the world of WPA2 has come crumbling down, but it is up to vendors to mitigate the issues this may cause.

In total, 10 CVE numbers have been preserved to describe the vulnerability and its impact, and according to the US Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks.

So who is on top of the game?

Aruba: Aruba has been quick off the mark with a security advisory and patches available for download for ArubaOS, Aruba Instant, Clarity Engine and other software impacted by the bug.

Cisco: The company is currently investigating exactly which products are impacted by KRACK, but says that "multiple Cisco wireless products are affected by these vulnerabilities."

"Cisco is aware of the industry-wide vulnerabilities affecting Wi-Fi Protected Access protocol standards," a Cisco spokesperson told ZDNet. "When issues such as this arise, we put the security of our customers first and ensure they have the information they need to best protect their networks. Cisco PSIRT has issued a security advisory to provide relevant detail about the issue, noting which Cisco products may be affected and subsequently may require customer attention.

"Fixes are already available for select Cisco products, and we will continue publishing additional software fixes for affected products as they become available."

In other words, some patches are available, but others are pending the investigation.

Espressif Systems: The Chinese vendor has begun patching its chipsets, namely ESP-IDF and ESP8266 versions, with Arduino ESP32 next on the cards for a fix.

Fortinet: At the time of writing there was no official advisory, but based on Fortinet's support forum, it appears that FortiAP 5.6.1 is no longer vulnerable to most of the CVEs linked to the attack, but the latest branch, 5.4.3, may still be impacted. Firmware updates are expected.

FreeBSD Project: There is no official response at the time of writing.

Intel: Intel has released a security advisory listing updated Wi-Fi drives and patches for affected chipsets, as well as Intel Active Management Technology, which is used by system manufacturers.

Linux: As noted on Charged, a patch is a patch is already available and Debian builds can patch now, while OpenBSD was fixed back in July.

The WiFi Standard: A fix is available for vendors but not directly for end users.

Mikrotik: The vendor has already released patches which fix the vulnerablities.

Google: Google told The Verge that the company is "aware of the issue, and we will be patching any affected devices in the coming weeks."

AVM: This company may not be taking the issue seriously enough, as due to its "limited attack vector," despite being aware of the issue, will not be issuing security fixes "unless necessary."

OpenBSD: Patches are now available.

Microsoft: While Windows machines are generally considered safe, the Redmond giant isn't taking any chances and has released a security fix available through automatic updates.

Netgear: Netgear has released fixes for some router hardware. The full list can be found here.

Ubiquiti Networks: A new firmware release, version 3.9.3.7537, protects users against the attack.

Check back as we update this story.

via zdnet

Wi-Fi security may be cracked, and it's a very, very bad thing... Have we said that this is bad?

Wi-Fi, the wireless data transfer technology practically all of us use on a daily basis, is in trouble. 

The WPA2 security protocol, a widespread standard for Wi-Fi security that's used on nearly every Wi-Fi router, has apparently been cracked. 

The details on the security exploit, which is called KRACK, or Key Reinstallation Attacks, are to be released at 8am ET Monday on the site www.krackattacks.com.

But according to a new advisory by US-CERT, via Ars Technica, there are "several key management vulnerabilities" in WPA2, allowing for "decryption, packet replay, TCP connection hijacking, HTTP content injection." The worst part? These are "protocol-level issues," meaning that "most or all correct implementations of the standard will be affected."

We'll know more when the details about KRACK are released, but if it turns out that one can use this exploit in a fairly simple and reliable way, then this is one of the biggest online security threats ever.  

To see why, one has to go just a little bit back into the past. Wi-Fi used to be secured with a standard called WEP, which was found to be vulnerable to a multitude of attacks, many of which don't require the attacker to have physical access to the Wi-Fi equipment or even be connected to the network. Over time, tools that make these attacks simple have been developed, and now, if your Wi-Fi is protected by WEP, there's a choice of simple mobile and desktop apps that crack your password in seconds (no matter how long or complicated it is). 

Because of these issues, WEP was mostly replaced with WPA and, later, WPA2, which are far more secure. Though there were ways to crack a WPA2-protected Wi-Fi router, if your password was long and complicated enough, it made it a lot harder or nearly impossible to do. 

(For completeness' sake, one hacking tool, called Reaver, can crack WPA2-protected routers no matter the password, but it's fairly simple to protect your router — you simply have to turn off a feature called WPS.)

If this latest vulnerability is similar to the way WEP is vulnerable — and it looks like it is at the moment — then it won't matter how strong a password you chose. This would make hundreds of millions of routers out there, used by individuals and businesses alike, open to hackers. It would mean that, if you care about security, you should not use Wi-Fi at all until this is fixed. At the very least, you should use HTTPS connections whenever possible, and a good VPN might add another layer of security.

And fixes for these types of things don't come easy. Some routers will probably get a firmware update, but a lot of home users might not know how to apply it, or be aware that this is a threat. Again, going back to the time when WEP was cracked in 2001, it took years for ISPs to start shipping routers with WPA and WPA2 enabled as default, leaving many customers wide open to attacks.  

We'll know more after the announcement today; stay tuned for updates. 

WATCH: This guy has 1,500 passwords, and a few tips for staying secure

 

Wi-Fi-first Mobile Services and Impact on Mobile Carriers

Wi-Fi Technologies: Emerging Business Models

Consumer use of Wi-Fi is on a steep rise. With the coming 5G era, Wi-Fi's role as a core technology in service providers' network strategy will be further strengthened, but it will also face uncertainties as the use of unlicensed spectrums by mobile operators becomes more prevalent.

This industry report provides analysis of Wi-Fi technologies and emerging business models related to public Wi-Fi hotspot services.

Key Topics • Consumer use of Wi-Fi and hotspot services  • The entry of Wi-Fi-first mobile service providers and the potential impact on mobile operators' business  • New Wi-Fi standards and the growing use of Wi-Fi technologies in mobile operators' HetNet network strategy  • Global forecast of revenues from public Wi-Fi hotspot services targeting both consumers and business customers

Hilarious Wifi names

optimum wifi

optimum wifi

Access Video Sites

Bypass Work Restrictions. 100% Free - Download Now!

{KeyWord:VPN for WiFi}

Fast, Free, Secure VPN for WiFi.

Protect Your Data - Download Now!

See his secret online profiles now!

 

router spy software

router spy software

FTC Says Hotel WiFi is Dangerous

Recently, the FTC posted an article on their website stating that hotel WiFi is dangerous and that users should not assume that just because they pay for Internet access that their connection is secure.

We couldn’t agree more. In fact, I have been stating this fact since we launched PRIVATE WiFi nearly five years ago. This is an important topic because hotel travelers rank WiFi access at hotels as the number one amenity that they look for when booking hotel rooms.

Why Hotel WiFi is Dangerous

The FTC’s announcement is important because many travelers assume that using a WiFi network at a hotel is the same as logging into their network at home. That’s a dangerous view, because in actuality the risks in accessing a WiFi network at a hotel are exponentially greater than those experienced at home or in an enterprise setting.

Here’s the unvarnished truth about hotel WiFi networks: they are completelyunsecured. Here’s another fun fact: when hotel WiFi networks get hacked, they don’t usually find out until months after.

There are two kinds of risks you should be aware regarding hotel WiFi networks:

• All public WiFi networks are inherently insecure. Nothing new here, as I have been saying this for years, but it bears repeating: if a WiFi network is public, that means anything you do online can be tracked and captured. And this includes almost all hotel WiFi networks.
• Even fully wired Ethernet connections are unsafe. This means even if you are plugging your computer directly into the hotel’s network, you are still in danger of being hacked.

The truth is that it’s difficult to make public WiFi safe, and most hotels are trading security for a WiFi network that is easy to login to and provides them a steady revenue stream. These facts are reflected in the recent Marriott WiFi debacle, in which the hotel conglomerate intentionally blocked personal WiFi hotspots of all guests. The brand maintained that it was doing this to protect guest security on WiFi networks but in reality, they were looking to protect their bottom line.

No matter which hotel you stay, or whether the purpose of your trip is business or pleasure, security on WiFi is up to you.

What the FTC Says You Should Do to Protect Yourself

The FTC offers pretty good advice on what you can do to protect yourself when accessing a hotel WiFi network. Below are some of the tips they offer:

• When you have finished using an account, be sure to log out of that account.
• Do not use the same password for all of your accounts. It could give someone who gains access to one of your accounts access to all of them.
• Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date.
• If you regularly need to access online accounts through public WiFi networks, you may want to use a virtual private network (VPN).

I couldn’t agree more with that last point. Only a VPN like PRIVATE WiFi encrypts all your Internet communication from being intercepted by others, whether on a WiFi or Ethernet network.

This is a good rule to live by: never rely on hotels (or any other WiFi provider) to protect you when you use their networks. Never assume that any network is safe, and especially don’t assume that just because you paid for access to it.

No one else is looking out for your security when you use WiFi networks. You need to protect yourself.