How to Beat the Center for Copyright Information (and BitTorrent snooping, etc.)

If you haven't heard already, there's a new sheriff in town.  The CCI are set to police EVERYONE on the internet for "copyright infringement".  CCI have partnered with all the major ISP's are being put in position to essentially enable logging of P2P and BT traffic.  The plan?  Watch it, document it, and start identifying offenders.  Throttle that traffic, eventually cut it off, and fine them. 

Yup, and you thought "the blackout" had made a difference.  LOL.  Epic.fail.


So you, like a million other people, seeing this news...are wondering, "Well WTF do I do now?"

You're now aware that the BitTorrent downloads and uploads are totally visible.  And now, there's someone there watching, logging, and putting a bureaucracy around it.  This probably isn't going to end well for you, if you continue.

CCI and it's methods (straight out of the MPAA/RIAA handbook), are, put simply, RETARDED.  

So, how then should we beat the Center for Copyright Information?

How about a cyberlocker, or basically cloud storage.  Yup, that's an easy way to beat CCI.  All of that HTTPS will do the trick.  Of course, this isn't really BT friendly.

How about a "BT anonymizer".  Yup, that's an easy way to beat CCI.  But that's limited to BT only.

Those are both good options.  One is obviously a change in the pattern, totally different.  The other is tailored specifically to the BT task at-hand.  Both will prevent BitTorrent snooping.  Both will easily defeat CCI.

A better option, is to find a hybrid.  Find something that will cover the most, and take care of the task at hand.

Beat CCI with VPN.

Connecting to a VPN while using BT, or using the internet in general, will beat CCI and anyone else that attempts to employ the same lame type of policing on internet traffic.

We mentioned earlier the great speeds available on HideMyAss.  That's definitely an option right there.

What you're really looking for, out of a VPN service (especially if you intend to pay) is quality and security.  Go for L2TP and OpenVPN where possible.  Steer clear of PPTP only.  Providers with servers in the NL and in Sweden are good.  Logging will be less of a worry.  If you just use US or UK VPN, you're asking for trouble with BT/P2P useage.

For good VPN software and high speeds check out HideMyAss.

For the best deal on Usenet + VPN, go with Giganews + VyprVPN.

For a VPN focused on no logging and providing a lot of SE servers, go with VPNTunnel.SE.

For a provider using multihop VPN for added security, try iVPN.net.

For a new up and coming provider with a lot of servers and cheap prices see IPVanish.

For a little south-of-the-border flavor with your VPN, CactusVPN is cheap and easy.

For anyone who knows what "shell" means, you should check out Shells.net.

Ok so if that's not enough options for beating CCI, check back later.  I'm sure we will have thought of something else.  Probably while we were on the can.

HideMyAss VPN Review - 95% of Network Fast Enough for Streaming High Def!

httpI came across a really well done VPN review on HideMyAss.  The folks over at VPNandUsenetReviews.com did an amazing job on an indepth review of the HMA VPN software and service, including a full test. 

They did such a good job they documented just about everything in the software, and then went off and did a full speed test.  But they didn't stop there, they actually did some math on the results and produced some real conclusions!  Amazing...

The basic conclusion is that HMA has a really fast network.  Over 95% of it can support speeds suitable for streaming high def.  Even if you accept some of the highest measures of speeds required, over 70% of the HMA VPN network still meets the requirements.  Pretty cool when you consider it's only $11.52/mo.

The indepth review includes screenshots of almost all the HMA features in their VPN client software.  It also includes all the speed test results from the 20 something countries that HMA offers.  

Have a look at all the screenshots of the software and the full test here.

Personally I like both VyprVPN and HMA for VPN service and VPN clients.  I think either one is an excellent choice.  They both end up highly ranked over at that site too for obvious reasons (price, features, performance, etc.)

Question: Are you using either Usenet or VPN Services?

Do you use either Usenet or VPN services currently?

Hey Readers,

I'm curious - are you using either a Usenet newsgroup provider, or a VPN service provider?  If so, which provider are you using for the service?

Giganews, VyprVPN, StrongVPN, Easynews, NewsDemon, TuVPN - another service provider?...

Thou shalt secure thine connection before traveling

Doesn't really matter if it's a pay or free provider, of either service.  

All pimps wear this hat

I'm trying to figure out what is actually in use out there.  I can look it up all I want, but I figure asking you readers is just as effective.

Is this how you get security on the net?

Please let me know in the comments!  Yes/No (to either service), and who is the provider...THANKS!

**bonus - if you're willing to comment on how the service is, in your opinion, that would be AWESOME!**

How to Beat Firesheep - Secure Open Wifi (Part 3)

This is Part 3 of the Firesheep series, How to Beat Firesheep.  Part 1 introduced the tool and the attack, Part 2 talked about the seriousness of the vulnerability.   
Part 3 will tell you how to beat Firesheep.

Let's drop in a lil napalm and cook 'em down!

First, let's setup up some basic ground rules:

• We all know you're going to be on Open Wifi at some point, so telling you "get off open wifi" is retarded
• The problem is essentially owned by the website operators, not the Wifi operators.  The issue is HTTP cookies, and the ability to session-hijack, not the ability to login to a Wifi access point at Starmucks.
• Sites that are vulnerable to this attack today may not be vulnerable tomorrow, however, there will always be sites that are vulnerable, therefore it is important to at least try and browse securely while on Open Wifi

Some of these solutions will be geared toward the technically savvy.  Some of them will be easy.  Some of them may require that you pay money.  Overall, I think at least one of these solutions will work for everyone.

 Let's get started.

1. Secure your browsing on the Open Wifi by using VPN.  This is by far the most effective and best way of solving the problem.  This will encrypt all of your traffic on the wifi network and defeat anyone trying to use Firesheep against you.  It can however cause you to spend a few bucks.  Solutions like VyprVPN are perfect for solving the session-hijack problem.  See my earlier review on VyprVPN here (figures it would come in handy!)  quick note: VyprVPN is included free in Giganews subscriptions.
2. Secure your browsing on the Open Wifi by using SSH.  This is very similar to using a VPN, except I would consider it much more difficult to setup.  Essentially it provides the same benefit, an encrypted connection. Lifehacker did a good tutorial awhile back on setting up a free SSH server using your home computer here.  Cygwin and OpenSSH are essentially the solutions here, but beware, setup is perhaps not for the faint of heart.  Ducks need not apply.     
   
3. Utilize SSL versions of websites (HTTPS rather than HTTP).  This is easy.  Many websites have HTTPS versions, even Facebook.  However there is a major drawback:  often times while browsing you will inadvertently switch back to HTTP.  Try that Facebook link, then click around - see the problem?  You're switching from HTTPS to HTTP in a heartbeat.  This solution is easy, but perhaps less than ideal, and not very effective.
4. Install Firefox addons that will automatically direct you to HTTPS website versions.  Two options are:  HTTPS Everywhere and Force-TLS.   This is also easy, and it will solve the problem of having to remember to type "HTTPS", or change your bookmarks.  The addon will automatically direct you to the secure version of the site.  Of course this still suffers from the same problem as #3, websites will easily switch you from HTTPS to HTTP, and is therefore still problematic.
5. Use the "Blacksheep" addon. Blacksheep is a firefox addon that will supposedly scan the Open Wifi you are on and determine if anyone is running Firesheep on it.  So, if it you see a return, then at least you are aware of what's going on, and can hopefully take the necessary precautions.  Still this does not solve the problem, it only makes you aware of the potential danger.  Blacksheep does tell you the IP address of the attacker though.  But if you're sitting in Starmucks, this may mean all you can do is yell out "Hey 192.168.0.XXX, you SMOKE POLE!"  There is another drawback to this too - you don't need Firesheep to conduct this type of attack (Wireshark + WinPCap = Win).  So although Blacksheep may detect Firesheep, it does not solve the session-hijack problem.  The other issue here is this software is newly released, which could mean a back-and-forth between the "sheep".  (fix, counter, fix, counter)
6. Use a Mifi/Cellular Modem/Hotpsot type device.  I think every major cellular provider in North America sells these things.  Some of them are just USB sticks you plug into the computer.  In other cases, you can tether your phone to the laptop.  The problem here is this costs money, a lot of money, and is tantamount to saying "don't use Open Wifi".  Not an ideal solution, although it is effective at solving the problem. 
7. Use Fireshepherd.  This is a brand new piece of software designed specifically to combat Firesheep.  It is not an addon like Blacksheep.  Fireshepherd periodically sends out a stream of garbage that is intended to screwup or crash Firesheep.  YMMV with this software.  So far I have not read any reviews or done extensive tests myself.  As I said, it's brand new.  The other potential drawback is that this, like Blacksheep, does not apply to the actual root problem of session-hijacking.  In other words, this may be another solution to the Firesheep issue, but not a solution to the session-hijacking problem.  This is also vulernable to the same tit-for-tat as Blacksheep.   
8. On a Mac? Try Meerkat.  This is basically setting up SSH for your Mac, but Meerkat makes it a little easier.  Of course, Meerkat costs money.  There is a very good guide that deals with the entire Meerkat setup process here.  Remember, OpenSSH is installed in Mac OS X by default.  However, you still are going to deal with setup though, and again, that depends on whether you're a duck or not...

Warning from Blacksheep that Firesheep is active on your network

What are the other pundits saying?  Most of them are going with VPN as the best solution, including the Firesheep developer himself.  Hey, if Harvard recommends VPN, there must be something to it, right? 

I heard these people were smart

I would honestly reccomend people look into a secure service like VyprVPN.  Cost is minimal and benefits are great.  Especially if you are conducting "work" over open Wifi, or if you are spending time on social, financial, or other private sites  Consider it your own little private encrypted tunnel on an otherwise open network.  I have no problem endorsing VyprVPN as an ideal solution that will keep you on Open Wifi, but keep you safe from kiddies session-hijacking your logins (VPN solves a number of other security concerns as well).  As I mentioned in my earlier review, this service also comes free with Giganews, so if you're already on Usenet, now may be the time to look at Giganews.  

I figure it's also worth mentioning solutions that are NO GOOD.  In other words, these will NOT WORK.

• Using Tor.  Tor will not solve your problems.  In fact, if the owner of the exit node is running Firesheep, you just got pwned, hard.  Even the Firesheep developer thinks using Tor is a bad idea.
• Enable WPA2 and tell yourself "it's all good now".  Sure, you've done good, but you can still get pwned, pretty hard.  ARP poisioning and DNS spoofing take a little bit more tech savvy, but software exists to conduct those attacks as well - on either a wirless WPA2 network, or a wired network.  Google: Cain and Abel.  
• Using a VPN or SSH tunnel you don't know and trust.  This is bad, mmkay?  You just pushed the problem off to that exit connection.  Since you don't know anything about it, and clearly can't trust it...you're basically asking for trouble.  "Use VPN" is good, but just blindly using whatever VPN is not - get it? 

As you can see from the above, the solutions basically come in two flavors:

• Encrypt all of your communications on the wireless network (VPN, SSH, Meerkat, etc)
• Encrypt the communications with the particular website (HTTPS, Addons, etc.)

Both of these flavors have one thing in common: encryption.  If you don't know, now you know. 

BTW, if you are running Firesheep for whatever purpose, be aware that Microshaft is detecting it as a "virus/malware".  I lol'd.  Another BTW, if you are using the standard Windows antivirus/antimalware you should seriously consider upgrading to an alternative.

Getting pwned by script kiddies is bad, mmmkay?

Giganews Vypr VPN - Secure Browsing on iPhone, iPad, Android, and Computer

So we've already established that Giganews is a pimp Usenet provider, and secure browsing is a good thing.

Check this out:  the Diamond package at Giganews gives you free access to Vypr VPN (from Goldenfrog).  Which, in addition to providing VPN for your computer, also provides VPN for your PHONE.  Yeah that's right, secure browsing on your iPhone, iPad, Android.  Setup is super easy too.

But let's take a step back, WTF are we talking about here?

We're talking about anonymous and secure internet.  Your email, IM, web browsing, VoIP, all that jazz.  Again, this is a good thing.  Still not sure why this is a good thing, read this here:  Why Vypr VPN?

In addition to the obvious benefits of secure web browsing, I would like to call your attention to this little known fact:  Public WiFi hotspots like those you use in airports and coffee shops are especially insecure. Anything you send or receive over WiFi is "visible" and vulnerable to hackers and identity thieves. 

VyprVPN lets you take a secure connection with you everywhere you go.

Illustration of internet traffic before Vypr VPN, and after

So you're sitting there at Starbucks right, or Safeway, or whatever and you're like "Sh1t I need to pay my bills..."  Next thing you know, you're logging into your bank website over the store's free public wifi.  Yeah, you're boned.  I just stole your login name and password.  Yup.  Sucks to be you.  Loving that free internet at the airport, aren't you?  All over your travel accounts (Airlines, Rental Car, Hotels)...yeah you're boned too.

But let's leave that alone for a second too, and go back to the whole VPN on your phone.  iOS and Android will both support VPN.  Supplying the server name, username, and password is about all it takes. 

Everything you need to know about setup can be found here, but install is a walk in the park, any monkey should be able to accomplish it.  Select your install type (Win, Mac, iPhone, Android, Linux, DD-WRT firmware) and the install instructions will walk you through the screens and settings.

iPhone with VPN on and VyprVPN network (misspelled)

Alright, we've established a few things here:

• Giganews is offering Vypr VPN for free for Diamond accounts
• Vypr VPN works for your computer and your phone
• Secure connect over VPN is good for a number of different reasons 
• Setup is easy - supply server address, user, and password

A word on performance.  Anyone who's ever used a proxy before, or a VPN (possibly for a remote work connection) understands how performance can become an important issue.  To be honest, I noticed zero difference in speedtests with VyprVPN on, or off.  I was getting a max connection either time.  The only limit is the amount I pay for through Comcrap, err Comcast.

I give VyprVPN 5 stars for this reason (performance), as well as ease of use, and functionality (works on your phone!)  No problems or issues to report.

So, if you're already a Giganews Diamond account holder, go setup VyprVPN (its free!).

Or, if you're not a Giganews account holder:
1 - check out Giganews, it's badass
2 - check out Vypr VPN, it is also badass

*last note: you can easily verify setup is working if you are connected and if your IP has changed.  if it is connected, and your IP has changed, your setup is successful!