VPN buyer's guide: 14 options for every budget (plus an extra 15% off) - Mashable

VPN buyer's guide: 14 options for every budget (plus an extra 15% off) - Mashable

VPN buyer's guide: 14 options for every budget (plus an extra 15% off) - Mashable

Posted: 20 Mar 2020 02:06 AM PDT

Companies are scrambling to find ways of securely supporting employees working from home during the global pandemic. But the challenges are definitely extensive — especially with a new wave of cyberattacks erupting.

Just like closing the door to the outside world can potentially slow the spread of the virus, closing (and locking) the door to network vulnerabilities can slow the wave of cybercrimes. And in order to keep that door securely shut as you work from home, you're going to need a Virtual Private Network (VPN). A VPN basically lets you connect to the internet through an encrypted data channel that masks your identity and keeps your personal and private information secure.

Now's as good a time as any to get a VPN, with 14 of our best VPN options on sale for an extra 15% off (using the code SPRINGSAVE15). There's a subscription to meet every budget and every demand. Consider this your VPN buyer's guide.

Under $25

FastestVPN: Lifetime Subscription (5 Devices)

As the name suggests, this high-powered VPN operates with 99.9% uptime and gives you access to more than 350 high-speed servers around the globe. It also features military-grade 256-bit AES encryption, a NAT firewall, ad blocker, anti-malware software, kill switch, and doesn't log any of your data. Better yet, you can get a lifetime subscription on five of your devices for just $16.99 (worth $600) using the code SPRINGSAVE15.

VPN buyer's guide: 14 options for every budget (plus an extra 15% off)

SlickVPN: Lifetime Subscription

SlickVPN offers a lifetime of secure gateways in over 45 countries, with over 125 available, to protect you from a wide range of cybercrimes wherever you are on the globe. You can browse, stream, and work securely on up to five devices at once with reliable, end-to-end 256-bit encryption. And you don't need to spend your life's savings to protect yourself. Save an extra 15% and sign up for just $16.99 with the code SPRINGSAVE15.

VPN buyer's guide: 14 options for every budget (plus an extra 15% off)

Less than $50

KeepSolid VPN Unlimited: Lifetime Subscription

With no speed or bandwidth limits, KeepSolid is one of the top-rated VPN services around, earning itself multiple titles like "Top VPN," and "Best VPN for Laptop." And thanks to access to over 400 different servers based in over 80 global locations, you can get a fast, protected connection on up to five different devices anywhere on the planet. It's worth $200, but you can get a lifetime subscription for just $33.15 with the code SPRINGSAVE15.

VPN buyer's guide: 14 options for every budget (plus an extra 15% off)

VPN by VeePN: Lifetime Subscription

With access to over 2,500 servers located in 48 locations worldwide, VeePN makes you about as anonymous as you can get on the web. But just in case that's not enough, it also keeps your data under lock and key with bank-level AES 256-bit encryption, a strict no-logging policy, DNS leak prevention, and a kill switch on up to 10 devices. Get a lifetime subscription for just $25.49 (worth $659) with the code SPRINGSAVE15.

VPN buyer's guide: 14 options for every budget (plus an extra 15% off)

VPN.asia Lifetime Subscription

Block trackers and hackers from watching your every move online with VPN.asia, an AES-256 data encrypted, SHA-256 hash authenticated VPN subscription. With more than 40 servers in 30 countries around the world, you can cloak your identity while enjoying top connection speeds. Plus, you can connect to five different devices at once and share P2P content more securely. Use the code SPRINGSAVE15 and get a lifetime plan for just $41.65.

VPN buyer's guide: 14 options for every budget (plus an extra 15% off)

Ivacy VPN: Lifetime Subscription

Ivacy offers protection on 10 devices at the same time by connecting to over 1,000 servers in over 100 countries. It lets you unblock geo-restricted content and enjoy bufferless HD streaming on all your favorite services, engage in P2P file-sharing in total anonymity, and easily shut down hackers with powerful 256-bit encryption. Even better, if you use the code SPRINGSAVE15, you can get an over $1,000-lifetime plan for just $33.99.

VPN buyer's guide: 14 options for every budget (plus an extra 15% off)

Hola VPN Plus: Lifetime Subscription

One of the most popular VPNs in the world, with over 200 million users and counting and over 300,000 reviews, Hola VPN is trusted across the globe. It offers unlimited bandwidth, overcomes geo-restrictions and other censorship, and enables you to browse and work privately and securely with impressive performance and speed. It also offers protection on up to five devices at once. Sign up for a lifetime of Hola VPN Plus for just $33.15 (usually $717) with the code SPRINGSAVE15.

VPN buyer's guide: 14 options for every budget (plus an extra 15% off)

BulletVPN: Lifetime Subscription

Faster than a bullet (get it?), this VPN offers impressive speed, making it an excellent choice for gamers and remote workers alike. It's easy to use, connects you to over 100 servers across 51 countries, and offers unlimited data bandwidth and server switching. And you can ensure your data is protected through 256-bit AES encryption on up to six different devices. Sign up for a lifetime subscription for $33.15 and save well over 90% using the code SPRINGSAVE15

VPN buyer's guide: 14 options for every budget (plus an extra 15% off)

VPNSecure: Lifetime Subscription

No matter where you're signing in from, VPNSecure proudly features a Smart DNS component to fully encrypt your data. It also guarantees absolutely zero logs of your activity will ever be kept. You can connect up to five different devices at once to servers in over 46 countries and counting, all while enjoying unlimited bandwidth, with no content restrictions, and anonymous browsing. You can sign up for life for just $29.74 using the code SPRINGSAVE15 and save over 90%.

VPN buyer's guide: 14 options for every budget (plus an extra 15% off)

WifiMask VPN Unlimited Devices: 3-Yr Subscription

Optimized for Mac and iOS, WifiMask VPN is a digital shield that blocks hackers, trackers, and malware while you browse the web while taking the load off of your CPU and RAM. It currently has 21 servers in eight countries across the globe, unlimited data, a strict no-logging policy, and fast connection speeds, so you're safe to surf privately and securely on unlimited devices. Usually priced at $143.64, a three-year subscription is available for just $33.99 when you use the code SPRINGSAVE15.

VPN buyer's guide: 14 options for every budget (plus an extra 15% off)

Less than $100

Surfshark VPN 3-Yr Subscription

Get unlimited data and bandwidth on unlimited devices with military-grade AES-256-GCM encryption and an anonymous connection to over 500 torrent-friendly servers with SurfShark VPN. The whole family can get their work done at the same time with blazing fast speeds and its CleanWeb ad, tracker, and malware blocker will ensure your data is secure all the while. Worth $430, a three-year subscription is just $58.65 when you use the code SPRINGSAVE15.

VPN buyer's guide: 14 options for every budget (plus an extra 15% off)

TigerVPN: 3-Yr Subscription

With access to up to 15 nodes in 11 different countries, TigerVPN masks your location with a military-grade encryption tunnel and included firewall. You'll be totally anonymous to anyone trying to access or steal your data online. And while you'll get unlimited device connections, only two can be active at a time. Worth $429, a three-year subscription is on sale for just $59.49 with the code SPRINGSAVE15.

VPN buyer's guide: 14 options for every budget (plus an extra 15% off)

NordVPN: 2-Yr Subscription

One of the most trusted VPNs around, NordVPN has a five-star rating from TrustPilot, CNET, and PCMag. It connects you to over 3,500 worldwide server locations, across 60 different countries, and ensures your data passes through double-encrypted private tunnels. In other words, you'll be practically invisible online. Usually priced at $286.80, a two-year subscription is on sale for just $81.59 when you use the code SPRINGSAVE15.

VPN buyer's guide: 14 options for every budget (plus an extra 15% off)

Vault - The Online Security Cloud

In addition to NordVPN access, this vault of online security options also includes access to Degoo (2TB of secure cloud storage), Dashlane (a password manager), Panda AntiVirus (antivirus and online fraud protection), and AdGuard (an ad-blocking app). It's basically a full lineup of defensive measures against data hackers. And you can sign up for just $84.15 with the code SPRINGSAVE15.

VPN buyer's guide: 14 options for every budget (plus an extra 15% off)

How Ring Could Really Protect Its Users: Encrypt Footage End-To-End - EFF

Posted: 26 Feb 2020 12:00 AM PST

Last week, we responded to recent changes Amazon's surveillance doorbell company Ring made to the security and privacy of their devices. In our response, we made a number of suggestions for what Ring could do to be responsive to the privacy and security concerns of its customers and the larger community. One of our suggestions was for Ring to implement measures that require warrants to be issued directly to device owners in order for law enforcement to gain access to footage. This post will elaborate on this suggestion by introducing a technical scheme that would serve to protect both Ring's customers and the wider community by employing end-to-end encryption between doorbells and user devices.

Introduction: The Cloud and User Notification

In traditional surveillance systems, law enforcement had to approach the owners of footage directly in order to gain access to it. In so doing, law enforcement informed owners of the fact their footage was being requested and the scope of the request. This also served as a de facto rate-limiting of surveillance requests: a certain amount of real-world legwork had to be done to gain access to private footage. Even then, the footage was most likely granted once, and subsequent requests would have to be made for more material.

With the advent of cloud storage, access to raw footage moved from individual, private surveillance systems to the cloud provider. Once on the cloud, law enforcement can go straight to the cloud provider with a warrant for user footage, without informing the user. And footage on the cloud also makes it available to cloud employees—who can access the footage without permission from the user.

End-to-End Encryption Can Protect Footage and Feeds

End-to-end encryption (E2EE) allows devices to communicate with one another directly with the assurance of security and authenticity. This means that a user can encrypt data in a way that only the direct recipient can decrypt, and no one else—including the cloud storage provider that she uploads to and the manufacturer of the device she uses—can see what was sent. All they'll see is undecipherable "ciphertext."

Usually, end-to-end encryption happens between two or more devices owned by different people, and is implemented in communication apps like Signal and WhatsApp. E2EE can also happen between two devices owned by the same person to share sensitive data. Backup software SpiderOak One and tresorit use E2EE to back up files to the cloud in a secure way, and password managers like Dashlane and LastPass use it to store your passwords in the cloud securely. The backed-up files or passwords will be retrievable by multiple devices the user owns, but not by any other device. Not only does this protect the communication from the employees of these services, it also means that data breaches like the one LastPass experienced in 2015 do not result in any compromise of the sensitive encrypted data.

Ring has already experienced its share of data breaches and hacks in recent months, and responded by blaming its users and downplaying the dangers. The data breach resulted in username and password information on 3,600 customers being divulged, which put these users' footage in direct reach of hackers and the shadiest of data miners. Employees of Ring were found spying on customers through their doorbell cameras. Ring's history of lax security has made it the subject of a number of lawsuits, and a salient target for future hacks. To turn the tide and show that it's serious about security, the absolute best thing Ring could do is employ E2EE in its video feeds and AWS-based storage.

Not only would employing E2EE protect its users against their footage being divulged by a hack on user accounts or the AWS cloud, it would also implement just the kind of measure EFF calls for in ensuring law enforcement is required to request data directly from device owners. In E2EE schemes, the keys for the encrypted data are stored on users' devices directly, and are not held by the service provider. If a member of law enforcement wishes to obtain footage from a user's camera, they would have to ask the device owner to hand that footage over. This means that Ring would no longer provide law enforcement with a national video and audio surveillance system, since footage would have to be requested and delivered on an individual basis. It would be a return to the benefits that de facto rate-limiting of traditional surveillance systems provided, while retaining the convenience that Ring hinges its success on.

Moreover, this wouldn't necessarily be a very difficult system to implement. E2EE video feeds have been implemented in open-source encrypted communication platforms like Signal already, and encrypting stored video files with end-to-end can easily be done with inclusion of libraries made for just this purpose. In fact, some services seem to specialize in helping businesses with exactly this transition, intending to facilitate compliance with privacy legislation like HIPAA and GDPR.

Implementation Scheme Suggestion

Readers not interested in specific technical suggestions can safely skip this section. The TL;DR: an E2EE scheme for home security systems can and should be implemented.

So, how would such a system be implemented? In specifying this implementation suggestion, specific details such as choice of algorithm or keysize is omitted. Best practices should be followed for these. The intention is not to provide a spec, but rather to give a broad overview of the various pieces of infrastructure and how they could communicate with the assurances E2EE provides.

Keybase provides a good template for how to ensure key material is not lost through user mismanagement, sharing key material between multiple devices and using physical artifacts like paper copies in combination with digital devices to provide a guarantee of secure key redundancy.

The doorbell device, upon first activation, would generate a new doorbell keypair. The public key for the doorbell can be shared with the smart device app where the feed and videos will be viewed via a direct connection in a shared trusted network setting.

Likewise, the first smart device app connecting to the doorbell will generate a keypair, and communicate its public key to the doorbell in the same shared trusted network setting. The user would also be prompted to back up their key with a paper copy, and tips on best practices in physical security could be communicated.

If the doorbell has a speaker, it can at this point read off the digest form of the doorbell public key concatenated with the digest form of the app public key it received. This is the equivalent of safety numbers in Signal, and could be presented modulo the diceware list to generate a series of words, for the sake of usability. This should be verified by the user on the smart device app. Otherwise, trust in the public keys will have to be derived from the trusted network setting in which they were exchanged.

If a secondary smart device is added to the account, it should be linked with the primary smart device. Since the secondary device does not yet trust the primary device, secure key discovery has to be performed. The primary device should generate a symmetric key, and display it to the user in the form of a code. It should then send a copy of the app keypair encrypted with the symmetric key to the secondary device, which will prompt the user to enter the code to decrypt and start using the keypair. Alternatively, the secondary device could derive the keypair from the paper copy.

Any additional devices added to the account can follow the same process to receive the app keypair.

At this point, trust is established between the doorbell and all connected devices' apps.

Upon activation, the doorbell would begin recording video (and possibly audio). The video should be encrypted to a random, newly-generated symmetric key. This symmetric key should then be encrypted to the app public key, signed by the doorbell private key, and saved as a separate file. Both files should then be stored on the cloud. Upon access of the video, the app will then decrypt the symmetric key with its private app key, and use that to decrypt and view the video. To share the video, the app can decrypt the symmetric key and share that with the server or whoever is requesting access.

Live video can also be provided to devices by encrypting it to the app public key directly and signing it with the doorbell private key. Likewise, if a two-way communication is desired, the app can encrypt any audio sent back to the doorbell with the doorbell public key.

Why Ring Won't Want To Implement This...

Ring brands itself as a security-focused company, despite its digital security record. It handles the footage of millions of customers. Given the benefits to its customers, use of E2EE would seem like a natural next step. We hope Ring takes this step for its customers—it would certainly be a welcome turn for a company plagued by recent bad press following its insecure practices. It would show a real willingness to protect its customers and their data. But unfortunately, Ring currently has a direct incentive not to implement this strong security measure.

In the spring of 2018, Ring began a partnership program with police departments across the U.S. This program has expanded dramatically since its introduction to over 900 departments. Ring has carefully cultivated these relationships, with the expectation of troves of information from Ring's system being available to law enforcement. Additionally, these relationships are largely secretive, with agreements requiring confidentiality be maintained.

They've also expressed interest in implementing facial recognition for footage. In our post last week, we expressed serious concerns about this technology, including that it exacerbates racial bias and overpolicing. In order to perform identification using Amazon's facial recognition infrastructure, Ring would need unencrypted access to user footage.

Privacy advocates and customers face an uphill battle to convince Ring to implement these features. In the past, Ring has been slow to take steps to address user security and privacy concerns. Their incentives are currently to maintain and expand the partnerships they've built, utilizing Amazon's infrastructure to process the footage they possess. It will take Ring a significant reprioritization of their customers over their partnerships in order to take the next step forward.

...And A Competitor Just Might

Luckily, Ring isn't the only game in town. The field of smart home-security systems is filled with competitors, such as Google's Nest. These competitors, for whatever reason, haven't been as willing or able to build out a mass surveillance system for police use. This leaves them unencumbered by the agreements and expectations Ring has tied itself down with. A competitor in the field could implement a system that provided E2EE guarantees to its customers, protecting their feeds and footage in a very comprehensive way—from nosy employees, malicious hackers, and police agents all too eager to have this mass of data at their fingertips.

Whoever ends up implementing this forward-thinking system would signal that they are ready to take the sensitive data of their customers seriously. This would be a big step forward for the privacy and security of not just device owners, but also the community as a whole.

55 Android Apps Everyone Should Own - Lifehacker Australia

Posted: 19 Mar 2020 09:15 PM PDT

Spreading faster than the coronavirus outbreak itself is the wealth of information about it. Despite there being plenty available, our understanding of the virus and its spread has been changing more rapidly than we can manage regular updates for. This is best shown with Australia's own case count. While it's provided through the federal health department, it's not being updated as quickly as others so figures soon become outdated.

If you want to know how many confirmed coronavirus cases there are in Australia, here are some of the best sources to check.

Assume 'malicious parties' are waiting to pounce on telework traffic, NIST tells agencies - FedScoop

Posted: 19 Mar 2020 02:18 PM PDT

Written by
Mar 19, 2020 | FEDSCOOP

The National Institute of Standards and Technology is advising agencies to ensure the cybersecurity of any internal resources they make available to teleworkers through remote access during the COVID-19 pandemic.

Remote access technologies are, by nature, exposed to more external threats, notes the NIST Information Technology Laboratory bulletin issued Thursday. The advisory follows a separate guidance Wednesday by the Office of Management and Budget for agencies minimize face-to-face interactions as the coronavirus spreads.

The lab's Computer Security Division suggested limiting remote access to as few teleworkers as possible to decrease the risk of compromise. The typical civilian agency worker is accessing their agency's network with desktops, laptops, smartphones and tablets via remote access software like virtual private networks (VPNs) and portals.

"An organization should assume that external facilities, networks, and devices contain hostile threats that will attempt to gain access to the organization's data and resources," reads the bulletin. "Organizations should assume that malicious parties will gain control of telework client devices and attempt to recover sensitive data from them or leverage the devices to gain access to the enterprise network."

Based on that assumption, NIST made four recommendations to improve telework security:

  • Plan telework-related security policies and controls based on the assumption that external environments contain hostile threats.
  • Develop a telework security policy that defines telework, remote access, and bring-your-own-device (BYOD) requirements.
  • Ensure that remote access servers are secured effectively and configured to enforce telework security policies.
  • Secure organization-controlled telework client devices against common threats, and maintain their security regularly.

Remote access tech like laptops and cellphones are more likely to be lost or stolen once they leave the office. Unsecured networks used to access any organization's internal resources are susceptible to eavesdropping and "man-in-the-middle" attacks to intercept and alter communications.

NIST advised either encrypting device storage, encrypting all sensitive data stored on client devices or not storing sensitive data on those devices at all. Strong multi-factor identification deters people from handing their devices to unapproved people for use, the bulletin notes.

Anti-virus tech, verifying a device's security posture before allowing remote access or establishing a separate network for BYOD all mitigate malware, which has more avenues to infect teleworkers' devices, according to the bulletin.

NIST identified four remote access methods by architecture: tunneling, portals, direct application access, remote desktop access.

Tunneling establishes secure communications between a telework device and a remote access server, typically a VPN gateway, and protects them through cryptography.

A portal server allows access to applications through a, generally web-based, central interface that telework devices access. Most portals are secure sockets layer VPNs.

Direct application access doesn't use remote access software but instead lets teleworkers access a single, secure application directly like webmail. Teleworkers use a web browser to connect using a hypertext transfer protocol secure to a web server that authenticates them before granting email access.

Remote desktop access — where a teleworker remotely controls their office desktop from an outside device — is the least secure.

"Generally, remote desktop access solutions, such as those using the Microsoft Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC), should only be used for exceptional cases after a careful analysis of the security risks," reads the bulletin. "The other types of remote access solutions described in this bulletin offer superior security capabilities."
-

Comments

Post a Comment

Popular Posts

6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog

Image
6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog 6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog 5 best TrueCrypt alternatives | Encrypt your computer with these apps - proprivacy.com The Best Way to Encrypt Email in Outlook - Security Boulevard 6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog Posted: 23 Nov 2019 12:00 AM PST Anti-forensic techniques can make a computer investigator's life difficult. From committing fraud in an organization to stealing crucial data, cybercriminals can perform a wide range of nefarious activities. In some cases, these perpetrators try to cover their tracks by deleting browser history, cache memory, and even cookies. But with an upward trend , it is now much convenient for cyber attackers to use already progr...
Read more

How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf

Image
How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf Physical and Digital Safety: Arrest and detention - CPJ Press Freedom Online Mobile Encryption Market – Key Players, Size, Trends, Growth Opportunities, Analysis and Forecast To 2027 – The Courier - The Courier Fleeing WhatsApp for Better Privacy? Don't Turn to Telegram - WIRED How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf Posted: 23 Feb 2021 12:00 PM PST [unable to retrieve full-text content] How to Encrypt Your iPhone or iPad Backup    MUO - MakeUseOf Physical and Digital Safety: Arrest and detention - CPJ Press Freedom Online Posted: 24 Feb 2021 06:14 AM PST Share this: Covering certain stories–such as human rights abuses, corruption, or civil unrest–can place you at a higher risk of arrest and detention, particularly...
Read more

A Look At Blockchain Smartphones Available Now - I4U News

Image
A Look At Blockchain Smartphones Available Now - I4U News A Look At Blockchain Smartphones Available Now - I4U News Posted: 09 Oct 2019 06:19 AM PDT There is probably no one in the world who has not heard of cryptocurrencies. In the past few years, the general public's awareness of the likes of Bitcoin and Ethereum has skyrocketed. This has happened to such a degree that there are literally millions of us using Bitcoin wallets offered by Luno and other well established names in the industry. On the other hand, blockchain is not necessarily that well known and its capabilities maybe a little less. So although we know that blockchain is the basis of cryptocurrencies, many of us know little more than that. Anyways, this technology is extremely adaptable and is being applied to many industries/sectors from health to disaster recovery. So that it will come as no surprise that blockchain is shifting its attention to mobile. This has resul...
Read more