vpn

24 Articles

This Week In Security: Cookie Monster, CyberGhost, NEXX, And Dead Angles

April 7, 2023 by 5 Comments

“Operation Cookie Monster” ranks as one of the best code names in recent memory. And it’s apropo, given what exactly went down. Genesis Market was one of those marketplaces where criminals could buy and sell stolen credentials. This one was a bit extra special.

Websites and services are getting better about detecting logins from unexpected computers. Your Google account suddenly logs in from a new computer, and a two-factor authentication challenge launches. Why? Your browser is missing a cookie indicating you’ve logged in before. But there’s more. Providers have started rolling out smart analytics that check for IP address changes and browser fingerprints. Your mix of time zone, user string, installed fonts, and selected language make a pretty unique identifier. So sites like Genesis offer Impersonation-as-a-Service (IMPaaS), which is session hijacking for the modern age.

A victim computer gets owned, and credentials are collected. But so are cookies and a browser fingerprint. Then a criminal buyer logs in, and runs a virtual browser with all that collected data. Run through a proxy to get a IP that is geolocated close enough to the victim, and Mr. Bad Guy has a cloned machine with all accounts intact.

And now back to Operation Cookie Monster, a multi-organization takedown of Genesis. It’s apparently a partial takedown, as the latest word is that the site is still online on the Tor network. But the conventional domains are down, and something like eight million credentials have been captured and added to the Have I Been Pwned database.

Another researcher team, Sector 7, has been working the case with Dutch authorities, and has some interesting details. The vector they cover was a fake activation crack for an antivirus product. Ironic. There are several extensions that get installed on the victim computer, and one of the most pernicious is disguised as Google Drive. This extension looks for a Command and Control server, using Bitcoin as DNS. A hardcoded Bitcoin address is polled for its latest transaction, and the receiving address is actually an encoded domain name, you-rabbit[.]com as of the latest check.

This extension will look for and rewrite emails that might be warning the victim about compromise. Get an email warning about a cryptocurrency withdrawal? It modifies it in the browser to be a sign-in warning. It also allows Genesis customers to proxy connections through the victim’s browser, bypassing IP address security measures. Continue reading “This Week In Security: Cookie Monster, CyberGhost, NEXX, And Dead Angles”

Slap This Big Red Button For An Instant Social Media Detox

September 30, 2022 by 8 Comments

Dangerous machines, like ones that can quickly reduce you to a fine red mist or a smoking cinder, tend to have a Big Red Button™ to immediately stop whatever the threat is. Well, if a more dangerous machine than social media has ever been invented, we’re not sure what it would be, which is why we’re glad this social media kill switch exists.

The idea behind [Gunter Froman]’s creation is to provide a physical interface to SocialsDetox, a service that blocks or throttles connectivity to certain apps and websites. SocialDetox blocks access using either DNS over HTTPS (DoH) or, for particularly pesky and addictive apps, a service-specific VPN. The service does require a subscription, the cost of which varies by the number of devices you want to protect, but the charges honestly seem pretty reasonable.

While SocialsDetox can be set up to block access on a regular schedule, say if you want to make the family dinner a social-free time, there may be occasions where killing social access needs to happen right now. This is where the Big Red Button comes into it, which is attached to a Wemos D1 Mini. Pressing the kill switch sends an API request to either enable or disable the service, giving you a likely much-needed break from the swirling vortex of hate and envy that we all can’t seem to live without. Except for Hackaday, of course — it’s totally not like that here.

The irony of using an IoT appliance to restrict access to social media is not lost on us, but you work with the tools you’ve got. And besides, we like the physical interface here, which sort of reminds us this fitting enclosure for a PiHole.

Linux For The Paranoid Does The Work For You

December 22, 2021 by 42 Comments

We all know that our activity on the Internet is not that hard to track. It just annoys some people more than others. If you are really hardcore, you’ll learn all the ins and outs of networking to help cover your tracks, but what if you don’t want to invest that kind of time? Maybe, as [TechRepublic] suggests, try Kodachi Linux.

You could, of course, start with your own live image. Then when you boot, you could take the following steps:

  • Randomize your MAC Address
  • Establish a TOR connection through a VPN
  • Route all internet traffic through TOR and use DNS encryption
  • Set up a scheduled task to scramble your MAC address periodically

But that’s what Kodachi does without any real effort on your part.

The distribution is based on Ubuntu, so all the familiar tools are there. There are also a few security and privacy tools included like KeePass, Tox, OnionShare, i2p, and more. The desktop shows a summary of secure network information

Do you need Kodachi? Probably not, if you are a Linux guru. Plus, most people aren’t doing anything that’s that interesting. But if you want to protect your privacy or you are up to something, give Kodachi a try. Then again, if you are that paranoid, maybe that’s just what THEY want you to do. Make your own decisions. You can also check out the video review from [eBuzz Central] below.

Looking for more conventional Linux? Why not Rocky Linux? If you just want a VPN, you can always just use ssh.

Continue reading “Linux For The Paranoid Does The Work For You”

Basics Of Remote Cellular Access: Connecting Via VPN

January 14, 2021 by 9 Comments

You’ve got a machine hooked up to the Internet via a shiny new cellular modem, which you plan to administer remotely. You do a quick check on the external IP, and try and log in from another PC. Try as you might, SSH simply won’t connect. What gives?

The reality of the modern internet is that most clients no longer get their own unique IPv4 address. There simply aren’t enough to go around anymore. Instead, most telecommunications operators use Carrier Grade Network Address Translation which allows a single external address to be shared by many customers. This can get in the way of direct connection attempts from the outside world. Even if that’s not the case, most cellular operators tend to block inbound connections by default. However, there is a way around this quandary – using a VPN. Continue reading “Basics Of Remote Cellular Access: Connecting Via VPN”

Linux Fu: VPN For Free With SSH

November 23, 2020 by 44 Comments

If you see a lot of banner ads on certain websites, you know that without a Virtual Private Network (VPN), hackers will quickly ravage your computer and burn down your house. Well, that seems to be what they imply. In reality, though, there are two main reasons you might want a VPN connection. You can pay for a service, of course, but if you have ssh access to a computer somewhere on the public Internet, you can set up your own VPN service for no additional cost.

The basic idea is that you connect to a remote computer on another network and it makes it look like all your network traffic is local to that network. The first case for this is to sidestep or enhance security. For example, you might want to print to a network printer without exposing that printer to the public Internet. While you are at the coffee shop you can VPN to your network and print just like you were a meter away from the printer at your desk. Your traffic on the shop’s WiFi will also be encrypted.

The second reason is to hide your location from snooping. For example, if you like watching the BBC videos but you live in Ecuador, you might want to VPN to a network in the UK so the videos are not blocked. If your local authorities monitor and censor your Internet, you might also want your traffic coming from somewhere else.

Continue reading “Linux Fu: VPN For Free With SSH”

Free P2P VPN

October 18, 2020 by 34 Comments

People use a VPN — virtual private network — for a lot of reasons. However, for many people it is synonymous with hiding your network traffic, one thing that VPN can do. FreePN is a relatively new open source project that aims to build a free peer-to-peer VPN network. Like TOR, it is decentralized.

Right now, you can download for Ubuntu and Gentoo. There is a way to ask for early access for Debian, Fedora, and Arch. Windows, iOS, MacOS, and Android versions are promised for the future.

Continue reading “Free P2P VPN”

This Week In Security: VPNs, Patch Tuesday, And Plundervault

December 13, 2019 by 11 Comments

An issue in Unix virtual private networks was disclosed recently, where an attacker could potentially hijack a TCP stream, even though that stream is inside the VPN. This attack affects OpenVPN, Wireguard, and even IPSec VPNs. How was this possible? Unix systems support all manner of different network scenarios, and oftentimes a misconfiguration can lead to problems. Here, packets sent to the VPNs IP address are processed and responded to, even though they are coming in over a different interface.

The attack initially sounds implausible, as an attacker has to know the Virtual IP address of the VPN client, the remote IP address of an active TCP connection, and the sequence and ACK numbers of that connection. That’s a lot of information, but an attacker can figure it out one piece at a time, making it a plausible attack. Continue reading “This Week In Security: VPNs, Patch Tuesday, And Plundervault”