A lot of fuss for little trouble: Browser video chat renders VPN worthless, it says. Or: Firefox and Chrome reveal original IP address. Or: Deanonymisation via WebRTC. However: Turns out, very few are affected, because the vast majority operates behind a router and it is shielded by default – and even those, who actually are affected, can resolve the issue with little effort.
So, what’s this all about?
It’s about WebRTC, a video chat technique for real time communication directly inside modern browsers like Firefox and Chrome, which, as a side effect, can help to unveil a user’s original IP address, even though she or he is camouflaged by a VPN. Theoretically. In the real world the possible leak just affects users who are directly connected to the Internet with a modem. The WebRTC makes it possible to read all registered IP addresses inside the network card. All others should be safe, even though they use one of the mentioned browsers. From behind a router, all WebRTC is going to see will be in most cases a bunch of local IP addresses, such as 192.168.178.xxx and alike, which are common in all local networks and therefore worthless in terms of tracking.
If your browser is affected, can be tested very fast on the CyberGhost WebRTC IP detection page. Just open your browser and visit this page: WebRTC Real IP Detection.
If your real IP is exposed, start CyberGhost, clean your browser’s cache (by hitting ‘F5′) and visit the page again. If you’re unlucky and your IP is still exposed, install either the WebRTC Block plug-in for Chrome or the Disable WebRTC plug-in for Firefox.
If the world really needed more proof to realise the scale on which the NSA machinery operates, a new and irrefutable proof was released today.
On January 17 2015, Spiegel.de published an article based on documents obtained from Edward Snowden and provided a copy of a malicious program named “QWERTY” ), supposedly used by several governments in their Computer Network Exploitation (CNE)operations.
Today, the same news publication released an article, demonstating the same code provenience and indentical functionality of “QWERTY” malware to the Regin 50251 plugin.
Given the fact that the QWERTY keylogger doesn’t function as a stand-alone module, only in tandem with kernel hooking functions provided by the Regin module 50225, it was concluded that the QWERTY malware developers and the Regin developers are the same or working together.
You can read here all the mind-binding conclusions of this ground breaking analysis that states once again that mass-surveillance is more than a fact, it’s a threat.
Contrary to the claims of an unknown hacker group, initially issuing themselves as Anonymous hacker, no credit card information has been stolen from CyberGhost’s servers and published. The reason is obvious: CyberGhost itself handles no payments and therefore has no access to credentials or has any infrastructure to save it. Accordingly, the published list only contains a rather lame collection of expired serial numbers from past promotions …
At Christmas, a group of anonymous hackers filled the headlines, presenting a Sony hack and, later on, asserted via Twitter, to have hacked various companies and stolen their customer data, including UbiSoft, VCC, Brazzers, UFC TV, XBL Gamers, Twitch TV, Amazon, Hulu Plus, Dell, Walmart , EA Games, and, ultimately, CyberGhostVPN. Initially known as ‘Anonymous’, then as ‘Lizard Squad’, the group seemed to have access to different companies and collected a list of over 13,000 accounts on Amazon, Playstation, Xbox Live, Hulu Plus, Walmart and other retailers as well as entertainment and adult platforms. The list includes credit card numbers, security codes and expiration dates. As a little extra, the hacker also published a copy of the controversial Kim de Jong lampoon movie ’The Interview’.
Of course we can’t say anything about the truth of the allegations regarding the other affected companies, this is still to be reviewed, but as far as CyberGhost is concerned, we can give the all clear. CyberGhost itself does not accept payments and therefore has no data collection of credentials or else. In fact CyberGhost relies for payment processing on the e-commerce company cleverbridge – whose name is not on the list.
So what exactly has being published then, if not credit card data? Well, a series of expired serial numbers for CyberGhost subscriptions, grabbed at earlier campaigns and other promotions, plus some occasional license keys from recent actions (which were disabled during the last few days). So the purpose of the publication is rather unknown; it neither proves the existence of a vulnerability nor does it benefit someone.
Right now, most of you are probably making plans to escape the concrete jungle and head on to a city break somewhere quieter or to go see your family and friends.
However, there are a few important measures you should take in order to fully enjoy your holidays without getting your bank details stolen, accounts hacked, or house ravaged.
Don’t Show And Tell
No matter how tempting it is to brag about your perfectly planned vacation in an exotic destination, it’s never a good idea.
There are a lot of people out there, who can’t wait to break into an empty house and won’t leave empty handed either, while they’re at it.
So keep that in mind next time you’re traveling! Those awesome Instagram photos can wait a few days.
Speaking of which…
Check Your Privacy Settings Before Uploading Photos
Don’t even think to share that photo with you holding three shots in one hand, before checking who can actually see it.
Sure, your friends will think it’s funny, your exes will turn grey with envy and your mom might get slightly worried.
Your current and future employers, work colleagues or people who don’t know you so well yet, will never see you with the same eyes again.
Secure Payment Methods Are Your Friend
No matter how much you’re trying to escape your daily duties, it’s inevitable that at some point you might need to pay those bills that keep piling up.
In that case, make sure you always use a secure payment method, like bitcoin (if it’s accepted), or Secure Pay.
But even that is not helpful if you don’t…
Use Strong Passwords For Everything
You might be tempted to use 1234 or your dog’s name as a password, but that is a huge mistake pretty much everyone comes to regret at some point. The only way you can make it worse is by having one password for all your accounts.
Regardless of the time and energy you think you’re saving, all you do is preparing yourself for sharing with the world a tad more than you’re willing and ready to.
Strong passwords should have at least 8 characters, contain big and small letters, special characters and numbers.
And if you think you won’t remember them all, you’re probably right. That’s why a password manager like KeePass always comes in handy.
Beware of WiFi Networks And Encrypt Your Connection
Last, but not least, it’s important you remember to encrypt your internet connection whenever you use public HotSpots, which you will be doing a lot.
The simplest and most efficient way to do this, is by using a VPN.
CyberGhost VPN encrypts your traffic and changes your IP so you can surf anonymously and safe.
Did you know that even the great Caesar used a cipher to hide his military
correspondence between 100 – 44 B.C? The key in this case was simply
to shift to the right by three.
Encryption is not a new concept but it keeps getting more and more complex and useful. We thought that a guide to encryption accessible to everyone would be more than welcomed, either to understand it better or to share it with people who would need it.
Just a short intro: encryption is the process through which information or data is transformed (encoded) in such a way that is unreadable to anyone who does not have the knowledge of the way it was transformed.
The information thus becomes available only to the authorized parties. This authorization works based on keys. Encoding the information is made by using an encryption key while decoding the information is made by using a decryption key.
Along with the new account management we also prepared other simplifications for our subscribers – and for future ghosties. But first things first:
Updated account management – a new subscription model
The first idea was the restructuring of your account management that brought the question, whether prepaid and subscription models with subsequent activation and management of keys were still in trend.
After all: along with changing the account management, arouse the desire to invest more time in the development of our subscription model and have a closer look to our past customer’s demands.
And so the work began. Wwe realized that a sacrifice was needed: the prepaid plans in versus the activation keys, and a preference for a cheaper and more user-friendly monthly and yearly subscription systems with the main goal to transfer all activation and payment processes into the background.
For the first time CyberGhost allowes promotions, actions such as ‘money back guarantee’, ‘sample months at a special price’, and also consider customer requests for various trial subscriptions. Now it’s the time to get curious!
Major changes first: Are you logged into your account, the CyberGhost is now missing the button ‘Enter Activation Code’. You also need to create an account before you can purchase a subscription or an update, while the res of the process has been completely moved to the background. After paying your subscription or update, your account will be automatically activated or renewed, depending when you subscribed.
And the activation keys?
They officially no longer exist in regular sales – but are still used for advertising campaigns and promotions. They also have a deadline activation time frame.
Users with active valid keys, from our campaigns or from the Indiegogo crowdfunding campaign, can enter their keys in the online account management and activate it there if they need too. Expiration dates do not apply for keys from regular sales campaigns (so, no hurry there). Only the promotion keys have an activation deadline.
What will change for current subscribers?
Subscribers, who had been receiving reminder mails and invoices, and had to regularly enter a new activation code, can breathe easy now. Any renewals will be processed automatically. The updates from Free/Special/Premium to Special/Premium/Premium Plus will be handled more easily: Click, pay, done. Any activation, subscription modification and upgrade will be done automatically for you.
What should I consider?
For all the other subscriptions you shouldn’t miss the end date, if you don’t want to use CyberGhost any longer. Monthly subscriptions need to be cancelled monthly, yearly subscriptions, annually. In most cases an email to the seller, usually cleverbridge, is enough, but please consult any current order terms, just to make sure.
Will unused keys be rendered invalid? No. Users, who in the past have purchased a key without expiration date (e. g. on the latest CyberGhost Indiegogo campaign or other official events), can keep on storing and activate their keys at the appropriate time in their account management.
Will unused promotion keys be rendered invalid? Only if you exceed the specified latest time of activation.
Will prepaid subscriptions automatically be converted? No. After the expiration of your current subscription it is up to you, whether you want to continue to use Cyber Ghost in the new convenient subscription system or not.
How do I reactivate an account without key? You can re-activate an account with either your password or, if lost, your PUK. There are no other possibilities!
Will you ever re-install a pre-paid system with activation keys? No, the entire system was converted to the user-friendly subscription system.
For any further questions please consult our extensive support documentation.
This week three betas compete for your attention: The latest CyberGhost VPN Windows client, CyberGhost for Android and the fresh installation of the first #NoSpyProxy.
CyberGhost Windows Beta 18.104.22.168
The latest beta of your favorite desktop VPN client addresses some seldom occurring connection losses and will be available soon via the beta channel. If you want to test it, please activate the option ‘Install beta updates’ in your client’s settings under the ‘General’ tab.
CyberGhost Android 22.214.171.124
The upcoming version 126.96.36.199 of the CyberGhost Android client solves some important issues: no more crashes while starting the app, as well as a program freezing, when changing settings. Also new: an option to deactivate the recognition of untrusted networks, a different rendering engine, that handles the country and server lists much better, small bug fixes and minor GUI changes.
To test the beta, you need to join the CyberGhost-Community on Google+. Once done, click on https://play.google.com/apps/testing/de.mobileconcepts.cyberghost, to become a beta tester and download the beta from Google’s Play Store.
First #NoSpyProxy On Air
Since Monday, the first beta of the first CyberGhost NoSpyProxy runs smoothly in our nice and cozy hardware room next door. Our own data center is meant to reduce physical hardware attacks near zero and is, by the way, thanks to our more than successful Indiegogo campaign financed by more than 200%. The campaign also ended on Monday.
All running 12 instances are located on the Bucharest server S08 and can be activated by our Priority Boarders (donnors from Indiegogo) by choosing a single instance, labeled Bucharest-S08-I01 to Bucharest-S08-I12. We’ve got high performance servers with tough encryption running on them, as an ultimate layer of security.