WebRTC Leak: Are you affected?

A lot of fuss for little trouble: Browser video chat renders VPN worthless, it says. Or: Firefox and Chrome reveal original IP address. Or: Deanonymisation via WebRTC. However: Turns out, very few are affected, because the vast majority operates behind a router and it is shielded by default – and even those, who actually are affected, can resolve the issue with little effort.

So, what’s this all about?

It’s about WebRTC, a video chat technique for real time communication directly inside modern browsers like Firefox and Chrome, which, as a side effect, can help to unveil a user’s original IP address, even though she or he is camouflaged by a VPN. Theoretically. In the real world the possible leak just affects users who are directly connected to the Internet with a modem. The WebRTC makes it possible to read all registered IP addresses inside the network card. All others should be safe, even though they use one of the mentioned browsers. From behind a router, all WebRTC is going to see will be in most cases a bunch of local IP addresses, such as 192.168.178.xxx and alike, which are common in all local networks and therefore worthless in terms of tracking.

U test

If your browser is affected, can be tested very fast on the CyberGhost WebRTC IP detection page. Just open your browser and visit this page: WebRTC Real IP Detection.

webrtc_detection_01

 

If your real IP is exposed, start CyberGhost, clean your browser’s cache (by hitting ‘F5′) and visit the page again. If you’re unlucky and your IP is still exposed, install either the WebRTC Block plug-in for Chrome or the Disable WebRTC plug-in for Firefox.

webrtc_detection_02

Full proof – ‘Regin’ Trojan is an NSA Tool

If the world really needed more proof to realise the scale on which the NSA machinery operates, a new and irrefutable proof was released today.

On January 17 2015, Spiegel.de published an article based on documents obtained from Edward Snowden and provided a copy of a malicious program named “QWERTY” ), supposedly used by several governments in their Computer Network Exploitation (CNE)operations.

Today, the same news publication released an article, demonstating the same code provenience and indentical  functionality of  “QWERTY” malware to the Regin 50251 plugin.

Regin/Querty Vergleich Kaspersky

 

Given the fact that the QWERTY keylogger doesn’t function as a stand-alone module, only in tandem with kernel hooking functions provided by the Regin module 50225, it was concluded that the QWERTY malware developers and the Regin developers are the same or working together.

You can read here all the mind-binding conclusions of this ground breaking analysis that states once again that mass-surveillance is more than a fact, it’s a threat.

5 Tips For Preserving Your Online Privacy While Traveling for Holidays

It’s the season to be jolly! And travel. A lot.

Right now, most of you are probably making plans to escape the concrete jungle and head on to a city break somewhere quieter or to go see your family and friends.

However, there are a few important measures you should take in order to fully enjoy your holidays without getting your bank details stolen, accounts hacked, or house ravaged.

xmas

  1. Don’t Show And Tell

No matter how tempting it is to brag about your perfectly planned vacation in an exotic destination, it’s never a good idea.

There are a lot of people out there, who can’t wait to break into an empty house and won’t leave empty handed either, while they’re at it.

So keep that in mind next time you’re traveling! Those awesome Instagram photos can wait a few days.

Speaking of which…

  1. Check Your Privacy Settings Before Uploading Photos

Don’t even think to share that photo with you holding three shots in one hand, before checking who can actually see it.

Sure, your friends will think it’s funny, your exes will turn grey with envy and your mom might get slightly worried.

Your current and future employers, work colleagues or people who don’t know you so well yet, will never see you with the same eyes again.

  1. Secure Payment Methods Are Your Friend

No matter how much you’re trying to escape your daily duties, it’s inevitable that at some point you might need to pay those bills that keep piling up.

In that case, make sure you always use a secure payment method, like bitcoin (if it’s accepted), or Secure Pay.

But even that is not helpful if you don’t…

  1. Use Strong Passwords For Everything

You might be tempted to use 1234 or your dog’s name as a password, but that is a huge mistake pretty much everyone comes to regret at some point. The only way you can make it worse is by having one password for all your accounts.

Regardless of the time and energy you think you’re saving, all you do is preparing yourself for sharing with the world a tad more than you’re willing and ready to.

Strong passwords should have at least 8 characters, contain big and small letters, special characters and numbers.

And if you think you won’t remember them all, you’re probably right. That’s why a password manager like KeePass always comes in handy.

Tip 005 - Choose Complex Passwords - Not a Vocabulary Word

  1. Beware of WiFi Networks And Encrypt Your Connection

Last, but not least, it’s important you remember to encrypt your internet connection whenever you use public HotSpots, which you will be doing a lot.

The simplest and most efficient way to do this, is by using a VPN.

CyberGhost VPN encrypts your traffic and changes your IP so you can surf anonymously and safe.

And you’re in luck! We have a great offer, too!

Encryption – A Guide for Everyone

Did you know that even the great Caesar used a cipher to hide his military
correspondence between 100 – 44 B.C?  The key in this case was simply
to shift to the right by three.

Encryption is not a new concept but it keeps getting more and more complex and useful. We thought that a guide to encryption accessible to everyone would be more than welcomed, either to understand it better or to share it with people who would need it.

Just a short intro: encryption is the process through which information or data is transformed (encoded) in such a way that is unreadable to anyone who does not have the knowledge of the way it was transformed.
The information thus becomes available only to the authorized parties. This authorization works based on keys. Encoding the information is made by using an encryption key while decoding the information is made by using a decryption key.

Encryption

You can read the entire guide here.

Feel free to share it with people interested.

New Update: CyberGhost – Free VPN & Proxy for Android 5.0.16.3

The current update improves CyberGhost’s Android compatibility with more smart phones and tablet PCs. For that the ensemble acting of app and the new Crosswalk engine had been refined, while small bug fixes also got implemented.

nexus-5-mockup (device, mockup) - with CyberGhost B

Last changes:

Version 5.0.16.3:

  • Improvement: small changes on the CyberGhost dialog engine
  • Improvement: care of Crosswalk engine
  • Fixed: crash when writing debug log

Version 5.0.16.0:

  • New: added possibility to choose between engines: web kit engine (Android) or Crosswalk engine (Intel).
  • Improvement: extended Wi-Fi protection

Version 5.0.14.11:

  • New: Possibility to change between TCP and UDP
  • Improved: small design changes
  • Improved: better GUI performance by new render engine
  • Changed: Auto connect now works in unsecure networks also
  • Updated: OpenVPN
  • Fixed: crash when changing network with Android 4.4; no reboot necessary to reconnect
  • Fixed: small bug fixes

We’re always interested in what you have to say about CyberGhost so feel free to send us your feedback in the comments below or at [email protected]

News from CyberGhost: Beta (Windows), Beta (Android) and, yes, another Beta (NoSpy)

This week three betas compete for your attention: The latest CyberGhost VPN Windows client, CyberGhost for Android and the fresh installation of the first #NoSpyProxy.

CyberGhost Windows Beta 5.0.14.7

The latest beta of your favorite desktop VPN client addresses some seldom occurring connection losses and will be available soon via the beta channel. If you want to test it, please activate the option ‘Install beta updates’ in your client’s settings under the ‘General’ tab.

windows_steps

CyberGhost Android 5.0.15.19
The upcoming version 5.0.15.17 of the CyberGhost Android client solves some important issues: no more crashes while starting the app, as well as a program freezing, when changing settings. Also new: an option to deactivate the recognition of untrusted networks, a different rendering engine, that handles the country and server lists much better, small bug fixes and minor GUI changes.

Android B

To test the beta, you need to join the CyberGhost-Community on Google+. Once done, click on https://play.google.com/apps/testing/de.mobileconcepts.cyberghost, to become a beta tester and download the beta from Google’s Play Store.

First #NoSpyProxy On Air

Since Monday, the first beta of the first CyberGhost NoSpyProxy runs smoothly in our nice and cozy hardware room next door. Our own data center is meant to reduce physical hardware attacks near zero and is, by the way, thanks to our more than successful Indiegogo campaign financed by more than 200%. The campaign also ended on Monday.

CG Servers B4b

All running 12 instances are located on the Bucharest server S08 and can be activated by our Priority Boarders (donnors from Indiegogo) by choosing a single instance, labeled Bucharest-S08-I01 to Bucharest-S08-I12.  We’ve got high performance servers with tough encryption running on them, as an ultimate layer of security.

Upgrade and tell us how you like them!