An anonymous reader writes: A team of security researchers has revealed a new encryption vulnerability called 'Logjam,' which is the result of a flaw in the TLS protocol used to create encrypted connections. It affects servers supporting the Diffie-Hellman key exchange, and it's caused by export restrictions mandated by the U.S. government during the Clinton administration. "Attackers with the ability to monitor the connection between an end user and a Diffie-Hellman-enabled server that supports the export cipher can inject a special payload into the traffic that downgrades encrypted connections to use extremely weak 512-bit key material. Using precomputed data prepared ahead of time, the attackers can then deduce the encryption key negotiated between the two parties."

Internet Explorer is the only browser yet updated to block such an attack — patches for Chrome, Firefox, and Safari are expected soon. The researchers add, "Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break." Here is their full technical report (PDF).

An anonymous reader writes: During the past two days, popular code hosting site GitHub has been under a DDoS attack, which has led to intermittent service interruptions. As blogger Anthr@X reports from traceroute lists, the attack originated from MITM-modified JavaScript files for the Chinese company Baidu's user tracking code, changing the unencrypted content as it passed through the great firewall of China to request the URLs github.com/greatfire/ and github.com/cn-nytimes/. The Chinese government's dislike of widespread VPN usage may have caused it to arrange the attack, where only people accessing Baidu's services from outside the firewall would contribute to the DDoS. This wouldn't have been the first time China arranged this kind of "protest."

itwbennett writes In the course of trying to find out how many servers and devices are still vulnerable to the Web security flaw known as FREAK, researchers at Royal Holloway of the University of London found something else of interest: Many hosts (either servers or other Internet-connected devices) share the same 512-bit public key. In one egregious example, 28,394 routers running a SSL VPN module all use the same 512-bit public RSA key.

sarahnaomi writes In countries like Zambia, Tanzania, or Kenya, where very few have access to the Internet, Facebook is bringing its own version of the net: Internet.org, an app that gives mobile users free access to certain sites such as Google, Wikipedia and, of course, Facebook. While the initiative has clearly positive goals, it's also been criticized as an "imperialistic" push for Facebook colonies, where novice Internet.org users will grow up thinking their restricted version of the web is the real internet. To fight against that possibility, a 20-year-old developer from Paraguay is working on an app that tunnels the "regular" internet through Facebook Messenger, one of the services free to use on Internet.org's app. This allows Internet.org users to establish a link to the outside, unrestricted internet, circumventing restrictions.

New submitter Patrick O'Neill writes with this excerpt from The Daily Dot: Anti-censorship technology is de jure illegal in Iran, but many VPNs are sold openly, allowing Iranians to bounce around censorship and seemingly render it ineffective. Nearly 7 in 10 young Iranians are using VPNs, according to the country's government, and a Google search for "buy VPN" in Persian returns 2 million results. Iran's Cyber Police (FATA) have waged a high-volume open war against the VPNs, but it's still very easy to find, buy, and use the software. It's so easy, in fact, that you can use Iran's government-sanctioned payment gateways (Pardakht Net, Sharj Iran, Jahan Pay & Baz Pardakht) to buy the tools that'll beat the censors. To use these gateways, however, customers have to submit their Iranian bank account and identity, all but foregoing hopes of privacy or protection from authorities."

An anonymous reader writes Three separate Russian authorities have spoken out in favor of banning online anonymizing tools since February 5th, with particular emphasis on Tor, which — despite its popularity with whistle-blowers such as Edward Snowden and with online activists — Russia's Safe Internet League describes as an 'Anonymous network used primarily to commit crimes'. The three authorities involved are the Committee on Information Policy, Information Technologies and Communications, powerful Russian media watchdog Roskomnadzor and the Safe Internet League, comprising the country's top three network providers, including state telecoms provider Rostelecom. Roskomnadzor's press secretary Vadim Roskomnadzora Ampelonsky describes the obstacles to identifying and blocking Tor and VPN traffic as "difficult, but solvable."

A while ago you had a chance to ask Executive Director of the Tor project Andrew Lewman about fighting laws and technology that threaten anonymity and the importance of privacy. Below you'll find his answers to your questions.

jaa101 writes The Register (UK) and the Global Times (China) report that foreign VPN services are unavailable in China. A quote sourced to "one of the founders of an overseas website which monitors the Internet in China" claimed 'The Great Firewall is blocking the VPN on the protocol level. It means that the firewall does not need to identify each VPN provider and block its IP addresses. Rather, it can spot VPN traffic during transit and block it.' An upgrade of the Great Firewall of China is blamed and China appears to be backing the need for the move to maintain cyberspace sovereignty.

SonicSpike writes The investigative arm of the Department of Justice is attempting to short-circuit the legal checks of the Fourth Amendment by requesting a change in the Federal Rules of Criminal Procedure. These procedural rules dictate how law enforcement agencies must conduct criminal prosecutions, from investigation to trial. Any deviations from the rules can have serious consequences, including dismissal of a case. The specific rule the FBI is targeting outlines the terms for obtaining a search warrant. It's called Federal Rule 41(b), and the requested change would allow law enforcement to obtain a warrant to search electronic data without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network. It would also allow nonspecific search warrants where computers have been intentionally damaged (such as through botnets, but also through common malware and viruses) and are in five or more separate federal judicial districts. Furthermore, the provision would allow investigators to seize electronically stored information regardless of whether that information is stored inside or outside the court's jurisdiction.

Dangerous_Minds writes "The other day, Slashdot linked to a TorrentFreak story saying that Netflix was cracking down on VPN users. But PCMag has a story that quotes a Netflix spokesperson saying that there was no change in their policy on VPNs. Freezenet also did some digging around and found very few reports saying there were VPN access issues and even more reports from users say that their VPN solution is working for the time being."

An anonymous reader writes with reports that Netflix may be shutting out international VPN users. "Netflix can only stream the videos that studios make available in a given country, which has led to a booming business in workarounds (such as proxies and virtual private networks) that let you see the company's catalogs in other nations. Heck, one New Zealand internet provider practically built a service around it. However, you might not get to count on that unofficial solution for much longer. VPN operators claim to TorrentFreak that Netflix recently started blocking some users who use these technological loopholes to watch videos that would normally be verboten. The effort isn't widespread and mostly appears to focus on connections with many simultaneous Netflix sign-ins (that is, they're obviously being used for circumvention), but it's a surprise to viewers who were used to having unfettered access."

An anonymous reader sends this unfortunate report from TorrentFreak: Due to complicated licensing agreements Netflix is only available in a few dozen countries, all of which have a different content library. Some people bypass these content and access restrictions by using VPNs or other circumvention tools that change their geographical location. This makes it easy for people all around the world to pay for access to the U.S. version of Netflix, for example. The movie studios are not happy with these deviant subscribers as it hurts their licensing agreements. ... Over the past weeks Netflix has started to take action against people who use certain circumvention tools. The Android application started to force Google DNS which now makes it harder to use DNS based location unblockers, and several VPN IP-ranges were targeted as well.

An anonymous reader sends this quote from Ars Technica: The National Security Agency's Office of Target Pursuit (OTP) maintains a team of engineers dedicated to cracking the encrypted traffic of virtual private networks (VPNs) and has developed tools that could potentially uncloak the traffic in the majority of VPNs used to secure traffic passing over the Internet today, according to documents published this week by the German news magazine Der Speigel. A slide deck from a presentation by a member of OTP's VPN Exploitation Team, dated September 13, 2010, details the process the NSA used at that time to attack VPNs—including tools with names drawn from Star Trek and other bits of popular culture.

An anonymous reader writes: After ten years of development focused on improving and simplifying Linux networking, NetworkManager 1.0 was released. NetworkManager 1.0 brings many features including an increasingly modernized client library, improved command-line support, a lightweight internal DHCP client, better Bluetooth support, VPN enhancements, WWAN IPv6 support, and other features.

An anonymous reader writes: The folks at the USPS have responded to the recent breach that exposed data on 800K employees and another some 2.8 million customers. They have suspended telecommuting for all employees until further notice while they replace their VPN with a more secure version. "Additionally, the postal service will upgrade some of its equipment and systems in the coming weeks and months as part of a broad security overhaul in response to the breach."

MojoKid writes When Phonebloks visionary Dave Hakkens began evangelizing the idea of a modular phone with interchangeable components, many scoffed at the idea saying it couldn't be done or wasn't commercially feasible, that is until Google stepped up and backed a team of engineers for Project Ara. Ultimately, Project Ara's proof of concept efforts bore fruit and the vision is quickly becoming reality, now with apparently new competitors entering the fray. A start-up company by the name of Vsenn has come out of cover to disclose its intention to start a "smartphone evolution" and it also turns out that company has been co-founded by a former Nokia Android X Program Manager. The company also makes some lofty promises and has set big goals, noting not only modular hardware design but "guaranteed updates, maximum security and customizable looks." From encryption to secure VPN cloud services and back covers that are easily changed out, Vsenn seems to be targeting not only "Phonebloks-style" modularity and customizations like Project Ara but also some of the secure device and communication hot buttons that both Apple and Google have been acting on as of late with iOS and Android Lollipop.

blogologue writes I've been playing Battlefield for some time now, and having a good ping there is important for a good gaming experience. Now I'm in the situation where I have mobile internet access from two telecom companies, and neither of those connections are stable enough to play games on, the odd ping in hundreds of milliseconds throws everything off. How can I setup a Windows client (my PC) and a Linux server (in a datacenter, connected to the internet) so that the same TCP and UDP traffic goes over both links, and the fastest packet on either link 'wins' and the other is discarded?

moofo writes: I've had huge problems with a security appliance since its installation. Specifically, the VPN SSL client is causing a problem for the majority of my remote clients. The company acknowledged the bug, but they are jerking me around, and no resolution is in sight. I tried third-party clients, but I'm wary of using them since they are not distributed by the manufacturer, and they require some maintenance to keep working properly.

I also talked to various executives at the company and besides giving me apologies, nothing good is coming my way. It's been more than two years (on a three-year subscription that I can't terminate early), and this is continually causing me trouble and aggravation. It also makes my internal customers unhappy. How do you deal with a manufacturer who doesn't fix bugs in a reasonable time frame?

ashshy writes 200,000 Australian residents reportedly use Netflix today, tunneling their video traffic to the US, UK, and other Netflix markets via VPN connections. A proper Netflix Down Under service isn't expected to launch until 2015. Last week, Aussie video streaming company Quickflix told Netflix to stop this practice, so Australian viewers can return to Quickflix and other local alternatives. But Quickflix CEO Stephen Langsford didn't explain how Netflix could restrict Australian VPN users, beyond the IP geolocating and credit card billing address checks it already runs. Today, ZDNet's Josh Taylor ripped into the absurdity of Quickflix's demands. From the article: "If Netflix cuts those people off, they're going to know that it was at the behest of Foxtel and Quickflix, and would likely boycott those services instead of flocking to them. If nothing else, it would encourage those who have tried to do the right thing by subscribing and paying for content on Netflix to return to copyright infringement."

An anonymous reader writes "I currently connect to the internet via a standard router, but I'm looking at bulking up security. Could people provide their experiences with setting up a dedicated firewall machine with VPN capabilities? I am a novice at Linux/BSD, so would appreciate pointers at solutions that require relatively little tweaking. Hardware-wise, I have built PC's, so I'm comfortable with sourcing components and assembling into a case. The setup would reside in my living room, so a quiet solution is required. The firewall would handle home browsing and torrenting traffic. Some of the questions knocking around in my head: 1. Pros and cons of buying an off-the-shelf solution versus building a quiet PC-based solution? 2. Software- versus hardware-based encryption — pros and cons? 3. What are minimum requirements to run a VPN? 4. Which OS to go for? 5. What other security software should I include for maximum protection? I am thinking of anti-virus solutions."