Connect with us


Yes, VPNs Can Be Hacked: What That Means for Your Privacy



We thought VPNs were secure, but with an increasing number of secure services reporting server breaches, that seems not to be the case. But how do these secure services get hacked in the first place, and how do hackers capitalize on it?

Here’s how VPNs get hacked and what it means for your privacy.

The VPN’s (Seemingly) Unbreakable Security

A diagram showing how a VPN works
Image Credit: vaeenma/DepositPhotos

If we take a brief look at how a VPN works, it looks unhackable. This is the primary draw of a VPN, as people feel they can trust the service to maintain their privacy.

For one, your computer encrypts the connection before it leaves for the internet. This encryption makes a VPN a solid layer of defense against spying, as anyone snooping on the connection can’t read what you’re sending. Hackers can use public Wi-Fi connections to steal your identity, but a VPN can protect you from all attacks bar someone looking over your shoulder.

Even your ISP can’t see the packets you send, which makes VPNs useful for hiding your traffic from a strict government.

If a hacker manages to break into a VPN’s database, they may leave empty-handed. Many top VPNs hold a “no-logging policy,” which states that they won’t save records of how you use their service. These logs are a potential goldmine for hackers, and refusing to keep them means your privacy is maintained even after a database leak.

From these points, it’s easy to assume that a VPN is “unhackable.” However, there are ways that hackers can breach a VPN.

How VPNs Are Susceptible to Hacking

A hacker’s best point of entry is near the outer reaches of the VPN network. VPN companies sometimes opt not to set up servers in all the countries they want to support. Instead, they’ll hire out data centers established within the target country.

This plan often doesn’t introduce any complications and the VPN service adopts the servers without any issues. However, there is the rare chance that there is a hidden oversight in the data center that the VPN company isn’t aware of. In one reported case, a server that NordVPN rented out had a forgotten-about remote connection tool installed.

This tool was insecure and hackers used it to break in.

From there, the hacker found some additional files. The Register reports that this includes an expired encryption key and a DNS certificate. The key didn’t allow the hacker to snoop on traffic, and if they did, NordVPN says they’d only see the same data an ISP would see.

How Hackers Can Capitalize on a VPN Attack

This flaw is the main weakness that a hacker will try to exploit. Because the VPN doesn’t store logs of connections, a hacker’s best bet is to watch the data flow in real-time and analyze the packets.

This tactic is called the “man-in-the-middle” (MITM) attack. It’s when a hacker gets their information from monitoring data as it passes through.  It’s not easy to pull off, but it’s not impossible to achieve. Should a hacker get their hands on an encryption key, they can reverse the VPN’s protection and peek at the packets as they pass through.

Of course, this doesn’t give hackers free rein over the traffic. Any data encrypted with HTTPS won’t be readable, as the hacker won’t have the key for it. Anything that’s plaintext, however, will be readable and potentially editable, which would be a severe privacy breach.

Should You Be Concerned About Your VPN Privacy?

While this does sound terrifying, don’t worry just yet. Before you panic, consider why you use or would use a VPN service. At the base level, a hacker monitoring a VPN connection would only see what an ISP would see. For some, this kind of breach doesn’t affect them at all; for others, it’s a severe breach of trust.

On one end of the spectrum, let’s assume you use a VPN so you can get around geo-blocks. You don’t boot up the VPN often, and when you do, it’s to watch shows on Netflix that aren’t available in your home country. In this case, do you mind that a hacker knows you’re watching the newest Labyrinth series?

If not, you may not want to protect yourself further—although some would argue that surrendering any part of your privacy is never right!

On the other side, VPNs are more than just a way to watch TV shows from overseas. They’re a way to browse the internet and speak freely without intervention from the government. For these people, a breach of their privacy could have severe ramifications.

If the thought of your privacy leaking in an attack is too much to bear, it’s worth taking the extra steps to protect yourself.

How to Protect Your Privacy With Additional Security

To start, it’s essential to realize that these breaches aren’t commonplace. Also, the hacker in the NordVPN case only gained access to one of the 5000+ servers. This means that the majority of the service was safe, and only a small section of users was under threat. As such, a VPN is still a useful way to protect your privacy.

However, if you’re very serious about staying anonymous, a VPN shouldn’t be your only line of defense. The attacks on VPNs have shown that they do have flaws, but that doesn’t mean that they’re entirely useless. The best way to maintain your privacy is to add another layer of privacy to what the VPN provides. That way, you’re not wholly dependent on your VPN service to protect you.

For instance, you can boot up your VPN, then use the Tor browser to browse the web. The Tor browser connects to the Tor network, which uses triple-encryption for its traffic. This encryption is applied before your computer sends it, much like a VPN.

If a hacker performs a MITM attack on your VPN connection, The Tor network’s encryption keeps your data safe. On the other hand, if your connection is compromised on the Tor network, the trail leads back to the VPN. If the VPN doesn’t store logs, the trail back to you goes dead.

As such, using two layers of security is an effective way to protect your privacy. Regardless of which side suffers a breach, the other one will pick up the slack.

How to Use a VPN Properly

VPNs can help secure your connection, but they’re not impenetrable. As we’ve seen from these incidents, hackers can infiltrate a VPN server and use keys to initiate a MITM attack. If you’re concerned about your privacy, it’s worth backing up a VPN with another layer of defense. That way, if one layer falls, the other is there to back you up.

Invulnerability behind a VPN service is one of the common VPN myths you shouldn’t believe, so it’s worth knowing what’s true and what’s fake.

Read the full article: Yes, VPNs Can Be Hacked: What That Means for Your Privacy

Source link

قالب وردپرس

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Stop covid or save the economy? We can do both



In the first employment report after social distancing measures had taken hold in many US states, the Department of Labor announced that 3.3 million people had filed jobless claims. A week later, in the first week in April, an additional 6.6 million claims came in—almost unfathomable compared with the previous record of 695,000, which was set in 1982.

As bad as those numbers are, though, they greatly understate the crisis, since they don’t take into account many part-time, self-­employed, and gig workers who are also losing their livelihoods. Financial experts predict that US GDP will drop as much as 30% to 50% by summer.

You can read our most essential coverage of the coronavirus/covid-19 outbreak for free, and also sign up for our coronavirus newsletter. But please consider subscribing to support our nonprofit journalism.

In late March, President Donald Trump warned against letting “the cure be worse than the problem itself” and talked of getting the country back to business by Easter, then just two weeks away. Casey Mulligan, a University of Chicago economist and former member of the president’s Council of Economic Advisers, warned that “an optimistic projection” for the cost of closing nonessential businesses until July was almost $10,000 per American household. He told the New York Times that shutting down economic activity to slow the virus would be more damaging than doing nothing at all.

Eventually the White House released models suggesting that letting the virus spread unchecked could kill as many as 2.2 million Americans, in line with the projections of other epidemiologists. Trump backed off his calls for an early reopening, extending guidelines on social distancing through the end of April. But his essential argument remained: that in the coronavirus pandemic, there is an agonizing trade-off between saving the economy and saving lives.

Evidence from research, however, shows that this is a false dichotomy. The best way to limit the economic damage will be to save as many lives as possible.

A novel recession

Part of the difficulty with setting policy now is that the situation is unprecedented in living memory. “It’s impossible to know how the world is changing,” says David Autor, a labor economist at MIT. “It isn’t like anything we’ve seen in a hundred years.” In any past recession or depression, the economic solution has always been to stimulate demand for labor—to get workers back on the job. But in this case, we’re purposely shutting down economic activity and telling people to stay at home. “It’s not just the depth of the recession,” Autor says. “It’s qualitatively different.” 

One of the biggest fears is that those least able to withstand the downturn will be hit hardest—low-wage service workers in restaurants and hotels, and the growing number of people in the gig economy. For the last two decades, service workers have become an increasingly large part of the labor force as many of the midlevel office and manufacturing jobs previously open to people without college degrees have dried up, says Autor. It’s people in these service jobs, already low paid and often with few health and other benefits, who will struggle the most.

“On a good day they are vulnerable, and on a bad day they are even more vulnerable,” Autor says. “And this is a very bad day.”

Provisions included in the $2 trillion legislative package passed by Congress in late March were meant to give affected workers and businesses the means to weather the shutdown and, once the outbreak is under control, help restart the economy. Each adult earning less than $75,000 will be given $1,200, and for the first time, gig workers and self-employed people will qualify for unemployment benefits. Hundreds of billions of dollars will also go to helping businesses stay afloat.

But it almost certainly won’t be enough, especially in the hardest-hit areas of the country. Cities like Las Vegas and Orlando, “places with gargantuan leisure hospitality economies,” will be badly affected, says Mark Muro, coauthor of a report from the Brookings Institution analyzing the numbers. But any region with a large service economy is vulnerable. Muro points out that many of these places never recovered from the 2008 financial crisis.

The people losing these low-wage service jobs were already experiencing skyrocketing mortality rates from what economists have begun calling “deaths of despair,” caused by alcoholism, drug abuse, and suicide. The coming crash could make things much worse.

The value of a life

Yet shutting down businesses is the only real choice, given that an unchecked pandemic would itself be hugely destructive to economic activity. If tens of millions of people become sick and millions die, the economy suffers, and not just because the workforce is being depleted. Widespread fear is bad for business: consumers won’t flock back to restaurants, book air travel, or spend on activities that might put them at risk of getting sick. In a recent survey of leading economists by Chicago’s Booth School, 88% believed that “a comprehensive policy response” will need to involve tolerating “a very large contraction in economic activity” to get the outbreak under control. Some 80% thought that “abandoning severe lockdowns” too early will lead to even greater economic damage.

Meanwhile, any measures to slow deaths from the virus will have huge downstream economic benefits. Michael Greenstone, an economist at the University of Chicago, finds that even moderate social distancing will save 1.7 million lives between March 1 and October 1, according to disease-spread models done at Imperial College London. Avoiding those deaths translates into a benefit of around $8 trillion to the economy, or about one-third of the US GDP, he estimates, on the basis of a widely accepted economic measure, the “value of a statistical life.” And if the outbreak is less severe than predicted by the Imperial College work, Greenstone predicts, social distancing could still save some $3.6 trillion.

“Our choice is not whether we intervene or whether we go back to the normal economy,” says Emil Verner, an economist at MIT’s Sloan School who has recently looked at the flu pandemic of 1918 for insights into today’s outbreak. “Our choice is whether we intervene—and the economy will be really bad now and will be better in the future—versus doing nothing and the pandemic goes out of control and really destroys the economy.”

Overall, Verner and his coauthors found that the 1918 pandemic reduced national manufacturing output in the US by 18%; but cities that implemented restrictions earlier and for longer had much better economic outcomes in the year after the outbreak.

Verner points to the fates of two cities in particular: Cleveland and Philadelphia. Cleveland acted aggressively, closing schools and banning gatherings early in the outbreak and keeping the restrictions in place for far longer. Philadelphia was slower to react and maintained restrictions for about half as long. Not only did far fewer people die in Cleveland (600 per 100,000, compared with 900 per 100,000 in Philadelphia), but its economy fared better and was much stronger in the year after the outbreak. By 1919 job growth was 5% there, while in Philadelphia it was around 2%.

Today’s economy is much different—it’s geared more toward services, and far less toward manufacturing than it was 100 years ago. Nevertheless, the cities’ stories are suggestive. Verner says that even a conservative interpretation of the data suggests there is “no evidence that interventions are worse for the economy.” And most likely they had a significant benefit. “A pandemic is so destructive,” he says. “Ultimately any policy to mitigate it is going to be good for the economy.”

The cure, then, isn’t worse than the disease. But for every day that normal economic activity is shut down, a huge number of Americans won’t be earning an income. Many already live paycheck to paycheck. Many may in fact succumb to diseases of despair. Families will fall apart under the stress. Hard-hit cities will feel abandoned. The urgency to open the economy will only grow.

However, a number of influential economists and health-care experts are saying there’s a way to get America quickly back in business while preserving public safety.

Reviving the economy

These days Paul Romer sounds exasperated. “We’re caught up in the trauma: kill the economy or kill more people,” he says. There is so much “learned helplessness, so much hand-wringing.” The New York University economist and Nobel laureate believes he has a relatively simple strategy that will “both contain the virus and let the economy revive.” 

The key, says Romer, is repeatedly testing everyone without symptoms to identify who is infected. (People with symptoms should just be assumed to have covid-19 and treated accordingly.) All those who test positive should isolate themselves; those who test negative can return to work, traveling, and socializing, but they should be tested every two weeks or so. If you’re negative, you might have a card saying so that allows you to get on an airplane or freely enter a restaurant.

Testing could be voluntary. Romer acknowledges some might resist it or resist isolating themselves if positive, but “most people want to do the right thing,” he says, and that should be enough to snuff out the spread of the virus.

Romer points to new, faster diagnostic tests, including ones from Silicon Valley’s Cepheid and from the drug giant Roche. Each of Roche’s best machines can handle 4,200 tests a day; build five thousand of those machines, and you can test 20 million people a day. “It’s well within our capacity,” he says. “We just need to bend some metal and make some machines.” If you can identify and isolate those infected with the virus, you can let the rest of the population go back to business.

Indeed, in an early April survey by Chicago’s Booth School, 93% of the economists agreed that “a massive increase in testing” is required for “an economic restart.”

In a piece called “National Coronavirus Response: A roadmap to reopening,” former FDA director Scott Gottlieb also argued for ramping up testing and then isolating those infected rather shutting in the entire population. Likewise, Ezekiel Emanuel, chair of the University of Pennsylvania’s department of medical ethics and health policy, called for increasing testing in a New York Times piece called “We Can Safely Restart the Economy in June. Here’s How.” Harvard medical experts, meanwhile, have outlined similar ideas in “A Detailed Plan for Getting Americans Back to Work.

The proposals differ in details, but all revolve around widespread testing of various sorts to know who is vulnerable and who isn’t before we risk going back to business.

There is, however, little evidence that massive and frequent testing will be implemented anytime soon. Despite the appearance of new tests, screening is still largely unavailable for anyone but the most severely ill or those at the medical front lines. Test kits and equipment to perform them are still in short supply. Many hospitals and doctors complain they can’t get needed tests; and Roche’s CEO said at the end of March that it will be “weeks, if not months” before there is widespread coronavirus testing in the US.

It’s the type of inertia that clearly frustrates Romer. He calls the $2 trillion legislation passed by Congress “palliative care” for the economy. If you took $100 billion and put it into testing, he says, we would “be far better off.”

One day we will have to reopen the economy. Perhaps we’ll be able to hold out until the pandemic is showing signs of receding, or perhaps the economic suffering will prove intolerable both to those in charge and to those living in hard-hit regions. When that day comes, if we do not have widespread testing, we will be sending people back to work without knowing if they’re at risk of getting the virus or spreading it to others. “We’re thinking about this the wrong way,” Romer says. The idea that one day you will be able to restart the economy without massive testing to see if the outbreak is under control is just “magical thinking.” 

It could be a gradual process—those who are found to be free of infection or immune might be allowed back first. But without testing we won’t know how to manage this transition. In that case we will in fact be left with the Trumpian choice: between salvaging the economy and risking countless deaths.

Source link

قالب وردپرس

Continue Reading


The Real Lessons About 3D Printed Face Shields: Effective Engineering Response in Times of Crisis



3D printed face shields and other health equipment is big news right now. Not long ago, Prusa Research rapidly designed and manufactured 3D printed face shields and donated them to the Czech Ministry of Health. Their effort is ongoing, and 3D printers cranking out health equipment like the NIH approved design has been peppering headlines ever since.

The Important Part Isn’t 3D Printers

The implied takeaway from all the coverage is that 3D printers are a solution to critical equipment shortages, but the fact that 3D printers are involved isn’t really the important part. We all know printers can make plastic parts, so what should be the real takeaway? The biggest lessons we can learn about Prusa’s ongoing effort are related to how they’ve gone about it.

The situation was that health workers were short on face shields (among other things) and the usual supply couldn’t meet the demand for items that were needed yesterday. Prusa Research was able to create a design, and validate it with experts and end users in record time. Confirming that a design meets actual needs is an important step, but it’s not the only one.

Just as important is ensuring that a design’s execution is appropriate for the environment, and that meant conferring with experts and getting their buy-in and approval. In the case of the face shields, manufacturing them needed to go hand-in-hand with proper handling and packaging. Josef Prusa spells it all out carefully in his original blog post, along with making it clear that making face shields wasn’t the only solution explored, but it was identified as the one that was most appropriate at the time.

It’s one thing to run some 3D printers and drop off the resulting box of parts if all one is interested in are high fives and congratulatory selfies, maybe a triumphant social media post on the side. But if solving a problem meaningfully is the real goal, then the bar is set somewhat higher.

How to Make Sure a Solution Actually Solves Something

Prusa Research did many things besides design and 3D print face shield parts. They coordinated closely with end users and experts, validated the design with them, and delivered something that met a specific need in a very short time. It’s a brilliant story, but it’s an even better example of how to make certain that an engineering solution actually solves a real problem.

How does one make sure a problem-solving effort is appropriate? Follow these three simple (but not necessarily easy) steps:

  1. Ensure the solution is addressing a problem that actually exists in the first place.
  2. Verify that the solution meets the needs of the people who are actually involved.
  3. Execute the solution in a way appropriate to the environment for which it is destined.

How does one judge whether a solution does in fact accomplish those things? The only judges that matter are the people and experts on the receiving end, so it ultimately must come from them. Otherwise, as our own Jenny List observed, swooping in with an engineering solution may feel good, but probably won’t accomplish much besides a boost to one’s ego.

The 3D Printing is Solved, But Other Problems Exist

Besides what Prusa Research is doing, there are other organizations eager to leverage 3D printing to help with equipment shortfalls and a lack of headlines. Running 3D printers is a solved problem and a workable design is out in the wild, but that still leaves other problems such as:

  1. How best to get 3D printed devices into the hands of people who need them, and
  2. Who picks up the bill after the news organizations have gone and everyone else at the table looks elsewhere and fidgets nervously.

Here are two different efforts that try to focus on those connected problems.

A Canadian initiative acting as a portal to connect people who volunteer to make things with the people and organizations requesting those things. It’s being spearheaded by Shop3D who aims to provide pre-paid shipping labels and, as necessary, refund material costs for volunteers able to turn excess filament into face shield parts. (Volunteers need only make the 3D printed parts; other components such as clear plastic sheets are being donated by other suppliers.)

This approach is interesting because the problem being addressed is that the two groups involved — makers on one side, and medical personnel on the other — are not normally the same people. By providing a portal to allow volunteers to make and users to place orders free of charge, it removes the need for the two groups to have to know each other.

Covid-19 Manufacturing Fund

This nonprofit fundraiser by 3DHubs also aims to cover the costs of manufacturing medical equipment (at the moment, only face shields) and provide a way for people and organizations worldwide to request them free of charge. Their approach is to use crowdfunding (and 3DHubs’ global network) so that the funding part can be completely separate. As a result, the locations of the makers, the end users, and the ones picking up the tab don’t matter very much.

How well either of these initiatives succeed will probably be clear sooner rather than later, but what’s clear right now is that they both demonstrate trying to solve problems for which the 3D printing is really only a small part, and that’s good to see.

Things Are Changing Rapidly

Every day brings change and news. If you have read the blog post I mentioned from Prusa in the past, it has probably been updated since you last read it. If you saved their 3D printable face shield design, it has probably been revised more than once since you downloaded it. 3D printing is agile enough to keep up with rapid change, but it’s ultimately only one piece of the problem.

Do you know of any other efforts to solve problems around this issue? Let us know in the comments.

Source link

قالب وردپرس

Continue Reading


Zoom asks Facebook’s former chief security officer to help fix its privacy issues



  • Amid the coronavirus pandemic, millions of people have been forced to transition to working from home. Video conference software like Zoom has enabled that transition, and Zoom, specifically, has seen an explosion in its user base.
  • Unfortunately, that’s also illuminated security and privacy issues. To help solve them, Zoom has asked former Facebook chief security officer Alex Stamos to help the company address these problems.
  • Visit BGR’s homepage for more stories.

This news is going to strike some of you as counterintuitive, particularly if you’ve soured on Facebook over the last year or so thanks to its litany of privacy and security woes. By now, most of you are probably aware that the video conferencing software Zoom has experienced a taste of that same backlash over the last couple of weeks, as its popularity skyrocketed thanks to millions of people stuck at home because of the coronavirus. Unfortunately, as the service experienced an astounding jump in users — from 10 million in December to 200 million in March — that growth has been accompanied by one controversy after another. Everything from strangers annoyingly “zoombombing” peoples’ video calls to the disclosure that email addresses and photos of some Zoom users had leaked, with additional PR nightmares including the fact that some call data had been sent through China for non-Chinese users, as well as the Zoom iOS app quietly sending analytics data to Facebook.

Now, Zoom has called in some help as it works through these and other security and privacy issues: That help is coming in the form of Facebook’s former chief security officer, Alex Stamos.

While it’s tempting to read this news and shake your head — okay, that’s rich, turning to an ex-Facebook executive to fix these problems, of all people! — it’s worth pointing out that Stamos, who left Facebook two years ago and is the director of Stanford University’s Internet Observatory, is highly regarded in the privacy and security communities. Via his twitter account, he also is a passionate champion for user privacy and similar issues.

In a Medium post he published on Wednesday, Stamos explains that he got a phone call last week from Zoom founder and CEO Eric Yuan, after Yuan had read some of Stamos’ tweets about the issues facing Zoom. “We talked about the significant challenges his company was facing, both in responding to an incredible growth in users but also living up to the security expectations of the moment,” Stamos writes. “He asked detailed and thoughtful questions of my experiences working at companies facing extreme crises, and I was impressed by his clear vision for Zoom as a trusted platform and his willingness to take aggressive action to get there.

“He asked if I would be interested in helping Zoom build up its security, privacy and safety capabilities as an outside consultant, and I readily agreed.”

He goes on to write that what attracted him to this challenge was the fact that successfully scaling a video platform like this, and to this size, with “no appreciable downtime” in the span of a few weeks is unprecedented in the history of the internet. Something special has been happening at Zoom, he adds, and the security challenges that go hand in hand with that are fascinating to someone like him.

“I encourage the entire industry to use this moment to reflect on their own security practices and have honest conversations about things we could all be doing better,” Stamos’ post concludes. “This is possibly the most impactful challenge faced by the tech industry in the age of COVID-19, and together we can make something positive out of these difficult times and ensure that communications are safer and more secure for all.”

Source link

قالب وردپرس

Continue Reading