vpn
Latest
iTwin Connect turns a humble USB stick into your own VPN (video)
Passing files over the internet using iTwin's 256-bit AES encryption's all well and good, but wouldn't it be nice if you could use that connection for other things? Luckily for you, that's just what the iTwin Connect was designed to do. In addition to the usual file-sharing jiggery-pokery, the new hardware can let you surf via your domestic internet connection, control devices on your home network and play with your desktop from afar. Even better, the company is throwing in US, Asia and Europe-based VPN servers of its own, so you can still catch that episode of Duck Dynasty on Hulu if your primary machine's turned off. Despite the raft of new features on offer, the company isn't charging a regular subscription, so all of that will set you back a rather meager $130.
Hands on with WiTopia's VPN service
This week, I gave WiTopia's VPN a try. And to be quite honest, it wasn't exactly the experience I was hoping for. As I discussed in my first post on this topic, Virtual Private Networking offers ways for users to safeguard their data in public situations, when looking for privacy on their desktop computers, and when location shifting. I started my tests as a complete VPN noob. I wasn't sure what I was getting in for, or how well VPN would work with my setup. I resolved to test VPN in various situations and see how well I could still accomplish my goals. Bill Bullock of WiTopia was kind enough to sit down with me and introduce the service before I pulled out my credit card and signed up for an account. "If you're on public WiFi, you should be using VPN," Bullock told me. "It's a matter of education." I decided to test it both in the public situation, the most common VPN experience, as well as on my personal system. Don't forget to switch on the VPN My first lesson was this: using VPN must be a conscious choice. Although iOS makes VPN incredibly easy to use, it doesn't work until you switch it on. Remembering to do that while you're out must become a habit, one that I really struggled to master. When active, a VPN icon appears at the top left in your status bar. This lets you instantly check if you've enabled the service. If you see the icon below, you have. Setting up VPN The set up process was amazingly easy. I just added a new VPN entry, and entered my account credentials as instructed. (Hint: you need to add backslash W before your email.) Total set up could not have taken more than a minute. After that, my account was ready to use whenever I desired -- all it takes is a simple click to get going. What I didn't expect is that various servers provide differing performance levels, presumably based on general load. WiTopia offers dozens of servers. I found that the local Aurora-based server offered iffy response times, but by connecting to Kansas City (just a bit further east), I could obtain far more responsive Internet. Your experience will vary, of course. Because you're directing all your traffic through a server, a slow one can really limit your device's responsiveness. WiTopia offers a help article to assist with slow connections and offers 24/7 customer phone support. Bullock points out, "Another item to remember is you probably retain cookies and other identifiers to iTunes, etc. and that may have had something to do with slowed downloads. We have customers streaming Video all over the world (which is very bandwidth-intensive and finicky) , so if downloads were significantly slowed, beyond what may be normal because we're encrypting all the data, it is likely something that could be tweaked." You can location shift One feature a lot of TUAW bloggers were interested in was VPN place shifting. When you select a server, your location becomes that location. Use a Canadian server, you're in Canada. Use a UK server, you're in Britain. (Attn pedants: I checked and didn't see any for Northern Ireland, the Channel Islands, etc.) What did this mean? I was able to install and use the BBC iPlayer app and sample a variety of offerings. Geolimited shows that would not normally play back on my iPad were there for the viewing. (Attn Pedants: We at TUAW do not encourage or discourage geoshifting. The BBC website states "You need to be covered by a valid TV Licence if you watch or record TV as it's being broadcast", which does not cover replays. Consult an international lawyer to determine whether you should or should not engage in this behavior.) Location shifting, as much as it delights the heart of those whose home-team basketball game is blacked out, is not without its risks and frustrations. After finishing my tests and reverting to the United States, App Store kept giving me a hard time until I completely rebooted my iPad. These kind of problems were, however, much more frequent on my Mac versus my iPad -- probably because I use my Mac in a much more rigorous way. VPN on my Mac Setting up VPN on my new Mac mini was just as easy as on my iPad and geoshifting even easier -- mostly because I didn't have to type anything once I was all set up. To change locations, I just selected a server from a menu and connected. For the most part, I tried to stay connected to Kansas City -- although I did test out London and the BBC. VPN on a desktop computer is primarily about privacy -- keeping your activities, especially your searches, anonymous. Unfortunately, I found that VPN service often interfered with the tasks I was trying to accomplish. For example, I regularly ran into Google errors like these. Google was convinced that I was some kind of automated bot trying to compromise their service. and this A search on my IP address found it blacklisted due to use by spam bots. I also ran into difficulties working with iTunes Connect (as I was rushing to get out both an update and a new app), with IRC (which often would not allow connections on irc.freenode.net), and with my email server (which I fixed using a WiTopia help page, but I couldn't send email for several days). Downloads ran slower -- especially when trying to move massive quantities of data, including the latest Xcode beta for iOS 6.1, upgrading gigabytes of apps (mostly due to TomTom's 1.3 GB update), and re-downloading movies that iTunes "helpfully" removed to the cloud. After a point, I simply turned off VPN so I could finish my downloads sometime this century. Conclusions After doing my VPN tests, I am totally behind the VPN idea -- regardless of which reputable provider is used. However, for someone who lives by bandwidth and needs reliable Internet access, I'm not entirely sure I would use it 24/7. That's not because I wouldn't want to -- having my searches protected really appeals to me -- but because at least in this configuration, my work day was impacted enough to make it more of a use-with-public-WiFi scenario. My entire VPN experience is, as you can tell, quite limited. So please join in the comments with your person reflections on providers and work flows.
VPN for the rest of us: Interview with WiTopia
VPN, aka Virtual Private Network, is a technology that lets you securely share data across public networks. For the most part, when I think VPN, I typically imagine work-related corporate or federal government accounts, or people accessing the net in countries with excessive government surveillance. But there's a lot more that VPN can do. For example, it's an essential technology for sports fans who must shift the geographic location of their IP addresses so they can watch blacked-out sports from their broadcast region. It's also popular with travelers and coffee-shop-based tech workers who regularly access shared WiFi networks. Nothing harshes your caffeine buzz like having your passwords stolen from your over-the-air traffic. Many people use VPN because it's a work requirement. Others purchase a private account for one of the four reasons here: Security. They share public WiFI hotspots and want to protect their data at cafes, airports and hotels. They'd rather not share their personal credentials with identity thieves. Censorship. They need an end-run around corporate (no playing at the office) or government censorship (think China), so they can access services and websites that they'd otherwise be cut off from. Privacy. They want to avoid oversight, tracking and other privacy infringement by websites like Google. Region Shifting. They're looking to shift locations to access georestricted resources like local blacked-out football games or Hulu from outside the US. I recently had an opportunity to sit down with Bill Bullock, CEO of WiTopia, a personal VPN services provider, to chat about the technology. WiTopia has a good reputation at TUAW and several of our bloggers are customers. Its focus is on providing privacy and security for general users rather than aiming at the total-anonymity user base. WiTopia is practically a geriatric, old-age pensioner in this field, having been founded back in 2005. Bullock told me, "Before us, VPN was really thought to be mostly a corporate and government product. We were one of the first to put out a consumer market VPN." Bullock talked to me about security issues and why home users might want to invest in a VPN account. "Our VPN works over any connection across wires or Wi-Fi." Many consumers don't consider how vulnerable shared wired connections can be, but at hotels, users will still be sharing the same network. "If someone's in another room, they may be able to sniff your traffic." People often feel more secure on a wire, but their data is just as exposed. Sniffing your data, or monitoring the traffic eminating from your computer, is a potential problem at public hotspots. "There are a number of tools available that people with little technical knowledge can use. There's one called FireSheep that works right out of the Firefox browser. It could take over a person's Facebook account, Twitter account, etc. You could hijack a session and log into those services. It's an example of a very easy to use tool that a kid could use." Bullock described a number of other attacks such as one called an "evil twin" attack, where a hacker mimics a local hotspot, encouraging unsuspecting users to connect. It's a kind of WiFi phishing you might encounter at a coffee shop or airport. "You go to see what available wireless networks there are, one might be called FREE WIFI. This is a common thing that bad guys use, where someone advertises their laptop as a WiFi network. You're actually logging on to that laptop. At airports, there are lots of people with a laptop, so they blend in. You still get Internet access because they're hooked up to let you do that but all your data is going through their computer and can be seen and captured." By using a VPN connection to encrypt the traffic from your device, it protects you against these kinds of attacks. Even if you end up moving through a dishonest WiFi broker, they can't read your data. "If you're on public WiFi, you should be using VPN," Bullock said. "It's a matter of education. People used to leave their doors unlocked, but now they don't. Does that mean someone will break in the house? We hope not but WiFi is just radio, just like a radio station. Someone with a little bit of knowledge can capture all your data. They compromise your data and can steal your identity. We don't wish to spread paranoia but it only takes one time to really mess up your life." VPN can also be valuable to those who aren't on the move. When at home or at the office, privacy is the major driver to VPN services. "When you connect to the VPN, we assign you one of our IP addresses, so there's a level of personal privacy. Even if you do a Google search, where there will still be cookies, it gives you a level of personal privacy." Bullock explained that many sites track users by IP addresses. What's more, these addresses don't change as often as you might think they do. "Even with dynamically assigned IPs, I've kept the same Verizon IP address for over a year. If I don't have the VPN on, every search I do is tagged to this IP address and stored. "We all do searches on personally identifiable information. Most people don't want to think about it, but likely every search you have ever done in your entire life is stored on a server somewhere and mapped to a handful of IP addresses that can be identified as you. VPNs give you the ability to opt-out of this information gathering." With VPN you join a group of shared IP addresses that essentially anonymize you into a crowd. "We have thousands of addresses. It's a WiTopia address that's shared among many, many, many people. You get to be lost in the crowd; your ID is cloaked. All traces back to you stop at the Witopia gateway." Because of privacy and security, nearly everyone might consider a personal VPN account. The service works on Macs and Windows, as well as on mobile devices. "Apple has done a really good job of supporting VPN protocols. It's very easy to use on an iPhone or an iPad. You set it up once and after that just slide to ON in Settings. Two, three seconds later, you're ready to use the public WiFi hotspot at Starbucks." WiTopia's basic service costs US$50/year with unlimited data and city switching (in case you want to try out iPlayer or watch Hulu). If you don't like the service within 30 days, you can cancel for a full money-back guarantee. So, how does VPN work in real life? I'll discuss my experiences testing the service in my next post, where I go hands on with WiTopia. It wasn't all smooth going, but it gave me a lot to think about.
Hotspot Shield marks mobile anniversary, offers two-day giveaway
Dropbox isn't the only service celebrating a 100-million milestone this week; the desktop and mobile VPN service Hotspot Shield by AnchorFree is growing fast, and reports that it's passed the 100 million downloads mark for the PC and Mac product. The mobile version (reviewed here), launched one year ago for iOS and now also on Android, has made it past 3 million downloads and is growing by 20 percent per month. Hotspot Shield is celebrating the mobile anniversary with a Twitter-driven giveaway for a month's service. You can check out the details here. I generally dislike the tactic of cluttering your Twitter timeline with tweets for free stuff, and the iOS app already comes with a seven-day trial -- but if you need a month to see if it's worth subscribing, go ahead. The giveaway runs through Saturday morning Pacific time. The HS service does more than simply cloak and protect your Internet connection; it also provides data compression (very handy on mobile devices or slow connections) and filters websites for malware and other issues. Mobile service is available as an in-app purchase for US$0.99 a month or $9.99 a year.
DARPA-backed Power Pwn is power strip by day, superhero hack machine by night
Call the Power Pwn the champion of white hat hacking. Underneath that Clark Kent power strip exterior, there's a Superman of full-scale breach testing that can push the limits of just about any company network, whether it takes 3G, Ethernet or WiFi to get there. Pwnie Express' stealthy sequel to the Pwn Plug ships with a Debian 6 instance of Linux whose handy hacking tools are as easy to launch as they are tough to detect. There's just one step needed to create a snoop-friendly Evil AP WiFi hotspot, and the box dodges around low-level NAC/802.1x/RADIUS network authentication without any help; in the same breath, it can easily leap into stealth mode and keeps an ongoing encrypted link to give do-gooders a real challenge. The hacker doesn't even need to be in the same ZIP code to crack a firewall or VPN -- the 3G link lets the Power Pwn take bash command-line instructions through SMS messages and doles out some of its feedback the same way. While the $1,295 device can theoretically be used for nefarious purposes, DARPA's blessing (and funding) should help keep the Power Pwn safely in the hands of security pros and thwart more than a few dastardly villains looking for weak networks.
Samsung Galaxy S III gets enterprise-friendly version in the US, wears a Pebble Blue business suit
When Samsung launches its all-out blitz on the US with the Galaxy S III, it'll be targeting boardrooms as well as pockets: the Android 4.0 flagship will be the company's first American phone certified for its SAFE (Samsung Approved for Enterprise) program. Regardless of the carrier, the American Galaxy S III will handle 256-bit AES encryption as well as offer better support for Exchange, remote management and VPNs than what you'd normally find coming from a Google-powered device. Samsung describes it as a way to "defragment" Android for companies that want consistent guarantees of how the OS will behave in the office, and the firm is confident enough that it's offering trade-in discounts for those who want to swap an older device for the secure phone, whether or not it's part of a corporate deal. SAFE-ready examples should be arriving by July and could save you from having to bring an ancient company-supplied phone on summer vacation.
Good Technology debuts 'first secure browser' for enterprise Android deployments
Good Technology is touting the latest addition to its Good Mobile Access (GMA) Android software suite, a secure browser. The company's GMA offering gives corporate foot soldiers armed with a smartphone access to secure intranet resources without having to initiate a VPN session -- while simultaneously allowing IT folks to manage mobile ingress. By bringing a browser into the fold, Good's software will allow employees to access databases, resources and collaboration tools without ever having to leave the safe confines of GMA's sandbox. The software maker is targeting outfits with a bring-your-own-device policy in place (and war chests large enough to install the necessary back-end infrastructure). If you're interested in learning more, the full release awaits your review after the break.
US Cyber Command completes major cyber attack simulation, seems pleased with the results
The US Cyber Command is barely out of its infancy, but it's already crossed one milestone off its to-do list, with the successful completion of its first major test run. The exercise, known as Cyber Flag, was carried out over the course of a single week at Nellis Air Force Base in Nevada, where some 300 experts put their defense skills to the test. According to Col. Rivers J. Johnson, the participants were divided into two teams: "good guys," and "bad guys." The latter were delegated with the task of infiltrating the Cyber Command's networks, while the former were charged with defending the mock cyberattack and keeping the government's VPN free of malware. The idea, according to the agency, was to simulate a real-world attack on the Department of Defense, in order to better evaluate the Command's acumen. "There were a variety of scenarios based on what we think an adversary would do in real world events and real world time," Johnson explained. "It was a great exercise." The Colonel acknowledged that the good guys weren't able to defend against all of the attacks, but pointed out that the vast majority were recognized and mitigated "in a timely manner." All told, Cyber Flag was deemed a success, with NSA Director and Cyber Command chief Gen. Keith Alexander adding that it "exceeded" his own expectations.
Hotspot Shield adds iOS connection protection with inexpensive VPN
If you're a security-conscious web surfer -- or an international traveler who likes to maintain access to US-based video streaming or voice services -- you may already be one of the millions of users of AnchorFree's Hotspot Shield, one of the leading consumer virtual private network (VPN) services. VPNs have been a mainstay of distributed corporate workforces for years, but recently they've gained traction with everyday folk as well. This week, the company launched an iOS app that streamlines the connection process and adds bandwidth-saving compression on top of that, with a modest $9.99 yearly fee. The principles of a VPN are pretty straightforward. Normally, when you connect your computer to an unfamiliar network (wired or wireless), all your traffic back and forth is readily visible to anyone sitting on the same network segment; in the case of a public hotspot in a coffee shop, library or hotel, you might be sharing way more than you mean to. While many websites guard against snoopers by digitally protecting the login process with SSL encryption (that's the "S" in https://, indicating that the conversation between you and the remote site is protected), even that may not be enough to cover the bases. Last year, the Firesheep extension for Firefox demonstrated quite convincingly that on 'open' WiFi networks, even a secure web login might not be secure if the site drops the SSL encryption after the login process is done. VPNs protect against Firesheep and other eavesdropping as a side effect of their original intended purpose: creating a secure 'tunnel' between corporate or institutional networks and machines on outside networks like the Internet. The 'virtual private' part of VPN means that when you launch a VPN client, your computer is setting up an end-to-end encrypted connection with another computer someplace else, so you can access resources on that computer's remote network (printers, servers and such). All the traffic between point A and point B is incomprehensible to any other computers on those network segments, and assuming your VPN client is set up to route all your traffic through the remote server, you're protected from prying eyes at the next Starbucks table. While you might take a slight network performance hit from running a VPN, there are benefits beyond the security improvements. Since your tunnel is carrying all the Internet traffic to and from your machine, your VPN is acting like a network ventriloquist; it makes your 'voice' appear to be coming from somewhere else (in this case, the location of the remote VPN host). The advantages of this relocation range from the entertaining -- enabling sites like Hulu or Netflix to work for non-US users, or unlocking access to social sites like Facebook or MySpace from academic/business networks that block them -- to life-and-death, change-history important. If you're living in a country where control of the Internet is used as a tool of political repression, the opportunity to get access to the outside world via a VPN may make a huge difference. There's already a VPN client connection tool built into both iOS and OS X, so you're free to use most available VPN services with your Mac or your iPhone/iPad. The relevant acronyms are IPSec, PPTP and L2TP over IPSec; if your VPN host supports one of these protocols, you should be fine. You can check with your employer or school IT department to see if you already have VPN access that you can use for free. Going with a service like Hotspot Shield, however, means you don't need to think about that alphabet soup when you want to connect securely. Hotspot Shield's desktop offering is known for being dead easy to set up and use, so no surprise that the iOS app would aim for the same simplicity. Pick your plan (free seven-day trial, $0.99 monthly or $9.99 annual) and connect -- you can also adjust the image compression level that the app will apply to your browsing sessions, saving you room on your data plan in similar fashion to Onavo's app. The app runs gracefully in the background, protecting all your traffic (the app press release even cites iMessage exchanges as being guarded, but those already are covered by TLS encryption). If you're concerned about your mobile network security while using possibly un-guarded apps or websites, or you need to virtually relocate your connection, the seven-day trial of Hotspot Shield may be just the thing for you.
Ask TUAW Video Edition: VPN services
It's the first Tuesday in May, which means it's time for another edition of Ask TUAW, the video version. Today, Brad writes to us with a security question: I love using Wi-Fi where available, but I am always leery of doing anything requiring secure access as I don't know who is on the network and what they are up to. I think the best way to protect myself is using a VPN. But what service do you choose? Is there any chance they can see my info and passwords? Any help you can give would be great. We answer Brad's question in the video below by showing him two companies that offer VPN services, then we tell him how to set up a VPN in OS X. Companies mentioned in the video: StrongVPN OverPlay Other VPN approaches we've covered in the past include Hamachi, HotspotShield, CJB and more.
China tightens grip on VPN access amid pro-democracy protests, Gmail users also affected
If you've been struggling to get your dose of Facebook or Twitter in China recently, then you're probably one of the many Internet users who've had their VPN access -- either free or paid for -- blocked over the last two weeks or so. That's right, the notorious Great Firewall of China is still alive and well, and leaving proxy servers aside, VPN is pretty much the only way for keen netizens to access websites that are deemed too sensitive for their eyes; or to "leap over the wall," as they say. Alas, the recent pro-democracy protests didn't exactly do these guys any favor -- for one, their organizers used Twitter along with an overseas human rights website to gather protesters, and with the National People's Congress meetings that were about to take place (and wrapped up last night), it was no surprise that the government went tough on this little bypassing trick. To make matters worse, PC World is reporting that Gmail users are also affected by slow or limited access, despite the service previously being free from China's blacklist. We reached out to a handful of major VPN service providers, and they all confirmed a significant increase in the amount of blockage -- possibly by having their servers' PPTP IP addresses blocked -- over the last two weeks. One company even spotted the Chinese government subscribing to its paid service, only to work its way into the network to locate the company's PPTP server list, and then put them behind the firewall. Fortunately for some, the better-off companies had backup servers to rapidly resolve the problem, whereas the cheaper and free services were unable to dodge the bullet. This just goes to show that sometimes you get what you pay for. That said, with practically unlimited human hacking power at its disposal, it doesn't take much for the firewall to shut down everything heading its way. For the sake of our friends and expats there, let's just hope that the government will take things down a notch as soon as the storm calms.
Samsung working with Sybase and Cisco to make Galaxy S II enterprise-friendly
BlackBerry may be the go-to enterprise smartphone platform, but Samsung is positioning its newly unveiled Galaxy S II as new contenders for the crown. To get there, Samsung's working with Sybase to bring far more advanced security to the handsets than stock Android offers, including control of individual applications and ports and also allowing for remote administration -- including admin-pushed app updates. Samsung also talked up the phone's Exchange compatibility and, with help from Cisco, the phone offers WebEx compatibility, VPN support, and VOIP calling. Know what this means? Your next corporate phone just got a lot more interesting.
How to guard yourself and your Mac from Firesheep and Wi-Fi snooping
The prevalence of free/cheap and open Wi-Fi networks in coffee shops, airports, offices and hotels is a great boon to the traveling Mac or iPad user; it makes connectivity and remote work much easier than it used to be. Unfortunately, since most of those networks don't employ WEP or WPA passwords to secure the connection between device and hotspot, every byte and packet that's transmitted back and forth is visible to all the computers on the wireless LAN, all the time. While certain sites and services use full-time browser encryption (the ones that have URLs beginning with https:// and that show a lock in the browser status bar), many only encrypt the login session to hide your username and password from prying eyes. This, as it turns out, is the digital equivalent of locking the door but leaving the windows wide open. Firesheep is a Firefox extension which makes it trivially easy to impersonate someone to the websites they log in to while on the same open Wi-Fi network. It kicks in when you login to a website (usually in a secure fashion, via HTTPS) and then the site redirects you to a non-secured page after login. Most sites that operate this way will save your login information in a browser cookie, which can be 'sniffed' by a nogoodnik on the same network segment; that's what Firesheep does automatically. With the cookie in hand, it's simple to present it to the remote site and proceed to do bad things with the logged-in account. Bad things could range from sending fake Twitter or Facebook messages all the way up to, potentially, buying things on ecommerce sites. That process is known as "HTTP session hijacking" (informally, "sidejacking") and has been a known problem for several years, but many sites have not changed to protect their users. Firesheep has made this process of sidejacking very easy, and a reported 104,000+ people have downloaded it. It is important to realize that the security problem exists for users of all browsers. Firesheep is available only for Firefox, but that's just the exploit side; it will gladly harvest cookies from Safari, Chrome, IE or anything else. Unfortunately, you've got to assume that any unencrypted site you go to while on an open Wi-Fi network is susceptible to compromise by this attack. Read on for some suggested ways to combat this security challenge. Photo by adactio | flickr cc
iPhone OS 4.0: Enterprise Features
Apple has posted an outline of what it believes to be the key enterprise features of iPhone OS 4.0. Third-party multitasking, enhanced security and mobile device management are among the marquee features. As a former IT director, I'm drawn in by mobile device management (MDM). Setting up individual pieces of hardware is a time-consuming hassle. New MDM APIs let developers integrate features like wireless configuration and update, remote wipes and policy compliance (no games, please!) into their apps. Additionally, wireless app distribution lets managers then install those apps over Wi-Fi and 3G. Apple also touts the unified email inbox and SSL VPN support along with pre-existing features like Exchange support. Still, there will be users who feel that the iPhone is a plaything when compared to the all-business Blackberry. May they enjoy their plastic QWERTY keyboards and multi-tasking prowess for years to come.
Ask TUAW: Silencing iPhone notifications, remote control a PC, printing over the internet, and more
Welcome back to Ask TUAW, our weekly troubleshooting Q&A column. This week we've got questions about controlling a PC over the internet, silencing iPhone email notifications at night, replacing a MacBook Pro SuperDrive with a hard drive, printing over the internet, setting iCal as the default calendar, and more. As always, your suggestions and questions are welcome. Leave your questions for next week in the comments section at the end of this post. When asking a question, please include which machine you're using and what version of Mac OS X is installed on it (we'll assume you're running Snow Leopard on an Intel Mac if you don't specify). And now, on to the questions.
LogMeIn to Mac users: No Hamachi² for you!
I'm not a fan of setting up Virtual Private Networks (VPNs). In fact, I've had so many issues with VPNs in the past that I now subcontract that work to a fellow geek who seems to have a knack for understanding the various settings. That's why I have been following Hamachi with great interest for the past several years.Hamachi is described in the Wikipedia as "a zero-configuration virtual private network (VPN) shareware application capable of establishing direct links between computers that are behind NAT firewalls without requiring reconfiguration (in most cases); in other words, it establishes a connection over the Internet that very closely emulates the connection that would exist if the computers were connected over a local area network."LogMeIn, a commercial firm that produces both free and subscription services for controlling other machines, sent out an email to customers on Thursday touting Hamachi², their implementation of Hamachi. LogMeIn has been deeply involved in Hamachi development, so the announcement was expected. What I didn't expect to see was that they've left both Mac and Linux users out in the cold. I quickly jotted off an email to LogMeIn and received this response: "Mac is not currently supported, we do plan on adding support for other platforms but do not have an ETA at this time." For quite a while, there was an open source project called "Hamachi X," but it's no longer supported. Another developer took on the task of creating a Mac OS X and Linux Hamachi client called Hamachi Sidekick, which is a GUI to a command-line Hamachi tool. Unfortunately, LogMeIn also pulled the Mac OS X command-line interface (CLI) version of Hamachi, so there's no way to even try the CLI tool or Hamachi Sidekick now.LogMeIn may tout Hamachi² as "a VPN that just works," but for Mac users, it just doesn't work.
Securing your iPhone web traffic with Hotspot Shield
Have you ever wondered whether the wifi data you send and receive with your iPhone or iPod touch at the local coffee shop or airport is secure? Well, I bet if you hadn't wondered that before, you are now. It's easy to forget that inside that cute little handheld device live the guts of an actual computer, and likely a lot of personal data. Depending on your surfing habits, you could be sending and receiving personal information in a non-secure way over public wifi. If you're concerned about your data's safety, consider using Anchorfree's Hotspot Shield free VPN service. Hotspot Shield has been a great way to lock down your laptop's wifi for a long time now, and just recently they have released instructions on how to take advantage of their service on an iPhone / iPod touch. Pleasantly, the service does not require that a program be downloaded to your device, but rather takes advantage of the iPhone and iPod touch's built-in VPN functionality. My only gripe with Hotspot Shield is that it can sometimes be challenging to get the VPN to successfully connect. Anchorfree recommends performing a quick reboot of your device to get your connection going, but in my experience even that can be a hit-or-miss scenario. But it's still better than letting that creepy guy that keeps hitting on the barista peruse my http requests. 'Cause I'm not paranoid, but I'm sure that's what he's doing.
Friday Favorite: ShareTool
Another Friday Favorite, our weekly opportunity to get all sloppy over our most-loved applications. If you have an always-on Mac at home, a decent upstream connection and another Mac anywhere outside of your home network, you might find ShareTool to be as useful as I do. It allows you -- with an amazing degree of simplicity -- to access your Bonjour services on a remote machine as if you were still within your home network. It does this over an SSH encrypted connection (and also automatically sets up a proxy for secure web-browsing over the tunnel). Yes, you can get some of these benefits with a simple SSH tunnel, or you could set up a VPN using HamachiX, but the simple fact that ShareTool "Just Works" makes it my favorite choice for everything from screen sharing to iTunes streaming. I use ShareTool on a Mac Mini, with an Airport Extreme Base Station on a connection that gets about 800k average upload speed. iTunes streaming is flawless, and remote drive access is as good or better than just using SFTP. Setup is as simple as choosing a port (defaults to 22, the standard SSH port) to share on and hitting "Share" on your home Mac. After that, you can set it to start at login, and begin sharing on launch. Then, on your remote machine, you just need to enter an IP or domain and the port, and the rest is automatic. You can select which Bonjour services to enable or just go for broke and enable everything. I've got a static IP these days, but services like No-IP and DynDNS work great if you have a dynamic IP address. ShareTool can even handle updating the dynamic IP service for you, so you don't have to run any daemons. ShareTool is provided by YazSoft, and a free trial is available for download on the main page. The pricing structure requires a license for every computer, and a pair of licenses costs $30USD (5 for $75USD). YazSoft provides free updates within a major version number (1.x customers get all 1.x updates for free). If you're looking for an easy way to keep your entire home network handy anywhere you go, it might be worth a try.
Dragontech's ioBox-1000, your own private network
Have you ever dreamt of having your own, self-contained network in your house or office? Have you ever wanted to take full control of every aspect of a network -- banning, blocking, adding, limiting and deleting whomever you choose? Well listen pal, your egomaniacal dreams are about to come true, thanks to the ioBox-1000, a "network appliance" from Hong Kong-based Dragontech. Designed to eliminate servers and "centralize" networks, the company's odd looking purple box does a little of everything. The system, which acts as a wireless router, firewall, and VPN, as well as a mail, FTP and printer server, can also house your own, quasi-unique domain names (blank.ioboxusers.com), and includes a p2p blocker for when you really want to put the kibosh on your worker's / children's fun. The mysterious Dragontech claims all this power can be yours for less than $5 a day, which, assuming they mean $4.99, is $1821.35 per year. Enjoy, root.
Shimo 1.0
VPNs are a staple of corporate life nowadays. They create a secure connection from your computer to your company's computers using a 'Virtual Private Network.' This allows you to access company documents via public networks in a secure fashion.Cisco is a big player in the VPN market, and luckily for us OS X users there is a Mac client that allows connections from Macs to Cisco VPN appliances. Sadly, it sucks. The interface isn't Mac like, and while it works it doesn't offer up any nice features like Keychain integration or automatic reconnects. Enter Shimo, from nexUmoja. This little program offers up an alternative UI to the Cisco client that adds a number of features including Keychain integration, Growl notifications, and auto reconnecting.All of this is great and as a user of Cicso's VPN client you would think I would use this without hesitation. Sadly, the whole point of VPNs is to make your communications more secure, and I simply don't trust a third party app sitting between my encrypted data and the Cisco VPN appliance. That's just me though, I'm slightly paranoid.
