vpn
Latest
Turkish ISPs make getting to YouTube a little easier, but haven't unblocked it yet
Even after the unbanning of Twitter and a court ruling in Google's favor, YouTube is still blocked in Turkey. Accessing the video streaming site did get a little easier today however, as the Wall Street Journal has confirmed residents can once again use DNS servers from Google, Level3 and OpenDNS that will route them around the block. More easily implemented than using a VPN, it finally reopens access via those servers after they were blocked ten days ago. There's no public statement available from the ISPs or the Turkish government, but hopefully unrestricted access to the best YouTube has to offer is coming soon.
Here's how the NSA can collect data from millions of PCs
We know that the NSA has been ramping up its efforts to collect data from computers, but it's now clear that the intelligence agency has the tools to compromise those computers on a grand scale. Information leaked by Edward Snowden to The Intercept has revealed that the NSA has spent recent years automating the way it plants surveillance software. The key is Turbine, a system launched in 2010 that automatically sets up implants and simplifies fetching data; agents only have to know what information they want, rather than file locations or other app-specific details. A grid of sensors, nicknamed Turmoil, automatically spots extracted info and relays it to NSA staff. The combined platform lets the organization scrape content from "potentially millions" of PCs, instead of focusing only on the highest-priority targets.
FreedomPop's new smartphone keeps your calls and data private for $189
When surveillance agencies collect large volumes of cellular data, it's easy to understand why you'd want an extra-secure smartphone. Those devices aren't always affordable, though, which is why FreedomPop has launched the Privacy Phone for $189 contract-free. It's ultimately an old Galaxy S II, but its software boasts some strong secrecy measures -- all of its internet-based calls and messages are encrypted, and data goes through a virtual private network (VPN) that masks your identity. Don't count on total security. FreedomPop isn't using more than 128-bit encryption, and VPNs aren't always safe from prying eyes. Still, the Privacy Phone may fit the bill if you're looking for better-than-usual anonymity at a low price.
Back off, NSA: Blackphone promises to be the first privacy-focused smartphone
You may never have heard of Geeksphone, unless you take a particular interest in Firefox OS, but the Spanish manufacturer could be about to garner some global attention. It says it'll launch a new handset at Mobile World Congress next month that will prioritize privacy and security instead of all the intrusions that smartphone users usually have to put up with from carriers, advertisers and the occasional government agency. We're looking at an Android-based phone with a "top performing" processor and a cellular module that will be unlocked, free of geographical restrictions and compatible with any GSM network. In place of carrier bloatware, we're promised a skin called "PrivatOS" that will allow you to make and receive secure phone calls and text messages, store files securely and browse the web privately through an anonymous VPN -- services that are largely already available from Silent Circle, which happens to be a key partner on the Blackphone project. That's pretty much all we know for now, but pre-orders will begin sometime during the last week of February, and by then we hope to have hands-on impressions and a better understanding of how Blackphone will be different to BlackBerry encryption, Samsung's Knox service and other more established rivals.
How to defeat the 'Great Firewall of China' with an iPhone
Visitors to China are often perplexed to find that they can't access Twitter, Facebook or other sites. The reason isn't that they don't have access to cellular or WiFi networks; instead, it's state censorship and surveillance courtesy of the Golden Shield Project, aka "The Great Firewall of China." Roman Loyola at TechHive recently visited Beijing and used the trip as a research opportunity to see how visitors with iPhones can bypass the Great Firewall and tweet their trip to friends back home. It turns out to be somewhat easy; you just need to have an unlocked GSM iPhone and then purchase a SIM card when you arrive in China. Before you leave, though, you also need to sign up for a virtual private network (VPN) service. Loyola highlights two in particular -- Express VPN and AirVPN -- and taps Express VPN as being much easier to set up. During his time in Beijing, Loyola says he was able to hit Apple, Bing and Instagram without resorting to the VPN. However, Facebook and Twitter weren't available. That's where the VPN came in handy, and Loyola mentioned that other than a noticeable four- to five-second lag when sending a tweet or posting on Facebook, everything worked well. It's a good read for travelers, and an absolute must for those who live or work in China and want unfettered access to the internet. As Loyola points out, "the Chinese government is actively (and endlessly) trying to prevent the use of VPNs to access the 'outside world,'" so it's possible that the methods described in his post may change in the future.
Apple details iOS 7's improved business credentials
While iOS already has a place in the corporate world, that spot isn't guaranteed when there's competition with both a renewed BlackBerry and Samsung's Knox. Accordingly, Apple isn't leaving anything to chance: it just posted a page explaining the business-friendly iOS 7 features that it teased at WWDC. The biggest improvements for end users may be enterprise single sign-on and per app VPN, both of which will save hassles when launching work apps. IT managers should have it easier as well -- iOS devices can join Mobile Device Management as soon as they're activated, and a company can assign apps to individual users without losing control. There's considerably more features than we can list here, but it's clear from a cursory glimpse that Apple likes its foothold in the enterprise.
iTwin Connect updated with Mac support, offers inter-OS personal VPNs
Back in 2009, we might have been a little, well, acerbic in our reaction to the initial iTwin. Yet here we are in good ole 2013, and the plucky USB networking key is alive and well. In fact, it was CES when we saw its latest incarnation -- iTwin Connect -- arrive offering (somewhat more useful) private and public VPN services. At the time this was for Windows only, but that's now changed. Mac users can get the same remote desktop, file access and aforementioned VPN functionality, that will also work between machines of both creeds. If you're on the fence about that $199 price tag, remember that comes with access to iTwin's own public VPN servers, and no subscription fee.
Apple changes its position on iOS VPN changes
Earlier this month, Apple posted a support document on its website with details on how settings would change for iOS users connecting to virtual private networks (VPNs). Now the company has done an about-face, updating the document to inform the public that the changes will not happen. The changes were made following a patent infringement lawsuit by VirnetX against Apple in which Apple was found to have violated a patent through the design of the popular FaceTime software. That loss in court cost Apple US$368 million, and the company made a minor change in the iOS VPN On Demand feature as a result. As Jacqui Cheng of Ars Technica explains, "The change was going to be relatively minor-devices with VPN On Demand configured to 'always' would instead behave as if they were set up to only establish a connection as needed." The latest document from Apple appears to indicate that it has come to an agreement with VirnetX and won't need to issue a software update to make the VPN changes. The document states that "Apple no longer plans to change the behavior of the VPN On Demand feature of iOS 6.1 for devices that have already been shipped. The 'Always' option will continue to work as it currently does on these devices."
Apple forced to change VPN On Demand for iOS due to lawsuit from VirnetX
Apple has announced changes to their VPN on Demand service for iOS devices following a lawsuit by VirnetX. The changes will only effect devices using iOS 6.1 or later. The move come on the heels of a US$368 million ruling against Apple, where a federal jury found the company had violated VirnetX patents. The lawsuit stems from Apple's FaceTime software, arguably among their most popular features. The same day the $368 million decision was passed, VirnetX filed another lawsuit against Apple, this time aiming for a judgment that includes products that were not released when the original case was filed. Apple has released the following explanation of the changes via their support network. Devices using iOS 6.1 and later with VPN On Demand configured to "Always" will behave as if they were configured with the "Establish if needed" option. The device will establish a VPN On Demand connection only if it is unable to resolve the DNS name of the host it is trying to reach. This change will be distributed in an update later this month. If the name of a host can be resolved without a VPN connection, you may see one of the following behaviors: If the host is a web server that presents different content to internal and external users, the VPN On Demand connection will not be established and you will see the external content. If the host is a web or mail server that has a name that can be resolved externally but cannot be contacted externally, the VPN On Demand connection will not be established and you will not be able to connect to the server. If you are using a public DNS service that provides an alternative IP address for hosts that it cannot resolve, the VPN On Demand connection will not be established and you will not be able to connect to the server. If you are using a VPN configuration that includes wildcard entries (such as *.com) that match top-level domains that are publicly accessible, the VPN On Demand connection will not be established when you contact hosts in those domains.
iTwin Connect turns a humble USB stick into your own VPN (video)
Passing files over the internet using iTwin's 256-bit AES encryption's all well and good, but wouldn't it be nice if you could use that connection for other things? Luckily for you, that's just what the iTwin Connect was designed to do. In addition to the usual file-sharing jiggery-pokery, the new hardware can let you surf via your domestic internet connection, control devices on your home network and play with your desktop from afar. Even better, the company is throwing in US, Asia and Europe-based VPN servers of its own, so you can still catch that episode of Duck Dynasty on Hulu if your primary machine's turned off. Despite the raft of new features on offer, the company isn't charging a regular subscription, so all of that will set you back a rather meager $130.
Hands on with WiTopia's VPN service
This week, I gave WiTopia's VPN a try. And to be quite honest, it wasn't exactly the experience I was hoping for. As I discussed in my first post on this topic, Virtual Private Networking offers ways for users to safeguard their data in public situations, when looking for privacy on their desktop computers, and when location shifting. I started my tests as a complete VPN noob. I wasn't sure what I was getting in for, or how well VPN would work with my setup. I resolved to test VPN in various situations and see how well I could still accomplish my goals. Bill Bullock of WiTopia was kind enough to sit down with me and introduce the service before I pulled out my credit card and signed up for an account. "If you're on public WiFi, you should be using VPN," Bullock told me. "It's a matter of education." I decided to test it both in the public situation, the most common VPN experience, as well as on my personal system. Don't forget to switch on the VPN My first lesson was this: using VPN must be a conscious choice. Although iOS makes VPN incredibly easy to use, it doesn't work until you switch it on. Remembering to do that while you're out must become a habit, one that I really struggled to master. When active, a VPN icon appears at the top left in your status bar. This lets you instantly check if you've enabled the service. If you see the icon below, you have. Setting up VPN The set up process was amazingly easy. I just added a new VPN entry, and entered my account credentials as instructed. (Hint: you need to add backslash W before your email.) Total set up could not have taken more than a minute. After that, my account was ready to use whenever I desired -- all it takes is a simple click to get going. What I didn't expect is that various servers provide differing performance levels, presumably based on general load. WiTopia offers dozens of servers. I found that the local Aurora-based server offered iffy response times, but by connecting to Kansas City (just a bit further east), I could obtain far more responsive Internet. Your experience will vary, of course. Because you're directing all your traffic through a server, a slow one can really limit your device's responsiveness. WiTopia offers a help article to assist with slow connections and offers 24/7 customer phone support. Bullock points out, "Another item to remember is you probably retain cookies and other identifiers to iTunes, etc. and that may have had something to do with slowed downloads. We have customers streaming Video all over the world (which is very bandwidth-intensive and finicky) , so if downloads were significantly slowed, beyond what may be normal because we're encrypting all the data, it is likely something that could be tweaked." You can location shift One feature a lot of TUAW bloggers were interested in was VPN place shifting. When you select a server, your location becomes that location. Use a Canadian server, you're in Canada. Use a UK server, you're in Britain. (Attn pedants: I checked and didn't see any for Northern Ireland, the Channel Islands, etc.) What did this mean? I was able to install and use the BBC iPlayer app and sample a variety of offerings. Geolimited shows that would not normally play back on my iPad were there for the viewing. (Attn Pedants: We at TUAW do not encourage or discourage geoshifting. The BBC website states "You need to be covered by a valid TV Licence if you watch or record TV as it's being broadcast", which does not cover replays. Consult an international lawyer to determine whether you should or should not engage in this behavior.) Location shifting, as much as it delights the heart of those whose home-team basketball game is blacked out, is not without its risks and frustrations. After finishing my tests and reverting to the United States, App Store kept giving me a hard time until I completely rebooted my iPad. These kind of problems were, however, much more frequent on my Mac versus my iPad -- probably because I use my Mac in a much more rigorous way. VPN on my Mac Setting up VPN on my new Mac mini was just as easy as on my iPad and geoshifting even easier -- mostly because I didn't have to type anything once I was all set up. To change locations, I just selected a server from a menu and connected. For the most part, I tried to stay connected to Kansas City -- although I did test out London and the BBC. VPN on a desktop computer is primarily about privacy -- keeping your activities, especially your searches, anonymous. Unfortunately, I found that VPN service often interfered with the tasks I was trying to accomplish. For example, I regularly ran into Google errors like these. Google was convinced that I was some kind of automated bot trying to compromise their service. and this A search on my IP address found it blacklisted due to use by spam bots. I also ran into difficulties working with iTunes Connect (as I was rushing to get out both an update and a new app), with IRC (which often would not allow connections on irc.freenode.net), and with my email server (which I fixed using a WiTopia help page, but I couldn't send email for several days). Downloads ran slower -- especially when trying to move massive quantities of data, including the latest Xcode beta for iOS 6.1, upgrading gigabytes of apps (mostly due to TomTom's 1.3 GB update), and re-downloading movies that iTunes "helpfully" removed to the cloud. After a point, I simply turned off VPN so I could finish my downloads sometime this century. Conclusions After doing my VPN tests, I am totally behind the VPN idea -- regardless of which reputable provider is used. However, for someone who lives by bandwidth and needs reliable Internet access, I'm not entirely sure I would use it 24/7. That's not because I wouldn't want to -- having my searches protected really appeals to me -- but because at least in this configuration, my work day was impacted enough to make it more of a use-with-public-WiFi scenario. My entire VPN experience is, as you can tell, quite limited. So please join in the comments with your person reflections on providers and work flows.
VPN for the rest of us: Interview with WiTopia
VPN, aka Virtual Private Network, is a technology that lets you securely share data across public networks. For the most part, when I think VPN, I typically imagine work-related corporate or federal government accounts, or people accessing the net in countries with excessive government surveillance. But there's a lot more that VPN can do. For example, it's an essential technology for sports fans who must shift the geographic location of their IP addresses so they can watch blacked-out sports from their broadcast region. It's also popular with travelers and coffee-shop-based tech workers who regularly access shared WiFi networks. Nothing harshes your caffeine buzz like having your passwords stolen from your over-the-air traffic. Many people use VPN because it's a work requirement. Others purchase a private account for one of the four reasons here: Security. They share public WiFI hotspots and want to protect their data at cafes, airports and hotels. They'd rather not share their personal credentials with identity thieves. Censorship. They need an end-run around corporate (no playing at the office) or government censorship (think China), so they can access services and websites that they'd otherwise be cut off from. Privacy. They want to avoid oversight, tracking and other privacy infringement by websites like Google. Region Shifting. They're looking to shift locations to access georestricted resources like local blacked-out football games or Hulu from outside the US. I recently had an opportunity to sit down with Bill Bullock, CEO of WiTopia, a personal VPN services provider, to chat about the technology. WiTopia has a good reputation at TUAW and several of our bloggers are customers. Its focus is on providing privacy and security for general users rather than aiming at the total-anonymity user base. WiTopia is practically a geriatric, old-age pensioner in this field, having been founded back in 2005. Bullock told me, "Before us, VPN was really thought to be mostly a corporate and government product. We were one of the first to put out a consumer market VPN." Bullock talked to me about security issues and why home users might want to invest in a VPN account. "Our VPN works over any connection across wires or Wi-Fi." Many consumers don't consider how vulnerable shared wired connections can be, but at hotels, users will still be sharing the same network. "If someone's in another room, they may be able to sniff your traffic." People often feel more secure on a wire, but their data is just as exposed. Sniffing your data, or monitoring the traffic eminating from your computer, is a potential problem at public hotspots. "There are a number of tools available that people with little technical knowledge can use. There's one called FireSheep that works right out of the Firefox browser. It could take over a person's Facebook account, Twitter account, etc. You could hijack a session and log into those services. It's an example of a very easy to use tool that a kid could use." Bullock described a number of other attacks such as one called an "evil twin" attack, where a hacker mimics a local hotspot, encouraging unsuspecting users to connect. It's a kind of WiFi phishing you might encounter at a coffee shop or airport. "You go to see what available wireless networks there are, one might be called FREE WIFI. This is a common thing that bad guys use, where someone advertises their laptop as a WiFi network. You're actually logging on to that laptop. At airports, there are lots of people with a laptop, so they blend in. You still get Internet access because they're hooked up to let you do that but all your data is going through their computer and can be seen and captured." By using a VPN connection to encrypt the traffic from your device, it protects you against these kinds of attacks. Even if you end up moving through a dishonest WiFi broker, they can't read your data. "If you're on public WiFi, you should be using VPN," Bullock said. "It's a matter of education. People used to leave their doors unlocked, but now they don't. Does that mean someone will break in the house? We hope not but WiFi is just radio, just like a radio station. Someone with a little bit of knowledge can capture all your data. They compromise your data and can steal your identity. We don't wish to spread paranoia but it only takes one time to really mess up your life." VPN can also be valuable to those who aren't on the move. When at home or at the office, privacy is the major driver to VPN services. "When you connect to the VPN, we assign you one of our IP addresses, so there's a level of personal privacy. Even if you do a Google search, where there will still be cookies, it gives you a level of personal privacy." Bullock explained that many sites track users by IP addresses. What's more, these addresses don't change as often as you might think they do. "Even with dynamically assigned IPs, I've kept the same Verizon IP address for over a year. If I don't have the VPN on, every search I do is tagged to this IP address and stored. "We all do searches on personally identifiable information. Most people don't want to think about it, but likely every search you have ever done in your entire life is stored on a server somewhere and mapped to a handful of IP addresses that can be identified as you. VPNs give you the ability to opt-out of this information gathering." With VPN you join a group of shared IP addresses that essentially anonymize you into a crowd. "We have thousands of addresses. It's a WiTopia address that's shared among many, many, many people. You get to be lost in the crowd; your ID is cloaked. All traces back to you stop at the Witopia gateway." Because of privacy and security, nearly everyone might consider a personal VPN account. The service works on Macs and Windows, as well as on mobile devices. "Apple has done a really good job of supporting VPN protocols. It's very easy to use on an iPhone or an iPad. You set it up once and after that just slide to ON in Settings. Two, three seconds later, you're ready to use the public WiFi hotspot at Starbucks." WiTopia's basic service costs US$50/year with unlimited data and city switching (in case you want to try out iPlayer or watch Hulu). If you don't like the service within 30 days, you can cancel for a full money-back guarantee. So, how does VPN work in real life? I'll discuss my experiences testing the service in my next post, where I go hands on with WiTopia. It wasn't all smooth going, but it gave me a lot to think about.
Hotspot Shield marks mobile anniversary, offers two-day giveaway
Dropbox isn't the only service celebrating a 100-million milestone this week; the desktop and mobile VPN service Hotspot Shield by AnchorFree is growing fast, and reports that it's passed the 100 million downloads mark for the PC and Mac product. The mobile version (reviewed here), launched one year ago for iOS and now also on Android, has made it past 3 million downloads and is growing by 20 percent per month. Hotspot Shield is celebrating the mobile anniversary with a Twitter-driven giveaway for a month's service. You can check out the details here. I generally dislike the tactic of cluttering your Twitter timeline with tweets for free stuff, and the iOS app already comes with a seven-day trial -- but if you need a month to see if it's worth subscribing, go ahead. The giveaway runs through Saturday morning Pacific time. The HS service does more than simply cloak and protect your Internet connection; it also provides data compression (very handy on mobile devices or slow connections) and filters websites for malware and other issues. Mobile service is available as an in-app purchase for US$0.99 a month or $9.99 a year.
DARPA-backed Power Pwn is power strip by day, superhero hack machine by night
Call the Power Pwn the champion of white hat hacking. Underneath that Clark Kent power strip exterior, there's a Superman of full-scale breach testing that can push the limits of just about any company network, whether it takes 3G, Ethernet or WiFi to get there. Pwnie Express' stealthy sequel to the Pwn Plug ships with a Debian 6 instance of Linux whose handy hacking tools are as easy to launch as they are tough to detect. There's just one step needed to create a snoop-friendly Evil AP WiFi hotspot, and the box dodges around low-level NAC/802.1x/RADIUS network authentication without any help; in the same breath, it can easily leap into stealth mode and keeps an ongoing encrypted link to give do-gooders a real challenge. The hacker doesn't even need to be in the same ZIP code to crack a firewall or VPN -- the 3G link lets the Power Pwn take bash command-line instructions through SMS messages and doles out some of its feedback the same way. While the $1,295 device can theoretically be used for nefarious purposes, DARPA's blessing (and funding) should help keep the Power Pwn safely in the hands of security pros and thwart more than a few dastardly villains looking for weak networks.
Samsung Galaxy S III gets enterprise-friendly version in the US, wears a Pebble Blue business suit
When Samsung launches its all-out blitz on the US with the Galaxy S III, it'll be targeting boardrooms as well as pockets: the Android 4.0 flagship will be the company's first American phone certified for its SAFE (Samsung Approved for Enterprise) program. Regardless of the carrier, the American Galaxy S III will handle 256-bit AES encryption as well as offer better support for Exchange, remote management and VPNs than what you'd normally find coming from a Google-powered device. Samsung describes it as a way to "defragment" Android for companies that want consistent guarantees of how the OS will behave in the office, and the firm is confident enough that it's offering trade-in discounts for those who want to swap an older device for the secure phone, whether or not it's part of a corporate deal. SAFE-ready examples should be arriving by July and could save you from having to bring an ancient company-supplied phone on summer vacation.
Good Technology debuts 'first secure browser' for enterprise Android deployments
Good Technology is touting the latest addition to its Good Mobile Access (GMA) Android software suite, a secure browser. The company's GMA offering gives corporate foot soldiers armed with a smartphone access to secure intranet resources without having to initiate a VPN session -- while simultaneously allowing IT folks to manage mobile ingress. By bringing a browser into the fold, Good's software will allow employees to access databases, resources and collaboration tools without ever having to leave the safe confines of GMA's sandbox. The software maker is targeting outfits with a bring-your-own-device policy in place (and war chests large enough to install the necessary back-end infrastructure). If you're interested in learning more, the full release awaits your review after the break.
US Cyber Command completes major cyber attack simulation, seems pleased with the results
The US Cyber Command is barely out of its infancy, but it's already crossed one milestone off its to-do list, with the successful completion of its first major test run. The exercise, known as Cyber Flag, was carried out over the course of a single week at Nellis Air Force Base in Nevada, where some 300 experts put their defense skills to the test. According to Col. Rivers J. Johnson, the participants were divided into two teams: "good guys," and "bad guys." The latter were delegated with the task of infiltrating the Cyber Command's networks, while the former were charged with defending the mock cyberattack and keeping the government's VPN free of malware. The idea, according to the agency, was to simulate a real-world attack on the Department of Defense, in order to better evaluate the Command's acumen. "There were a variety of scenarios based on what we think an adversary would do in real world events and real world time," Johnson explained. "It was a great exercise." The Colonel acknowledged that the good guys weren't able to defend against all of the attacks, but pointed out that the vast majority were recognized and mitigated "in a timely manner." All told, Cyber Flag was deemed a success, with NSA Director and Cyber Command chief Gen. Keith Alexander adding that it "exceeded" his own expectations.
Hotspot Shield adds iOS connection protection with inexpensive VPN
If you're a security-conscious web surfer -- or an international traveler who likes to maintain access to US-based video streaming or voice services -- you may already be one of the millions of users of AnchorFree's Hotspot Shield, one of the leading consumer virtual private network (VPN) services. VPNs have been a mainstay of distributed corporate workforces for years, but recently they've gained traction with everyday folk as well. This week, the company launched an iOS app that streamlines the connection process and adds bandwidth-saving compression on top of that, with a modest $9.99 yearly fee. The principles of a VPN are pretty straightforward. Normally, when you connect your computer to an unfamiliar network (wired or wireless), all your traffic back and forth is readily visible to anyone sitting on the same network segment; in the case of a public hotspot in a coffee shop, library or hotel, you might be sharing way more than you mean to. While many websites guard against snoopers by digitally protecting the login process with SSL encryption (that's the "S" in https://, indicating that the conversation between you and the remote site is protected), even that may not be enough to cover the bases. Last year, the Firesheep extension for Firefox demonstrated quite convincingly that on 'open' WiFi networks, even a secure web login might not be secure if the site drops the SSL encryption after the login process is done. VPNs protect against Firesheep and other eavesdropping as a side effect of their original intended purpose: creating a secure 'tunnel' between corporate or institutional networks and machines on outside networks like the Internet. The 'virtual private' part of VPN means that when you launch a VPN client, your computer is setting up an end-to-end encrypted connection with another computer someplace else, so you can access resources on that computer's remote network (printers, servers and such). All the traffic between point A and point B is incomprehensible to any other computers on those network segments, and assuming your VPN client is set up to route all your traffic through the remote server, you're protected from prying eyes at the next Starbucks table. While you might take a slight network performance hit from running a VPN, there are benefits beyond the security improvements. Since your tunnel is carrying all the Internet traffic to and from your machine, your VPN is acting like a network ventriloquist; it makes your 'voice' appear to be coming from somewhere else (in this case, the location of the remote VPN host). The advantages of this relocation range from the entertaining -- enabling sites like Hulu or Netflix to work for non-US users, or unlocking access to social sites like Facebook or MySpace from academic/business networks that block them -- to life-and-death, change-history important. If you're living in a country where control of the Internet is used as a tool of political repression, the opportunity to get access to the outside world via a VPN may make a huge difference. There's already a VPN client connection tool built into both iOS and OS X, so you're free to use most available VPN services with your Mac or your iPhone/iPad. The relevant acronyms are IPSec, PPTP and L2TP over IPSec; if your VPN host supports one of these protocols, you should be fine. You can check with your employer or school IT department to see if you already have VPN access that you can use for free. Going with a service like Hotspot Shield, however, means you don't need to think about that alphabet soup when you want to connect securely. Hotspot Shield's desktop offering is known for being dead easy to set up and use, so no surprise that the iOS app would aim for the same simplicity. Pick your plan (free seven-day trial, $0.99 monthly or $9.99 annual) and connect -- you can also adjust the image compression level that the app will apply to your browsing sessions, saving you room on your data plan in similar fashion to Onavo's app. The app runs gracefully in the background, protecting all your traffic (the app press release even cites iMessage exchanges as being guarded, but those already are covered by TLS encryption). If you're concerned about your mobile network security while using possibly un-guarded apps or websites, or you need to virtually relocate your connection, the seven-day trial of Hotspot Shield may be just the thing for you.
China tightens grip on VPN access amid pro-democracy protests, Gmail users also affected
If you've been struggling to get your dose of Facebook or Twitter in China recently, then you're probably one of the many Internet users who've had their VPN access -- either free or paid for -- blocked over the last two weeks or so. That's right, the notorious Great Firewall of China is still alive and well, and leaving proxy servers aside, VPN is pretty much the only way for keen netizens to access websites that are deemed too sensitive for their eyes; or to "leap over the wall," as they say. Alas, the recent pro-democracy protests didn't exactly do these guys any favor -- for one, their organizers used Twitter along with an overseas human rights website to gather protesters, and with the National People's Congress meetings that were about to take place (and wrapped up last night), it was no surprise that the government went tough on this little bypassing trick. To make matters worse, PC World is reporting that Gmail users are also affected by slow or limited access, despite the service previously being free from China's blacklist. We reached out to a handful of major VPN service providers, and they all confirmed a significant increase in the amount of blockage -- possibly by having their servers' PPTP IP addresses blocked -- over the last two weeks. One company even spotted the Chinese government subscribing to its paid service, only to work its way into the network to locate the company's PPTP server list, and then put them behind the firewall. Fortunately for some, the better-off companies had backup servers to rapidly resolve the problem, whereas the cheaper and free services were unable to dodge the bullet. This just goes to show that sometimes you get what you pay for. That said, with practically unlimited human hacking power at its disposal, it doesn't take much for the firewall to shut down everything heading its way. For the sake of our friends and expats there, let's just hope that the government will take things down a notch as soon as the storm calms.
Samsung working with Sybase and Cisco to make Galaxy S II enterprise-friendly
BlackBerry may be the go-to enterprise smartphone platform, but Samsung is positioning its newly unveiled Galaxy S II as new contenders for the crown. To get there, Samsung's working with Sybase to bring far more advanced security to the handsets than stock Android offers, including control of individual applications and ports and also allowing for remote administration -- including admin-pushed app updates. Samsung also talked up the phone's Exchange compatibility and, with help from Cisco, the phone offers WebEx compatibility, VPN support, and VOIP calling. Know what this means? Your next corporate phone just got a lot more interesting.