Some Useful Proxy Definitions

If you’ve searched around looking for secure proxies to use, you’ve probably come across these three definitions -

  • Transparent Proxy
  • Anonymous Proxy
  • Elite Proxy

Now none of these definitions are set in stone, but they’re used in most sites to describe the different level of security and privacy afforded by a particular proxy.  The three definitions are explained here on this video

However if you don’t want to listen to the video, here’s the basic concepts.

Transparent Proxy
This is a very basic proxy server which actually provides very little security or privacy. This server simply forwards all parts of the request without any restrictions at all, this includes your real IP address. The web site you visit will be aware of your real address and the fact that you are using a proxy to access. It’s commonly used merely to speed up internet access, particularly by caching popular pages. If you want some security or privacy, then you need to use a different type of proxy server.

Anonymous Proxy
These are probably the most common form of proxies particularly if you’re looking at free ones. This server will hide your real IP address from any web site you visit. However it will normally forward some information in the form of HTTP headers. This could include information about the proxy software, the IP address of the proxy etc. It does offer a certain level of privacy in that it will normally protect the client address, however a lot depends on individual configuration settings.

Elite Proxy
This proxy offers the highest level of security and privacy similar to a VPN but not necessarily with the encryption. Not only does an Elite proxy hide your real address, but it also hides it’s own existence as a proxy server. Many sites block access to clients who are using proxies so this can be very useful. The elite proxy server should forward the absolute minimum of information required and should look like a normal client itself. Again though a lot depends on how it is configured, some Elite proxies are much more secure than others. Also just because something is labelled ‘Elite’ on a web site does’t necessarily make it true!

Russian Internet Crackdown – the Digital Gulag

It’s quite ironic that Edward Snowden who has blown the lid on so many assaults against our online privacy and free speech has ended up in a place like Russia.  After all he is on the run from the US government, you’d kind of hope to end up in a country where free speech is even more precious than  to the Americans, believe me Russia isn’t that place.

internet-russia

In fact the Russian’s seem to be powering towards the sort of online repression that usually is the domain of dictators in Islamic Republics (or China of course!.  Vladamir Putin has overseen the implementation of some seriously restrictive and slightly crazy internet laws and regulations.

It started in 2012 with the Russian blacklist – a government list of websites which had to be automatically blocked by Russian service providers.  The list was cited to contain illegal content such as child pornography, drugs, self harm web sites and political extremists – of course this was how it was promoted.  A list of nasty stuff that nobody could possibly object to, the law was passed and the infrastructure put in place to allow the internet filtering to work throughout the country.

Job done, the next bit was simpler -a slight addition to the law which allows the Russian Government to add any web site it sees fit to this blocked list.  There is no court order or permission required – any website can be added to this extensive list almost in complete secrecy.   The official line is that the website would be something that did the following  -

“calls to riots, extremist activities, the incitement of ethnic and (or) sectarian hatred, terrorist activity, or participation in public events held in breach of appropriate procedures.” 

Of course in reality this pretty much will mean absolutely any website they like, given that no public scrutiny is required to add the site to this register.   If you criticize the government or Putin in any way, expect your site to be added to this list.  It goes without saying that using simple methods like Smart DNS to access blocked sites in Russia is not sufficient, you need encryption and anonymous methods to stay safe.

There’s more though, much more – a whole raft of crazy, controlling and oppressive laws designed to control, intimidate and manipulate the web in Russia.   They’re grouped under so-called anti-terrorism laws but you can be certain that they will be used in many other ways.

How about this one, regarding electronic money transfers – lots of limits especially on anonymous online money transfers.  Russians won’t be allowed to spend more than $450 from such accounts in a single calender months, or single day transactions would be limited to under $30.  If you overstep these you could risk being caught in this terrorism legislation!  So be careful paying for those downloads, online services or even a take-away from certain accounts.   How these will be monitored, enforced or by whom is unsure – but I suspect even the KGB would have difficulty keeping track of all that information.

However even more manpower will be required for other aspects of this bill, there are extensive obligations being placed on anyone who owns, or runs any sort of website including blogs, forums up to the big global operators who have a presence not blocked in Russia.  They will be required to store all information

“about arrival, transmission, delivery and processing of voice data, written text, images, sounds and any other sorts of action”

So that’s basically saying absolutely every piece of information that is passed between any site and a user – must be logged and archived for a minimum of six months.  The owners of these sites – and let’s remember this includes simple one person blogs  - must also inform the Russian security services when users first register or use their sites, and whenever they’re is an exchange of information.  Basically if you run a cooking blog, you’ll also have to set up a Stasi style monitoring department to spy on your users too.

If you don’t follow these rules, you’re likely to face at the very minimum fines ranging to six thousand dollars per offence – which will likely be needed to pay for all the extra security staff to sift through all this spying data !

Apple ID/ICloud Temporarily Locked

With rather apt timing, considering my last post – I had this very convincing email arrive today.  Now many of you may have received the same, but it’s a perfect example of what I was talking about – the quality of phishing emails with dodgy links embedded is growing by the week.  It’s actually very old at least three years, yet the format and presentation has improved over the years and it looks much more convincing nowadays.

Here’s the Apple ID Email spam I got – the white marks are where my correct email address where inserted.

Apple ID Temporarily Locked

 

It’s basically suggesting my Apple/Itunes account has been hacked and to save it I need to authenticate the password.   Now it looks pretty convincing, the format is nicked entirely from a genuine Apple email.  My real email address has been inserted in the text, which makes it look more genuine.  The support link is completely correct so if you clicked to validate the site you’d come to the real Apple ID support site.

In fact the only thing that is wrong with this email is the link for verifying your account – which takes you here.

Apple ID Scam

 

Again a genuine looking page, (in fact a direct copy of the Apple ID login screen), just hosted on a very dodgy sounding domain – www.icloudsecuritydepartment.co .   If you proceed you’ll be have to supply not only your Apple ID but credit card information and other personal details.  Those will of course end up in the hands of cyber criminals fully able to cause some serious damage to your financial status!

There’s every reason to believe these are going to get better and better in quality, more likely to be specifically targeted (Spear phishing) and much more difficult to spot.  At the moment the real giveaway is the crappy sounding domain/url that you have to type your details in, but there are ways of redirecting these and masking the true destinations.

Basically never click on a link sent to you in an email, particularly if it asks you to enter any personal details what so ever. Legitimate companies never send these links, so you should never use them.  If you want to visit or login into a site then go directly to their URL or use your own link (although I’m waiting for an attack that starts modifying peoples bookmarks!).

If it’s in an email then basically you should be extremely suspicious, look for reasons why it may be false.

 

Beware these Facebook Knickers

It’s getting pretty tough out there on the web, and now the once fairly safe world of social networking is getting dangerous too.  Now I’m paranoid, really paranoid online and allegedly should know what I’m doing – have some of the best security certifications and tons of Microsoft exams (although did cheat a bit on those – sorry Bill), and a bit of a DNS star.  But I am getting pretty darn close to clicking some sort of virus ridden link, this stuff is getting very real, very quickly.

A few years ago, most of the online scams involved extremely crap emails (usually from Nigeria) with hopeless stories about dead relatives/princesses/benefactors wanting to leave money/etc/etc . Their spelling and grammar was awful and they used words like ‘modernity’ which made you think what the f#ck is going on.  This was good, it was stupidity, perhaps desperation but at least the damage was minimized but still wide scale misery for many perhaps too trusting individuals.

It’s changing though, and changing quick – the crappy scam emails from Nigerian benefactors are going, they are now different – plausible, well written stuff with occasional deliberate spelling mistakes added for realism.  What’s worse for the depraved, drunken, half witted (I qualify on several) they’re getting subtler.

How about this – appearing on your Facebook page.

virusknickers

 

Let’s be all professional here – it’s a picture of a young lady standing in her underwear at the start of a video.  For a start, most males under 80 would by now have clicked on the image and I can’t say I blame them.  It looks like a webcam, it looks like she’s going to take some more stuff off.   But what happens is you get prompted to install an update to Adobe Flash before you can view it. Which let’s face it sound legit and many would proceed, this is the point where you’re caught and all the dodgy stuff gets installed on your computer – oh  f**K you may think.

It’s worse because it’s in a safe feeling environment like Facebook, you think you’re protected, but you’re not. I confess I would have fallen for this myself, my security training would have counted for nothing – I was saved by my OCD.  Come on girl, hang that bag up somewhere properly, don’t leave that red sock on the floor.  I am aware of how sad I have become.

It’s clever on many levels, the video appears to play for a few seconds (but not really just part of the image), all urls are shortened and encrypted.  The end result is that it installs a Trojan Agent which spreads via your Facebook account.

So the conclusion?  She may be a hacker’s deception, but I wish I could have watched the real video.  Perhaps they’ll send the real one out next week ;)

Russians Caught Out by IP Address

It’s astonishing to think that a Russian state media channel would go around changing Wiki pages in order to pass blame in a different direction. But possibly even more amazing that they were stupid enough to do it from a PC connected with an IP address registered to their company, no proxy or VPN like this!

So what’s happened is that a journalist or other person employed by the All Russia State Television and Radio Broadcasting Company (VGTRK) has sat in the office and changed a story about the Malaysian Flight MH7 air disaster.

IN the very likely true initial version the sentence read -

“by terrorists of the self-proclaimed Donetsk People’s Republic with Buk system missiles, which the terrorists received from the Russian Federation,”

However an hour later that was modified to this -

“The plane was shot down by Ukrainian soldiers”

Maybe they were hoping that the edit wouldn’t be noticed, in fact it was picked up by a Twitter bot, but the reality is that the edit would be visible for years to come. Russia seems to have lost a bit of ground in the digital propaganda wars, modifying such visible sites whilst using an IP address registered to the Russian government is a bit hopeless unless you wanted to get caught and look even more guilty!

russianwiki

It seems that the realisation that we are all tracked and logged by our IP address still seems to have not dawned many. I mean you would have thought the Russian Government would have a few paranoid ex-KGB types to figure this stuff out. Reports are all over the news with American and UK agencies routinely monitoring huge amounts of internet data. Sneaking an edit into a Wikipedia page, looks rather amateurish especially without using a fake ip. It’s rather good to know that there are a lot of Bots out there routinely monitoring activity on these sites from known addresses of the world’s governments.  Although it also worries me slightly that they keep catching them out so easily.

Divine Internet Filtering

Now I’m not very religious, but have no real problem with those who are.  Obviously, excluding those who want to kill me, blow me up or have me imprisoned – anything like that.  It’s just secular governments seems to work better, at least with regards to democracy simply because most places have many people of differing faiths – I’d argue history supports this view.

It also I think works best with other areas, such as internet access. For example Saudi Arabia, has a very fast and efficient telecoms infrastructure,  the speed in some of Riyadh’s 5 star hotels is absolutely incredible, absolutely no buffering over Wifi while watching BBC iPlayer.  But unfortunately with this 21 century technology, comes an almost medieval implementation.

I am referring to the way that Saudi Arabia censors the internet, or specifically the ISU who are based at the King Abdulaziz City for Science and Technology.  For a 21st century techno geek like me, alarm bells started ringing when I read the ISU statement on why they filter the internet -

God Almighty directed humanity in the Nobel Qur’an in the words of His prophet Joseph: “He said: My Lord, prison is more beloved to me than that to which they entice me, and were you not to divert their plot away from me I will be drawn towards them and be of the ignorant.  So his Lord answered him and diverted their plot away from him, truly, He is the All-Hearer, the All-Knower”  Yusuf(12):33-34

You can see the filtering statement here.

http://www.isu.net.sa/saudi-internet/contenet-filtring/filtring.htm

Now I’ve written a fair few, acceptable use policies in my time, but I confess I rarely reference religious scriptures. It will come as no surprise to find that in general the internet filtering operated by the Saudi Government tend to focus on repressing opposition and promoting their religious beliefs.

The sort of sites that are blocked are things like the Saudi Human Rights organisations, Free Speech Coalition and the Voice of Saudi Women. Lots of journalists are filtered, in fact they once blocked all of blogger because of a couple of blogs were being used to raise awareness of issues within the Kingdom of Saudi Arabia.

saudi internet filter

This is the cheerful message you get if you try and access one of the many thousands of blocked websites. Be especially careful in Saudi Internet cafes were hidden cameras were installed in 2009 and the proprietors are forced to supply names and addresses of customers on demand.

They use a system called Smart Filter to block access to all these websites. It’s nothing very complicated though and most people are able to bypass using proxies, VPNs or specialised software – like this.

Using DNS to Fightback

There’s a lot of information on this site, about the various methods used to filter, block and deny access to specific websites. Content filters, geo-blocking and firewalls now form part of the internet’s infrastructure rather than existing in isolation to protect genuinely secure networks. Of course, there have always been ways around them and in reality if you had something like the portable version of Identity Cloaker stored on a USB drive, you were normally able to bypass them. But in reality most people wouldn’t want to get involved in the world of proxies, VPNs and encryption because basically they just wanted to watch stuff online.

After all if you’re faced with a big shiny flat screen Smart TV, and you find you can’t watch a video on YouTube or The Simpsons on Hulu – then downloading PC software is not going to get your far. The reality is that we access the internet in so many different ways nowadays and via a computer is just one of these. In my home just for an example, the devices capable of browsing the internet include computers, tablets, phones, TVs, an Xbox and a WiiU and probably more. The challenge is to enable those devices to have unrestricted access to specific websites, not just the computers.

There in lies the difficulty, you can’t install PC based software on your phone, TV and Games console. The most you’ll be able to control is the device’s network settings from some generic menu like this -

wiiu-networksettings

This will be the same for your phone, Smart TV and tablet – most devices will allow you access to these settings somehow. Although there are some which don’t – the annoying Roku won’t let you manually change all these network settings for some reason ( Geek Note : although you can remotely assign them through DHCP).

Fortunately now this is all it takes is to use Smart DNS – which you can see from this video demonstrating the procedure on an iPad.

So to bypass all but the most fiendish network blocks all you need to do is to be able to manually alter the DNS settings. Unlock BBC iPlayer, Hulu, Pandora and Netflix on any electronic device you need, just by using Smart DNS.

It’s a wonderful piece of technology, designed to bypass the commercialism and control that corporations are seeking to impose on the internet user. It’s simple to use, cheap and doesn’t impact your connection, so I thoroughly recommend it. Remember the video above – Change DNS iPad settings enables Smart DNS on the tablet but it works the same on any internet enabled device, just find those network settings and change your DNS server to a Smart one.

What’s a VPN and Do You Need One?

There is no doubt that the term VPN causes much confusion throughout the IT industry never mind the public.  This is due to a number of reasons, but the confusion is largely to do with evolving technologies and how VPNs adapt with them.  The traditional definition of a VPN (Virtual Private Network) is as follows;

A private network for voice and data built with carrier services.

It’s a definition that was perfectly adequate for many years however, more recently, a VPN has come to describe the establishing of private and encrypted tunnels through the internet for transporting voice and data. So here’s some more up to date and hopefully more accurate definitions as described by the LAN Times Encyclopedia of Networking -

  • Voice VPN – a single carrier handles all your voice call switching. The ‘virtual’ in VPN implies that the carrier creates a virtual voice-switching network for use by utilising it’s own switching equipment.
  • Carrier-based voice data VPN – Packet, frame and cell switching networks carry information in discrete bundles (packets) that are routed through a mesh of network switches to their destination. Carriers can program virtual circuits into these networks that simulate dedicated connections between perhaps specific sites or locations (within a company’s control). A web of these virtual circuits can form a virtual private network over a controlled packed switched network.

The new guy on the block and the most likely technology if you see it mentioned on the internet outside the IT department is this -

  • Internet VPN – an internet VPN is similar to the previous two definitions except that the IP-based internet is the underlying network.

So in definition an Internet VPN is simply a secure way to move packets across the internet using specialised equipment. It can be done using a variety of methods using a Transport mode, encrypting just the payload and leaving the headers readable so the packet can be forwarded by any hardware across the internet. The other method is Tunnel mode, which can be used with protocols like IP, IPX and SNA to encrypt and encapsulate into new IP packets for distribution, this technique is more secure as it also hides both the source and destination of the packet as well.

A Tunnel mode Internet VPN is probably the most likely technology that is being discussed when you see and hear discussion of a VPN online. Here’s a practical example of one of the commercially popular VPN technologies available on the internet, for an individual who doesn’t want to invest in the extensive infrastructure required – this is an example of how you can buy VPN online.

Here you can see a low cost, highly secure internet VPN which can be used to provide security, hide all your online activities and obscure your exact location from any web site you visit. This particularly has become much more important over the years with the rise of geolocation, where web sites block access based on your location. Using a VPN tunnel you can change your virtual location at will, which millions now use as useful tool to watch websites that are normally inaccessible to them.

Changing a Device’s IP Address – Region Free, Smart DNS

Wow what a geeky title,  well hopefully this post isn’t too dull but it’s inspired by a few emails I’ve been having.  Now a lot of us, are living a pretty region free life online, with the use of certain programs and services we are not blocked and redirected based on our location.  So I don’t have to watch the vastly inferior version of Netflix just because I’m currently in the United Kingdom, I can watch the US Version instead or when travelling I can watch the BBC iPlayer abroad!  It’s all pretty straight forward on a computer, laptop or smartphone – load up the program, switch servers or  use a Smart DNS service and you can choose your own virtual location with a false IP address.

But of course the world is not that simple, and many of us have different devices that are getting blocked.  Media streamers, Smart TVs and there are even NAS disks which can download stuff from sites for you automatically. These just like our computers can get blocked based on their location too, and there’s no obvious way to install programs like Identity Cloaker or mess around with network settings.  Now obviously installing a sophisticated security program written for a PC or MAC isn’t going to work but how about the smart DNS services that a couple of the leading VPN/Proxy providers have developed.  These services work across all sorts of platforms – phones, games consoles, Smart TVs, tablets and computers – in fact virtually anything which has access to the internet.
Here’s the Smart DNS Service I Use -

Click Here for 14 Day Free Trial

Just in case you don’t know smart dns is a sort of halfway house to unblocking blocked media content online.  It basically routes part of your connection through a specific server using your DNS settings.  So you’ll establish initial connections through a US proxy server for instance and then stream directly through your own connection.  It works great for unblocking restricted media sites like the BBC for example.  All you need to do is enable your IP address with a Smart DNS service and then change your DNS settings on the device you need.

So I Can Change the Location of a Device like a Roku, Boxee or a Smart TV?

Yes you can but this isn’t always obvious, because many devices don’t let you alter or change network settings like DNS servers.

How Can I Change Roku Network Settings

How Can I Change Roku Network Settings

So let’s take for example this device, the amazing Roku which really is that big!  This device allows you to stream content directly to a TV via a HDMI cable.  Most people use it to access Netflix, Youtube, BBC Iplayer and channels like that.   But it is a network enabled device and is therefore affected by the location of your IP address – so stick a Roku on a TV in the USA and it won’t get BBC Iplayer for example.

Smart DNS should be ideal for this sort of situation, it’s not a full blown VPN connection but should be enough just to fool the media site into the location you specify.  Except the Roku has no network configuration settings, you can’t directly modify it’s IP address or specifically it’s DNS server.  Perhaps these are blocked for a reason, I suspect companies like Netflix wouldn’t want people to be able to access these settings – but who knows?

However you can modify the settings in most cases either on your router directly or by using DHCP which is the protocol that sits on your routers, Wifi access points and modems which dishes out IP addresses for all the devices on your network.

netgearWNDR4500

Here’s the settings on my Netgear router which allows the device to allocate IP addresses on my internal network – you allocate a range – 192.168.1.1-192.168.1.254 in this case and each device will be assigned it’s own address when connected to this network.

On a full proper DHCP service, alas not on this particular router, you can also specific other details including which DNS server to use.  You could also set up your own DHCP server on a computer to allocate, their are loads of free versions you can use.  For Smart DNS to work you need only assign the specific Smart DNS server to the device you wanted to work.  So I could assign a specific DNS server to my Roku remotely, which could either be a US, UK or any country enabled by the service you use.

In my situation with this router, I would just assign the Smart DNS setting to the router itself in the DNS settings. All this does is enable everything in my network to use  the Smart DNS setting which in many cases is more suitable for people.

DNS Settings on Router

These are normally in internet or LAN settings on your router, instead of getting them assigned from your ISP specify the Smart DNS ones you’ve got from your provider like Overplay.

If you’re lucky the DHCP service on your router will allow you to specify the DNS settings like this TPlink one.

assign-dnsto-roku

So you would simply assign your Smart DNS settings to your devices by assigning them in the DHCP scope.  So everything on your network would get assigned this DNS servers including your Roku, Boxee, Ipad or whatever.  If you want some devices to have different DNS settings then simply assign them locally on the device, they won’t be overwritten by DHCP.

This video is useful -

You can find it on YouTube it’s about Smart DNS

I should however urge a word of caution particularly due to my tests.  The above works fine for most devices for assigning network and DNS settings to devices on your network.  However it doesn’t always fool the media site  on some devices for some reason.

I can use Smarty DNS on any number of devices like computers and phones to access the US version of Netflix when in the UK for example, but it just makes my Roku stall when connecting **. The server works fine and is assigned but there’s something telling Netflix that my Roku is not in the US – so please bear that in mind before buying big subscriptions for these services before checking.

There’s a post on using a dedicated UK IP proxy here

Update:

This is no longer the case, not sure if there was a problem with my Roku or the firmware, but this now works fine.  Just update your router with the Smart DNS settings and you can switch between whatever version of Netflix you need.

 

 

Why Can’t I Use a Proxy

We’ve all been there – you’re stuck in work or school, and frankly bored out of your brain.   Sure you have internet access but all the most interesting sites are blocked -

  • Facebook Blocked
  • Youtube Blocked
  • MySpace Blocked
  • World of Warcraft (games and forum) Blocked

So why’s it happening and what can you do about it?

Your company or school controls your access to the internet at several points and is blocking your access at several levels.

The first control is probably through their own proxy server.  If you go and look in Tools/Internet Options/Connections/LAN Settings or  something like that in different browsers you’ll probably see a proxy server set.  That address will be a server controlled by your company where they force all internet traffic.  If they’ve done a decent job you won’t be able to change this.

The settings will normally be deployed by something called GPO (group Policy Objects) which are the way most organisations control what their computer looks like.  These apply settings like specific desktops, screensavers, Internet Explorer settings each time you boot up your computer.

Therefore absolutely everything you request goes through the company proxy server.  You might think you’re being clever searching for ninja proxy sites on the internet but I’m afraid you’re not.  All you are doing is creating a log of you searching for ‘ninja proxy sites online’, and letting administrators know you want to bypass their settings. The proxy server will be set to filter out all such requests by a variety of methods.  The most common one will be a huge list of URLs containing all the dodgy one page, Glype proxy installations online.

So you need to bypass this proxy server or do you?

If the organisation has their network set up properly then even by using an alternative browser or modifying the proxy settings in IE will not work anyway.  The reason is that your company firewall, the hardware device which controls all the traffic in and out of your network should only allow web traffic out from one specific address – the proxy server.   So forget about specific IPs, free web proxies or anything specific like a UK IP proxy until you figure this part out.  Remember in this scenario if you bypass the company proxy then your request will not get through, it needs to come from that specific IP address or it will get blocked.

Then a couple of things might happen -

  • The alert will be flagged on the firewall (Web requests from an incorrect internal client)
  • The administrator will track down the PC and find out it’s been modified.

But don’t worry in reality probably nobody ever looks at  the logs and most firewalls generate so many alerts that nobody ever looks at those either.

The point is your searching for online web proxies is simply a waste of time.  To bypass most corporate proxies you need to go through that proxy and not around it.  Through it because any other originating IP address will get blocked and may possibly  wake up your IT Department.  But you need to stop the proxy blocking access based on the content (what you are requesting) and the URL (the actual site you want to visit).

There are two things you can do to allow this – first you need encryption so that nothing can see inside your web request and secondly you need some low key server outside the network to relay your request.  These two requirements if implemented correctly will allow you to tunnel through any corporate network firewall or proxy and also keep your surfing private from the administrators and logs.   I should point out that the new generation of Smart DNS servers like this, may be more effective in a lockdown environment that standard proxies although it’s likely you’ll need admin access on your local pc in order to modify the network settings, as generally these will all be assigned automatically via DHCP.