Category: ninja

Best UK VPN Access for iPlayer

Which is the best UK VPN Access provider with British based servers for BBC iPlayer?  It’s a difficult question, simply down to the huge choice that is available now online.  Years ago, I was involved in a project to install a Virtual Private Network (VPN) client on thousands of laptops in a large multinational company.  The laptops consisted of wide variety of hardware, lots of different language builds and each had different software installed (even some VPN client software which needed to be removed first).   One thing I did learn throughout this project is that VPN client software can cause all sorts of problems mainly concerned with network connectivity if it doesn’t work properly.

best vpn for UK TV abroad

Reliable Software is Important

This is why, choosing a reliable VPN service is so important. For most of us, an internet connection is why we use our computers, using a poor service will at best slow down your connection and at worse completely break it. A VPN needs to be well configured, maintained and supported both at the client and the server side to work quickly, securely and seamlessly.

In fact seamlessly is an important point, because the better a service is, the less impact it will have on your connection.  If your internet speeds plummet to a slow crawl as soon as you enable the connection then it’s going to be fairly worthless.

Most people need a VPN for the following reasons:

  • Secure their connection and personal details.
  • Access blocked websites like Hulu, BBC iPlayer, ABC and others.
  • Privacy

There are other reasons, but it’s mainly to bypass blocks and ensure security, any well run VPN should be able to supply both of these.  If you’re interested in a accessing a particular service like British TV online then a fast UK connection is the priority.  This is an important point, the best VPN or Smart DNS service will actually allow you access to a network of VPN servers in different countries. However it is the speed of the specific servers that you connect to which will ultimately determine how it performs.

For example, many services offer a server in a few different countries, which is great if you are not concerned about which country you connect to.  However if you want to watch and access the BBC online then you will have to select a UK one to change your IP address, unfortunately so will many others.   Which is why for so many companies popular servers will be completely overloaded.

Identity Cloaker monitor their servers 24/7 and because they are one of the oldest and safest UK VPN Access providers on the internet they have a wealth of expertise in maintaining fast, accessible servers.  They also have deployed servers based on demand – their network has dozens of UK and US servers with huge, available bandwidth to be used for the popular media sites like the BBC and Hulu, but less servers based in other countries.

Which means their UK VPN servers are fast, very fast especially when used with the compression algorithm in the client software.

The reality is that the service is one of the best because it has been around for so long and been actively developed.  The software is sophisticated and robust, the servers have been optimized over the years to provide the fastest and most effective service.

Here’s a great example, although Identity Cloaker was originally available using the client software which redirected through a UK BBC proxy for British addresses but it was becoming apparent that demand was moving towards different devices.  For example many people were starting to stream video directly onto Smart TVs, tablets or media devices.  Making different versions of the VPN client software was almost impossible for many of these devices, how do you install software onto your Smart TV for example?

Which is why all the Identity Cloaker servers were modified to allow direct VPN connections from other devices.  Basically it was possible now to set up your VPN connection manually on tablets, ipads and phones.  You can even connect directly from your router to effectively switch every device to use the VPN even things like Smart TVs – watch this video.

This won’t be suitable for everyone of course, because by default it does effect every device connected to that router.  However it’s a marvelous fix for situations where you can’t get access to the network configuration settings and still need the a good VPN you can get access to.   Most modern routers will have this facility, although unfortunately in the UK there is a tendency for ISPs to supply heavily restricted devices.  BT have removed the majority of the connection settings in it’s Home Hub device including much of the VPN functionality.  The overriding advantage of this message though is that the IP address is classed as a residential one, a valuable asset that you’d normally pay for from a residential IP provider !

However for speed, security and reliability then I can thoroughly recommend Identity Cloaker which you can try out for 10 days using their . .

Lessons from the Internet of Things – Do you Trust Your Fridge?

The ‘Internet of Things‘ is one of the most discussed topics on technical forums at the moment. The idea that you can enable all sorts of devices with a network card and a bit of memory to attach it online obviously has many benefits. It reminds me of the excitement of the ‘Trojan Room Coffee Machine which was a live video stream of a coffee machine hooked up in Cambridge University, via MPLS and an Acorn Archimedes (remember them!) in 1993. Sure it was just a coffee machine, certainly the picture rarely changed – it was either full, empty or half empty – but the realisation that you could check on it in real time without leaving your chair was kind of exciting at the time. The web cam was switched off in 2001, but many of us can still recall checking that the geeks in Cambridge had enough coffee.

isyourfridge-spamming

Nowadays of course, our devices are increasingly network aware, printers were of course, the logical first piece of equipment to stick online, it saved having them hooked up to computers and people could use them remotely. However it didn’t take long for hackers to target the first network enabled printers to infiltrate networks, distribute malware or just muck about by sending huge print jobs to them.

A story has broken this week in the security press which adds a strange twist with the first reported Spam attack by a fridge. The report released by the security firm, Proofpoint claims that a fridge took part in sending 750,000 email messages in a wide bot enabled Spam attack. It’s actually a little late as there have been similar reports as early as 2013 of this new vocation of our kitchen appliances, however it’s still rather disturbing.

Many of us, will perhaps question the need for kitchen appliances to have access to the internet. I for one can happily live without my fridge tweeting me that I’m out of milk, in fact being nagged by my fridge doesn’t appeal at all!! Manufacturers will point to the fact that internet access will provide a host of other benefits like fault finding and notifying manufacturer of potential problems. Again, the old school method of the fridge simply stopping working seems more than adequate. Imagine getting a call from a Samsung customer representative who has just been notified that your fridge light is not working by your erm fridge. It’s an internet horror story and the benefits negligible at best and in reality pretty much pointless.

Enabling these devices means there’s another headache you are responsible for, you’ll need to configure your fridge to connect, ensure it’s got a strong password and it’s behaving itself online.  How do you connect to your fridge, could you compromise other logins, should you use a VPN to connect?  Coming down in the morning and finding your fridge cornered by the FBI might seem far fetched but it’s not as ridiculous as it might seem.   Using these devices in botnets to attack other machines, send out spam or as proxies to attack other machines is perfectly feasible and it’s actually happening now.

Network security on these enabled devices is normally an after thought, it’s often much easier to hack into a network enabled device than a laptop or computer.   For example how many people would log onto their fridge after purchase to change the default password – but if you’ve bought  a fancy internet enabled smart fridge it’s something you really should do.   Already hackers have demonstrated how to to steal your google login from a Samsung fridge, at this years DefCon conference.  The fridge ran a flawed implementation of  SSL which failed to check false certificates making it vulnerable to MiTM attacks.

This ‘internet of things’ basically sounds like a huge pain, introducing fairly pointless benefits at the cost of loads of hassle and vulnerabilities.  Of course for things like printers and using my Smart TV to access online entertainment then it makes sense.  However I for one will not be upgrading my fridge anytime soon.

Surprising New Palestine Charity Donors

If you follow the security and hacker world, you’ll know that there is a constant tit-for-tat battle going on across countries, religions and ideologies.  One group will deface a certain web site usually with badly spelt propaganda and  ‘1337 speak’, then a few days later another group will retaliate with an attack on a different web site.  There’s lots of threats and tough talk, and it sometimes seems like there are literally thousands of these groups all over the world fighting their own cyber way.
computercrime

The reality is that it’s been happening for so long it doesn’t really make much impact any more, unless it’s a really big commercial name.  There’s another problem with this attack method, especially due to the minimal impact – it usually takes much more effort than it’s worth.  Of course there are literally thousands of ways to hack a web site – vulnerabilities on the code, the host, bruteforce passwords or pinch user credentials – the list is virtually endless.

However it does take time, and can take an awful lot of effort which is why it often looks like a complete waste of time.  You spend days finding out a web sites vulnerabilities and hack into it, replace it with your leet message – then take a couple of screenshots.  What happens then?  The owner changes all the password, closes the vulnerability and restores the original from backup and it’s all back to normal.  Unless you dash out and advertise the hack, then it’s likely not that many have even noticed and those who do have seen it all before anyway.   Of course if it’s a bank or a big commercial site then there is much more of an impact and of course commercial implications – but those sites are likely to take much more effort and resources to hack into anyway.

Which is why I think this was a rather innovative angle by a group of  pro-palestinian (or perhaps just anti-Israeli) hackers called AnonGhost (not impressed with that name!).  They’re involved in an cyber offensive against the Israeli’s, which sounds a bit more impressive than the reality, and have been for several years in line with other Muslim extremist groups like ISIS.  It all get’s very messy here as you have a ‘free speech’ hacker group like Anonymous, working towards the same target alongside ISIS sympathising hacking groups such as AnonGhost.  Obviously supporting any ISIS related group is kind of a backwards step toward promoting free speech and liberty.

Anyway the point is that instead of just stealing a few user details and posting up a bit of tedious cyber graffiti which is overwritten half an hour later, they did something different.   They stole lots of credit card details from an Israeli based site and posted some of them online, the rest they used to make donations to a Palestinian children’s charity.

anonghostdonate

Well that’s the story at least, there is a little bit of evidence to support it but not enough to be completely sure. The irony of course relies on these being stolen Israeli credit cards. Though whether the payments were completed by the charity site – fundrazr, is also perhaps difficult to believe -especially after the facts were posted all over the web.

As usual, the attackers probably didn’t hide their tracks very well and unless they used some very secure VPNs, like these, have probably now got loads of their details listed on databases compiled by various security agencies like GCHQ and the NSA.  However as a stunt,  it was at least a little bit innovative.

Hacking Your Exam Grades

There’s a scene in the iconic 80’s film Ferris Bueller’s Day Off where the hero logs into his school’s computer system and starts modifying his records.   It’s a dream that’s probably passed through the thoughts of millions of young people over the years.  If only I could just go and change a couple of those grades discretely, no-one would ever know.

ferris-hacker

Unfortunately as with nearly all ‘computer crimes’, committing is much, much easier than getting away with it. The problem is that it’s very difficult to hide your tracks online, one tiny mistake and there’ll be lots of markers pointing your way.

This is exactly what has happened to student Imran Uddin early this year. A bio-science student at the University of Birmingham, Imran decided that his projected 2:2 degree wasn’t quite good enough and decided to try and gain access to the Universities Exam system to modify his grades slightly – changing the scores on five exams in order to boost his grades.

His attack involved installing keyloggers into a selection of the Universities computers in order to steal staff passwords who had access to the exam recording system.
keylogger
These are little hardware devices which you can pick up for a few dollars on the internet, that plug into the back of a computer and record every keystroke made on that keyboard. It’s the easiest way to steal usernames and passwords as it operates at the hardware level and you don’t need to worry about encryption and security. Imran managed to grab a handful of staff accounts including ones that were able to change the exam grades, where he duly modified his own.

Of course, the problem is that these devices have to be installed and can be identified if someone looks carefully enough. Which is what happened in this case, a technician performing an upgrade on some computers in the Bio-Science lab noticed the device. Of course then all the University computers were checked and staff found several more including one on the back of a computer in a staff only area.

After that all roads led back to Mr Uddin and when police checked his own computers they found a huge amount of incriminating evidence. There were ebay searches and purchases of the keylogging devices, evidence of a failed attempt to login to the University marking system plus loads of other forensic evidence incriminating him.

Which is mainly the problem with these computer crimes, although they’re pretty easy to commit, it’s very difficult to hide all this incriminating evidence when people start looking for it. There will be CCTV records of the keyloggers being installed, records of IP addresses and logins and of course simply looking at backups of the exam system will reveal logs of grades being modified. You can route your connection through Russian or Australian proxies but if you leave obvious clues elsewhere it won’t help you.

I once investigated a system where criminal records where accessed by someone who shouldn’t have had access. Looking at the logs of this system it took about ten minutes to find them – although there were hundreds of thousands of records the culprit stood out like a sore thumb. While every legitimate user of the system logged in and performed searches using an account in this format – USR1077672356, one account was logged in as Jamie333 (details slightly modified!). It was the first account checked and despite the individual being cunning (his name was not Jamie) it didn’t take long to find lots more evidence.

Mr Uddin was sentenced to six months and presumably lost his degree completely, he also faces the possibility of legal action from the University too. It’s impossible to know how many people actually get away with crimes like this, but one small mistake or piece of bad luck and it’s very simple to track the culprits down. Still kind of feel sorry for the guy though, but there’s definitely a lesson to be learnt here!

How Can I Find Free Ninja Proxy Lists

Like everything online that is free,  proxy lists do come with some risks and problems – and you should know that you aren’t going to get a secure ninja proxy that should go without saying.   However for anyone who’s a bit pushed for cash  or just enjoys the adrenaline rush of routing all their web traffic through some unknown server – here’s a quick guide of finding free proxies.

Creating Free Proxy Lists

First of all you must remember that these proxies change almost hourly, so there’s no point finding a list that two years old – nothing will work.  There are also numerous web sites which compile this information from a variety of sources, but I’ve no idea which if any of these are trustworthy.   So we’ll leave ourselves in the laps of the search gods by using a simple search, the following will search for some proxy lists to check out.

+”:8080? +”:3128? +”:80? filetype:txt

Just put the search string into Google and it should produce a list of proxies where you can select a server to use.  Here’s a decent looking one I found using the above search expression.

free proxy list

 This particular list splits the proxies into IP address, port number, level of anonymity (pah) and the country of origin.  The country is particularly relevant if you’re trying to access some sort of resource.  However it should be noted that simple proxies are no longer able to bypass most geo-location checks at least for the  big media sites.

For example Hulu will not be accessible via a US proxy any more, the site will detect the proxy and block you.  They still work for a couple of sites (including the BBC last time I checked though), but for bypassing blocks for these sites you’re going to need encryption and a VPN, or use Smart DNS.

Anyway, so you’ve got your proxy ip address and it’s ready to go – what’s next?  Well you could run a quick check to see where and what this server belongs too, it might give you an idea of who’s running it and how it found itself on a proxy list.  Go to somewhere like https://who.is/ and type in the IP address, you’ll then see who owns it.

From the list I just produced I found a variety of services, dedicated servers from an ISP, an Arts company based in London and a few private addresses probably assigned to residential addresses from an ISP.

Which ones are safest ? Well it’s difficult to say, company infrastructure like the arts company are generally misconfigured and accidentally left open.  They might be quite quick initially, and perhaps safer to use but of course there is the issue of using someones servers without permission in this instance.    I’d personally stay clear of any addresses that look as though they are assigned to domestic customers mainly because they’ll probably be very slow and may be being used to try and harvest personal credentials (although any of the servers could be doing this.)

So after a quick check (or not) then you’re ready to use the server, what exactly do you do with it?

Well the simplest way is to just tell your browser to use the proxy while you’re surfing which is quite simple to do.    You need to find your browsers connection settings, here’s mine for Google Chrome – and simply add the proxy server address and the port number to use in the box next to it.  It will be in different places depending on browser but it shouldn’t be too hard to find, if it is you’re definitely out of your depth here!

proxysettings

 

At this point you just need to press OK and restart your browser and that’s it.  Next is a quick check, just go to Google and type ‘my ip address‘ and it should return your public internet facing address, which if the proxy is working properly should match that of the proxy server you inputted. You should also be able to navigate to a web site as normal, there may be a small delay depending on the speed of the proxy you are using.

Now be very careful, from this point on everything you do on that browser is routed through that proxy server, don’t visit any site that requires any credentials – certainly nothing like Paypal, webmail or any account of importance.  If you go and do your home banking via an random proxy server fished out from one of these proxy lists, then I’m afraid bad things are likely to happen.   Just use simple web sites or perhaps to stream from the BBC (UK proxy needed) to watch video.

If you’re using the proxy for security and to hide your location, remember that although the proxy may hide your location from websites you visit you have  no control about what information is logged on the proxy.  It’s worth bearing this in mind as commercial ninja proxies will delete or remove logs but you simply don’t know what happens on these servers.   After you’ve finished then remove the settings and restart your browser to stop using the proxy.