Wednesday 31 October 2012

Istanbul node launching this Friday!

Hey everybody,

Exciting news!

If you haven’t been watching our Facebook or Google+ pages, you’ll be excited to hear we will officially be launching our newest server this Friday in Istanbul!

The new node will provide epically high-speed connections to all our friends in the Mediterranean and Middle East and give randos everywhere a new connection option.

Look, we know picking the right VPN can be difficult — we’ve been there too. There are all kinds of things to consider.  At SumRando, we think of our users as an anonymous community. Some of you are techies, others are doing important work tasks, and still others are casual coffee shop surfers who simply want to keep their data safe and anonymous.

Whichever category you fall into, we are there for you.

Some of our competitors like to brag about huge numbers of servers and thousands of IP addresses. That’s fine if you’re ok with connection speeds on par with dial-up. But at SumRando, we think a VPN should enhance your web experience, not hold it back. That’s why, unlike other VPNs, we own all of our servers (that’s right, hardware and all) and can promise blindingly quick connections around the world.

Our new Istanbul node will increase the scope, speed, and accessibility of our VPN; all while continuing to provide you with the same friendly customer service and support you’re used to.

So get exited for the launch of our new node in Istanbul and feel free to drop us a line or send us some feed back to tell us what you think!

Friday 26 October 2012

Google, Yahoo, and Microsoft busted using weak cryptographic keys.

Trust nobody.

Ok, you can trust us. But really, sometimes it feels like even the best security just isn't enough. And sometimes, even the most trusted companies cut corners.

On Wednesday, a mathematician named Zachary Harris found that Google, Yahoo and Microsoft were using shoddy security measures in their email clients. As it turns out, all three companies were using keys less than 1,024 bits in length in their DomainKeys Identified Mail (DKIM) mechanism (Google was using a 512 bit key).

DKIM keys are used by domains as certificates to verify to mail recipients that the mail is indeed from who it claims to be. Think of it as a really complicated digital signature. Were someone to crack the key, they could easily impersonate anyone from the domain. In this case, the hacker could impersonate anyone at Google.

Harris discovered the security flaw last December when he received an email from a Google headhunter. 
Harris was intrigued, but skeptical. The e-mail had come to him last December completely out of the blue, and as a mathematician, he didn’t seem the likeliest candidate for the job Google was pitching. 
So he wondered if the e-mail might have been spoofed – something sent from a scammer to appear to come from the search giant. But when Harris examined the e-mail’s header information, it all seemed legitimate. [Wired] 
But then Harris saw Google was using week cryptographic key to sign their emails -- only 512 bit.
Harris thought there was no way Google would be so careless, so he concluded it must be a sly recruiting test to see if job applicants would spot the vulnerability. Perhaps the recruiter was in on the game; or perhaps it was set up by Google’s tech team behind the scenes, with recruiters as unwitting accomplices.
Google never got back to Harris, but two days after he contacted them, the cryptographic keys were switched to 2,048 bit. Yahoo and Microsoft have followed suit.

Harris also reported that other companies including Ebay, Twitter, Paypal and HSBC are using weak keys.

Wednesday 24 October 2012

8% of Android apps are vulnerable to attack

How often do you use apps on your mobile device? If you’re like us, you probably connect to the web via mobile apps dozens of times per day. And, hopefully, like us, you realize that mobile devices are no safer than personal computers when it comes to sending sensitive material over the web. Unfortunately, most people don’t share this sense of caution and operate under the false confidence that mobile devices are hack-proof or somehow more secure than a PC.

But in efforts to test this sense of security, security researchers at the Leibniz University of Hanover in Germany conducted a study looking at ways popular Android apps in the Google Play marketplace handle attacks on security protocols called Secure Sockets Layer (SSL) and Transport Layer Security (TLS).

Most browsers will show a lock image when connecting
via SSL or TLS indicating the connection is secure.
Horrifyingly, the study found that about 8% of the apps examined misused these two security protocols, leaving users’ sensitive information vulnerable to exposure. And we’re talking really sensitive data – think credit card numbers and passwords.

Fortunately, the researchers said they have no evidence these attack strategies are currently being used.

SSL and TLS work by encrypting data over network connections to, theoretically, keep user information safe from extraction. The protocols are used extensively all over the web and especially by Android applications to transmit things like credit card credentials and other sensitive data.

Researchers used a tool called MalloDroid to execute “Man in the Middle” (MITM) attacks on the selected apps. In a MITM attack, the hacker places himself in the middle of a SSL or TLS connection and monitors activity as the app communicates with its target.

We introduce MalloDroid, a tool to detect potential vulnerability against MITM attacks. Our analysis revealed that 1,074 (8.0%) of the apps examined contain SSL/TLS code that is potentially vulnerable to MITM attacks. Various forms of SSL/TLS misuse were discovered during a further manual audit of 100 selected apps that allowed us to successfully launch MITM attacks against 41 apps and gather a large variety of sensitive data. Furthermore, an online survey was conducted to evaluate users' perceptions of certificate warnings and HTTPS visual security indicators in Android's browser, showing that half of the 754 participating users were not able to correctly judge whether their browser session was protected by SSL/TLS or not. [LUH]

More than any time before, we, as consumers, rely on tech providers to protect our sensitive data. But the fact is, no company provides flawless security. At SumRando, we encourage all of our users to not only educate themselves on security issues, but to take responsibility for their online safety with a solid VPN.

Friday 19 October 2012

India leads the world in spam distribution, everyone else is to blame

Tired of getting spam in your mailbox? Don’t blame India.

According to SophosLab’s most recent “dirty dozen” report, Indians lead the world for the third quarter in a row in spam distribution. It’s like the worst hat trick ever.

So why shouldn’t we blame them?

India doesn’t lead the world in spam production — only distribution. And in the case of spam, these are very different. As it turns out, most spam is distributed unknowingly through malware-infected computers. The users don’t even know they’re spamming. So all this study really shows is that Indians are not using proper security measures on their machines and, because of this vulnerability, are used extensively for botnet spam distribution.

According to Spamhaus, an international non-profit that tracks spam production and distribution, the United States, China, and Russia are responsible for the top spots in world spam production. In fact, India doesn’t even make the top 10 on their list.

Sophos senior technology consultant Graham Culey made this very point when speaking on the newest Dirty Dozen report.
The latest Dirty Dozen report suggests that a not insignificant number of PCs in India are harbouring malware infections that turn PCs into spam-spitting zombie slaves, controlled by the cybercriminals who make money by punting junk emails to promote questionable goods, or simply use malicious spam to infect more computers.  The authorities in India need to make IT security education a priority.  One would be safe to assume that, if computer users in the country are being targeted in order to relay spam, they are likely victims of other online threats such as fraud. [Sophos]
 What researchers ought to be looking at are the dynamics of internet access in a fast developing country like India. Indians make up 5.3% of the world’s internet users, but only 10.2% of Indians use computers. So the fact that this small piece of the global internet pie is dishing out 16% of its spam is concerning and should certainly be something we watch as internet access expands in other developing countries.

Monday 15 October 2012

Proxy service infects users

Here’s a fun fact: Not all cybersecurity services are equal.  Some might offer great monthly rates, but terrible bandwidth. Others might seem fast, but cost an arm and a leg. Still others might infect you with malware and turn your computer into a digital zombie.

That’s exactly what happened to hundreds of thousands of users subscribed to the Russian proxy service ProxyBox.

For the uninitiated, proxy services, like VPNs, allow users to connect to the internet through servers that assign a new IP address and location to the user. Unlike VPNs, proxy servers hardly encrypt anything and operate on speeds comparable to the United States Postal Service.

Anyhow, this particular site charged users $40/month for access to an extensive list of proxy servers all over the world. Not a bad deal for access to thousands of servers. The catch, though, is your computer is immediately enlisted in a botnet army using a Trojan called Backdoor.Proxybox.

As security company Symantec investigated the malware, researchers discovered it was also tied to three other websites, but all linked to one user.

The advertisements by this user provide a link between four dubious websites, all authored by the same individual: an entrepreneurial Russian hacker. These websites all revolve around proxies and malware distribution. One website provides proxy access (, another provides VPN services (, one provides private antivirus scanning (, and one provides proxy testing services ( These four sites are also connected by static cross-linking advertisements. The author of these websites provides the same ICQ support number to the users of the Web services. Several of these websites offer services for money and the payment gateways used are always the same: WebMoney, Liberty Reserve, and RoboKassa. 
We started to look into the payment accounts associated with these websites, and found out that they were tied to an individual with a Ukrainian name living in Russia. The additional details associated with this WebMoney account are undisclosed as we work with law enforcement in countries associated with the command-and-control servers.

Thursday 11 October 2012

Kaspersky says 42% of laptop owners use their computers for both work and personal tasks

Sometimes it feels like we just don't really need that much security. After all, what do I care if Joe Hacker gets ahold of my photo albums or iTunes collection? Unfortunately, most of us also use our computers for things like online banking and other tasks involving sensitive data.

But a new survey conducted by the security gurus at Kaspersky says that 42% of users use their laptops for both work and play.
This is you giving away all your sensitive work info.
The survey shows that 27% of Apple owners and 25% of other laptop owners use their mobile devices for work. A personal laptop which is not reliably protected from cyber-threats as well as a corporate laptop used for personal purposes could cause a leak of confidential company data. If compromised, a personal device used for work can cause problems across the entire corporate network. [ITNewsAfrica]
And sadly, too many people apply their concepts of personal security to work.

But there is good news. First, most companies have some level of required security. Although we've seen about a bajillion instances of this being compromised or insufficient, it's something. Second, there are excellent options available to secure your personal devices to make them safe for work-related material.

Clearly, the best option here, is a good VPN. As I've said, probably a thousand times now, a solid VPN is the best line of security available to prevent cybercrime. Feel the urge to upload sensitive work documents to a company server via an unsecured WiFi connection? While surrounded by a platoon of hackers? Go for it.

A VPN like SumRando will encrypt absolutely everything coming out of your computer. So next time you want to email your medical records, or chat with your boss, think about doing it safely and securely with SumRando.

Wednesday 3 October 2012

Google says state-sponsored attacks are on the rise

Back in June, Google's Gmail service began warning users it suspected were being targeted in state-sponsored cyber attacks.

Now, Google's information security team is telling us the threat is bigger than they thought. The team has apparently done some research and has, based on new evidence, found thousands of new cases of cyber attacks that are likely to originate from Middle Eastern states.
By Tuesday afternoon, several people--many of them American journalists and foreign policy experts--had already taken to Twitter to say they had seen the warning. Noah Schactman, the editor of Wired's national security blog "Danger Room," tweeted: "Aaaaand I just got Google's 'you may be a victim of a state-sponsored attack' notice. #WhatTookYouSoLong?" Daveed Gartenstein-Ross, a senior fellow at the Foundation for Defense of Democracies, also reported getting the message. As did Joshua Foust, a fellow at the American Security Project, a nonprofit research organization, who has written extensively about Afghanistan. [NYTimes]

Google’s team has declined to pinpoint any particular countries in the Middle East, but says there is a “slew” of them.

All we know is there is no time like the present to secure all of your digital data with a strong VPN like SumRando.