back to article Slack slings crypto-keys at big biz, union gets worked over, VPN owners probed, trolls trouble vets, and more

This week we got freaked out about heart implant hacks, welcomed a new Microsoft security tool, and endured yet another Facebook fsck up. Here's what else happened along the way: Slack pack give keys a whack Large enterprise customers will now have more control over the security of their Slack channels. This after the …

  1. Ben Tasker Silver badge

    Why is this a big deal? VPNPro researchers note that with so much consolidation, users have far less choice than they think, and by hiding the owners of an app the chances of being exposed to surveillance increase dramatically.

    This is a big part of why I run my own. It does mean, I don't get the benefit of having my traffic mixed in with that of other users, so it's "just" another endpoint for my traffic (meaning if I were individually targeted, they've still only got to look in one place).

    But, it does mean I get my traffic out and past the logs the ISP's have to keep under the ISPA, as well as avoiding any name based filtering or throttling they might also be doing.

    I can change the endpoint's IP at the click of a button, move to a new provider in minutes (thanks to ansible playbooks). Not quite as simple and transparent as clicking a button in a provider's app, but not a major headache all the same.

    The problem with the VPN services really is transparency. There's so many options, run by a far fewer number of providers, some of whom may or may not be compromised. Ultimately, I'm just trying to avoid the trawling nets that our government is dragging through ISPs - whilst the VPN providers would allow me to do that, it means hopping to an endpoint which is almost certainly attracting a similar type of attention (and may also be keeping logs anyway). Out of the frying pan and into the fire and all that.

    1. Rainer

      Ideally, you'd pay those ISPs with Bitcoin.

      Else, the money-trail just leads back to you.

      Unless you've also setup a network of shell-companies that rent the VPSs you use (mixing companies and countries...)

      1. Ben Tasker Silver badge

        No, as all I'm aiming to do is skip past the UK ISPs logging.

        If they're going to the VM's ISP to check billing details then I'm being targetted and all bets are off. If they've the means to do that, then they can also get that ISP to monitor what IPs connect in.

        I use a VPN for privacy, and not for anonymity. The two overlap a little on a venn diagram but are not the same aim and require very different efforts. If you want anonymity then you need to be using a mixer network, along with other measures

      2. steviebuk Silver badge

        But paying with Bitcoin is also traceable so you'd want to "clean" your bitcoin first with like minded individuals. Then pay with said bitcoin making said bitcoin untraceable. But when "cleaning" you do run the risk of the other individual just stealing the coins.

        I currently use AirVPN. Seem OK for me so far. Just want to avoid Virgin's shitty filtering so the VPN purchase is traceable on my card.

        1. This post has been deleted by its author

        2. Paul Crawford Silver badge

          Same here - to avoid VM shitty filtering and ISP logging. Also when I go abroad I get the same (few) IP addresses so I don't get the crap from the likes of Gmail (work-related email) telling me to log in via web browser, etc, instead of usual email client. More seriously when travelling to make sure that I bypass any dodgy wifi's DNS offering once the VPN connects so less chance of phising via that means.

          The traceable use of the VPN is not an issue to me as if I know that if were up to something serious it takes a damn sight more than VPN use to avoid being discovered anyway!

    2. Bogle

      Fairly sure the IPSA loggin is still optional. I'm with Andrews & Arnold (aa.net.uk) who state "We don't monitor or intercept or block Internet traffic". They've resisted all of the excessive logging that the government has tried to foist on them.

      Which country do you host your VPN in? I personally like Germany but Switzerland seems very popular.

      1. Paul Crawford Silver badge

        @Bogle

        A&A are a small ISP so they might not have the same requirements for retention as the big ones (BT, VM, TalkTalk, etc). As far as VPN choice is concerned it comes down to the following in my book:

        1) Rule #1 is always another country for the VPN company. That way your own government has to follow some sort of external legal process to request data and can't simply apply back-door pressure on the provider as the hosting nation.

        2) Depending on how paranoid you are you need to look at no-logging VPN suppliers and so countries that don't impose such a requirement on all Internet services. Check out reviews/guides on sites like TorrentFreak and the slightly-advertorial sites such as bestvpn.com to get an idea of your choices.

        3) Check the T&Cs of potential VPN providers for things like using BitTorrent, etc, if you plan on that as some strictly forbid it, or do so in certain end-point regions, due to the potential abuse for copyright reasons. Also remember that "best" depends to a large extent on your own use-case, choice of platform OS, and technical expertise of the end user(s).

      2. Anonymous Coward
        Anonymous Coward

        " I'm with Andrews & Arnold (aa.net.uk) who state "We don't monitor or intercept or block Internet traffic"."

        They do have a disclaimer now. Their legal advice has said they shouldn't try to do a canary for non-publicised monitoring by HMG. They say they can't guarantee no surveillance etc on their outsourced backhaul.

        They advise you take your own end to end precautions.

    3. VPNpro

      Get the original research here

      Hey guys - great discussion. If you want to see the full research mentioned in this article, you can find it here: https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/

  2. Anonymous Coward
    Anonymous Coward

    I don't understand

    I have read several articles about people being prosecuted just for having produced stealthy remote access programs or hosting frameworks that obfuscate code to help evade antivirus detection because these tools and services are used by miscreants to commit crime and yet for some reason NSO group and others get a pass.

    (Excellent reporting as always by Citizen Lab by the way.)

    1. macjules Silver badge

      Re: I don't understand

      I do not get the bit about,

      It is recommended that anyone who gets a notification letter from the union should keep a close eye on their bank statements and seriously consider enrolling in the monitoring service.

      But surely anyone who now gets a letter from the union has been told to ignore it? Aim gun .. shoot foot ..

  3. Anonymous Coward
    Anonymous Coward

    Time served/cruel and unusual punishment

    "Abegunde was also said to have helped launder the stolen cash through black market currency trades and helped support the whole thing by keeping two separate marriages."

    Two seperate marriages?

    Abegunde is probably looking forward to going to jail to escape the prison he was already in.

    /s

    1. Fatman Silver badge

      Re: Time served/cruel and unusual punishment

      <quote>Abegunde is probably looking forward to going to jail to escape the prison he was already in.</quote>

      His ass is in trouble if the two ever get together to plot revenge!

  4. K Silver badge
    Pint

    "Below are some of this year's big winners, "

    Amat Cama is one hell of hack-a-holic, By my calculations he walked away with $200,000 (assuming his split was 50/50)

    Beers on him --->

    1. Rustbucket

      Re: "Below are some of this year's big winners, "

      The pair also won the Tesla car. If they don't want to sell it or take turns driving it on alternate weeks, they can also use it to practice on for next year's competition.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019