Tag Archives: VPN

Avira

LogJam Vulnerability Threatens Thousands of HTTPS Websites & Mail Servers

Leave a comment

What it’s all about

The weaknesses that allow the so called LogJam Attack apparently have to do with how Diffie-Hellman key exchange has been deployed. Said key is a popular cryptographic algorithm that allows internet protocols to agree on a shared key and negotiate a secure connection. Since it is fundamental to many protocols like HTTPS, SSH, IPsec and SMTPS it is relatively wide spread: about 8.4% of the top one million websites and an even bigger part of servers using IPv4 are affected by LogJam.

“Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections”, the team state.

According to the researchers LogJam can be used to downgrade connections to 80% of TLS DHE EXPORT servers. They also estimates that a skilled team can break a 768-bit prime and that  – due to the available resources – a state-sponsored campaign could break the common 1024-bit prime.

This is especially scary since they estimate that a successful 1024-bit prime attack would allow for eavesdropping on up to 18% of the top one million HTTPS domains.

Their research paper goes even further: “Our calculations suggest that it is plausibly within NSA’s resources to have performed number field sieve precomputations for at least a small number of 1024-bit Diffie-Hellman groups. This would allow them to break any key exchanges made with those groups in close to real time. If true, this would answer one of the major cryptographic questions raised by the Edward Snowden leaks: How is NSA defeating the encryption for widely used VPN protocols?” How about that! It definitely opens up room for a lot of discussions.

As with FREAK, the vulnerability is actually quite old already. “To comply with 1990s-era U.S. export restrictions on cryptography, SSL 3.0 and TLS 1.0 supported reduced-strength DHE_EXPORT ciphersuites that were restricted to primes no longer than 512 bits”, the released paper reads.

What you can do

Luckily the team has already been in touch with most of the browser developers which means that there are either already fixes available (namely for the Internet Explorer) or will be very very soon.

Make sure you have the most recent version of your web browser installed: Google Chrome (including Android Browser), Mozilla Firefox, Microsoft Internet Explorer, and Apple Safari are all deploying fixes for the Logjam attack. If you run a web or mail server you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group.

More information on LogJam can be found on the dedicated page.

The post LogJam Vulnerability Threatens Thousands of HTTPS Websites & Mail Servers appeared first on Avira Blog.

Avira

LogJam Vulnerability Threatens Thousands of HTTPS Websites & Mail Servers

Leave a comment

What it’s all about

The weaknesses that allow the so called LogJam Attack apparently have to do with how Diffie-Hellman key exchange has been deployed. Said key is a popular cryptographic algorithm that allows internet protocols to agree on a shared key and negotiate a secure connection. Since it is fundamental to many protocols like HTTPS, SSH, IPsec and SMTPS it is relatively wide spread: about 8.4% of the top one million websites and an even bigger part of servers using IPv4 are affected by LogJam.

“Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections”, the team state.

According to the researchers LogJam can be used to downgrade connections to 80% of TLS DHE EXPORT servers. They also estimates that a skilled team can break a 768-bit prime and that  – due to the available resources – a state-sponsored campaign could break the common 1024-bit prime.

This is especially scary since they estimate that a successful 1024-bit prime attack would allow for eavesdropping on up to 18% of the top one million HTTPS domains.

Their research paper goes even further: “Our calculations suggest that it is plausibly within NSA’s resources to have performed number field sieve precomputations for at least a small number of 1024-bit Diffie-Hellman groups. This would allow them to break any key exchanges made with those groups in close to real time. If true, this would answer one of the major cryptographic questions raised by the Edward Snowden leaks: How is NSA defeating the encryption for widely used VPN protocols?” How about that! It definitely opens up room for a lot of discussions.

As with FREAK, the vulnerability is actually quite old already. “To comply with 1990s-era U.S. export restrictions on cryptography, SSL 3.0 and TLS 1.0 supported reduced-strength DHE_EXPORT ciphersuites that were restricted to primes no longer than 512 bits”, the released paper reads.

What you can do

Luckily the team has already been in touch with most of the browser developers which means that there are either already fixes available (namely for the Internet Explorer) or will be very very soon.

Make sure you have the most recent version of your web browser installed: Google Chrome (including Android Browser), Mozilla Firefox, Microsoft Internet Explorer, and Apple Safari are all deploying fixes for the Logjam attack. If you run a web or mail server you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group.

More information on LogJam can be found on the dedicated page.

The post LogJam Vulnerability Threatens Thousands of HTTPS Websites & Mail Servers appeared first on Avira Blog.

Avira

Avira Offers PRIVATE WiFi Encrypted VPN in new bundle

Leave a comment

Users who purchase the new bundle will be fully protected against malware and data theft. Our Antivirus Pro is built upon some of the most cutting-edge antivirus technologies available, allowing millions of users around the world to no longer worry about malware.

PRIVATE WiFi Encrypted VPN completes the package perfectly, as it provides users with a personal VPN (Virtual Private Network) to automatically encrypt data transferred over any WiFi network.

Protection on the move with your personal VPN

“Avira and PRIVATE WiFi Encrypted VPN have a common mission: to offer people best-in-class digital protection, wherever they are. In a world with increasing mobility, we decided to provide our customers with protection on the move: our German engineered antivirus that fights against all types of viruses, combined with a professional encryption service that prevents any phishing attacks from happening” said Thorsten Bruchhaeuser, EVP Sales and Business Development at Avira.

With all the hidden dangers encountered by users accessing public WiFi hotspots, it has become essential for users to add an extra layer of protection for their sensitive data. An encrypted VPN will stop hackers from intercepting private data from their devices, regardless of the method chosen by the attackers: rogue WiFi access points, man-in-the-middle attacks or software sniffers.

Alok Kapur, President and Chief Operating Officer of PRIVATE WiFi said “We are excited to join forces with Avira in creating a complete protection bundle. Users who purchase the package will be in possession of the best weapons to fight against all types of digital attacks and they will no longer have to worry about their private data ending up in the hands of others without their consent”.

Our new product bundle from Avira will be distributed via its partner network globally and will be available both in German and in English.

The post Avira Offers PRIVATE WiFi Encrypted VPN in new bundle appeared first on Avira Blog.

Avira

Avira Offers PRIVATE WiFi Encrypted VPN in new bundle

Leave a comment

Users who purchase the new bundle will be fully protected against malware and data theft. Our Antivirus Pro is built upon some of the most cutting-edge antivirus technologies available, allowing millions of users around the world to no longer worry about malware.

PRIVATE WiFi Encrypted VPN completes the package perfectly, as it provides users with a personal VPN (Virtual Private Network) to automatically encrypt data transferred over any WiFi network.

Protection on the move with your personal VPN

“Avira and PRIVATE WiFi Encrypted VPN have a common mission: to offer people best-in-class digital protection, wherever they are. In a world with increasing mobility, we decided to provide our customers with protection on the move: our German engineered antivirus that fights against all types of viruses, combined with a professional encryption service that prevents any phishing attacks from happening” said Thorsten Bruchhaeuser, EVP Sales and Business Development at Avira.

With all the hidden dangers encountered by users accessing public WiFi hotspots, it has become essential for users to add an extra layer of protection for their sensitive data. An encrypted VPN will stop hackers from intercepting private data from their devices, regardless of the method chosen by the attackers: rogue WiFi access points, man-in-the-middle attacks or software sniffers.

Alok Kapur, President and Chief Operating Officer of PRIVATE WiFi said “We are excited to join forces with Avira in creating a complete protection bundle. Users who purchase the package will be in possession of the best weapons to fight against all types of digital attacks and they will no longer have to worry about their private data ending up in the hands of others without their consent”.

Our new product bundle from Avira will be distributed via its partner network globally and will be available both in German and in English.

The post Avira Offers PRIVATE WiFi Encrypted VPN in new bundle appeared first on Avira Blog.

AVG

Is Hotel Wi-Fi Safe?

Leave a comment

Recently, a new authentication vulnerability was identified in the firmware of routers that are used in hotels around the world.

This means that new files can be written to the routers and then potentially all connected machines (meaning hotel guests) could become infected.

Public Wi-Fi is not a new risk as these networks are unencrypted and send all your data in clear text, unless of course the web site you are visiting offers encryption.

Why does it matter that your data is unencrypted? Imagine all your regular post arriving at home written on postcards so that anyone in the delivery chain could read them. It would be a huge invasion of your privacy and unacceptable.

The risk of similar but you just can’t see that it was all sent for others to read, should they be so inclined.

Stay safe while using public Wi-Fi

  • When using public Wi-Fi in café’s, airports, hotels or even when visiting a place of work that has guest Wi-Fi you should always be cautious on which services you use while connected.
  • Where possible use a virtual private network (VPN). This will encrypt the data being send over the public Wi-Fi network that you are connected to, or put another way it will put your mail back in envelopes.
  • Many scammers set up fake Wi-Fi networks to conduct what is known as a man in the middle attack. If you are in a hotel or airport, make sure you are using the legitimate free Wi-Fi  service.

For more tips on keeping your data safe while using public Wi-Fi, check out the infographic below.

WiFi

Avast

TGIF: Avast News Wrap-up for March 18 – April 2 2015

Leave a comment

The Avast biweekly wrap-up is a quick summary of what was on the Avast blog for the last 2 weeks .

Watch March Madness with SecureLine VPNMarch Madness wraps up on April 6th. Even if you are traveling abroad, all you basketball fans can watch the game using a VPN service. Stay safe during March Madness using Avast SecureLine explains why you should always use VPN when connecting to a public Wi-Fi hotspot, plus the added benefit of being able to watch geo-restricted content online.

 

 

laptop and routersSpeaking of Wi-Fi – Just like in real estate, one of the most important things for your router is location, location, location. 5 things you can do to boost your Wi-Fi network shares helpful things that you can do yourself to make your Wi-Fi signal stronger within your home or business.

 

 

 

IMG_20150328_115931I run because I really REALLY like Beer!

Team Avast rocked it at the Sportisimo Prague Half Marathon.

 

 

 

 
WBDWorld Backup Day was a good reminder that we need to take time to prevent data loss on our PCs and mobile phones. We discovered that one of the main reasons that people do not back up their data is because they are lazy.

 

 

 

Remote AssistanceThe family IT expert knows how frustrating it can be to help someone solve a computer problem over the phone. Avast makes it easier with our Remote Assistance service. Now you can Help others with their computer issues using Avast Remote Assistance.

For those of you who like to DIY, you can learn How to use the Avast Virus Chest and what actions you can perform on files inside the chest.

 
avtest_certified_homeuser_2015-02With all the security improvements in browsers and operating systems, some people have questioned whether they still need antivirus protection. The business of malware has changed, but it can still be devastating if you are targeted. COO ONdrek Vlcek explains why Avast is not your father’s antivirus protection.

 

 

Avast

Stay safe during March Madness using Avast SecureLine

Leave a comment
Avast SecureLine VPN lets you watch March Madness while traveling.

Avast SecureLine VPN gives you access to geo-restricted programming and protects you from unsecured Wi-Fi.

Stay safe on public Wi-Fi while watching the game from anywhere in the world with Avast SecureLine VPN.

March Madness is in full swing — this year’s NCAA Tournament is now in its second week and we’re already down to the Sweet 16. When you think about March Madness, you probably think about your bracket, your favorite college basketball teams, and the bets you’ll place on those who you think will win the tournament.  Although it’s easy to get caught up in the spirit of March Madness, it’s the betting process that you should really be paying attention to: this popular activity serves as the perfect opportunity for hackers to access your personal information.

Since most people watch the NCAA games in bars or cafes with friends, they make the majority of their bets using their mobile devices while connected to public and often unsecured Wi-Fi networks. Public Wi-Fi networks are convenient, but they‘re not safe. Cybercrooks can easily access and steal personal data when you‘re connected to these unprotected networks. Even if you’re transmitting data from one HTTPS site to another, it’s the connection in-between the two sites that really puts your data at risk. Additionally, developments such as real-time betting make the odds for getting hacked even greater.

During March Madness, a time of year when so many financial transactions are being made, cybercrooks are especially likely to steal your banking info (e.g. your credit card and/or account numbers) and personal info (e.g. your social security number, social media accounts, etc.). Avast SecureLine VPN for Android and updated for iOS devices keeps these cybercrooks at bay and securely allows you to use your PCs, smartphones, and tablets on unsecure Wi-Fi networks while participating in March Madness at your favorite bar or cafe.

“Unfortunately hacking isn’t a complicated process – there are tools available online that anyone can easily use to steal personal data,” says Ondrej Vlček, COO at AVAST. “We created Avast SecureLine VPN to allow users to browse the web anonymously and safely, especially while using open Wi-Fi.”

Watch content from all over the world

You don’t have to miss a single game or your favorite program while you are traveling. SecureLine VPN makes it look like you’re connected from a different location, allowing you to view ‘local’ content anywhere because your shown geo-IP address will be different from your real one.

Play geo-restricted content from all over the world.

Play content from all over the world while connected via SecureLine VPN.

 

Keep your data and identity safe using Avast SecureLine

VPN stands for Virtual Private Network. Avast SecureLine VPN creates a private ‘tunnel’ through the internet for your data to travel through, and everything – your web browsing history, your email, your IMs, your VOIP, everything –  inbound and outbound through the tunnel is encrypted. Even if your data is intercepted, your identity is protected, since Avast SecureLine masks your IP address.

For those of you interested in technical specs, here are the highlights:

  • Avast Secureline VPN uses OpenVPN protocol.
  • The encryption used is 256bit AES.
  • Communication on all ports is encrypted.

How to get Avast SecureLine

Avast SecureLine VPN is available for Android on Google Play and for iOS in the Apple App Store.