BolehVPN offers 4 different VPN packages. The only difference among the packages is the subscription length. Therefore, a 30 days subscriber is using the same VPN and features as an annual subscriber. Other packages include 2 months and 6 months subscriptions. The prices are affordable for most who are interested in VPN. A single year VPN package costs $79.99.
There is also a paid 7 day trial as well as a 1 day free trial. Honestly, we are not very happy with their free trial options because it is very hard to make accurate assumptions about the VPN in 24 hours. Furthermore, in our opinion trial accounts should be free.
The provider’s VPN network consists of servers in Canada, France, Germany, Hong Kong, Italy, Luxembourg, Netherlands, Switzerland, Sweden, United Kingdom and United States. There is a server in Malaysia also, however, just for surfing and streaming. There apparently is going to be a new server in Japan added to the network in the near future as the current one was closed due to abuse. Considering the size of the provider there is a good selection of servers in Europe. However, there are almost no servers in all other regions. Therefore, it may discourage a lot of clients that are looking for a non European IP addresses.
Unlike most other VPN providers, BolehVPN does not support PPTP protocol and supports L2TP and OpenVPN protocols only. Since PPTP is regarded as relatively lackluster protocol security wise, we do not think of it as a drawback.
For the default protocol they use a 128bit AES encryption, though with some OpenVPN servers 256bit encryption is obtainable. It is far from the best encryption possible but it covers needs of a casual VPN user.
BolehVPN accepts payments via PayPal, Credit Card, Liberty Reserve, Malaysian bank-in and Bitcoin. PayPal/CC are very popular options that are widely accessible while Bitcoin provides that extra bit of anonymity. Therefore, every user should have no problems finding and choosing the preferred payment option.
You can ask BolehVPN team questions about the service via live chat that is available during working hours in Malaysia only and by opening a ticket. Considering that the company is relatively small we should not expect them to offer a 24/7 support. However, when we take into account the time they have been providing VPN service it gets a little surprising.
Just like most other VPN clients BolehVPN is very easy to set up and use. It also offers the main features required by any VPN client. What makes the client special is the fact that you can choose from different types that are tailored to offer different features: no encryption, regular VPN, with SOCKS proxies, dedicated for streaming, 256bit AES encryption.
Not only BolehVPN does not keep any connection logs, they are located in outside of the USA and Europe. That makes it even harder for the US or European governments to approach the company.
The speed test we carried out showed no significant download speed losses. However, we lost about a quarter of our upload speed and a slight increase in ping. Overall, we were satisfied with speeds and the stability of the connection since we did not notice any service instability while we were using the VPN for few days.
BolehVPN targets clients who are concerned for their security though offers features for people looking to bypass geo-restrictions as well. However, a protocol used by default is weaker than the most privacy focused VPN providers like NordVPN offer thus you will most likely find a better option if you are looking for a security focused VPN.
Regardless of its isolation and poverty, North Korea has put a lot of resources into Bureau 121, a sophisticated cyber-warfare cell, secretive state’s defectors said as Pyongyang was put under the radar due to recent crippling hack into Sony Pictures Entertainment’s computers.
Pyongyang being responsible for the attack which took its course of action last month has been denied by a North Korean diplomat but national security of the U.S. thinks otherwise.
As said by the North’s defectors Bureau 121, that is hiring some of if not the most talented insular state’s computer experts, is part of the Reconnaissance’s General Bureau, military’s elite spy agency. Defectors also said that it is sponsored by state and definitely is involved in the hacking, used by the government of Pyongyang to either spy on or even sabotage its enemies.
Software security experts and military have said that Pyongyang has all the active cyber-warfare capabilities. A big part of its cyber-warfare is targeted at South Korea which is still technically in a conflict with North Korea. However Pyongyang does not hide its hatred towards U.S., which has backed South Korea during the Korean War in 1950-53.
Hackers belonging to the military are probably most talented and rewarded people in North Korea. Hackers are handpicked at the age of 17 and receives special training from that age, said Jang Se-Yul, who had a chance to study with them at the military college for computer science of North Korea before defecting to South Korea six years ago.
He also said that about 1,800 cyber-warriors are working for the Bureau 121 unit considered as the military’s elite.
Jang mentioned one of his friends which is working in the unit’s overseas team and is one of North Korean trading firm’s employees. Jang also pointed out that his friend was appointed a large apartment allocated by the state in an upscale Pyongyang’s part. North Korea’s cyber experts’ incentives are very strong and they are pretty rich people in Pyongyang, Jang added.
Bureau 121’s hackers were among the best 100 students each year which finish their five years of studies at the University of Automation. University, with a campus behind barbed wire in Pyongyang, for places in it receives over 2,500 applications.
Finally a former professor of computer science in North Korea and defector, Kim Heung-Kwang, said that state hackers are handpicked, noting that this kind of a job is a great honor for these hackers and people are fantasizing about it.
Re/code, technology news site, reported that North Korea is most likely going to be named by Sony as the source of the attack. However spokeswoman for Sony said that studio did not make an announcement and the company declined comment.
A forthcoming comedy and one of the newest Sony Pictures distribution called “The Interview” features a plot to assassinate Kim Jong Un, a leader of North Korea. The film has been described by North Korea as an “act of war”. Currently theaters and TV channels are holding off from playing the movie until holiday season is over.
More than 30,000 South Korean broadcasting companies’ and banks’ PCs were hit by a resembling attack that was launched from North Korea as widely believed by cybersecurity researchers.
A few months later, online presence of the South Korean government was targeted, with the president’s website ruined with a banner reading an encouraging phrase about North Korea’s leader Kim Jong Un.
Both attacks were not considered very sophisticated, however according to South Korean authorities North Korea was to blame, although online activist groups calling themselves ‘hacktivists’ – who, in order to spread political messages, hack high-profile targets – were first to claim responsibility.
Primitive but effective malware, which was later dubbed by the security researchers as DarkSeoul, was used for these attacks.
The hackers, also known as the DarkSeoul Gang, have been involved in a spree, which lasted five years, against various targets within South Korea. As claimed by the security firm Symantec’s report last year, which estimated the group consisted of 10 to 50 hackers and due its ability to execute damaging high-profile attacks was described as “unique”. Still, unknown hacker group “Guardians of Peace” performed very similar attacks to previous ones by the DarkSeoul gang.
It is yet not known whether DarkSeoul gang are working for the isolated country, or some of the troops of Pyongyang in the North Korean ‘cyber army’.
As these attacks continue to happen on big companies, regular users receive more concerns about their own personal data and sensitive information security which cannot be protected by anyone anymore. Well, nearly anyone, guys over at NordVPN have done pretty amazing job creating a product which is amongst the best and offers additional extra security features such as double VPN, Tor over VPN and no logs policy that makes your private data virtually impossible to get to by anyone!
The VPN provider offers plans in a similar way that a lot of other provider do: all in one packages that differs only in the subscription length. There are plans for 1 month, 3 months, half a year, a year and less commonly encountered 2 year plan. Despite plans being seemingly attractive they cost a lot and many visitors may leave the website after seeing the prices. Prices range from € 16.49 for a month to € 10.41 a month if buying a 2 year package. Considering that there are plenty VPN providers who offer a single month packages that cost less than € 10, we were interested that maybe they offer some kind of a feature that no other VPN provider offers. However, all we could find is ability to tunnel the connections of selected programs through VPN instead of all your internet traffic as well as unlimited number of simultaneous connections.
What left us even more surprised is the lack of free trial and refund policies.
One of the selling points of Perfect Privacy has to be their server network. They are a relatively small provider but they are able to offer servers in 23 different countries in all continents. Across these countries there are a total of 36 servers. Nevertheless, there is still a lot to improve on. For example in a country that has so much geo-restricted content – USA there are only two servers and both of them are located in New York meaning that there are no US servers in the west coast.
Security wise Perfect Privacy offers OpenVPN, SSH2-Tunnel, IPSec and PPTP protocols. Encryption is relatively fine since OpenVPN and SSH2-Tunnel are secured using AES-256 Bit encryption. In the mean time PPTP uses MPPE-128 encryption which is much weaker than AES-256 but PPTP was never considered as the most secure protocol anyways.
The payment options variety should be enough for most people but considering the amount they charge we were expecting something more. Nevertheless, what is most important for us is the ability to pay using bitcoins to preserve our anonymity. They also accept payments via PayPal, WebMoney, Perfect Money, EGO pay, etc.
Perfect Privacy does not provide any live support, thus the only options you have are FAQ, tutorials and tickets. We may ignore this fact since the company is rather small. However, if we are going to pay such a price for a VPN we would really expect a 24/7 support that helps you whenever you have questions or problems.
There is only a client for SSH protocol on Windows. If you decide to use OpenVPN protocol or non Windows devices you will have to stick with the open source clients that may not be the optimal solution to reflect the best features that the VPN offers. Overall the SSH client is very easy to use even though does not offer any unique features.
This VPN provider does not keep any logs at all. They also offer an anonymous registration option to emphasize their interest in your privacy. Therefore, Private Privacy is a VPN provider that offers one of the best privacy protection in the market.
During the testing we experienced a slight download speed decrease – about 15%. This is completely understandable due to a strong encryption. Upload speed suffered a slightly bigger hit – almost 30%. And while connected to the closest server we noticed an increase in ping.
Private Privacy is a very solid option for anybody who holds their privacy as a priority. However, the big cost makes it hard to compete against NordVPN that provides similar privacy levels but for a much smaller price.
A flaw, which would allow anyone with the right knowledge hijack any of PayPal’s 150 million customer accounts just with a single click, has been found by cyber-security researcher Yasser Al. Egyptian security researcher has been awarded a generous US$ 10,000 in a bug bounty.
Ali has explained, in a video demo of the bug and a blog post, that this critical vulnerability allowed attacker to hijack any PayPal account, input contact details of their own, and also modify the shipping, billing address as well as payment methods.
Ali, who received PayPal’s maximum bug bounty award of US$ 10,000, said that the flaw was fixed by PayPal instantly.
This makes it a second bug this year which was discovered by Ali. Back in May a gap was exposed by Ali in security of eBay, a global auction website. There is probably no need to mention that PayPal is owned by eBay. This gap would allow an attacker to hack any of 150 million (plus) users accounts on eBay.
“Hacker News” have received from Ali a report of the bug, which technical details were kept in secret until September to give enough time to the security team of eBay so that they can patch it.
From Ali’s blog in which the latest PayPal issue is described it’s clear that Ali have discovered several (three to be exact) security vulnerabilities that allowed takeover of the user’s account, if combined.
Ali figured out a way how to go around PayPal’s security system CSRF (Cross-Site Request Forgery). This security system is designed so that it authenticates all user requests whenever one tries to log on to the website of PayPal.
As explained by Ali, an attacker, thanks to this flaw, could capture CSRF Auth security token and after that they are basically able to validate nearly any request they would want to make on user’s behalf.
He discovered that this CSRF Auth token could be re-used which means that any logged-on PayPal user could be impersonated, not just a single one.
Finally Ali found that an attacker is able to change any security questions of PayPal user without needing user’s password. Thus, having the access to the CSRF Auth validation, attackers could get the access details and after that any account they liked could be ‘simply’ hijacked.
A spokesperson for PayPal have confirmed that one of PayPal’s security researchers, through the Bug Bounty Programme, made it aware of the issue within PayPal’s CSRF protection authorization system. He also noted that security team has fixed the issue already. However, whether any user account had been compromised, PayPal spokesperson could not confirm.
Bloor Research’s senior security analyst, Fran Howarth, commenting on research by Ali said that it highlighted the problem of both vulnerabilities of cross-site request forgery, and also of PayPal’s security weaknesses.
She spoke about CSRF being consistently one of the top ten flaws influencing web applications. She also noted that it’s crucial that every deliverer of web application needs to be aware of it and test it in and out, especially when that web application is a payment system.
Howarth added that this is definitely not the last time that researchers find such severe bugs in the system of PayPal. Instead of just hotfixing the faults that they come by, PayPal should consider a more secure regime of application development and testing.
Meantime Scott MacKenzie, a cyber-expert and also CISO at UK security solutions, said Ali’s research shows how valuable bug bounty programmes are. Three vulnerabilities were identified by Yasser Ali in the PayPal system – an Auth token bypass, a CSRF and a flaw that would let security questions to be reset. It is praiseworthy that PayPal patched these vulnerabilities rapidly and also paid Yasser the bounty that was well earned under the PayPal’s bug bounty programme’s terms.
He also said that organizations adopting such bug bounty programmes are taking very positive steps and that is due a fact that more people looking into your code for possible vulnerabilities makes your resultant systems that much more secure.
Bug bounty programmes are nearly the best way to not just reward security researchers but also secure the systems for any organization connected to the internet, since their security is being tested constantly.
Even biggest online web application developers and companies cannot protect themselves from vulnerabilities which mean, that its users also cannot be protected at all times. An action then can be taken by the consumers to protect their private data and sensitive information. Simplest way doing so is the use of VPN services. We suggest NordVPN as they offer extra high data encryption and advanced security measures such as no logs policy, Tor over VPN and double VPN service.
Although Private Internet Access (PIA) has started offering their VPN services only in 2010 the word about them has already spread and currently it is one of the leading VPN providers. Private Internet Access stands out with a lot of positive reviews spread over the internet, affordable price and great software features.
Private Internet Access stands out for the convenience of their prices. Their monthly plan costs only $6.95 USD and for six months you would pay just $35.95 (which would be just $5.99 USD per month). Their best deal package is a 1 year plan for only $39.95, which means that each month would cost as little as $3.33, making them one of the most affordable VPN providers in the market.
Unlike most other VPN providers PIA allows you to use up to 5 devices at a time enabling you to protect most of your devices without much of a problem. Furthermore, all packages have SOCKS5 Proxy included and supports P2P and VoIP services.
Even though there is no free trial offered you can request for a refund 7 days after making a purchase if you are not happy with the service.
This VPN provider has a total of 21 servers located in the North America (the United States, Canada), Europe (Switzerland, Sweden, France, Germany, the Netherlands, Romania), Asia (Hong Kong, Japan, Israel) and Australia. PIA provides the access to 7 servers in the US (Chicago, New Jersey, Dallas, Bay Area, Seattle, Miami, Arizona) and 2 in Canada. The servers are located in nice distances between each other so every U.S. citizen will have an access to the server which is not far from him. This reduces ping and increases the actual Internet speeds.
PIA uses 3 most commonly used protocols to protect their client traffic: PPTP, L2TP/IPsec and OpenVPN. These three protocols has proved to be sufficient for the majority of VPN users and focuses on different aspects of VPN service: security and accessing restricted content. However, some people may find the security not optional since only 128-bit encryption is used to secure internet traffic.
It is crucial for any online service to provide a variety of payment options that would allow easily pay for purchase. PIA offers a variety of different payment options and you do not feel that you lack options to chose from. The payment gateways include: PayPal, Credit Cards, online wallets, Amazon, Bitcoin, gift cards, etc. We highly value the ability to pay using bitcoin since it promotes anonymity which a lot of VPN users look for.
In our opinion the layout of their guides is very complicated for anyone who is browsing their website for the first time. Therefore, you may need to contact customer supports to clear out any questions you may have about the VPN set up or general questions regarding VPN. You may contact them via live chat or email and should expect an answer in a timely manner.
PIA provides their own OpenVPN client, which is very easy to set up since it comes preconfigured with your username/password in the VPN activation email. The VPN software allows you to choose the region/country you want to connect to, as well as protocol and ports. They provide multiple ports for TCP (80, 110, 443) and UDP (53, 1194, 8080, 9201) connections. You may select protocols and ports from the Advanced settings menu. Another useful thing you can set is Port Forwarding (used by P2P clients or other software that requires direct access to your PC from the Internet). This feature is not supported by many other VPN providers. Port Forwarding is available on servers located in Canada, Switzerland, Netherlands and Romania. The software also include features like DNS Leak Protection, Disconnect Protection, Detect Best Server, Alternate Configurations to guarantee that you are using VPN to its full potential.
Considering that PIA uses only 128-bit encryption we were expecting to see no noticeable speed changes and that was just the case. We did not see any changes in download and upload speeds. The ping also did not suffer and only few milliseconds increase was noticed.
Private Internet Access offers a good VPN service that is acknowledged by the number of users they accumulated since they started working as a VPN provider. We liked a worldwide distribution of servers, their client’s features and no log policy. However, they should still redesign their support website which we found to be lacking in ease of use and improve their encryption strength to match the one used by other providers like NordVPN.