A guide to avoid online censorship & staying safe.

In the past few years you will have seen more and more news about items like SOPA & the Digital Economy Act which were attempts to curb your privacy and rights online by using piracy, child pornography and terrorism as guises to try and push these through.

Even without these recently in the UK the courts have decided that 5 major ISPs must block the piratebay, and thus ending all piracy.

However, these blocks can be circumvented easily and securely using VPNs. There are other guides online to using proxies, however they are not as safe as using a private VPN service.

A VPN allows you to tunnel all your traffic from your device to a server elsewhere using SSL allowing you to totally hide your traffic from your ISP, and making it appear to any sites or services that use that you are coming from the server, rather than your specific device (and it’s associated IP address).

Step 1 – Signing up for a VPN service

I would suggest using a service like http://yourprivatevpn.com, there are 3 packages you can choose from depending on your requirements.

  • Silver provides 2mb download speed, useful for streaming iplayer & general internet usage.
  • Gold provides 6mb download speed, useful for HD streaming and big downloads
  • Premium provides unlimited download speed (50mb), useful for those heavy downloaders among you.

Step 2 – Using the service

YourPrivateVPN comes with a tool for windows and guides for Mac & Linux on how to use the VPN, however the main features are servers in 6 countries (UK, Germany, Switzerland, Netherlands, America & Canada) which allow you to seem to be coming from these countries and helps further anonymise your browsing.

You should use the VPN when doing any browsing that you feel would be looked unfavourable upon by your ISP or the government. By using the VPN none of your traffic is seen by your ISP and therefore can’t be blocked, shape or monitored.

So by using a VPN on Virgin Internet you can visit thepiratebay.se or any other site the British Government and court system decides isn’t in its interest.

When this type of stuff happens in China or Libya it’s called oppression.

Ideas when to use a VPN:

  • When using free internet in places like Starbucks, McDonalds, Airports
  • When using paid for internet in hotels or abroad and are unaware of who is looking at your browsing habits.

Step 3 – Be safe, be private.

That’s it really.

 

ASP.NET Session Timeout

During a redevelopment of my employers website we had massive issues with session timeout’s during use of the website during development, even a simple change to a page on the site was causing the application to recompile and then lose the session data.

This was due to the use of InProc (In Process Mode) Mode for the session, to fix this we moved to StateServer using the following setting in the web.config file:

<sessionState mode=”StateServer” stateConnectionString=”tcpip=127.0.0.1:42424″ cookieless=”UseCookies” timeout=”60″ regenerateExpiredSessionId=”true”/>
 

This now means that even if the application recompiles the session data will remain and will only be lost of the application is restarted or IIS is restarted. Hope this helps anyone searching about session timeouts in asp.net

Rainbow Tables

So Rainbow Tables, the how in ‘How did you crack my password of xuher7863sl in less than a minute?’

The basics of Rainbow Tables are built upon the way that passwords are stored in most cases on servers on on your local computer. Passwords are stored as hashes which are one way operations meaning there is no mathmatically way to turn the gibberish looking string of letters and numbers that is displayed into the original text.

There are many types of hashing functions, with varying complexity and security. The most prevalent hash used on web servers hosting forums, CMS and games use MD5. Without going into the complexities of the hashing function a simple string such as ‘password’ becomes: 5f4dcc3b5aa765d61d8327deb882cf99 .

However no matter how many times you turn ‘password’ into an MD5 hash you will always get the same result, so this provides us an opportunity to create a database of passwords and their corresponding hash. So if you have an unsalted hash then you can simply do a lookup in a Rainbow Table and go ‘what password has the hash of: 5f4dcc3b5aa765d61d8327deb882cf99 ? and you will get the answer: password.

So how do you get around this issue of if someone obtains your hashes and starts to look them up one by one using one of the many hash lookup services (such as GDataOnline) ? Well prevention is cheaper than a cure, and the prevention is too salt your hashes with other random characters by prefix the password with (for example) hsdfh788 and then turning that into an MD5. This instant renders every Rainbow Table useless as they have only been created to compare against original text not hsdfh788password.

 Scroll to top