The odd-musings of Jared, the Director of Network Security for IAPS Security Services.

Hi Folks,

I wanted to sit down and take this opportunity to explain whats been going on over the past 2 weeks. After over 18 months of client feedback, we’ve integrated several new features into a few selected servers. These new features took a bit to master but we believe we’ve finally got them down pat.

The team here at IAPS has been working over time and our phone lines have been flooded with calls, some with complaints and some with praise. As a few of you know, we’ve brought back the Goldenhawk server from the grave. We’ve rebuilt and redesigned it yet again and its functioning very well at this point. I wish to thank my beta tester volunteers for your time in testing and re-testing this server. You guys provided valuable support and information that enabled us to finely tune that server. If you are currently a client in good standing with IAPS and have an active account on any server in any jurisdiction and would like to become a beta tester as well, please send an email of interest to beta@intl-alliance.com and we’ll keep you updated as to when we’ve got new toys that need testing.

My apologies go out to all of you that have endured server outages and disconnections on the servers that we’ve been recently working on. Our goal was to provide the most up-to-date servers that provide the best bandwidth delivery system and provided the best overall experience we could provide. We feel now that we have met this goal and are proud of our recent accomplishments.

I’d like to thank all the branch offices and resellers for their help and participation in making this transition period one of the smoothest ones I’ve seen thus far. I’d especially like to thank the branch offices in Spain, Thailand, Bermuda, Germany, Ireland, France, and Canada for their utmost dedication in professionalism. You guys helped pull this all together and ensured we were on the right track. My utmost gratitude to all of you.

Error 806: a connection between your computer and the VPN server has been established but the VPN connection cannot be completed. The most common cause for this is that there is at least one internet device between your computer and the VPN server is not configured to allow GRE protocol packets Verify that protocol 47 GRE is allowed on all personal firewall devices or routers.

Resolutions:

1) if you have a router/firewall, make sure you open TCP Port 1723, IP Protocol 47 (GRE).
2) make sure you can reach the VPN server by using ping. Sometimes, poor connection can cause this issue too.
3) You may need to updated firmware on a router or firewall.
4) The VPN server may not be able to get IP from DHCP for the VPN client. So, you may want to re-configure VPN host networking settings. For XP pro VPN host, go to the Properties of the VPN>Network, check Specify TCP/IP address and Allow calling computer to specify its own IP address, and uncheck Assign TCP/IP addresses automatically using DHCP.
5) Make sure other secure software blocks your access, for example, if you use Norton secure software, you may need to add the remote client’s IP so that the client can access.
6) If your VPN running on a Windows RRAS with NAT enabled, you may want to check the NAT settings.

Error 800: Unable to establish the VPN connection. The VPN server may be un-reachable, or security parameters may not be configured properly for this connection.

Resolutions:

1) if you have firewall, open TCP Port 1723, IP Protocol 47 (GRE).
2) make sure you can reach the VPN server by using ping. Sometimes, poor connection can cause this issue too.
3) You may need to updated firmware on a router or firewall if other OS (win9x/nt/me/w2k) works except XP.
4) The VPN server may not be able to get IP from DHCP for the VPN client. So, you may want to re-configure VPN host networking settings. For XP pro VPN host, go to the Properties of the VPN>Network, check Specify TCP/IP address and Allow calling computer to specify its own IP address, and uncheck Assign TCP/IP addresses automatically using DHCP.
5) Make sure no other secure software blocks your access, for example, if you use Norton secure software, you may need to add the remote client’s IP so that the client can access.
6) If your VPN running on a Windows RRAS with NAT enabled, you may want to check the NAT settings.
7) If you can establish the VPN from the desktop at home but not from the laptop. Make sure no security software like Microsoft OneCare software that blocks the GRE.

Folks, all I can say is wow! People are up in arms over this election. I was on Twitter watching live reactions to the voting results last night and it didn’t seem all that positive. I saw other news reports that Tehran was up in flames. Why resort to violence and property destruction over an election? To me it seems that the extremes in the middle east just won’t ever die. They seem awful quick to kill each other over the drop of a dime. How can you call that a civilized society?

I can certainly understand anger and frustration, but to resort to violence? Thats a bit over the top.

They claim that Ahmadinejad won by a landslide victory of 66%. But now every one is claiming fraud at the polls and they want to challenge the results. American and British media companies are also in the mix claiming the same thing. Supreme Leader Ayatollah Ali Khamenei of Iran urged the nation to unite behind Ahmadinejad, labeling his victory as a “divine assessment”. How they reached that assumption is beyond me. The last I heard we were all equal men and women and no one was better than the other. But I guess not every one subscribes to this policy.

The opponent, Mousavi lodged an official appeal against the result to the Guardian Council on June 14, 2009 which was to be expected. I see more and more recent elections getting appealed every year, but not many of those complaints actually doing anything to change the results.

The campaign was the most expensive in the Islamic republic’s history, with the two main candidates spending more than tens of millions of dollars in bid to convince voters to support them. Funds were spent on, among other things, a mass distribution of computerized propaganda, such as CDs and DVDs. Another interesting phenomenon which took place during the campaign was a dramatic rise in the number of text messages sent to Iranian cell phone subscribers, from 60 million messages a day to some 110 million.

The opinion polls in Iran have been considered unreliable. A number of polls conducted between relatively small voting groups, like university students and workers, have been reported as election propaganda. More general polls reported in the media do not state the polling organization nor the basic facts about the methodology. The results show a high variance and depend heavily on who is reporting the poll. This is not surprising at all.

In 2002, the polling organization Ayandeh and another polling organization was closed and its directors were arrested. The director of Ayandeh, Abbas Abdi, spent several years in prison. But can we say this is surprising? Most certainly not. Polling fraud happens in every single country, the United States and United Kingdom included. From what I’ve seen, it always comes down to whichever candidate has the most money and most influence combined with the most friends in high places and low places alike.

He who controls the polls generally wins the polls.

Folks, I’m happy to announce the release of our newest coverage area: France.

French TV is now available via the Zattoo client. The channels now available are as follows:

Direct 8
La Chaine Parlementaire
Virgin 17
Gulli
TV 5 Monde
LUXE.TV
France 2
France 3
France 4
France 5
Arte
TV8 Monte-Blanc
ABC News Now
Al Jazeera
Bloomberg TV
Deutsche Welle
SF Info
Automoto TV
Sumo TV
The Poker Channel
God Channel
God Europe

If your French by birth and living abroad or just a big fan of French TV, now is your chance to get it. It doesn’t matter what country your currently in. You can watch it all day long and keep up with whats happening live in France.

Folks, the second transition is about to begin. I believe the first one went quite well for those of you in the transition phase from the Nighthawk server to Silverhawk. I’ve gotten numerous compliments over the new single account service so we’ve decided to do it again and transition another server over.

We will be transitioning all of you from the current Secure9 server to the new Goldenhawk server over the next 72 hours. Please do not flood us with complaints when your account is being moved. New account information will be sent when it has been setup on the new server. This move is being made entirely for your benefit and enjoyment. Please bear with us during this transition as we make the service better for you. Thank you.

Without International Alliance Privacy Services, whenever you connect to the internet, everything you read or write, transfer or receive is basically unencrypted and in plain text. The internet is constructed in a way that data is transferred from your pc, laptop or notebook over multiple other computers to their destination which could be your friend’s pc or a web server. Each computer in this chain is called a ‘hop’ because the data is figuratively ‘hopping’ from one computer to the next until they reach the desired destination.

Over how many hops data is routed depends on the distance between sender and recipient and the routing setup, but connections are on average carried over about one to two dozen hops. At each of these computers or hops, everything you send or receive — the web sites you request, your emails, your chats, the files you transfer, etc. — can be read and stored. Your transferred information could also be read and stored if somebody would wiretap the cables or connections between any of these computers, including the line at your own home. The most convenient location to observe you and to store everything you do on the internet is, of course, your ISP (Internet Service Provider), because all data you send to the internet and receive from it have to pass through your ISP. In the last years and months, many countries passed legislation which obliges your ISP to record your connection data and to store it for several months to several years. ISP’s in some countries are obliged to hand these data over to law enforcement or secret service agencies without review by an independent judge.

Here is where International Alliance Privacy Services can help you. If you sign up for our service, you will get access to several encryption and anonymization servers located in different parts of the world. Instead of connecting directly to a web site or to your friend, International Alliance Privacy Services will create a high security encrypted connection to one of our servers first. All data you choose will then automatically be encrypted by your pc and sent through this encrypted connection to our anonymization server. Our server will accept the data and in addition will strip the data from information that could personally identify you.

Data, texts, photos, emails, movies, or web site requests you send over the internet carry for example a unique number, called IP address, which identifies you. You can compare it to a telephone number. Every computer which is connected to the internet, including yours, has a unique IP address which identifies it. These data sometimes also contain other personal information, such as the browser you use and its version, your operating system, or software plug ins you have installed. If somebody investigates these pieces of data he knows they were transferred by your machine or sent to you.

Our anonymization server decrypts the data it received and replaces your personally identifying information (such as your IP address) with its own identity. Then it sends the data to the destination, e.g. the web site you wanted to access. The web site and all hops (computers) between it and our anonymization server will no longer know to whom the data really belong. They will think our server made the request, and the web server will thus transmit the requested content of the web site back to our server, where our server will encrypt the data again and send it to your PC.

We currently have highly secure servers in 10 countries: United States, United Kingdom, Canada, Luxembourg, Switzerland, The Netherlands, Germany, Hong Kong, Czech Republic, and Malaysia.

Folks, my blood really boiled today. I’ve rarely been as pissed off as I was today over a story I read on another website. The story I read was entitled “Subpoena seeks names — and lots more — of Web posters” and clearly shows how far the U.S. Government will go to suppress free speech and anonymous comment posting.

Never in my life have I seen such a malicious act such as this. These were common every day people posting their thoughts and opinions. But to have the U.S. Government go in there and serve them with a blanket subpoena demanding all their comment posters information including home address, phone numbers, email addresses, and dates of birth? Just for simply commenting and voicing their opinions? Excuse the fuck out of us Mr. Government! We are The People you have sworn to protect and we have have voices that will be heard!

You cannot silence us Mr. Obama. We shall be heard and the rights of the people shall be exercised! We are no longer sheep to be lead to the slaughter house. We are not part of your global plan for world domination! We have no interest in foreign wars, we have no interest in you deflating the value of our currency, we have no interest in your propaganda. We The People demand our respect and you will give it to us!

Folks, its absolutely important to maintain internet encryption at all times in this day and age. I can guarantee you that governments around the world are tapping your internet records and everything you do. Why? Because they feel the need for absolute control. If they fear you, they arrest you. Simple as that. However, you can fight back. If they are going to tap your lines, make them work for it. Use as much encryption as possible. I personally recommend Secure Shell (SSH) because of the high levels of encryption that it provides and IAPS has multiple countries in which we offer this service.

Folks, the fight for your privacy is in your hands. The biggest question that comes to my mind is this: How far are you willing to let your government push you around and take all your Constitutional rights?

Folks, I’ll be upfront and honest with you. Per our last amended Terms & Conditions page my security department and myself, dated on August 30, 2008 stated that new security requirements were actively enforced to cut down on the fraud rate.

Not many of you read these terms and attempt to order through proxies, other vpn’s, and other privacy services. Folks, I can’t tell you how much of a no-no this is. Our security department actively blocks known vpn providers and other proxy services on a daily basis and this includes most of the known AOL ip address ranges. AOL was specifically blocked because of the immensely high amount of payment fraud coming from that network. A friendly chat with the network security chaps over at AOL didn’t produce tangible results on ways to effectively cut the fraud rate coming from their networks so we made the decision to start blocking those ranges from being able to access our site and services.

As per the Terms & Conditions written on August 30, 2008 any order that is placed under a proxy server is automatically blocked and refused. We will not fill orders placed under a proxy. I guarantee many more will try and many more will be blocked. Once a proxy is discovered, we not only ban that ip address, we ban the entire subnet belonging to that provider. If there is some absolute reason you must be under a proxy, then talk to us first and let us know why. We’re reasonable people here but take our networks seriously to prevent fraud, spam, and other malicious activity from originating by our networks. Its not fair to our legitimate clients to have fraudsters and scam artists running wild on our networks. So we protect our networks with every means available to us.

Additionally, due to the extremely high rates of fraud in Nigeria, Ghana, Senegal, VietNam, Cote D’Ivoire (Ivory Coast), Liberia, Cameroon, Benin, Sierra Leone, & Sudan, these orders are automatically rejected under any condition.

It is the ultimate responsibility of the team that works at IAPS to protect both our clients and our networks by all means possible. We rise to that challenge on a daily basis and will continue to do so. If any of you have any questions or concerns, please feel free to get in contact with us. Thank you.

Folks, over the last 2 years I’ve seen several debates about the RuneScape game. The current theory holds that if you have an ip address that ends in .1 you have a much better better chance of winning of the game. Now I am not a player of the game myself but I’ve met several of you who are. I personally don’t believe in the theory myself but have now made available several .1, .2, .3, and .4 ip addresses.

For those of you that are hardcore gamers that believe in this theory, this design was made just for you. For those of you that need this type of ip address, please use my contact form and refer to this blog post and I’ll respond with what you need to do to obtain this service from me.

Folks, I’ve tested the new Windows 7 Beta (version 7100) and can confirm full compatibility with all IAPS Security Store services. This includes full compatibility with SSH & VPN services. There’s not much of a real difference between Vista and the new Windows 7 except for graphical design and the placement of certain files. If you are a seasoned veteran of Windows Vista, you’ll notice these changes almost immediately.

For those of you that have decided to stick with Windows XP, you can decide for yourself if upgrading is the right thing for you. I have personally seen a stable operating system with Windows 7 on the computers we have here in the control center.

We performed a direct upgrade from existing installations of Windows Vista Ultimate Edition and the only draw backs we’ve seen are that several existing programs that were loaded on the Windows Vista boxes needed to be reinstalled once the upgrade was complete. With the reinstallations of those certain programs full functionality did return. Overall, a nice operating system but it still needs those finishing touches to make it a gold standard product.