Express VPN 2019 patch Archives

If you've been struggling to connect your Windows 10 computer or Office 365 account to the internet today, chances are you've been affected by a rather irritating software bug. Fortunately, Microsoft is on the case.

As reported by ZDNet, Microsoft confirmed the existence of the bug March 26 and has now issued a patch to the PCs and servers affected. This problem caused apps like Teams, Office, Office365, Outlook, Internet Explorer 11, and in some cases Microsoft Edge to be unable to connect to the internet.

The problem is caused by people running versions of Windows 10, updated  February 27 or more recently, who were using proxies or VPNs on their devices, features that are now more common as people work from home during the coronavirus pandemic.

Needless to say, without access to the internet, remote working becomes a lot more difficult.

Microsoft originally said it would have an update ready in early April, but the fix is ready now, which is admirably fast. 

This update, titled "2020-03 Cumulative Update for Windows 10," isn't a general update, so you won't get it automatically. Microsoft said you should install it only if you're having connectivity problems. 

If you do need it, go to Microsoft's Windows message center or the Microsoft Update Catalog and download the file that matches the version of Windows you're currently using.

How to install 2020-03 Cumulative Update for Windows 10

To reiterate what we said above, you do not need to download this update if you are not experiencing the associated problems. Only follow these steps if you've been experiencing the internet connectivity issues described here.

Before selecting a file to download, you need to check which version of Windows 10 you are using. To do this, go to:

Start button > Settings > System > About

From here, select

Windows specifications

To check which edition and version number you're using.

With this information in mind, you can then look on either the Microsoft Update Catalog (search for 2020-03 and you'll find the correct update) or this Windows message center article. 

Select the version of the file that matches the version number of your operating system, download it and then run it to install the update, following the installer's instructions.

WireGuard is a free and open-sourcesoftware application and communication protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. It is run as a module inside the Linux kernel, and aims for better performance and more power saving than the IPsec and OpenVPNtunneling protocols.^[3] It was written by Jason A. Donenfeld and is published under the GNU General Public License (GPL) version 2.^[4] The Linux version of the software has reached a stable production release and was incorporated into the Linux kernel release in late March 2020.^[2]

Features[edit]

WireGuard aims to provide a VPN that is both simple and highly effective. A 2018 review by Ars Technica observed that popular VPN technologies such as OpenVPN and IPsec are often complex to set up, disconnect easily (in the absence of further configuration), take substantial time to negotiate reconnections, may use outdated ciphers, and have relatively massive code bases (over 400,000 and 600,000 lines of code, respectively, according to Ars Technica) which makes it harder to find bugs.^[5]

WireGuard's design seeks to reduce these issues, aiming to make the tunnel more secure and easier to manage by default. By using versioning of cryptography packages, it focuses on ciphers believed to be among the most secure current encryption methods, and at the time of the Ars Technica review had a codebase of around 4000 lines of pure kernel code, about 1% of either OpenVPN or IPsec, making security audits easier, and praised by the Linux kernel creator Linus Torvalds compared to OpenVPN and IPsec as a "work of art".^[6]Ars Technica reported that in testing, stable tunnels were easy to create with WireGuard, compared to alternatives, and commented that it would be "hard to go back" to long reconnection delays, compared to WireGuard's "no nonsense" instant reconnections.^[5]

Protocol[edit]

WireGuard utilizes the following:.^[4]

In May 2019, researchers from INRIA published a machine-checked proof of WireGuard, produced using the CryptoVerifproof assistant.^[8]

Encryption[edit]

WireGuard only supports ChaCha20.

Optional Pre-shared Symmetric Key Mode[edit]

WireGuard supports Pre-shared Symmetric, which is included to mitigate any future advances in quantum computing. In the shorter term, if the pre-shared symmetric key is compromised, the Curve25519 keys still provide more than sufficient protection.

Networking[edit]

WireGuard only works over UDP.

WireGuard fully supports IPv6, both inside and outside of tunnel. It supports only layer 3 for both IPv4 and IPv6 and can encapsulate v4-in-v6 and vice versa.^[9]

WireGuard supports multiple topologies:

• Point-to-point
• Star (Server/client)
  • A client endpoint does not have to be defined before the client start sending data
  • Client endpoints can be statically predefined.
• Mesh

Since Point-to-point is supported, other topologies can be made, but not on the same tunnel.

Extensibility[edit]

WireGuard is designed to be extended by third-party programmes and scripts. This has been used to augment WireGuard with various features including more user-friendly management interfaces (including easier setting up of keys), logging, dynamic firewall updates, and LDAP integration.

Excluding such complex features from the minimal core codebase improves its stability and security.

History[edit]

Earliest snapshots of the code base exist from June 30, 2016.^[10] Four early adopters of WireGuard were the VPN service providers Mullvad,^[11] AzireVPN,^[12]IVPN^[13] and cryptostorm.^[14] WireGuard has received donations from Mullvad, Private Internet Access, IVPN, the NLnet Foundation^[15] and now also from OVPN.^[16]

As of June 2018^[update] the developers of WireGuard advise treating the code and protocol as experimental, and caution that they have not yet achieved a stable release compatible with CVE tracking of any security vulnerabilities that may be discovered.^[17][18]

On 9 December 2019, David Miller - primary maintainer of the Linux networking stack - accepted the WireGuard patches into the "net-next" maintainer tree, for inclusion in an upcoming kernel.^[19][20][21]

On 28 January 2020, Linus Torvalds merged David Miller's net-next tree, and WireGuard entered the mainline Linux kernel tree.^[22]

On 20 March 2020, Debian developers enabled the module build options for WireGuard in their kernel config for the Debian 11 version (testing).^[23]

On 29 March 2020 WireGuard was incorporated into the Linux 5.6 release tree. The Windows version of the software remains at beta.^[2]

On 30 March 2020, Android developers added native kernel support for WireGuard in their Generic Kernel Image.^[24]

On 22 April 2020, NetworkManager developer Beniamino Galvani merged GUI support for WireGuard. ^[25]

On 12 May 2020, Matt Dunwoodie proposed patches for native kernel support of WireGuard in OpenBSD.^[26]

On 22 June 2020, After the work of Matt Dunwoodie and Jason A. Donenfeld, WireGuard support has been imported into OpenBSD.^[27]

Reception[edit]

Oregon senator Ron Wyden has recommended to the National Institute of Standards and Technology (NIST) that they evaluate WireGuard as a replacement for existing technologies like IPsec and OpenVPN.^[28]

Implementations[edit]

Implementations of the WireGuard protocol include:

User space programs supporting WireGuard[edit]

User space programs supporting WireGuard include:

See also[edit]

Notes[edit]

References[edit]

Further reading[edit]

External links[edit]

Spim? Spam? Spit? Stop feeling overwhelmed by internet security jargon. Use this handy glossary to figure out what’s what!

Jump to…

ABCDEFGHIJKMNPRSTUVWX

A

Adware

Adware, or advertising-supported software, displays advertisements on your computer in the form of banners and pop-up windows. These ads are a way for software companies to generate revenue. Some adware runs on your machine without your knowledge and consent, while others are intentionally downloaded. While adware is more of a pesky nuisance than a harmful threat to your cyber security, some adware might collect information about your browsing behavior and sell it to third parties.

How does adware work?

While adware is more of a pesky nuisance than a harmful threat to your cybersecurity, some adware might collect information about your browsing behavior and sell it to third parties. This information, such as websites visited and time spent on each one, is used to target you with more advertisements customized according to your viewing habits.

A device can be infected with adware via two main avenues. The first is that it is installed alongside other programs. This is most common with freeware and shareware. The second is by visiting an infected website. The adware takes advantage of a vulnerability in the user’s web browser to stealthily install itself. Once infected, the adware can collect more private information, redirect you to malicious websites, and insert more advertisements into your browser.

Asymmetric encryption

Asymmetric encryption, or public-key cryptography, is an encryption method that requires two keys to access a server: a public key for encryption, and a matching private key for decryption.

How does asymmetric encryption work?

Asymmetric encryption is commonly used on the internet as a means of privately communicating without either party necessarily knowing the other’s private encryption key in advance. Anyone can encrypt a message using the receiver’s public key, but only the receiver can decrypt it.

Asymmetric encryption is more computationally intensive than symmetric encryption. For this reason, it’s often used to establish a “handshake” wherein a private key is exchanged between the sender and receiver. That private key, known by both parties, is then used to communicate using symmetric encryption. This process is commonly used when visiting sites that have “https” at the beginning of their URL.

Antivirus software

Anti-virus software, otherwise known as anti-malware software,  scans your computer or mobile device to detect and restrict the spread of malware on your machine. Since malware is constantly evolving, anti-virus software cannot always detect it, so your machine is always at risk of infection. Anti-virus software is also deployed at an administrative level; many email servers use it to scan emails.

How does antivirus software work?

Antivirus can protect a device from a wide range of threats, including: malware, malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraud tools, adware and spyware. Modern antivirus programs often include both real-time threat protection, which guards against possible vulnerabilities as they occur, as well as a system scan, which sifts through all of the device’s files looking for possible risks.

Several antivirus programs are available for almost every operating system, but none are perfect. Furthermore, more operating systems have begun pre-installing antivirus software, such as Windows Defender on Windows 10. You can install multiple antivirus programs on a single system, but users should be wary of compatibility and performance issues this could cause.

Back to Menu

B

Backup

A backup is an extra copy of the files on your computer or mobile device. It is typically stored in a separate location from the original files, such as on another drive or in the cloud. If anything happens to your files, or if they go missing or get destroyed, then you will be very thankful you have a backup!

How does a backup work?

Note that a backup is an exact copy of whatever files and folder exist on the original. If a file is added to a backed up folder, then that file will appear in the backup. If that file is deleted, then it will be removed from the backup as well (although some backup programs allow recovery up to a certain period of time). This is the key distinguishing factor between backup and storage, wherein storage is a way to save files that may not exist in any other location (Dropbox and Google Drive are examples of storage).

Note that most backup software simply copies user files to another location–often an external hard drive or the cloud. User files include documents, photos, movies, downloads, and music. They do not back up the operating system, settings, or programs. For that, a “full system” or “bare bones” backup is required. Full system backups can be either clones or images, and they are most useful in the event of hard disk failure.

Backdoors

A backdoor opens a “backdoor” to your computer or mobile device through which hackers and other malicious individuals can connect to your machine and infect it with malware and spam.

How does a backdoor work?

Backdoors are used by hackers to gain access to a device by circumventing security mechanisms. Often times developers install backdoors as a means of troubleshooting their program, but this also leaves a gap for hackers to exploit. The term is often used to describe vulnerabilities put in place on purpose, for example, to allow government surveillance groups to access citizens’ smartphones and computers.

Perhaps the most common backdoor is the use of default passwords. If you’ve ever accessed a Wi-Firouter’s admin console by typing something like “admin” into the username and password fields, you’ve exploited a backdoor.

Blended threat

A blended threat is a combination of two or more “traditional” malware rolled into one truly pesky package. An example might be a combo of a Trojan horse, a keylogger, and a worm. Fighting off a blended threat requires a blend of security tools and protection layers.

How does a blended threat work?

Most sophisticated attacks used today are blended threats. They usually target and spread over networked computers, such as those connected to the internet.

Up-to-date firewalls, antivirus, and security patches are the best methods to defend against blended threats.

Blog

A blog, short for “web log”, is a website where users publish content (known as posts) on a regular basis. Blog posts are typically displayed in reverse-chronological order, meaning that the newest content appears first.

How does a blog work?

Blogs have become commonplace on the internet due to the ease of publishing one. Several blogging platforms make creating a blog a relatively simple task, such as WordPress, Blogger, Tumblr, and many more.

Blogs cover a wide range of subjects and types of content. As the definition of blog has broadened significantly, the line between traditional mass media and blogging has blurred.

Bluetooth or IEEE 802.15.1

Bluetooth is a wireless technology standard for data exchange over short distances. Bluetooth enables short-range wireless communication between keyboards, mice, telephones, headsets, tablets, and other devices.

How does Bluetooth work?

Bluetooth can be used to “pair” a wide range of devices such as smartphones, headsets, keyboards, fitness trackers, speakers, printers, and car stereos.

Bluetooth is maintained by a private company that has released several versions of the technology. The latest major release, Bluetooth 5, promises to quadruple the range and double the speed of the previous generation’s Bluetooth 4.0.

Bot or web bot

A bot (from the word “robot”) is a software program that performs automated tasks on the internet. While bots have certain legitimate uses, like crawling and indexing the Web to make search engines more efficient, they can also be used for malware. Evil bots can take over computers, deploy malware attacks, and compromise user data.

How does a bot work?

While bots have certain legitimate uses, like crawling and indexing the Web to make search engines more efficient, they can also be used for malicious purposes. Evil bots can take over computers, deploy malware attacks, and compromise user data.

“Bot” has more recently become a term for low-level artificial intelligence programs that communicate with users over chat channels like Facebook Messenger. While still fairly primitive at the moment, experts speculate chat bots could become a common feature in eCommerce and customer service, among other industries.

Botnet or zombie armies

A botnet (also known as zombie army) is a cluster of computers whose systems have been seized and compromised by an individual with malicious intent. The individual uses these  machines to carry out acts of cyber malice, like sending spam and launching denial-of-service attacks.

How does a botnet work?

The word “botnet” is a combination of “robot” and “network”. Compromised machines are often unknowingly infected with malware or viruses. The bots that make up a botnet can remain dormant until activated to perform an attack.

While botnets are usually malicious, they have some legal applications as well. Distributed computing, for example, can use a botnet to take advantage of the idle resources on multiple devices to execute actions that would not be feasible on a single computer.

Browser hijacker

A browser hijacker changes your browser’s settings without your permission by replacing your homepage, search page, and error page with pages of their own. A browser hijacker redirects your internet activity in order to collect advertising revenue from you, as well as your personal and browsing data.

How does a browser hijacker work?

Browser hijackers often infect computers through malicious websites and software bundles, particularly browser toolbars. They can usually be removed using antivirus software, but that might not be enough to undo the damage done to the host computer. A system restore is recommended.

Back to Menu

C

Certificate authority

A certificate authority is a trusted third-party entity that issues digital certificates. A digital certificate verifies that a public key belongs to the individual whose digital signature is on that certificate.

How does a certificate authority work?

Certificate authorities are used in asymmetric encryption to prevent man-in-the-middle attacks, in which a malicious party intercepts traffic heading to a server and pretends to be the intended receiver.

Trusted CA certificates are usually stored on the client software, such as a web browser. There is no single provider of CA certificates, and the market is fragmented by country and region.

Chat room

A chat room is an area on the internet where individuals can communicate with one another in real time. Chat rooms are separated by topic. Many chat rooms are monitored by moderators, who ensure that users behave according to that chat room’s code of conduct. Since chat rooms allow users to participate anonymously, they can be frequented by predators, who disguise themselves to prey on vulnerable children and teenagers.

How does a chat room work?

Chat rooms can be public or private and include anywhere from two to hundreds of people. Online video games often integrate chat rooms as a means for players to communicate. Chat rooms are also common among remote teams of people who work together online. IRC chat rooms, largely considered the original, are far less common now.

Cookie

A cookie is a little piece of data stored in your web browser. When you visit a website, it sends a cookie to your computer to remember your surfing behavior, like what buttons you click and what items you add to your shopping cart, as well as your log-in information. Cookies are not software and cannot destroy your computer or mobile device, but they can track your browsing activity.

How does a cookie work?

Cookies exist in many forms and usually serve to improve the convenience of browsing the web. Normal cookies only remain active while the browser is on the website that created the cookie. In some countries, websites are required to disclose their use of cookies to users. In other countries this is not the case, including the United States.

Tracking cookies, however, remain active and collect information even after the user has navigated to another website. This information, which includes websites visited and time spent on each one, is often used to target the user with customized advertisement.

Back to Menu

D

Defragment or defragging

Defragging, or the defragment of your computer, is the process  whereby information and files stored on your hard drive are reorganized into a more logical order. The actual defragment process can slow your computer down, but once it’s complete, your hard drive should be considerably quicker.

How does defragmentation work?

Defragging one’s hard drive should be done on an occasional schedule by PC and Mac owners. It can take anywhere from a few minutes to a few hours depending on the hard drive.

However, solid-state drives (SSDs) should NOT be defragged, as it will reduce their lifespan in return for a negligible performance uptick. Make sure you know which kind of hard drive your computer has before defragging.

DHCP

DHCP stands for Dynamic Host Configuration Protocol. It is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers configured for a given network. DHCP assigns an IP address when a system with the DHCP client is started.

How does DHCP work?

DHCP assigns an IP address when a system with the DHCP client is started.

For the average user on a Wi-Fi network, DHCP settings can be accessed through the Wi-Fi router settings.

Digital certificate

A digital certificate or identity key is normally issued by a web certificate authority and contains the sender’s public key verifying that the certificate is authentic and that the website in question is legitimate.

How does a digital certificate work?

Trusted certificates are usually stored on the client software, such as a web browser.

Certificate authorities and the digital certificates they issue are used to prevent man-in-the-middle attacks, in which a malicious party intercepts traffic heading to a server and pretends to be the intended receiver.

Digital signature

A digital signature is normally used in public key cryptography and validates the legitimacy of encrypted data. A digital signature is required to authenticate both the sender of the digital certificate and the authenticity of the certificate.

How does a digital signature work?

Whereas a digital certificate is used to verify the identity of the certificate holder, a digital signature is used to verify the authenticity of a document or message is authentic. A digital signature guarantees the message was not modified by a third party.

Domain spoofing or Domain hijacking

When a domain is hijacked or spoofed, it redirects users to an external website which can infect their computer or device with malicious programs.

How does domain hijacking work?

Domain hijacking is often used to harm the original domain name holder who is cut off from income generated by the site. It can also be used in phishing attacks against visitors who believe they are viewing the original website, when in fact it is a duplicate designed to steal their personal details. Sometimes these stolen domains are sold to third parties.

Drive-by Download

A drive-by download is a download that a person either unwittingly downloads or downloads without understanding the consequences of downloading the file from a website, email, or pop-up window.

How does a drive-by download work?

In the former situation, malicious websites use different techniques to disguise harmful downloads from antivirus programs, such as hiding them in iframe elements.

In the latter situation, drive-by downloads often take the form of counterfeit software. Java, Flash Player, and ActiveX plugin updates are all common lures to trick people into downloading malicious executable files that will install malware and other harmful viruses onto a computer.

DNS

DNS stands for Domain Name System. It syncs up web domain names (e.g. www.expressvpn.com) with IP addresses (e.g. 172.16.254.1), enabling users to use domain names to access IP addresses without needing to remember the IP addresses.

How does DNS work?

Think of DNS as a phone book for the internet associating phone numbers (IP addresses) with people (website URLs). DNS servers are maintained by a number of different entities, though most users default to the ones maintained by their internet service providers.

VPNs like ExpressVPN use their own DNS servers, which helps to hide user activity from the ISP and prevents websites from geographically restricting content.

DoS

DoS stands for Denial of Service. It’s a type of attack in which a website or network is overwhelmed with automated server requests, causing a shutdown of service to legitimate visitors.

How does DoS work?

If you picture internet traffic to be like real-world automobile traffic, then a DoS attack is a way to purposefully cause a traffic jam.

The biggest DoS attacks are actually DDoS attacks, which stands for Distributed Denial of Service. In this attack, the automated server requests are often sent from a botnet, or zombie computers infected with malware. The botnet attacks are “distributed” over thousands of computers around the world, wreaking havoc on the target servers when activated.

Back to Menu

E

Encryption

Encryption is the process by which data is converted into another form which is unreadable without a separate key to decrypt it. See also public key, private key.

How does encryption work?

Encryption is a cryptographic way to hide the contents of files and network traffic using a cipher. Different types of encryption are called algorithms, each of varying strength and complexity against brute force attacks (guessing until you get the right key).

Encryption is the most common way to make files and communications on devices and the internet private. Individual files, internet traffic, and entire devices can be encrypted using widely available, open-source algorithms.

Exploit

An exploit refers to code that takes advantage of a known software vulnerability to gain unauthorized access to a system.

How does an exploit work?

An exploit could take advantage of a bug, a backdoor, or some other security gap in order to take advantage of an unintended system behavior. Exploits typically exist in a system’s design and were not created by a virus or malware.

Exploits are often kept secret by hackers who discover them. If an exploit is published, the entity responsible for maintaining the system or program is usually swift to patch it.

Back to Menu

F

File compression or data compression

To compress a file means to make it smaller by converting its data into a different format. Usually, it is put into an archive format such as .zip, .tar, or .jar. See also image compression.

How does file compression work?

Compression comes in two forms: lossy and lossless. Lossy compression removes bits it deems unnecessary to reduce file size, often resulting in lower quality music and video. Lossless keeps all the information of the original file, but usually can’t make files as small as lossy compression.

While compressed files are smaller, the stipulation that they must first be decompressed means they require more computing resources to use. A smaller video file that’s compressed requires more CPU power for a computer to play than a larger, uncompressed file, for example.

Firewall

A firewall is a security system that regulates traffic into and out of a network. It can be used to block unauthorized entry from outsiders or to block insiders from accessing unauthorized content.

How does a firewall work?

Firewalls typically block or allow traffic based on the application being used and the device’s range of ports. A firewall can block specific programs or only allow a program to utilize certain ports to connect to the internet.

A firewall can be a security measure or a means of censorship or both, depending on the intention of the administrator.

FTP

FTP stands for File Transfer Protocol, a set of rules for transferring files on the internet. Some web browsers have a built-in FTP client, but there are also separate apps dedicated to FTP.

How does FTP work?

FTP allows the transfer of files directly to and from a server. One party is the server while the other is considered the client (even if it’s another server).

Connecting to a server via FTP usually requires a username and password. Transfers are typically encoded using an SSL algorithm.

Back to Menu

G

GIF

GIF stands for Graphics Interchange Format, a bitmap image format. Limited to 256 colors, they are inconvenient for high-quality photos, but due to their support for animation GIFs have become a popular format for short, silent, looping videos on the internet.

How does a GIF work?

GIFs use lossless compression to reduce the file size of images, making them easy to share. Most GIF animations last no longer than a few seconds.

The pronunciation of the term is hotly debated, though the format’s creator (incorrectly) says the intended pronunciation uses the soft “J” sound instead of the hard “G”, so it sounds like “jif”.

Back to Menu

H

Hacker

The term hacker is commonly used pejoratively to describe a malicious person who gains unauthorized access to computer systems with criminal intent, but is also used positively by the coding community as a term of respect for any highly skilled programmer.

What does a hacker do?

Under the computer security umbrella, hackers are divided into three subgroups: white hat, black hat, and grey hat. White hat hackers aim to fix bugs and security vulnerabilities. Black hat hackers exploit those vulnerabilities to gain unauthorized access to a system or cause unintended behavior. Grey hat hackers fall somewhere in between.

More generally, a hacker can describe a skilled enthusiast or expert in a particular field, such as art or business.

HTML

HTML stands for HyperText Markup Language, the standard language for web pages on the internet. HTML is not a programming language like C++ or Python, but a markup language, meaning it defines the way text and other media is read by a web browser, i.e. which text is bold, which text is a heading, which text or which image is a hyperlink, and much more.

How does HTML work?

HTML is maintained by the Worldwide Web Consortium, which decides the standards and features of the language. HTML is currently in its fifth version, HTML5, though much of the content on the web was written in HTML4.

HTML is often combined with CSS and Javascript on web pages, used for styling and programming, respectively.

HTML tags

Tags are the elements of code that mark up text in an HTML file to be interpreted by the web browser into a web page. Examples include <p> for paragraphs, <h1> for headings, and <img> for images.

How do HTML tags work?

Tags should always be closed, denoted by a forward slash. At the end of a paragraph, for example, the closing tag in the HTML should be </p>. Some tags, such as images and line breaks, are often self-closing like so <br />. Failing to close a tag is considered poor style and can cause formatting issues.

Tags can contain attributes that contain more information about the text within them, such as the “alt” attribute for images and the “class” attribute that assists in CSS styling.

HTTP

HTTP stands for HyperText Transfer Protocol, the set of rules that determine how web browsers and servers communicate with each other on the internet.

How does HTTP work?

HTTP is a request-response protocol. A client, such as a web browser, sends a request to a server, which responds with content such as a web page. This is an oversimplification, but gives a rough sketch of the core idea.

HyperText refers to text with references to other text or, put simply, links.

HTTPS

HTTPS is the secure version of HTTP. If a URL contains HTTPS instead of HTTP, it means that website uses encryption and/or authentication methods to secure its connection.

How does HTTPS work?

SSL/TLS, or secure sockets layer/transfer layer protocol, is the most common cryptographic protocol used to encrypt secure communications on the web.

Besides encrypting the information being sent between client and server, HTTPS also authenticates both parties using a public-key system to prevent imposters from intercepting communications.

Hyperlink

A hyperlink (or just link) is a piece of text or image on a website that connects (or links) you to another page or file on the internet. Hyperlinks are conventionally distinguished from their context with an underline and/or a different color.

How does a hyperlink work?

Hyperlink derives its name from HyperText, the HT in HTTP. At its core, hypertext is text that references other text. The text that is linked is called “anchor text.”

Hyperlinks aren’t just used by humans. Web crawlers, such as the ones used by Google to index web pages, can follow hyperlinks to retrieve their documents and files.

Back to Menu

I

IM

IM stands for Instant Message, a message sent over the internet via any number of real-time chat applications.

How does IM work?

The most popular instant messaging apps today are for mobile devices, including Facebook Messenger, WhatsApp, WeChat, Telegram, Viber, and Line. Instant messaging apps are primarily text-based but have evolved to include voice, video, images, links, stickers, and more.

Image compression

Image compression is the process of converting a raw image file (usually a photo) to a smaller format. JPEG and GIF are two such formats. See also file compression.

Learn more about how image compression works.

Internet

The internet is the global, publicly available network of smaller networks and computers within it. Not to be confused with the World Wide Web, which refers to the information space of pages and other content transferred over that network.

How does the internet work?

The internet is decentralized, meaning no one entity hosts or controls its distribution or content. About 40 percent of the world’s population has an internet connection. Any internet user can at any time, with permission, send and receive information and data from any other computer on the network.

IP address

An IP (or Internet Protocol) address is the numerical identifier for a computer on the internet. IP addresses are generally written as a string of digits punctuated by dots or colons as in 172.16.254.1 (IPv4), and 2001:db8:0:1234:0:567:8:1 (IPv6). IP addresses are often linked to geographic areas, allowing a website to identify the country and/or city from which a user is accessing the site.

How does an IP address work?

Any device that connects to the internet is assigned an IP address. This IP address is often used by websites and other web services to help identify users, although a user’s IP address can change if they connect from a different location, device, or if they use a VPN. See also DHCP.

IPv4 was long the standard type of address assigned to a device, but due to the fast growing number of connected devices, the number of IPv4 addresses is soon running out. IPv6 was created to solve this problem, as it offers a much larger range of addresses, but adoption has been hampered by compatibility issues and general laziness.

What is my IP address?

Wondering what your IP address is? Visit ExpressVPN’s “What’s my IP Address?” page and find out!

Back to Menu

J

JPEG

JPEG, which stands for Joint Photographic Experts Group, is an image file format popular on the internet for its ability to retain photo quality under compression. JPEGs are indicated by the file extensions .jpeg or .jpg.

How does a JPEG work?

JPEG is a lossy compression type, meaning it reduces the quality of the original image. JPEG is an ideal format for photos that feature smooth transitions of tone and color, but less apt for graphics, text, and drawings where contrast between pixels is sharp. JPEGs are also not the best format for repeated editing, as repeated compression will reduce image quality over time.

Back to Menu

K

Keylogger

A keylogger is a piece of software that records a user’s keystrokes on a keyboard. Sometimes this is used for technical support, but other times it is used maliciously, without the knowledge of the user, to collect passwords and other personal data.

How does a keylogger work?

Keylogging is also known as keystroke logging or keyboard capturing. Most keyloggers are software based, meaning they run as covert applications on the target computer’s operating system. Some, however, are hardware-based, such as a circuit that’s attached between the keyboard and the USB input. A few are even firmware-based, installed into a computer’s BIOS.

Malicious software keyloggers are often distributed as trojans or as part of viruses. An up-to-date antivirus should be enough to prevent the vast majority of keyloggers from infecting a system.

Back to Menu

M

MP3

MP3, or Mpeg audio layer 3, is a popular compressed file format for audio recordings. MP3s are indicated by the file extension .mp3.

How does an MP3 work?

MP3 is a form of lossy compression, meaning it sacrifices some of the original quality to save space. An MP3 can reduce the size of a digital audio recording by a factor of 10 to 1 without most listeners noticing the difference.

MP3s are often used by streaming music services like Spotify due to the low bandwidth required to play them without buffering, and because individual frames of sound can be lost in transmission without affecting the successfully delivered frames.

Malware

Malware is malicious software, often installed and run without a user’s knowledge. Examples include keyloggers, viruses, exploits, adware, and spyware.

How does Malware work?

Malware is often embedded in or disguised as non-malicious files, and can run as a script, executable, active content, or some other form of software. The purpose of malware can be anything from a prank to a tool used to steal financial information.

Malware can be guarded against using up-to-date antivirus software, a firewall, and a VPN.

Mutual authentication

Also called two-way authentication, mutual authentication is when both sides of a transaction authenticate each other simultaneously. Online, this is often used to prevent fraud by requiring both the user’s web browser and a web site’s server to prove their identities to each other.

How does mutual authentication work?

Both parties must prove their identities before any application data is sent. Mutual authentication the default mode of authentication in some encrypted protocols like SSH and IKE, but is optional in others like SSL.

Back to Menu

N

Network

In the context of computing, a network is a group of devices that communicate with each other, whether by physical cables or wirelessly. Networks range in scale from the connection between your computer and a wireless router, to the internet itself.

How does a network work?

When one device is able to exchange data with another device, they are said to be networked together. Connections between devices can be direct or indirect, with any number of nodes between two or more networked devices. A node can be any device on the network that sends, routes, or terminates data, including servers, routers, and computers.

Back to Menu

P

Patch

A patch is a software update targeted to fix one or more vulnerabilities. Good software developers are constantly testing their code and issuing new patches to users.

How does a patch work?

A security patch is issued to close an exploit that can be taken advantage of to cause an unintended behavior in the software. Other types of patches fix bugs and add improvements. Most patches come from the original developer, but some are created by third parties.

Patches are often denoted by a software application’s version. For example, version 1.0 is the first complete version of a video game, but version 1.02 adds a patch to fix bugs and security holes. Patches can usually be downloaded and installed on top of an existing application, as opposed re-installing the entire application.

Phishing

Phishing is the attempt to acquire personal information (such as a password or credit card number), generally for malicious purposes, by assuming the identity of a trusted authority. One common form of phishing is an email pretending to be from a user’s bank, asking the user to enter his/her online banking login information on another site.

How does phishing work?

Phishing is a homophone of fishing, a sport where bait is used to lure victims. Instead of using malware, a virus, or a hack to access private information, phishers rely on social engineering. That is, making someone believe something that is not true, usually by impersonating a trusted authority or an acquaintance in dire need of assistance.

Credit card information, usernames, and passwords are all common targets of phishing. Phishing can be guarded against by never giving up these types of information over unencrypted channels like email, non-HTTPS websites, and chat apps.

Pharming

Pharming is the (generally malicious) attempt to redirect a user to an imposter website, either by altering a file on the user’s computer or by attacking the DNS server which converts URLs into IP addresses.

How does pharming work?

Users of eCommerce and banking sites are the most common targets of pharming. Users should look for a verified HTTPS certificate to authenticate the identity of a real website. This is often indicated by a green, closed lock icon and the letters HTTPS in the browser URL bar.

Antivirus and antimalware can often protect against pharming attempts that alter host files on the local computer, but they cannot protect against compromised DNS servers. A “poisoned” DNS server has been altered to direct users to a pharming website.

Podcast

A podcast is a regularly updated series of audio files from a content provider, the modern analogue of a radio program. The term was coined as a portmanteau of “iPod” and “broadcast”, though today podcasts are commonly downloaded or streamed onto any number of smartphones and other mobile devices.

How does a podcast work?

Most podcasts come in either audio or video format, and can be viewed or listened to using a variety of applications depending on how they are distributed. These applications are often called “podcatchers.” Podcatchers can automatically download new episodes of a podcast so the newest content is always available on the device of the listener or viewer.

Private key

A private key is the tool used to decrypt messages in an asymmetric encryption scheme. As its name suggests, this key is not made public, unlike the public key used to encrypt the message.

How do private keys work?

In asymmetric encryption, senders encrypt their files and messages using a public key, which can then only be decrypted using the private key. Private keys should be stored somewhere safe and hidden on the receiver’s device.

If a private key is lost or forgotten, anything encrypted using the paired public key can never be decrypted (at least not without considerable computing resources).

Protocol

VPN Protocols are the methods by which your device connects to a VPN server. Some common protocols are UDP, TCP, SSTP, L2TP, and PPTP. Learn more about protocols.

Proxy

A proxy is an intermediary server that allows the user to make indirect network connections to other network services.

How do proxies work?

Users can use the proxy server to request resources from other servers (files, web pages, etc.) as they would without one. However, requesting these resources via a proxy allows the user to remain anonymous online and helps them access restricted content if their actual IP is blocked by the content provider. This is because the request will appear to be from the proxy server’s IP instead of the user’s actual IP.

Public key

A public key is the key used to encrypt a message in asymmetric encryption. Unlike the private key, the public key can safely be shared with anyone without compromising the security of the message.

How does a public key work?

Public keys encrypt messages and files in one direction, meaning the public key used to scramble a file or message cannot be used to unscramble it. Decryption can only be accomplished by the receiver who holds the private key.

Public keys are often stored on local machines and on publicly accessible key servers. MIT, for example, hosts a searchable PGP key server used to encrypt email.

Back to Menu

R

Rogue security software

Rogue security software is malware that poses as anti-malware software, often in an attempt to install additional malware or solicit money for its false services.

How does rogue security software work?

Both a form of scareware and ransomware, rogue security software manipulates victims through fear. Malicious websites often display popups or alerts that ask users to download trojan horses disguised as browser plugins, multimedia codecs, or a free service. Once downloaded, the trojan installs the rogue security software.

Ransomware

Ransomware describes malware that prevents a user from accessing normal functions of a system unless a ransom is paid to its creator.

How does ransomware work?

A typical scheme is for the ransomware to encrypt all of the data on a hard drive or server. The ransomware will display a message that says the data cannot be decrypted until the victim has paid a ransom in Bitcoin to a given Bitcoin wallet address. Once the payment is made, the victim will be sent a password to decrypt the data.

Recovery

Data recovery is the process of using backups, e.g., from a hard drive or online storage, to restore lost data.

How does data recovery work?

The data could be lost due to hardware failure, file corruption, or accidental deletion. The process can restore data either onto the original storage device or onto a separate one.

Recovery can also refer to the process of regaining access to an online account. For example, a user might reset their password after forgetting it in order to log into their email account.

Router

A router is a piece of hardware that directs traffic between networks, most commonly between a computer and the rest of the internet. Practically, the word “router” is often used as shorthand for “wireless router”, a type of router that also functions as a wireless access point.

How does a router work?

Routers use the DHCP protocol to assign IP addresses to each of the devices on their network. They are typically embedded directly on the device’s firmware and don’t employ software. The most popular router firmware brands are DD-WRT and Tomato.

How can I use a router to protect my devices?

ExpressVPN users can set up their VPN connection directly on a router’s firmware, which allows every device connected to automatically route their internet traffic through the VPN server.

RSS

RSS stands for Really Simple Syndication, and is a popular method for publishing regularly updated content on the internet. Instead of repeatedly checking a website for new content, a user can subscribe to an RSS feed using a feed reader or aggregator to receive automatic updates from that and other sites.

How does RSS work?

Information published through RSS can be text, audio, video, and images. This information is sent using an XML format that contains both the information itself as well as metadata such as author name and timestamp.

RSS readers can aggregate RSS feeds using web apps, native desktop clients, or mobile apps. Subscribing to an RSS feed is free and usually only requires the user to copy and paste the feed’s URI or searching for it in their preferred app.

Rootkit

A rootkit is a type of stealth malware designed to hide its own existence from detection. Because of this, rootkits are often extremely difficult to remove, and often necessitate completely wiping the hard drive and reinstalling the operating system.

How does a rootkit work?

The “root” in rootkit refers to the top level of administrative privileges that can be granted on a computer. Rootkits attempt to escalate its own privileges to root so there is effectively no higher level account that can remove them.

Once a rootkit has gained root privileges, it can access, modify, delete, and install software and files.

Back to Menu

S

Symmetric encryption

As opposed to asymmetric encryption, symmetric encryption requires the same key to encrypt and decrypt a message. Therefore both keys must be private in order to keep the message secure, unlike asymmetric encryption in which the key for encryption can be public.

How does symmetric encryption work?

The key must be exchanged between both parties. Symmetric encryption requires less computational power than asymmetric encryption but isn’t always as practical. For that reason, asymmetric encryption is often used to verify both parties, and symmetric encryption is used for actual communication and transfer of data.

Symmetric encryption can either encrypt the digits of a message one at a time as they are sent (stream ciphers), or encrypt the digits in blocks and send them as a single unit (block ciphers)

SMTP

SMTP stands for Simple Mail Transfer Protocol, a standard set of rules for sending email through the internet. At the user level, it is generally used only as a sending protocol. For receiving, applications generally prefer other protocols like POP3 or IMAP.

How does SMTP work?

While not used by employed by user-level email clients, SMTP is often utilized by email servers and mail transfer agents.

SMTP connections can be secured by SSL, known as SMTPS.

Social engineering

Social engineering is the umbrella term covering scams like phishing, pharming, spam, and scams. Unlike other forms of malicious hacking that exploit a user’s software, social engineering exploits our natural tendency to trust each other.

How does social engineering work?

Social engineering is often employed by fraudsters to impersonate a trusted authority. The goal is to manipulate a victim into performing a certain action or giving up private information, such as a password or credit card number.

Spam

Spam is unwanted email, also known as junk mail. Modern email clients like Gmail automatically detect messages likely to be spam and sort it into a separate folder.

How does spam work?

Spam is often sent unsolicited to hundreds or thousands of people at once. Lists of email addresses are acquired by spammers through both legal and illegal means.

Spam mail often contains links disguised as a familiar website but actually lead to phishing sites and malicious sites infected with malware.

Spim

Spim is spam in instant message (IM) form.

Spit

Spit is spam over VoIP, e.g. Skype or Viber.

Split Tunneling

Split Tunneling is the process of allowing a VPN user to access a public network while also allowing the user to access resources on the VPN.

How does split tunneling work?

Practically, split tunneling allows you to access the internet while also accessing devices on a remote network, such as a network printer.

How does ExpressVPN use split tunneling?

The ExpressVPN App for Routers has split-tunneling capabilities, allowing users to select which devices connected to the router are protected by the VPN and which are simply connected to the internet.

The ExpressVPN App has a split-tunneling feature called “Connection Per App”. Users can select which apps will use the VPN and which apps won’t when their computer is connected to ExpressVPN.

ExpressVPN apps use split tunneling to give you the best of security and accessibility. Learn more about ExpressVPN’s Split Tunneling feature.

Spyware

Spyware is malware that logs data from a user’s computer and secretly sends it to someone else. This data can be anything from a user’s browsing history to login names and passwords.

How does spyware work?

Most spyware is designed to monitor user activity, then serving them pop-ups and other targeted ads using the stolen information. Other types of spyware can take control of a computer and direct them to certain websites or installing additional software.

Most spyware can be guarded against using up-to-date antivirus.

Spear Phishing

Spear phishing refers to phishing targeted at a specific user or organization. Because of this targeting, spear phishing more likely to appear authentic to its victims, and is generally more effective at deceiving them.

How does spear phishing work?

Spear phishing attacks often impersonate someone acquainted with the victim. The goal is to manipulate the victim into divulging private information such as a password or credit card number.

Spear phishing is by far the most successful type of phishing attack, accounting for nine out of 10 successful attacks.

Learn more about phishing and spear phishing.

SSL

SSL stands for Secure Sockets Layer. It is the standard security technology for establishing an encrypted link between a web server and a browser, ensuring that all data passed between the web server and browser remains private and secure.

How does SSL work?

When a browser is connected to a site through SSL, the URL is prepended by HTTPS. SSL is the most common secure transfer protocol on the internet.

SSL is also built into the OpenVPN protocol, which is a VPN protocol used by ExpressVPN and many other VPN clients.

Back to Menu

T

Trojan horse

A Trojan horse, or simply Trojan, is malware masquerading as legitimate software, named after the famous Trojan horse in which ancient Greek soldiers smuggled themselves into Troy. Trojans often act as a backdoor to give an attacker remote access to a user’s computer.

How does a trojan horse work?

Unlike viruses and worms, trojans generally do not spread themselves. Trojan’s are often spread through some sort of social engineering, such as phishing.

The purpose of a trojan can range from destroying the victim’s system to using their resources as part of a botnet, extorting money, and stealing data. Up-to-date antivirus software and vigilance on the part of the user are the best defenses against trojans.

Back to Menu

U

URL

URL stands for Uniform Resource Locator. A URL is a web address, like www.expressvpn.com. When a user types a URL into a web browser, the URL is then translated into an IP address by a DNS server.

How does a URL work?

URLs are usually displayed in a web browser’s address bar. Most URLs point to web pages, but they can also direct users to email addresses, FTP servers, downloads, and more.

URLs often contain two to three parts appended together: a protocol (https://), a host name (www.expressvpn.com), and a file (/what-is-vpn).

URL spoofing

URL spoofing is the attempt to mislead a user to a different (often malicious) website by imitating or “spoofing” a legitimate URL.

How does URL spoofing work?

The website for a spoof URL looks exactly like the original, but it often contains malicious software or a phishing scam.

Sometimes spoofed URLs are accessed due to a bug in web browsers that lack the latest security updates. Other spoof URLs simply look similar to the original. For instance, the URL could transpose two letters in the hopes that the user won’t notice: www.experssvpn.com
Back to Menu

V

Virus

A computer virus is malware that replicates itself and infects computer data, files, programs, and systems, similar to its namesake that infects human bodies.

How does a virus work?

Viruses always attach themselves to other programs. A virus can make a computer slower, steal private information, take up disk space, corrupt data, display messages, spam the user’s contacts, and log their keystrokes.

Viruses can be guarded against using up-to-date antivirus software.

VPN

VPN stands for Virtual Private Network. It is an encrypted tunnel between two devices which allows you to access every website and online service privately and securely.

How does a VPN work?

A VPN routes all the internet traffic from a device through a server in a remote location, which is often chosen by the user. From there, the traffic arrives at the intended destination, masking the true IP address and location of the user.

Encryption is also a key distinguisher of most VPNs from other types of proxies. VPN traffic is encrypted so third parties cannot decipher it. These parties might include hackers, the user’s ISP, and government agencies.

Learn more about VPNs.

Vulnerability

In the context of computing, a vulnerability refers to a known weakness in a piece of software that could potentially be exploited by an attacker. Software developers generally test for vulnerabilities and release patches to fix them.

How does a vulnerability work?

Vulnerabilities often lead to security risks. If a hacker exploits a vulnerability, this is called a breach. However, not all vulnerabilities have exploits.

Vulnerabilities exist as a result of the design, implementation, or operation of the developer or admin, and are not created by the attacker.

VoIP

VoIP stands for Voice over IP (Internet Protocol). VoIP is the internet equivalent of a telephone service, most commonly implemented by Skype and Google Hangouts.

How does VoIP work?

VoIP technology allows audio to be digitized and then sent over the internet so two or more parties can have a conversation in real time. It is a feature now built into most computers and smartphones.

Learn more about how ExpressVPN helps you use VoIP.

VPN Client

ExpressVPN is a premier VPN client that offers best in class security with easy-to-use software.

How does a VPN client work?

A VPN client allows the user to choose the server location and often the protocol used, among other settings.

ExpressVPN is a premier VPN client that offers best in class security with easy-to-use software.

Back to Menu

W

Web page

A web page is a file on a server that can be accessed by someone via the internet. Generally, this file is written in HTML and includes text, images or other media, and links to other web pages.

How does a web page work?

A web page differs from a website. A website is made up of multiple web pages, at the bare minimum an index page (more often called a home page). Each web page is stored as a single file on a web server, though it may integrate content from multiple sources.

Besides HTML, web pages can include code written in PHP, ASP, and Perl. Web page design, formatting, and style is usually governed by a separate CSS file.

Web server

A web server is a computer that stores, processes, and delivers web pages to clients who request them. This is usually done through a web browser which then displays the page to the user.

How does a web server work?

Web servers always use the HTTP or HTTPS protocol to communicate with clients. The term web server can refer to the server software or the entire host system, including the physical server and firmware.

Web servers primarily serve content, but they can also receive input from online forms and user uploads.

WEP

WEP stands for Wired Equivalent Privacy, and is a security protocol for wireless networks. Due to known security flaws, WEP has since been superseded by WPA and WPA2.

The goal of WEP was to implement confidentiality on par with a wired network. WEP was once the most common type of security used on Wi-Fi networks and is still very common despite its well-documented flaws. As a result, many devices–routers, computers, and smartphones–still support the deprecated algorithm.

Wi-Fi

Wi-Fi (a play on “Hi-Fi”) is a local area wireless technology that lets devices network with each other over radio frequencies.

Learn more about how Wi-Fi works.

Wi-Fi hotspot

A Wi-Fi hotspot is a physical location where you can connect your Wi-Fi-enabled device to the internet over a public wireless network. Be careful, though! While many Wi-Fi hotspots use WEP or WPA security protocols to encrypt your connection, others have no such security features, leaving you and your data vulnerable to malicious third parties.

Learn more about how Wi-Fi hotspots.

Worm

Like a virus, a worm is self-replicating malware. Unlike a virus, a worm is a standalone program and does not need to be part of another program to function.

How does a worm work?

Some worms are only created to replicate themselves and not do harm, though they all at least consume some bandwidth and disk space. More malicious worms carry “payloads,” which can destroy files, install backdoors, encrypt files, and install malware.

Worms are often spread through spam attachments. They can be protected against by not opening untrusted email attachments, keeping your device’s operating system and programs up to date, and installing up-to-date antivirus software.

WPA

WPA stands for Wi-Fi Protected Access. WPA is a wireless security protocol designed to replace WEP with better encryption and authentication. In turn, WPA2 is a replacement for WPA.

How does WPA work?

WPA2 is the recommended security protocol for Wi-Fi networks. Devices can connect to a WPA-protected network with a password, security code, or using a Wi-Fi protected setup (WPS). However, routers that allow devices to connect using WPS enable a flaw that allows WPA and WPA2 to be bypassed.

WPA2 certification is mandatory for all devices that carry the Wi-Fi trademark.

Back to Menu

X

XML

XML stands for Extensible Markup Language and like HTML, is used to format and present information on web pages. However, unlike HTML it does not have a fixed set of formatted tags but instead acts as a meta-language. This flexibility allows webmasters to be able to construct their own markups.

How does XML work?

XML is used to structure data in a way that both machines and humans can easily read it. Several types of documents use the XML syntax, including RSS feeds, Microsoft Office’s latest document formats, and Apple iWork.

XML is extremely flexible, allowing users to create and nest their own tags and attributes. Developers create and develop many interfaces to help easily process XML data.

Back to Menu

Read more online privacy guides from ExpressVPN here

Featured image: BillionPhotos.com / Dollar Photo Club