Security

Don't use a VPN in United Arab Emirates – unless you wanna risk jail and a $545,000 fine

Arab monarchy tries to slam door on privacy tools


A royal edict from the president of the United Arab Emirates (UAE) may have effectively made it illegal for anyone in the country to use a VPN or secure proxy service.

Those caught could face jail time and fines of between 500,000 and 2,000,000 UAE dirham (US$136,130 and $544,521). The change was announced this week by the UAE President His Highness Sheikh Khalifa bin Zayed Al Nahyan in a proclamation that amended federal laws.

The wording is ambiguous and technologically illiterate. Essentially, it seems, you are not allowed to use systems that hide the fact that you're committing a crime or covering one up. If you're routing your network traffic through a secure VPN or proxy server, you could be evading the eyes of the state while breaking a law, and that's now a big no-no.

You could claim you were using the VPN or proxy for legit reasons, and that no criminal activity was being committed or concealed, but since your packets were encrypted, you may have a hard time proving your innocence.

The tweaked law now reads as follows:

Whoever uses a fraudulent computer network protocol address (IP address) by using a false address or a third-party address by any other means for the purpose of committing a crime or preventing its discovery, shall be punished by temporary imprisonment and a fine of no less than Dhs 500,000 and not exceeding Dhs 2,000,000, or either of these two penalties.

Less than 15 per cent of the desert kingdom's inhabitants are locals, with the rest of the population made up of expatriates, many of whom want to access private corporate networks and the internet at large without being limited by the filtering systems the country has set up. The state telco blocks anything seen as being against UAE values, any Israeli domains, and pornography sites, as well as many VoIP services for calling home.

There are two state-sanctioned VoIP services, Etisalat and Du, but they are relatively expensive. Skype was outlawed in the kingdom, but that ban was lifted in April after Microsoft and business leaders complained that the blockade was discouraging businesses from coming to the country.

In the meantime, if you're visiting the UAE, using a VPN or proxy server may be problematic. The new law is now in effect, and you may get a knock on the door by the police if you try using one of those services. ®

Send us news
60 Comments

You’ve trained at the cutting edge, here’s how to keep your DFIR skills razor sharp

Sometimes the most important tool is a bookmark

Sponsored There’s nothing like five or six days of in-depth training with SANS Institute to develop cutting-edge Digital Forensics and Incident Response security skills.

But then how do you keep those skills honed day to day, week to week, and for free? By checking in regularly with the SANS DFIR page, which should be your go-to one-stop shop for a ton of DFIR resources.

As well as the latest webcasts, whitepapers, and other free content featuring SANS’ highly experienced instructors, you can download the latest version of the SANS SIFT Workstation, SANS’ free suite of open-source incident response and forensic tools. These are the same tools at the heart of SANS’ forensics, response, and intelligence courses, and will give you a head start when it comes to analyzing file systems, gathering network evidence, pulling together memory images, and all the other tasks that are part and parcel of modern forensics.

Continue reading

Chips'n'China on the agenda as the Quad – Japan, India, Oz, US – prepares to meet

Not that the Middle Kingdom is singled out directly

A private meeting will be held between President Joe Biden and India’s Prime Minister during the first in-person summit of The Quad in Washington DC this Friday, during which semiconductors and a united front against China are likely to be discussed.

"The President will participate in a bilateral meeting with His Excellency Narendra Modi, Prime Minister of the Republic of India," said the White House confirmed on Monday regarding the first meeting between the two leaders. Biden is also planning to privately meet Japanese Prime Minister Yoshihide Suga.

Speculation is that the bilateral meetings will cover the US, UK, and Australia's new trilateral security pact, the AUKUS alliance. The trio want to build a Chinese-countering Western presence in the Indo-Pacific by assisting Oz in deploying nuclear-powered submarines and other tech.

Continue reading

Amazon Web Services set to support more Asia-Pacific currencies for customer bills

Australian users told first of plans to create 'Seller of Record' subject to regulatory approval

Amazon Web Services (AWS) is working to bill its products in a range of Asia-Pacific currencies as necessary, The Register has learned.

This story starts with an odd email sent to Australian AWS customers that opens: "We are working on a corporate reorganisation by which Amazon Web Services Australia Pty Ltd ('AWS Australia') is proposed to replace Amazon Web Services, Inc. ('AWS Inc.') and be appointed as a reseller of AWS cloud services for account(s) based in Australia."

Among the changes to flow from the arrangement outlined above include locally issued invoices, the inclusion of local taxes, and a move to paying for services in Australian Dollars by default for credit card customers.

Continue reading

Twitter offers to cough up 80 days of annual sales to settle 'false' user count lawsuit

Web biz proposes $800m to disappear accusations of over-promising audience size to investors

Twitter has offered to pay $809.5m to settle a class-action lawsuit filed in 2016 accusing it of misleading investors by falsely inflating its number of monthly active users.

“The proposed settlement resolves all claims asserted against Twitter and the other named defendants without any admission, concession or finding of any fault, liability or wrongdoing by the Company or any defendant,” the web biz stated in an announcement. “Twitter and the individual defendants continue to deny any wrongdoing or any other improper actions.”

The micro-blogging site said it is prepared to cough up the cash in the fourth quarter of 2021, according to a filing with America's financial watchdog, the SEC. To put this in context, Twitter recorded a $1.13bn net loss in 2020 from revenues of $3.72bn. The settlement thus represents about 80 days of annual sales.

Continue reading

Apache OpenOffice can be hijacked by malicious documents, fix still in beta

If you need another reason to try an alternative software suite

Apache OpenOffice (AOO) is currently vulnerable to a remote code execution vulnerability and while the app's source code has been patched, the fix has only been made available as beta software and awaits an official release.

That means that most people running the open source office suite, which has been downloaded hundreds of millions of times and was last updated in May, probably have vulnerable versions of the software.

On Saturday, September 18, security researcher Eugene Lim revealed details about the vulnerability (CVE-2021-33035) at HackerOne's Hacktivity online conference after an August 30 public disclosure date came and went without the fix being fully deployed.

Continue reading

Eco-friendly warning from UK tech trade group: Some of you have dirty green credentials

IT sector at risk of public humiliation if CMA finds they're not up to code

TechUK – the UK’s digital trade association representing computer giants and start-ups alike – has called on firms to check their green credentials and make sure they stand up to scrutiny.

The warning comes as UK businesses were told to brush up on their eco-claims or risk public humiliation and enforcement action by the Competition and Markets Authority (CMA).

Businesses have until the New Year to make sure their environmental claims – such as those regarding energy consumption, packaging, recycling, and product lifecycle assessments – comply with the law and are not simply an exercise in greenwashing.

Continue reading

A Burger King where the only Whopper is the BSOD font

Come for the bork, stay for the burger

Bork!Bork!Bork! Bork goes back to its roots today, with a screen of purest blue showing its unwanted face outside a US Burger King branch.

At least it makes a change from McDonald's, very much the DNS of Bork when it comes to failures.

In this instance, it looks like it is the exterior signage, normally showing a slideshow of tasty (and frequently greasy) treats, that has succumbed to the curse of Microsoft.

Continue reading

Ransomware recovery: Start getting back up before you’re even hit

Here’s how to put your plan together

Sponsored What’s the first step to recovering from a ransomware attack? Making sure you have a recovery plan in place well before you get attacked.

It’s not just a question of minimizing the chances of an attacker breaking through your defenses. You don’t have to make it easy for them, of course, but one will probably get through, eventually.

Yes, having the backups on hand to restore data if necessary is a given. But it’s also about having the tooling in place to recognize the attackers early, and being able to assess the impact. And it’s about working out whether you really need to turn to your backups, or whether there are other ways to remediate the attack.

Continue reading

Like a phoenix rising from the smouldering ruins of its data centre, OVH sets sights on IPO

Tells market not to worry - insurers will pay $58m to 'cover the consequences of the fire'

OVH Groupe SAS is edging closer to a potential initial public offering (IPO) expected to value the European hosting and cloud biz at around $4.7bn – months after a fire engulfed part of its data centre real estate.

The privately owned company, which trades as OVH Cloud, today issued a letter and series of documents confirming it is "contemplating" an IPO on Euronext Paris with the intent to "raise up to €400m through the issuance of new shares."

As part of the move, existing shareholders that have "supported the business" since 2016 – namely private equity investors KKR and Towerbrook, which own 10 per cent of the shareholding each – intend to sell some of the stock. Back then, OVH Cloud was valued at £1bn.

Continue reading

GitLab all set to go public as revenues – and losses – rise

IPO was expected last year but then we had a pandemic

DevOps darling GitLab has finally filed for an Initial Public Offering (IPO) as revenues continue to grow and losses widen.

The IPO had been expected in 2020 but the company put things off due to the pandemic until late last week, when the paperwork was filed with the US Securities and Exchange Commission (SEC).

The company, founded in 2014, has remained tight-lipped over the sums involved, although the filed S-1 form recorded that the proposed maximum aggregate offering price is estimated at $100m.

Continue reading

Kali Linux 2021.3 released with new tools

Most users better off with rolling release, but quarterly build has more quality testing

Kali Linux version 2021.3 has been released with new tools, though its makers explain that some features which make it good for penetration testing also make it bad for general use.

The specialist Linux distribution, based on Debian, is designed for security professionals (and also handy for administrators confronted by problems such as a standalone Windows PC and a user with a lost password). It is sponsored by a US company called Offensive Security, who do information security training and penetration testing.

Kali Linux is a rolling release; that is, updates are released constantly, including feature updates. Nevertheless, there is also a quarterly release. Senior developer Ben Wilson, who works on Kali Linux at Offensive Security, explained in a video that "there's a trade-off between stability and bleeding edge".

Continue reading