Loading...


Sep 29, 2008

Definition of irony: I blogged about Clickjacking, now I'm a victim

For you avid readers, and visitors to Bauer-Power. you may have noticed that since I blogged about how to mitigate clickjacking by using the No-Script Firefox plugin, that there are now weird popups if you visit Bauer-Power.

I assure you that I have not added a pop-up advertising to my list of sponsors. No, this happens after you visit my site for the first time since it was compromised. A cookie drops on your computer showing that you have visited. If you click ANYWHERE on the site, even off on the sides, a new page will pop-up taking you to sweetim.com or some other nonesense.

One thing I am noticing is that the clickjacking opens up to 91.121.16.4:84, then redirects to www.sweetim.com. I highly recommend blocking both of those on your firewalls, and content filtering systems.

A quick Reverse DNS lookup reveals this:

91.121.16.4 resolves to "ns38720.ovh.net"
Top Level Domain: "ovh.net"
Country IP Address: FRANCE


I am working on resolving this issue ASAP. In the meantime, the best way to read Bauer-Power will be via RSS.

[EDIT] - Okay, I figured it out! If you have been reading up on Clickjacking, you know that it is primarily a vulnerability in Adobe Flash. The only Adobe Flash plugin I have added in a while was my Geovisits map. I removed it, and BAM! No more Clickjacking.

Lessons learned: Try to keep flash related plugins out until Adobe can patch flash, and the browsers can be patched as well.

Have anything to add? Hit me up in the comments.

Sep 28, 2008

Another year at ToorCon comes to an end

ToorCon came to a close tonight, after the last day of lectures on network security, hacking, open source software and general ranting were complete. I'm not sure about all who attended, but I for one got quite a bit out of the lectures at this years conference. Perhaps because this year I have a more active role in my company's network security and infrastructure, as well as the fact that I am only two weeks away from my bachelors degree in Network Security.

I also got my pictures developed from my low-tech disposable camera. You know what, I seriously need to spring for a decent digital camera. I mean come on now! the quality of the pictures I am posting are pretty much the crappiest anywhere! The pictures from this conference were no exception. Since these are the only things I have though, you will just have to friggin' deal with it, because that is pretty much what this post is about... Pictures from ToorCon. (Click on them to blow them up)

toorcon 2008This first picture was out in the hallway of the conference rooms, and was simply a picture of the ToorCon sign. This is obviously the obligatory, "This is everyone at the 'con" picture.

Dan KaminskyThis second crappy picture to the right is of Dan Kaminisky talking about the big and nasty DNS vulnerability that he discovered this year. He was the second keynote speaker, and really got the crowd ready for the conference by going into fairly good detail on just how bad the DNS exploit is. Dan also explained how monumental it was to gather some of the worlds biggest names in IT and get them all to collaborate on a patch strategy, but also get them to apply the patch all at the same time.

Going down the list, this next one is a picture of the cylindrical style of the San Diego convention center. I pretty much just took this one because it is cool. I also thought it would look cool with my logo in the middle ;-)

San Diego Convention Center
Jake Appelbaum and Bruno OliveiraI mentioned in my post yesterday that Jake Appelbaum gave a space on the Cold Boot attack. What I didn't mention was that he was accompanied by Bruno Oliviera. I sort of left Bruno out of the mentioning because I didn't really feel like he contributed to the lecture. It wasn't really his fault though, it was just that English is not his first language, and therefore it was hard for him to explain some stuff. The picture on the left is Bruno and Jake at the conclusion of their lecture.


Among other things, ToorCon offers tutorials on lock picking. That's right, it turns out that hackers are also interested in lock picking. Why you ask? Maybe because if physical access can be gained to systems, then it is way easy to hack those systems. Picking locks can give you that : - ) Below in order are my coworker Zack picking a practice lock, and a group of young hackers being taught how to pick locks.

Zack Lock Pick

Lock Pick Tutorial
While in the vendor area, where the lock picking tutorials were going on, shortly after lunch on Saturday I ran into Darren Kitchen and Shannon Morse from Hack5. Darren and I got to talking about his recent reports on the Jasager Project. I mentioned to him that I was going to write my final paper in my Advanced network Security class based off what he talked about it on his show. He thought that was pretty cool, so he actually whipped out his hacked Fon router to show my the real deal.

On top of that he hooked me up with a pre-release video from Hak5 explaining how to hack the Fon router to put Jasager on it so I can add that to my final presentation that goes along with my paper. I will not be playing that video here, as it is due to be released in the upcoming weeks at Hak5. Here is a clip from Episode 401 where Darren introduces the "Pineapple."



As you can see in the video that Darren used a real pineapple to hide the router. For Toorcon he has trimmed that puppy down, and put it into a little plastic pineapple for even easier mobility. Look for more of it on upcoming episodes.

I really wanted to find Darren and Shannon on Sunday so I could get a picture with them, but alas, I did not see them at all on Sunday. That sort of sucks because they were really cool people, and Darren especially was very cool for hooking me up with the video for my paper/presentation. They did both give me their business cards though, along with a cool Hak5 sticker which I am now proudly displaying on the back of my Toshiba laptop.

Hak5 Schwag

All the above pictures were basically what happened Saturday. Today, Sunday, it was a rather short sequence of events. All lectures were condensed, and they crammed everything into 20 minute talks. I still got a lot out of the stuff though.

The first lecture that I really enjoyed was on the Asprox/Danmec botnet given by Dennis Brown of Verisign. You may have never heard of the Asprox botnet, but I am sure you have heard of the Antivirus 2009 exploit right? If you are an avid reader you have! Well, this botnet is the one responsible. To the right is a picture of Dennis giving his speech about the botnet, along with some useful information that I am going to present to my boss on how to protect our users from it.

dan hubbard websenseThe last lecture I am going to mention was given by Dan Hubbard of Websense. When I started at Websense, Dan was the director of the Security department, then he was promoted to VP of Security research, and now he is the CTO and VP of Security research. The man literally shits gold over at Websense. Anyway, his presentation actually had nothing to do with my old company, but rather on cloud computing and how easy it is to setup 20 or more virtual servers through services like GoGrid for pennies. He went on to show the potential for hackers to host farms of servers to do their evil bidding for very low cost.

Last, but not least. This damned camera took such horrible pictures. I think it was a two part problem.


  1. It was a cheap disposable camera
  2. Everything at a hacker convention is in the flippin dark!


Thats okay though, because the ladies at my local CVS pharmacy were able to develop the film for me the best they could anyway, and get everything onto a CD. I didn't use up all the pictures, so the girls helped me out a little bit by snapping one of themselves before running it through processing.


CVS girls
That about wraps it up. If you were at Toorcon, hit me up in the comments. Let me know what your favorite lecture was, or what your favorite thing at the con was in the comments.

The Hottest New Threat, Clickjacking, and How to Protect Yourself.

I know I have been talking a lot about my teacher, and my Network Security class, but seriously, I am picking up some kick ass stuff in there. Anyway, he mentioned this little nasty in class the other day about a relatively new internet vulnerability called Clickjacking.

This particular threat was supposed to be discussed at the recent OWASP NYC Appsec 2008 event, but was canceled at the request of Adobe until they and other vendors to could work out a possible fix. Adobe was particularly vocal about the cancellation because the vulnerability largely was due to one of their products.

If you haven't heard of it, what it is according to Arstechnica:

The term "clickjacking" refers to a process by which a user is forced to click on a link without his or her knowledge—the link itself may be nearly invisible or visible for only a fraction of a second.


On a much scarier note, this exploit is nearly impossible to defend against, however, according to Giorgio Maone, who created the "No-Script" Firefox plugin, this attack can be mitigated. Maone said in an email to ZDNet's Ryan Naraine, that No-Script can mostly protect you against the attack with the default settings, but for 100% protection you have to look at the Forbid IFRAME option.

Do you know of other methods to protect from this attack? Do you know of anyone that has fallen victim to it? I want to know. Hit me up in the comments.

Sep 27, 2008

First Day at ToorCon 2008!

Well, today was the first day of ToorCon! It was good to be back in the scene and hanging out with some of the most dangerous people in America. Unfortunately Bauer-Power contributor, Sundance, was unable to attend as planned, so it was just me and my colleague Zack.

I traveled pretty light today. I didn't bring my laptop, and all I really had was a low-tech disposable camera. I took some random pictures of the conference, and will share them with everyone a little while later (I have to get the disposable camera developed).

Dan KaminskyAnyway, there were two really cool lectures at the Con that I personally thought were the best. The first one was the key note speech by Dan Kaminsky from IOActive who is THE main guy behind the recent DNS vulnerability scare worldwide. He basically, just went into his normal speech about DNS and how vulnerable it is, but it was rather riveting...and scary as all hell!

The second really cool lecture was on "Knowing and enjoying the Cold Boot Attack." This lecture was done by Jake Appelbaum. I wasn't too big a fan of Mr. Appelbaum's politics, but he was funny as hell with everything else. If you are not familiar with the Cold Boot attack, I wrote about it a few months ago, but I called it RAM Dumping to Hack Encrypted Hard Drives.

Jake AppelbaumI still don't think it is a practical hack, but Mr. Appelbaum did make a good point that the FBI and DHS are using this very technique when seizing encrypted computers, and are successfully cracking them. He also mentioned that if you have a Mac running OSX with Safe Sleep is the most vulnerable. He had an audience member running OSX close the lid of the laptop to put the laptop into sleep mode, then he had the dude take out the battery, then he had the guy put the battery back in and power the laptop back on. The laptop booted up, and after the progress bar the guy was back where he left off and did not even have to enter a password! That is because Mac OSX caches the users password in memory indefinitely! Apparently, Apple says that is a feature.

Anyway, besides the lectures, the absolute coolest part so far was that I got to meet Darren Kitchen and Shannon Morse from one of my favorite IPTV shows Hak5. More on that encounter later.



So I am sure you are all salivating, and wishing you could have been there today, well here is the next best thing... A crappy video of Dan Kaminsky from Foo Camp 2008 talking about the DNS vulnerability (Hey I found it on Youtube...Why not?):


Sep 26, 2008

Google Chrome: EPIC FAIL

I am sitting in my Windows Small Business Server class in school while my teacher is lecturing on Group Policies. Since I deal with this stuff on a daily basis I can tune out for a bit.

I decided to login into my adsense account to see how things were coming along for the month. I have installed Google Chrome on my lab computer in class, so that is what I am using. On all browsers I have used in the past, when I browse to http://google.com/adsense I get forwarded to https://google.com/adsense and up comes a security warning because Google's SSL certificate names only www.Google.com not Google.com.

Well you would sort of think that Google's own browser would know that already right? WRONG! Check it out! I took a screen shot of this. All I have to say is...
EPIC FAIL!

Google Chrome Epic Fail

Come on Google! If you really want this browser to take off, do you think this might be something worth fixing?

Have you seen this? Seen any other ridiculous things in Chrome? Think I'm being too harsh? Hit me up in the comments.

Sep 25, 2008

Dedication to Linux: Body Art

Oh sweet Baby Jesus! This picture I found was glorious! I thought I was a dedicated Linux user by giving away free stickers, and providing a count down to Intrepid Ibex, but this blows my efforts well out of the water!

I found this image today because it was some user's avatar on Mixx, so I decided to Google it, and sure enough I found it. As you can see below, it is of a lovely lady geek in body paint showing her support for the free, open source Linux operating system. Sure I am an Ubuntu guy, and she is obviously supporting Suse, but I won't hold that against her.


Linux Suse Body Art

Do you know who this chick is? Do you know of any other Linux/Unix body art pics? Hit me up in the comments.

Looking for more games in Ubuntu? Meet Playdeb Beta!

I was browsing Digg the other day and there was a post on "Ten reasons Ubuntu will never beat Windows" or some nonsense. Obviously it was front page material because it caused such a frenzy. The thing that caught my eye though wasn't the article itself, but one of the Digg comments.

The commenter said that Ubuntu, or any other Linux platform, would never beat Windows because there are no games for it.To that guy... I beg to differ.

There are actually tons of games out there for Linux, you just have to know where to get them. Sure, many of these games, since they are free and have no financial backing, cannot meet the graphics levels of some of the more popular PC games, and console games out now. To that I will concede. Some of them though are pretty damned good, and most importantly, they are FREE!

Bauer-Power Linux TuxYou can always browse synaptic package manager in Ubuntu to find a few extra simple games to add to your desktop, but if you want more you have to go elsewhere. I am making the search a little more simple for you today, because I am going to tell you where to get some games!

Its a little place called Playdeb Beta. All you have to do to get access to tons and tons of Linux games is install the package (Instructions are on their website).

Some of the games in their lineup are:

  • Alien Arena 2007 7.10
  • AssaultCube 0.93
  • Glest 3.1.2
  • GridWars 2 2006 03 09
  • Nexuiz 2.4.2
  • OpenArena 0.8.0

That is just a minuscule sampling too! If you are a gamer, and especially a cheap bastard that doesn't like to pay for expensive, mainstream games, then you should definitely check out Playdeb Beta.

Do you play open source games? What are some of the games you are playing? Let us know in the comments!

[NOTE] - Don't forget about your free Powered By Ubuntu Stickers! Click Here for Details!

Sep 24, 2008

Is the new Android phone from T-Mobile worth it?

The word is out on the streets. The first Open Source, Google based Android phone hit the market running in the United States Monday as T-Mobile announced the release at a press conference in New York. You can watch the press conference here: (Tmobile G1 Launch)

I was very excited to hear about the news. After all I am a huge fan of Open Source, and Android seems like a pretty cool platform to bring Open Source mobile software to the forefront. However, there two key features I look for when shopping for a PDA phone:

  1. Microsoft Exchange Support
  2. The ability to sync with Outlook

Sure surfing the net via handheld is pretty cool and useful, but when I carry around a nerd sized phone, it had better keep me up to date on my business emails, and calendar of events.

Here is a list of the features [Via Engadget]:

  • Tmobile G1 AndroidHSDPA 1700 / 2100 plus quadband EDGE
  • WiFi
  • 3D graphics acceleration
  • 1GB integrated storage plus microSD expansion
  • 3-megapixel camera
  • Android Market for on-device app purchases
  • Amazon MP3 app for on-device music purchases
  • Push Gmail support with full HTML client
  • Bluetooth (but no A2DP)
  • Google Maps with Street View
  • No Microsoft Exchange support
  • No desktop synchronization -- it all happens over the air


Still though, maybe I am being too harsh. For $179, this is probably one of the most affordable out there for the average consumer. I think I might try to talk my wife into getting one, but it might be a hard sell without Outlook support. Sure she uses Gmail, and the Google calendar sync, but that still does not sync all of her calendar info, and don't get me started with contacts.

What's your take? Are you going out to get a G1? Do you know someone who has one yet? Hit me up in the comments.

Sep 23, 2008

Bauer-Power will be at ToorCon! No seriously...

Okay, okay, okay. I know that last year I said that I was going to be attending ToorCon, and that I would be blogging about it, but alas ToorCon came and went, and I did not attend.

There was a good reason for this. Actually, there were two good reasons. The first and main reason was that the people that I was supposed to go with decided to flake out at the last moment because they couldn't front the admission fees ($140 at the door) despite the fact that our generous boss said he would allow us to expense the cost. The second reason was because around the time of ToorCon last year, San Diego got hit with another shit storm of fires. I felt it was better to keep tabs on my friends and family being as how it was a major disaster and all.

San Diego ToorCon hacker ConventionWell this year I will rectify the situation. That is because not only will I be attending this year's ToorCon at the San Diego convention center, I will also be accompanied by fellow Bauer-Power contributor Sundance, as well as our fellow colleague and Cisco guru Zack.

For those of you who do not know what ToorCon is, it is San Diego's largest hacker convention. They have all sorts of kick ass lectures and presentations.


I went in 2006 for the first time and learned quite a bit. They had a hacking competition, and quite a few vendors. Back then I worked for Websense who was a sponsor that year.

Here is a rundown from the ToorCon Website:

ToorCon, now in its 10th year running, is San Diego's hacker conference bringing together the top security experts to present their new tricks of the trade and have fun in the sunny and beautiful city of San Diego. This year ToorCon Conference will be taking place again at the San Diego Convention Center on September 26th-28th, 2008. We will also be holding our Workshops and Deep Knowledge Seminars at the Hotel Solamar on September 24th-26th, 2008.


Here are some of the lectures I had my eye on attending:

  • How To Impress Girls With Browser Memory Protection Bypasses
  • Knowing and Enjoying the Cold Boot Attack
  • Targeted VoIP Eavesdropping: An Attack From Within
  • Advanced SQL Injection
  • One XSS To Rule The Enterprise

...and that is just Saturday's line up!

For a complete list of the lectures/schedule click here: (ToorCon Schedule)

Are you in the San Diego area? Are you planning on attending this year's ToorCon? Have you ever been to a ToorCon or other hacker convention? We want to hear about it in the comments.

Build Your Own Ethernet Cable

The steps below are general Ethernet cat5 cable construction guidelines. They will work for making any category of network cables. For our example we will be making a category 5e patch cable. A key point to remember in making Ethernet patch cords is that the ''twists'' in the individual pairs should remain entwined as long as possible until they reach the RJ-45 plug termination. The twisting of the pairs in the network cable is what helps to ensure good connectivity and keeps cross-talk interference to a minimum.

STEP 1 - Stripping

Start by pulling out about 12 feet of bulk network cable to making the process a little easier. Carefully remove the outer jacket of the cable exposing about 1 1/4" of the twisted pairs. Be careful when stripping the jacket as to not nick or cut the internal wiring. After removing the outer case you will notice 8 wires twisted in pairs and a rip cord (white thread).

STEP 2 - Inspecting

Inspect the newly revealed wires for any cuts or scrapes that expose the copper wire inside. If you have breached the protective sheath of any wire you will need to cut the entire segment of wires off and start over at step one. Exposed copper wire will lead to cross-talk, poor performance or no connectivity at all. It is important that the jacket for all network cables remains intact.

STEP 3 - Preparation

To prepare the wires and to make them easier to work with, you can untwist the pairs so they will lay flat between your fingers. The white piece of thread can be cut off even with the jacket and disposed.

STEP 4 - Layout

Now based on the wiring specifications you are following you will need arrange the wires in a certain pattern. There are two methods set by the TIA, 568A and 568B. 568B is the most common network cables, widely used for computer networks and digital phone systems. So for our demonstration we will use that. Starting from the left-top side of the RJ-45 plug, the wiring should be in the order shown below.


Image Source - Wikipedia

STEP 5 - Jack Preparation

Again, press all the wires flat between your thumb and forefinger as shown in step three. Verify the colors have remained in the correct order. Using a pair of scissors, cut the top of the wires even with one another so that they are 1/2" long from the base of the jacket. Ensure that the cut leaves the wires even and clean; failure to do so may cause the wire not to make contact inside the jack.

STEP 6 - Wire Insertion

Ensuring that the wires remain flat and in order, push them into the RJ-45 plug with the flat surface of the plug on top. The white / orange wire should be on the left looking down at the jack. You can tell if all the wires made it into the jack and maintain their positions by looking head-on at the plug. You should be able to see a wire located in each hole, as seen at the bottom right. You may have to use a little effort to push the pairs firmly into the plug. The cabling jacket should also enter the rear of the jack about 3/16" to help secure the cable once the plug is crimped.

STEP 7 - Crimping

Now place the wired plug into the crimping tool. Give the handle a firm squeeze, you should hear a ratcheting noise as you continue. Once you have completed the crimp, the handle will reset to the open position.

STEP 8 - Testing

Once your new cable is completed, it is not a bad idea to test the cable to ensure that it will function in the field. It is vital that all eight wires have connectivity and are in the correct order. Mis-wired network cables could lead to headaches down the road. In addition, with power-over-ethernet getting stronger in the market place, crossed wire pairs could lead to physical damage of computers or phone system equipment; making it even more crucial that the pairs are in the correct order. A simple cable tester can quickly verify that information for you.


By: Joe Hamilton

Sep 22, 2008

Windows Vista Themes and Skins

Microsoft is a company which is never satisfied with their current situation. They like to update themselves to reach the final pinnacle of betterment and after reaching the point they make sure they start afresh and come up with a new product outperforming their own previous products. It takes people some time to absorb their updates and products. They were the ones who dreamt that all computers of the world will run their operating system and this motivated them to create the first operating system.

Gradually they added new features, speed and dimension to the more recent versions and now their latest product is Windows Vista. There are various added advantages of this operating system. This operating system is meant for the usage for the domestic as well as official purpose. In fact they have two separate versions of Windows Vista which will fit in the requirement structure of all sorts of consumers. Apart from the features that were there in the Microsoft XP professional version, there are some of the coolest ones here.

These include enhanced displaying, sharing systems among peers, multiple networking and high speed which is the best among all. Though not everybody is able to understand the benefits of this operating system yet but still those who are already using it are simply amazed and delighted with its performance. As a user you will get some exclusive benefits from this system. The searches that you perform generally are extremely easy to perform with the windows vista system.

Windows Vista ThemesYou can also keep your desktop icons at a transparent side bar so that you can easily access them whenever you wish. You get the Internet Explorer version 7 with this system. This is another important feature because using this you can get tabbed browsing facility; RSS feeds collection, zooming on pages with a few clicks of the mouse. The windows media player version 11 has improved the music facility of the windows vista OS. Keeping a back-up for the files and restoring them is greatly possible with the help of this new system.

Another added benefit of this system is that you can send mails through the windows mail feature. Referring to a calendar is extremely easy with the system because there is a Windows calendar included in the windows vista features. A photo gallery, DVD maker, games, photo gallery are among the other benefits which make windows vista a great operating system compared to others.

Now one of the coolest features of windows vista is the exciting and interesting themes and skins that you can keep on the display. Those days are gone when you had only few themes and skins that used to come with the operating system itself. But with Vista there are quite a number of interesting options from which you can select the one you like the most. If it is a mild and sober skin you are looking for then the best one for you would be the combination of brown and black which bears an elegant yet contemporary look.

You can also get the packages that feature several skins and themes in various color combinations. Few look really good in stunning colors like marsh green and sea green with evergreen black. If you are fond of those minimalist designs when it comes to choosing the skin of the computer then the best selection for you would be a grayish white with the designs resembling perforated leather. If blue is your favorite color then the skins with a liquid appeal is simply great for the looks of the theme. Whenever you set a good looking wall paper on the computer desktop it is far more enhanced because of the windows vista color skin. If you are worried that these skins and themes need to be purchased then there is no reason to worry.

Most of the windows vista skins and themes are available for free. There are quite a number of websites that allow you to download these skins and themes from their huge archive. Some of them might ask you to register with them but some will let you access them instantly. This can be reason enough to choose windows vista as the operating system for your computer. The best thing about the windows vista system is that you can customize the skins easily.

There is no problem in molding the themes according to your choice of colors and shades whenever you feel like. This will change the entire look of the desktop including the menu style, fonts, colors, screensavers, backgrounds etc. Now there are many of you who are interested in knowing the exact process of changing the skin and theme. This is quite easy for the users of windows vista operating system who are proficient in it.

First of all you need to go to the desktop of your computer and then do a right click on an area that is blank. The menus that pos up will contain the option called personalize which you need to select and click. The option of personalizing the themes and skins will appear on a dialogue box which will contain about seven typical tabs among which you need to select the theme option. Here you will again get the option to choose from and apart from the regular ones there is another one that facilitates you to browse the themes that are already saved on the desktop or any other folder.

After you have selected the theme the system will allow you to take a preview and then you can finally set that theme clicking on apply tab. This is a real fact that the operating system does not have a huge gallery of pre-designed themes but still it gives you the opportunity to create your own theme that will decide the entire look of the desktop background, looks of the menu bar etc. So get the windows vista operating system and have fun creating or choosing the great skin and themes.

By Robert Bell

Robert is the owner of Desktop Themes. You can find specific information on how to change your desktop theme at Themes4Vsita Help. Article Source: Amazines

Sep 21, 2008

Find out which sites are sharing your server

As most of you are aware, when you use a free hosting service like Blogger's you have to share. That's right, all your kindergarten lessons have paid off because you have to share your web hosting space with many other people out there.

Have you ever wondered which websites were also hosted on your server? Me too! I especially started to thing about it when my security teacher at school started talking about how if you use a free hosting site, and someone else on the same hosting program uploads some sort of malware to the hosting server, you can potentially get infected as well, or your site may start infecting other people.

One 2004 forum thread I found on Web Host Directory said this:

Geocities and Blogger both make it easy for anyone to set up a Web site without much identification. Blogger, owned by Google, is particularly problematic, says Sophos, with the blog site alone accounting for nearly 2 percent of all malware hosts. I is not only possible for the Blogger sites to host malicious code, but criminal attackers can also inject links to malicious sites in the comments sections of the blogs.


So do you know who you are "sharing the house" with? Do you know who else is living just down the hall? I found a cool site that lets you do a reverse IP domain check to see who else is being hosted on your server. When I checked who was sharing with www.Bauer-Power.net I found that there where 108 other sites on my server. That is nothing, when I did a search for just bauer-power.net I found 3218! I tink that is because bauer-power.net gets forwarded to Google's DNS servers who then forward that to www.bauer-power.net.

The site is called You Get Signal. Here is a screen shot of my results

YouGetSignal sharing servers
When I did a search for www.yahoo.com I found only 37. Now when I do www.google.com I get 1175. Pretty interesting huh?

All in all, nothing too substantial comes from this site except a "neat to know" factor. Its kind of interesting to see who you are sharing the net with, and to know who your neighbors are. How many sites are you sharing your server with?

Sep 20, 2008

Microsoft's New "I'm a PC" Ads: IN YOUR FACE MAC!

Now these new ads are what the doctor ordered! I am not a big fan of Mac. Not to alienate those of you out there that like Mac, but for the most part I look at Mac users like pretentious pretty boys, or stuck up drama queen chicks. No offense intended on my part. That is just one of the stereotypes that are out there for Mac users.

On the flip side, Mac has been portraying the negative stereotype of PC users as being nothing more than uptight, old nerdy dudes that are only concerned with office work and productivity. I'm sure both camps would agree that for the most part, neither stereotype is very accurate.

Well, the new Microsoft ad that just came out decided to show that, but in a very PUT THAT IN YOUR PIPE AND SMOKE IT attitude towards Apple. Haven't seen it yet? Check it out:


[Via Geeks are Sexy]

So what do you think? Did Microshaft finally come out with a winning ad to combat those Mac ads? Let me know what you think in the comments.

Sep 19, 2008

Alpha 6 of Intrepid Ibex is Out + 10 New Features

Hey fellow Ubuntu peeps! Have you been over to Ubuntu.com lately? They just released the Alpha 6 version of Ubuntu 8.10 Intrepid Ibex. You can download the iso for it here: (Ubuntu 8.10 Alpha 6)

If you want to upgrade from 8.04 (Though I don't recommend it until the final release next month) you can do the following:

Press Alt+F2 and type in "update-manager -d" (without the quotes) into the command box. Update Manager should open up and tell you: New distribution release '8.10' is available. Click Upgrade and follow the on-screen instructions.


Intrepid Ibex comes with some new features. Here are ten new features from Ubuntu.com:

  • Bauer-Power Linux Tux"Last successful boot" recovery entry
  • GNOME 2.23.91
  • X.Org server 7.4
  • Linux kernel 2.6.27
  • Encrypted private directory
  • Guest session
  • Network Manager 0.7
  • DKMS
  • Samba 3.2
  • PAM authentication framework


Have you played with the latest Alpha releases of Ibex yet? How do you like it? Is it the same, better, worse? Let me know in the comments!

Sep 18, 2008

VP Candidate Got Her Yahoo Email Hacked!

This is a rather hard blog article for me to write for two main reasons. Reason number one is that I am an admitted Republican, and number two because I really don't want this blog to turn into a political blog. So just to be clear, even though I am leaning more towards the McCain/Palin ticket, I am perfectly okay with you voting for Obama/Biden.

Anyway, enough with the preamble, so I was driving in this morning and I heard on San Diego's Mikey Show that Sarah Palin's Yahoo email address got hacked! WTF!?!?

Sarah Palin Yahoo Email HackedWhen I got in this morning I decided to check into it, and according to the Associated Press, Palin was using a Yahoo account for official business as Alaska's Governor. Yahoo email for official business? Oh Really? That is a little disconcerting considering the sensitive nature of government correspondence even at the state level.

The McCain campaign released a statement saying:

This is a shocking invasion of the governor's privacy and a violation of law. The matter has been turned over to the appropriate authorities and we hope that anyone in possession of these e-mails will destroy them.

According to The Guardian, "The hack has been attributed to an activist group known as Anonymous, a loose grouping of internet pranksters, vigilantes and anarchists that has previously locked horns with scientologists and internet paedophiles."

Now this doesn't really sway my vote at this time as I am certain that presidential/vice presidential correspondence WILL NOT be done through a public freebie email service like Yahoo. However it does have me seriously asking, "Sarah, WTF were you thinking?"

What's your take on this? If you were going to vote the McCain ticket, does this sway your vote? If you are an Obama fan, does this just help to strengthen his cause? I am curious to know your thoughts on this one.

Sep 17, 2008

I'd Buy That for a Dollar!

I almost fell out of my chair last night when I finally got to all of the Ubuntu sticker requests. One of the requests was simply funny as hell, and I had to share it with you all!

As I mentioned in my last article, my wife said there were a ton of Ubuntu Sticker requests. I went through them all last night and stuffed their self addressed stamped envelopes with their requested stickers.

One of those requests stood out from the rest though. It came from mister C. Anderson of Provo Utah. Check it out:

I'd Buy That for a Dollar

And yes, Mr. Anderson did send me a crisp $1.00 bill for my efforts. Now please, don't start sending me dollars, because I really do not want them. I am giving the stickers away to help spread the Ubuntu word, not to profit. So here is what I am doing with Mr. Anderson's dollar. I wrote all sorts of Ubuntu stuff on the dollar including the URL for the Ubuntu website, then I stamped it with my Wife's Where's George stamp, and entered the serial number on WheresGeorge.com. If you want to track it yourself, here is the link: (Ubuntu Dollar)

Long story short, I really love to see this kind of enthusiasm for Ubuntu! For Mr. Anderson's antics, I have sent him 3 strips of "Powered by Ubuntu" stickers, and 3 strips of "Powered by Kubuntu" stickers instead of the usual 1 strip.

Keep spreading the word and get excited... Like Mr. Anderson!

Agent Smith

Sep 16, 2008

More Sticker Requests and The Countdown to Intrepid Ibex!

Hell yeah people! Keep them coming! My friggin' mailbox was full last night for "Powered by Ubuntu" and "Powered by Kubuntu" requests! My wife is certain that our mailman will get really pissed off at me for this, but who cares?

I am just really excited that there are as many like minded Ubuntu enthusiasts out there as I am! Please keep spreading the word about the stickers! For details on the sticker offer click here: (Powered By Ubuntu Sticker Offer)

You may have noticed my count down to Ubuntu 8.10 (Intrepid Ibex) which is due out next month. (Special thanks goes to Bauer-Power contributor Sundance for the Java script coding)







This is another good way of spreading the Ubuntu word! If you have a website, and want to add the countdown to your site, here is the code:



When you paste the code into your site, users will be able to click on it to take them to Ubuntu.com to learn more about how they can free themselves from the grasp of Microshaft!

Lets keep spreading the word about Ubuntu!

Sep 15, 2008

My Thoughts on Windows Vista: Not So Bad

I realize that I may get crucified for this article, but I am willing to take that chance. I am fully aware of the popular opinion of Windows Vista which is that it is a friggin' piece of flaming crap operating system. People at my school refer to it as Windows XP ME in comparison to the miserable failure of Windows ME which was basically a crappy repackage of Windows 98.

I decided to upgrade to Windows Vista not too long ago to finally get involved with Vista because it just wasn't going away so I figured I better get familiar with it. That is, after all, how the IT business works. As new technology comes out, you had better get to know it or you will soon find yourself out of a job.

So I installed it, and after using it for a bit I decided that it wasn't that bad after all. From what I can tell, the reason most people don't like it is that there is a slight learning curve to get to know it. After all, when Windows XP came out it really wasn't that much different from Windows 2000. In Windows Vista, a lot of changes have been made for the sake of change, and it is those changes that take some getting used to.

Also, many people complain that Vista is too bloated, and is a resource hog. That can be true as well, however there are a lot of unnecessary things in Windows XP that take up resources as well. Most of us have just been so used to shutting those off after a fresh install that we no longer think about them. For instance, I shut off all the pretty stuff in Windows XP except Visual styles, Drop shadows, and Common tasks:

Windows XP Performance Options


The same goes for Vista, you can turn off all the extra bells, whistles and do-dads for a more enjoyable, and less resource intensive experience. Just do a quick search on Google, and you will find hundreds of how-to's on boosting performance in Vista.

In conclusion, I don't think Vista is all that bad. If you just take the time to learn the differences, and how to work Vista, everything will be okay. Change isn't always a bad thing.

What's your take on Vista? Good? Bad? Hit me up in the comments.

The OSI Reference Model and TCP/IP architecture

The OSI Model was developed by the International Organization for Standardization in order to provide a standard for computer networking. In 1984 the organization accepted the model as an international standard documented in ISO 7498.

The model represents a standard for connecting network systems. The model does not specify the ways in which the individual systems are connected but serves as a description of its layers, functions and services.

The OSI Model consists of seven layers, each of which, as was already stated, receives the services of the layer below and provides services to the layer above.

  1. Physical layer
  2. Data Link layer
  3. Network layer
  4. Transport layer
  5. Session layer
  6. Presentation layer
  7. Application layer


Description of the individual layers

Physical Layer

The Physical layer comprises the lowest layer of the OSI model. Its function is to establish, terminate and manage either a point-to-point connection or a point-to-multipoint connection, to effectively distribute the communication resources to the users and to convert the digital data into signals transmitted by the medium.


Data Link Layer

The Data Link layer provides the link between two adjacent network entities, establishes transmission parameters and signals those errors in the physical layer that it cannot correct. The Data Link layer arranges bits into frames and identifies them with MAC addresses. The MAC provides the basis for the local device(s) connection whereby it creates the domain for unicast and broadcast transmission. Bridges and switches operate at this layer.


Network Layer

The Network layer provides functional means of transferring data from a source to a destination (at variable lengths) via one or more networks while maintaining the quality of service requested by the Transport layer. The Network layer performs routing functions using the services of routers that operate here. Routers work with a hierarchical addressing scheme. The most widely known protocol of the network layer is the Internet Protocol (IP).


Transport Layer

The Transport layer provides data transfer between end users. The main transport layer protocols are TCP and UDP.

TCP
" a reliable data transfer protocol"
" Flow control protocol regulates receiving of data packets and prevents the TCP receiver from overflowing"
" Windowing - after certain amount of data packets have been labelled as received (the amount is given by transmission specifications), the sending end user may request transfer of additional data"

UDP
" an unreliable data transfer protocol"
" used by network applications that do not require the whole of data packets to be received by the receiving host (Internet radios, online games, streaming videos, etc.)"



Session layer

The Session layer coordinates data transfer between cooperating session layers.


Presentation layer

This layer is responsible for formatting of the data for application entities. Its functions are code and alphabet encrypting, graphic arrangement modification, etc.

Application Layer

The Application layer provides the application entities with the access to the communication system and thus enables their cooperation.


By: Jirka Coolhousing

About the Author: I´m 24 years old student of electro-college. I´m from Kosmonosy in CZE. It´s small town near Ml. Boleslav-The Home of Skoda cars. :o) Now I work in Coolhousing Server House as IT support. This company offers server hosting, vps server and dedicated server housing. Article Source: Free Blog Articles

Sep 14, 2008

Keep The Ubuntu Sticker Requests Comming!

I received a bunch more requests yesterday for Ubuntu stickers! I love it! You Ubuntu users are awesome, and are really motivated to spread the Ubuntu love!

I wanted to share two of the requests with you mainly because they left post-it notes with a little message on them. I took a picture of them with my camera phone (Remind me to buy a decent camera, because these pictures suck).

The first one comes from Mr. C. Dvorak of Madison, WI. His message was simple, "Thank you so much! Go Ubuntu!"

Go Ubuntu

The second one I wanted to mention came from Mr. D. Metz of Chicago, IL who writes, "Thank you very much for the free Ubuntu stickers! Finally that Windows sticker can leave!"

Free Ubuntu Stickers

To both Mr. Dvorak and Mr. Metz...No, No, Thank YOU! Thank you for your support! Your stickers are on their way! Please email me a picture of your new stickers on your machines when you get them so I can post them here!

For those of you who still haven't sent away for your "Powered By Ubuntu" stickers, you can find out how to send away for them here: (Free Powered By Ubuntu Stickers)

Friggin' Awesome Free Alternative to Websense Content Filter

I often talk about my school a lot. Thank the lord I only have four more weeks left before I graduate with my dual bachelor degrees in Network Security and Computer Networking. If you are in the San Diego, and looking to get into the IT industry, I highly recommend this program, because it is essentially a two for one.

Anyway, back to the point, so my school used to use their Watchguard firewall to do simple content filtering at school based on keywords, and URLs. They would block sites like Myspace, and Youtube. Us being the savvy computer nerds we were always could find easy ways around it. Well about six or seven months ago, they decided to switch up their content filter to something a little more robust, and better yet...FREE!!

I decided to look into it a little further, and decided to set up the same service for my home network just to try it out. This service is called OpenDNS. Sign up only takes a minute or two, and once you do you have all sorts of free content management tools to help keep your network more productive, and more secure.

A few of the things I like about it are:

  1. Can be customized with your logo or picture
  2. You can block entire categories of websites
  3. The categories are constantly being updated by a vast Open Source community.
  4. You can pull down network usage statistics
  5. You can create "shortcuts" which are keywords that resolve to your favorite sites (Like cname records)
  6. It's FREE


So how does it work? Is it something you install?

Let me answer the second question first... No, you don't install anything. This is a public service on the internet.

For the first question, OpenDNS is just what is sounds like. A group of public DNS servers. For corporate networks, instead of using your ISP's DNS servers, you plug in the two OpenDNS server IP addresses, and use their servers as a forward lookup zone for your internal DNS servers. For home users, just swap out your router's DNS server IP addresses with OpenDNS's. Thats it!

Other than that, you just select how much filtering you think your network needs. You can filter everything from porn and online games, to P2P and gambling. Also, if your users think they are slick by using a public proxy sites, guess what? OpenDNS has those sites categorized and blocked!

Here is a screen shot from my blocked page:

Blocked Websense
If you click on the picture to blow it up, you will see that I blocked Websense. I guess what goes around comes around! Ha ha!

Since my little girl isn't old enough to surf on the internet, I am not filtering anything now, but the minute she starts poking around online, you know I am locking my shit down! For now, I just use it to threaten my wife with. I say, "Honey! You better get me a beer or I am blocking Myspace and your Picasa web albums!" Then Bam! I gets me my beer! (Actually, its more like BAM! she punches me in the face...Did I mention I am a charter member of Abused Husbands of America?)

Anyway, if your company is looking for a content filtering service, you should definitely check it out. Many, many big names are already using this service to maintain productivity, and network security.

Does your company do content filtering? What do you use? How do you like it? Hit me up in the comments.

Sep 13, 2008

Fun With Nigerian Scammers

I found this forum thread tonight and had to have my wife help me off the floor because I was dying laughing. These Nigerian scam artists just will not quit! I posted about the email I got while looking for houses on Craigslist a few months back: (Nigerian Craigslist Scam)

Since I posted that, I have received countless responses from others all around the country who have received the same email. One lady actually fell for it, and sent them all her info (THIS IS WHY THESE GUYS CONTINUE TO DO WHAT THEY DO!)

Well, a few of these Nigerian scammers might think twice about scamming again after the thread I found. In this monumentally long, but highly entertaining thread, this guy turns the tables on some Nigerian scammers. The Nigerians pull the old "Buy something on the internet, and send you more money than you asked for" routine. If you are not familiar with this scam, here is a quick explanation from paypal-scam.com:

Sometimes the crook will send more than the amount due. Any buyer that sends more money than they owe is a crook! If you sell an item for $100 and receive a $1,000 cashier's check, then the buyer asks you to wire the overpayment back because he has an emergency, he is a crook. The counterfeit check will bounce and you will be out all of the money and the goods if you ship them. Dont fall for this.


This hero who turns the tables goes by the alias of Wilson Turnbuckles (At least that is what I gathered from the posted email conversations). Anyway, he received the scammers fake check, then insisted that they send him CASH to ship their "ANUS" (Not a typo) laptops as requested. Instead he worked with UPS security, and sent them boxes and boxes full of old broken down computers marked with the word "ANUS" on them.

Anus Laptop

This whole interchange goes on for weeks, and months, and "Wilson" not only gets away with it, he actually gets the scammers to send him more money as he continues to ship them crap. You have to read the entire thing. It is hilarious!

[Full Story Here]

Sep 11, 2008

IBM's Kick-Ass Linux Commercials

So I have been milling about on Stumbleupon lately, mainly because work has been pretty boring. Sure there is a hurricain threatening to take out some of our Texas offices, but I maintain pretty good backups. Why sweat over something I can't change. You know, acts of God and what not.

Anyway, so two of the most popular videos tagged for Linux on Stumbleupon are new IBM commercials.

One has a kid that wants to learn everything, and know everything. People from all over the world are teaching him stuff and he is just sitting there like a sponge absorbing it all. In the end of course they reveal him to be Linux. Check it out:



The second video, again for IBM is there to promote IBM's 100% support of Linux. It of course features Avery Brooks from Star Trek: Deep Space 9.



Its pretty cool to see IBM coming out with these types of commercials. Linux is pretty well known, but advertising like this will help to propel Linux into the mainstream a little quicker. If companies see that major players like IBM support Linux 100% they are more apt to jump into the open source market.

What did you think of the ads? Let me know in the comments.

[EDIT] - I feel like a schmuck! Apparently these are old ads according to John in the comments. I had never seen them before, so they are new to me. What about you? Have you seen these before?

Got Dual Monitors? Color a Bit Off? Time to Calibrize!

I have dual monitors at work, and I love 'em! At home on the other hand, I am still dinking around with just the single monitor. It isn't that I am too cheap to buy a second monitor, it is just that I don't have the desk space.

Anyway my dual video card is made with one VGA port and one DVI port. The setup works really well, except the color is just slightly off between the two monitors.

No problem though, because I have just learned of a tool that will calibrate the colors to make them the same on both monitors. This is good news for your graphic artists out there not using Macs. This tool is called Calibrize.

From their site:

Calibrize is free software that helps you to calibrate the colors of your monitor in three simple steps. Just download the software and follow the procedure to generate a reliable color 'profile' and adjust the colors of your monitor automatically.


Of course, like most of the tools I mention, it is absolutely free! Just download it, and follow the prompts. Fairly simple.

Do you use multiple monitors? How many do you use? Does it make you more productive? Sound off in the comments!

[Via Hak5]

Sep 10, 2008

It Has Begun! The First Free Sticker Request Has Arrived!

As most of you know, I am offering free "Powered By Ubuntu" and free "Powered By Kubuntu" stickers. All you need to do is send me a self addressed stamped envelope. (Check out the sticker offer here).

Well my very first request has arrived. A special thanks goes out to Mr. David Mason of Newark Ohio! Your Kubuntu stickers are on their way!

For those of you that haven't broken out your envelopes and stamps yet, stop dilly dicking around! Send me the envelopes, and I will send you your stickers!

If you request some stickers, when you get them please take an action shot of your new pimped out (K)Ubuntu box and email it to me so I can post it here on Bauer-Power!


Keep telling your friends!

Build Yourself a Segway

So here I am, I just got back from my evening jog and I sit down in front of my Tivo to cool off. On Tivo you can download all sorts of internet shows as a part of Tivo's Tivo Cast.

Anyway, one of the internet shows I subscribe to is Revision3's Systm and they had a really interesting show about how to make your own Segway! Seriously! How awesome is that? Especially since you have to fork over just under $5,000 for a real Segway.

So anyway, the hosts of Systm are interviewing this kid (Daniel Fukuba) who has built two of his own Segway like scooters. Here is the video from Systm:



If you are really interested in doing this yourself, as mentioned in the video, Daniel has started his own website to help foster this budding hobby of building your own Segway like scooters. You can check it out at www.ScooterLabs.org.

weird al segwayEvery time I think of a Segway, I can only envision Weird Al in his "White and Nerdy" video... but thats just me.

I sometimes see these things down on the board walk at Mission Beach, and I have even seen them on the sidewalks were I work. I just can't see myself riding one on a daily basis.

Do you have a Segway? Do you like it? If you have one, or have ridden one and love it let us know in the comments.

Sep 9, 2008

Administrators Tool: Cisco Network Assistant

Back in school in my switches and routers class, we were learning how to do simple Cisco router configuration using Hyperterminal and connecting into the console port using a serial cable.

That is all very good to know, and very necessary. It is kind of like when you are in elementary school and you must first learn how to do math long hand before learning how to do it on the calculator. Or like how my Dad made me learn how to tie my shoe before I got to wear Velcro shoes. You get the idea.

Well, before actually becoming a Systems administrator I thought that the only way to configure Cisco switches and routers was through the console, telnet or SSH. I though everything was done through the CLI interface.

It turns out that Cisco, despite popular belief, is not a stranger to the GUI. In fact, most of their newer switches and routers have web based interfaces that allow you to configure most things.

For more robust configurations, as well as seeing the big picture, such as all other switches in your network, Cisco has provided a free tool called Cisco Network Assistant.

Sure tried and true, CCNA types like my coworker Zack frowns upon this, and prefers to "keep it real" by using the command line. That is fine too.

Cisco CCNA for life

For the rest of us Cisco novices, or people that prefer GUI over command line when available, The Cisco Network Assistant can be a life saver!

Here is a screen shot of a simple setup for a remote office. Notice how it shows not only the switch you are connecting into, but also the neighboring switch.

Cisco Network Assistant
Now you can download the installer for Cisco Network Assistant from Cisco.com, but you have to go through all sorts of registration, and hoops. If you want to skip all of that, I have uploaded the latest version (Version 5.4 for Windows at the time of this writing) to Media fire here: (Cisco Network Assistant)

Have you ever used the Cisco Network Assistant? Do you prefer the Command Line Interface? If you have used both, which do you think is better? Hit me up in the comments.

This Phone Will Self Destruct... If you try to break my password!

Did you know you can wipe a lost or stolen Windows Mobile device if you configure it before hand? As an Administrator using Microsoft Exchange Server 2003 (SP2), you now have tools with which to set and enforce your mobile device security policies. You can also control some of the features on the mobile devices by using provisioning tools. Check this out:

Excessive failed logon attempts may signal that a wireless device has been lost or stolen — a serious security risk. Find out how to configure your Windows Mobile 5 and 6 devices for local wiping, so they automatically destroy their data after a specified number of failed logons.

Most security policies for Windows Mobile devices are what I call “scorched-earth” policies. Essentially, an Exchange administrator remote wipes a mobile device to mitigate a specific security risk, such as a lost or stolen device. All Exchange Server data is completely erased when a wireless device is “wiped clean.”

You can trigger a remote wipe of a mobile device through Exchange Server 2007 and Outlook Web Access (OWA) 2007, but that presumes the wireless device will contact the Exchange server at some point.

Remote Windows Mobile Wipe

It makes sense to allow mobile devices to wipe themselves when certain prerequisite conditions are met, such as a specified number of failed personal identification number (PIN) entries or incorrect password attempts. This mobile security feature is called a local wipe.

Windows Mobile 5 and 6 devices have provisions for performing local wipes. However, this setting is not enabled by default, and for good reason. Discovering that your Windows Mobile device has committed digital suicide after you messed up your fifth attempt to punch in your PIN can be aggravating — especially if you didn’t know such a policy was in place to begin with.

But if your organization wants to implement this additional layer of security around Windows Mobile devices, it can be done — with a little work.

  • First, the Password Required Policy (security policy ID 4131), a Windows Mobile security policy setting, must be enabled for the device in question.

  • Next, a registry entry has to be set on the mobile device to enable this feature. In HKLM\Comm\Security\Policy\LASSD, create the decimal key DeviceWipeThreshold and set it to any positive number. This number will be the number of incorrect password logon attempts to allow before the device’s memory is wiped. This setting is also available in the Device Security Settings dialog box in the Exchange Management Console.

NOTE: In Windows Mobile 4, this function did not erase any external memory on the device, such as an SD card or other plug-in memory device. However, Windows Mobile 6 devices will erase external memory cards as well.

Remote Windows Mobile Wipe 2

About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.

[Via TechTargetl]

Originally posted on Ask The Admin By Karl Gechlik

Sep 6, 2008

Microsoft Popfly - Game Creator

What Is Popfly, you ask?

Well Popfly is a fun, quick and easy way to build, share and learn about making mashups, games web pages and more. Popfly uses Microsoft Silverlight and a set of nice virtual tools. It comes with a set of graphics and you can also import your own. I'm really just interested in the Game Creator part of Popfly. With almost no programming experience you can create your own game and with more programming you can do almost anything. Here are a couple examples of some very simple games I've made in less than 30 min.

Bubble Popper:


Killer Crack Chicken:


By: Sundance of Free TV Shows Online



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam