Loading...


Oct 31, 2012

Hide Your PHP Version in Ubuntu

Yesterday I wrote about how to hide your Apache version in Ubuntu to keep bad guys from enumerating what version of Apache you were running so they can find vulnerabilities easier. Today we will be doing the same thing for PHP. By default in Ubuntu PHP announces to the world what version you are using. Let's turn that off.

In Ubuntu open /etc/php5/apache2/php.ini with your favorite editor. Find the line that says expose_php = On and change it to say expose_php = Off. Save php.ini then restart Apache by running sudo service apache2 restart.

Simple isn't it? Now the bad guys can't see what version of PHP you are running, which will make breaking into your web server a little tougher.

What other things do you do to help protect your LAMP servers? Let me know in the comments.

Oct 30, 2012

Hide Your Apache Version in Ubuntu

I was making changes to an Apache web server I have in my environment that is running on Ubuntu Linux. That web server also has phpMyAdmin running on it as well and I wanted to restrict access to it by IP. Once I did that I tested it by trying to browse to it and I got the following forbidden error:


So what's the problem with that? Well it tells a potential attacker that you are not only running Apache version 2.2.17, but you are also running it on Ubuntu. Now an attacker can do a little research on vulnerabilities for your specific version, and know just what to do to break in. Let's not show them this information shall we.

To hide the version information open /etc/apache2/conf.d/security with your favorite text editor and change 

ServerTokens OS
to
ServerTokens Prod 
and 
ServerSignature On
to
ServerSignature Off

Save the file and restart Apache by running sudo service apache2 restart. Now your error message will look like this:


Much better isn't it?



Oct 29, 2012

Beware, Matey: Governments and ISPs Teaming Up to Stop Piracy

The already cold relationship between governments and online file-sharers is getting even more tense. Swedish Officials recently raided Web host PRQ's headquarters, a familiar act that led to the conviction of the file-sharing site Pirate Bay's operators in 2009.
Elsewhere, the United States and Japanese governments are close to launching copyright protection initiatives aimed at illegal online downloading. These elevated measures depend largely on the support of Web hosts and Internet service providers (ISPs), which must agree to police their customers. While governments and companies may be raising their game, Web-savvy file-sharers have proven historically to be in a different league.

Down by the Bay

Sweden's cloak-and-dagger raid coincided with the outage of a leading Internet-freedom advocate — The Pirate Bay. PRQ's owner claims his firm hasn't operated The Pirate Bay since 2010, according to Technewsworld.com, but the fact that the outage coincided exactly with the raid draws his claim into question. After an unusually long two-day outage, The Pirate Bay was back online. Perhaps it was just a coincidence and PRQ really is no longer associated with the controversial platform, but the two events raised more than a little suspicion.
While The Pirate Bay is still up and running, four of its former operators are facing year-long jail sentences for their 2010 conviction of breaking copyright laws. One of the culprits, Gottfrid Svartholm Warg, is currently serving his sentence after police extradited him from Cambodia in September. Warg had been appealing the 2009 ruling before fleeing to Cambodia and upon landing in Sweden, he was detained on suspicion of hacking, according to NBCnews.com.
Although its four founders are serving time, The Pirate Bay stills seems to be at the center of copyright conflict in Sweden and with a cult-like following, don't expect it to go away any time soon.

Regulation Headed to a Town Near You

Other governments are taking a less-exciting approach to solving copyright conflicts. In the U.S., a country whose majority reacted negatively to the Stop Online Piracy Act (SOPA), the Center for Copyright Information (CCI) is introducing a six-strike warning system to combat piracy, according to Webpronews.com. Online users will face warnings for the first five copyright infringements. On the sixth violation, ISPs would implement penalties, which could include reduced Web speed or a redirect that requires users to call their provider.
Verizon, AT&T, Comcast, Cablevision and Time Warner Cable have all signed on to enforce this program. The CCI could potentially call on VPS hosting services to police their customers at some point.
The Japanese government has its sights set on a similar ISP-regulated program, but it's having a more difficult time getting all of the players on board. Japan is lobbying ISPs to install software to detect and disrupt illegal activity, which would help the country prosecute downloaders for a proposed two years and uploaders for a proposed ten years, according to Theregister.co.uk.
Governments and ISPs may be focused on piracy, but online file-sharers have a proven ability to stay one step ahead of their pursuers.

Hide phpMyAdmin and Restrict Access by IP

A lot of us have to manage LAMP servers. If you don't know what that is it's a Linux Apache MySQL PHP server. Many of us like to manage the MySQL database part with phpMyAdmin because it allows for an easy to use web interface to make managing MySQL well... Easier. The problem is that if you use phpMyAdmin open on the internet, bad guys will be looking for it. If a bad guy can break into phpMyAdmin, then they can screw with your databases and that's a bad thing.

Two ways you can prevent that is by changing the virtual directory used to manage phpMyAdmin and another is to restrict access to that virtual directory by IP address. Here's what you need to do.

  • Edit /etc/apache2/conf.d/phpmyadmin.conf with your favorite text editor
  • Change Alias /phpmyadmin /usr/share/phpmyadmin to Alias /db /usr/share/phpmyadmin
  • Then add the following under DirectoryIndex index.php

    Order Deny,Allow
    Deny from all
    Allow from 192.168.1.0/24


  • Save the file then restart Apache by running:

    #sudo service apache2 restart
The example above allows for an entire range to access phpMyAdmin. If you need to add multiple ranges just add another Allow line below with a different range. You can also use single IP addresses.

That's it, now only those who you want to have access can get in, and those same people will need to know the new virtual directory as well. By the way, if you haven't figured it out you have to browse to http://servername/db to access phpMyAdmin.

I also want to point out that you should be protecting your phpMyAdmin logon with SSL. You can get a free SSL certificate from StartSSL. You can also force SSL using PHP as well.

Oct 25, 2012

Cool Linux Utility That Adds a Progress Bar To DD

In the Linux world if you ever need to make a copy of a disk, or maybe copy a DVD to an ISO, all you really need is the dd command which takes a bit level backup of whatever you want. The problem is that by default DD doesn't tell you how much time you have left, or how long the copy is taking.

I used to know of a workaround that involved opening another terminal then killing the DD process which provided you with a continued progress of sorts but it was dirty. Well those days are over.

Introducing a Linux terminal program called PV that's only job is to give you a progress bar through piped data. To install it on Ubuntu it's as simple as running sudo apt-get install pv.

To use it with DD just pipe the DD command through PV as follows:
#dd if=/dev/sdb |pv|dd of=backup.img
Here's a screen shot of my backing up a Windows 7 DVD to ISO format on Bauer-Puntu 12.10. (Don't laugh at the username and hostname!)


Pretty cool right? It's nice to know how your copy is doing, and now you can know easily with PV.

Oct 24, 2012

Bauer-Puntu Linux 12.10 is Out!

This one was probably among the easiest version of Bauer-Puntu that I've made to date. I decided to once again build it off of Xubuntu like I did for Bauer-Puntu 12.04 because Xubuntu is way easier to customize than the regular Ubuntu.

Again, like last time I went with an Anonymous theme for political reasons so the art work this go around is very similar to 12.04 with the exception of the login screen (Sorry no screen shot). Also you will notice that the desktop environment is different too because this time I decided to not use Cairo Dock, and installed Cinnamon instead of using XFCE.

So what's on this version? Well I kept these packages from 12.04:


and I added these packages:
  • TOR Browser Bundle - Secure Anonymous Browsing
  • Fern Wifi Cracker - GUI Wireless cracker including WPS
  • Reaver - Terminal WPS cracker
  • Metasploit Framework 4.4 with Armitage - Happy Hacking!
  • Truecrypt - File Encryption
  • Truecrack - Truecrypt Volume Brute Force Tool
  • NMAP
  • Netcat
  • Ettercap-NG - For MiTM Fun
  • OpenVAS Server and Client - Network vulnerability scanner
  • IPList - Keep "The Man" from snooping on your torrent downloads
  • Ophcrack - rainbow Table Password Cracker
  • Samdump2 - Dump SAM hives to get password hashes
  • BKHive - Used with SAM
  • UFW Firewall
  • Gwibber - Social Networking Client
Besides all the cool new tools, one feature that has been unavailable until now is the ability to fully encrypt your hard drive at install time! Pure win! One thing to note though if you do use the full hard disk encryption, you need to press F2 when you first see the Plymouth Splash in order to see the LUKS password prompt. Think of it as security by obscurity instead of... You know... A bug.

Anyway, check out these screen shots!

Fern Wifi Cracker

Cinnamon Desktop

Anonymous Plymouth Splash

Installer With Full Disk Encryption



Some people comment on my Tech Chop videos if I mention Bauer-Puntu and say how BackTrack is way better for hacking. They're right. If you want to be a serious Pentester, BackTrack is better equipped for that. However if you want a distro for everyday usability, plus be able to do some hacking occasionally  then Bauer-Puntu is probably better for you.

So you came here to download right? Well here are the links:

Bauer-Puntu 12.10 ISO - MD5 c3e74e2e149e9499c92b0a5274adc8dc
Bauer-Puntu 12.10 Torrent

The torrent download will probably be faster than the ISO, but if you do download the torrent please be kind and let it seed for at least 24 hours to help out your fellow Bauer-Puntu users.

Also, this distro takes a lot of time and work, so if you really do like it please donate using the links on the right.

If you have any questions or comments about Bauer-Puntu let me know in the comments!

Oct 23, 2012

How To Configure SNMP For Ubuntu in 5 Easy Steps

Monitoring of servers is very important in any IT environment. It's always best to know when a device is down before people start coming up to you. It allows you to be proactive, where you need to be. I also allows you to identify issues, like low disk space, before it because a problem later.

As many of you know there is a simple protocol all network devices use for system monitoring. It's called SNMP. It works on Windows, Linux, Cisco, Mac, you name it! This post will show you how to set it up simply in 5 easy steps in Ubuntu Linux.

  • Install SNMP

    #sudo apt-get install snmpd
  • Backup the default snmpd.conf file

    #sudo mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
  • Create a blank /etc/snmp/snmpd.conf file with the following information (Customize for your environment)

    rocommunity public
    syslocation "Linux server, Colo"
    syscontact info@bauer-power.net
  • Modify /etc/default/snmpd

    Change from:
    # snmpd options (use syslog, close stdin/out/err).
    SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'

    To:
    # snmpd options (use syslog, close stdin/out/err).
    #SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
    SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
  • Restart the SNMP daemon.

    #sudo /etc/init.d/snmpd restart
That's it! Now you can do an SNMP Walk from your monitoring server, and you should start picking up information.
[Via  IT Slave]

Oct 22, 2012

#ToorCon 2012: San Diego's Hacker Conference

This past weekend at the Emerald Plaza Westin Hotel, the 14th ToorCon was held and yours truly was in attendance. Also in attendance were other alternative media people (Better known than me) Darren Kitchen from Hak5 and Nixie Pixel from OS.ALT.

This was my third time being at ToorCon. On a strange side note, it appears that I make it to the conference every three years. The first time I went was when I worked at Websense in 2006, then in 2009 I was able to convince my employer at that time, Newland Communities, to let me go. This year since I actually do have an InfoSec role in my current company, I was able to convince them to let me go this year.

At this year's conference there were some interesting talks. The first one I will mention came from Dan Tentler from Aten Labs. He gave his talk on using Shodan to find all sorts of things online from security cameras and traffic cameras to fuel cells and dams. All of them easily accessible with default passwords, or no credentials at all. He gave a similar talk at Defcon. Check it out:



The next talk I will mention was by Drew Porter, aka RedShift. What he is doing is building little "Internet in a Box" kits in the event the government ever creates their Internet Kill Switch. He is calling his project DuskNet which according to the ToorCon site is:

A complete cellular/WiFi darknet in a box, allowing for rapid deployable anonymous communication to counter act the shutdown of networks in other countries. DuskNet is a complete solution from backend servers to comm boxes to end devices.

Currently the plans to build these DuskNet boxes include components that cost around $4,000 to build yourself, however Porter says that is mainly because he put some powerful stuff in there.

The last talk I will mention was by Joseph Giron on hacking password safes, namely KeePass and Gorilla. What I learned from his talk was that the security issue isn't in the password safe programs or encryption themselves, but a problem with Windows copy buffer. His exploit basically looks for a common string when you copy your password out of KeePass, then writes the plain text of your password to a text file. Simultaneously when a password is grabbed out of the copy buffer, a screenshot is taken so the attacker can get the username as well as whatever else you have open.

Currently this only works in Windows, but it's important to know that this does work with browser plugins that autofill passwords from KeePass. I would say that it works more like a keylogger, except it isn't capturing key strokes per se. It is simply capturing copy buffer information whenever a specific string is detected. Pretty slick if you ask me.

There were a bunch of other talks that were done, but the three above were the most interesting to me. A full list of the talks given are available here. If you wait a while, I'm sure those talks will make it up on Youtube.

Did you go to ToorCon this year? What talks did you like the most? Let me know in the comments.


Oct 18, 2012

Pirate Bay Has Moved To The Cloud

It was announced Tuesday on The Pirate Bay Blog that the Internet's most notorious torrent site has ditched all of their physical servers, and have opted to move to cloud based virtual servers in an effort to become raid proof. From their blog:


So, first we ditched the trackers. 
Then we got rid of the torrents. 
Now? Now we've gotten rid of the servers. Slowly and steadily we are getting rid of our earthly form and ascending into the next stage, the cloud. 
The cloud, or Brahman as the hindus call it, is the All, surrounding everything. It is everywhere; immaterial, yet very real. 
If there is data, there is The Pirate Bay. 
Our data flows around in thousands of clouds, in deeply encrypted forms, ready to be used when necessary. Earth bound nodes that transform the data are as deeply encrypted and reboot into a deadlock if not used for 8 hours. 
All attempts to attack The Pirate Bay from now on is an attack on everything and nothing. The site that you're at will still be here, for as long as we want it to. Only in a higher form of being. A reality to us. A ghost to those who wish to harm us. 
Adapt or be forever forgotten beneath the veils of maya.
According to Torrent Freak, the Pirate Bay was raided back in 2006, and there are rumors suggesting that authorities are planning on doing it again. From their post:

The Pirate Bay is not oblivious to this looming threat. They have backups in place and are shielding the true location of their servers. Nevertheless, should the site lose all its servers it might take a while to get back online. 
This is one of the reasons why The Pirate Bay decided to move the site into the cloud yesterday. The switch resulted in five minutes downtime and was hardly noticed by the public, but it’s a big change for the infamous BitTorrent site.

The way they are making it raid proof is by hosting their VM's on different cloud providers in different countries. They are masking where the cloud servers are actually hosted with the use of a load balancer, which is one of the only pieces of hardware they have left. From Tech Spot:

The Pirate Bay is currently hosted by several companies in two countries, where it runs a number of Virtual Machine instances. They still have some physical hardware in the form of a diskless load balancer and transit-router, which allows the site to hide the location of the cloud provider and are located in separate countries for extra security. 

So what do you think about this? Think this solution will work? Think other torrent sites will follow suit? Let us know your take in the comments!

Oct 16, 2012

Free Data Leakage Protection: MyDLP

At my day job we are often asked to comply with security requests for big banks. Some of them are fairly easy to do, some of them are a pain in the but and cost a lot of money. That is why I am always happy to find a solution that is easy, and costs little or no money.

One of our latest requests was to implement a data leakage gateway and endpoint solution. If you don't know what that is, it's basically an appliance that you configure as an internet proxy that looks for sensitive data like credit card numbers, social security numbers, or whatever else you want and blocks that data from being leaked out on the Internet.

Well I found a solution that does this, and is absolutely free. It's called MyDLP Community Edition. Check out this video that shows what DLP can do (Warning: The computer voice is creepy):



Do you use MyDLP at your company? If not, what do you use for data leakage protection? Let us know what you are doing to keep people from leaking your data in the comments!

Oct 15, 2012

Daredevil Felix Baumgartner Skydives From The Edge of Space

If you missed it yesterday, Skydiver Felix Baumgartner made a historic jump from a weather balloon that was almost 130,000 feet high. That is right at the very edge of our atmosphere. In doing so he broke the world record for the highest ever free-fall as well as the sound barrier!

From The BBC:
In jumping out of a balloon 128,100ft (24 miles; 39km) above New Mexico, the 43-year-old also smashed the record for the highest ever freefall. He said he almost aborted the dive because his helmet visor fogged up. 
Footage from a camera on Baumgartner's chest shows out-of-control spin
It took just under 10 minutes for him to descend. Only the last few thousand feet were negotiated by parachute. Once down, he fell to his knees and raised his fists in triumph. Helicopter recovery teams were on hand moments later.
Check out this video of the jump from Youtube:



Here is a video of a different angle from Baumgartner's GoPro camera strapped to his chest:



This is the best one I can find of his on-board camera. If you know of a better video that shows the whole jump, paste a link to it in the comments!

Oct 12, 2012

Open Source Fork of mRemote

A few weeks ago mRemote users got the following message when they opened up their favorite multi-protocol remote management program:


In short mRemote is history folks. But don't fret! There is some good news! Even though Felix Deimel has stopped working on this project, that doesn't mean that it is gone for good. There is a new team working on their own fork of mRemote called mRemoteNG. From their page:

mRemoteNG is a fork of mRemote, an open source, tabbed, multi-protocol, remote connections manager. mRemoteNG adds bug fixes and new features to mRemote. 
It allows you to view all of your remote connections in a simple yet powerful tabbed interface.
mRemoteNG supports the following protocols:
  • RDP (Remote Desktop/Terminal Server)
  • VNC (Virtual Network Computing)
  • ICA (Citrix Independent Computing Architecture)
  • SSH (Secure Shell)
  • Telnet (TELecommunication NETwork)
  • HTTP/HTTPS (Hypertext Transfer Protocol)
  • rlogin
  • Raw Socket Connections
Good news right? If you have all of your settings saved from mRemote, you can easily import them to mRemoteNG!

Oct 10, 2012

Use StartPage By IxQuick As Your Default Search Engine for Your Browser

Yesterday I wrote about two search engines you can use instead of Google to better protect your prvay when it comes to searching. The one I personally like is StartPage by IxQuick. The reason being is they don't store any personal information about my searches, or my IP information. On top of that, they pull search data from Google so I still get good results.

The trouble is that I rarely ever browse to Google itself to do searches. In Chrome, my browser of choice these days, I would just type my search terms in the address bar and boom, I had my Google search results. I wanted to change that to use my new favorite, StartPage.

Well StartPage makes it easy, just click this link: (Add Startpage To Your Browser)

Make sure to click the HTTPS Install button as that will add encryption to your browsing to prevent any snooping.


After the plugin is installed, in Chrome do the following:
  1. Go to the Wrench icon -> Settings.
  2. Click on "Manage Search Engines" button in the "Search" section.
  3. Click on the StartPage entry in the "Other Search Engines" section and click "Make Default".
  4. Click OK.

That's it. In other browser changing default search is as easy as clicking a drop down button. Full instructions for your browser of choice can be found at the link above though if you run into a snag.

Oct 9, 2012

Watch "We Are Legion: The Story of The Hacktivists" Full Version

anonymous
anonymous (Photo credit: the|G|™)
When I first heard that a documentary was being made about the hacktivist group Anonymous, I admit I was curious to watch it. I wanted to know more about the group, and their beginning on 4chan. The problem was that I couldn't find it anywhere to rent, or even to download via Bittorrent.

Well, it turns out that someone has posted the entire video on The Internet Archive to watch so I decided to re-post it here. Check it out!



What do you think about Anonymous and their actions? Do you like them? Hate them? Let us know how you feel about this group in the comments.

Google Alternatives for The Privacy Conscientious

I've been ranting and raving lately about Government spying and privacy issues, but I haven't really talked about one of the biggest offenders of privacy issues. That is one of the world's biggest companies, Google. Google is everywhere, hell if you are reading this right now you are reading it on a platform owned by Google (Blogger). The thing about Google is that all information they collect about you, including your search terms, are kept in a database FOREVER!

Many of us aren't too worried about it. I mean Google does this to sell your information to marketers so they can try to sell you stuff. Annoying as it may be, it's not really that big of a deal. The problem though comes into play if a law like CISPA gets passed, or if President Obama signs the Cybersecurity Executive Order. If those events happens, then Google may be forced to hand over all the data they've been collecting about you to Uncle Sam without a warrant. Kind of messed up.

Well I found two search alternatives you can use instead of Google's search that provide better privacy.


  1. DuckDuckGo - This first option has this as their Privacy Policy, "DuckDuckGo does not collect or share personal information. That is our privacy policy in a nutshell." you can read their full policy here. Their results are okay, but not quite as good as Google's. If your main concern is privacy though, that might be a decent price to pay.
  2. StartPage - This option is my personal favorite. They actually pull searches from Google on your behalf so none of your personal information is captured by Google, yet you still get the great search results. Here is the text from their privacy policy:
  • Startpage is strongly committed to protecting the privacy of its user community.
  • The IP address that is associated with your search will NOT be recorded. 
  • We don't collect any personal information on our visitors. Nada. Zilch. Zero.

 You can read their full policy here: (StartPage/IxQuick Privacy Policy)



I've went ahead and changed my browser's start pages to use https://www.startpage.com instead of what I used to have which was http://start.bauer-power.net that used Google Search. I will be doing the same when I setup the next Bauer-Puntu Linux.

What do you use for search these days? Are you using a different search engine for privacy? Let us know what you use in the comments.

Oct 8, 2012

How To Manually Add Windows 7 To Grub2 in Ubuntu

A few weeks ago I wrote a post about how to fully encrypt your dual boot computer running Windows and Ubuntu. That is how I currently have my laptop set up. It's great for security in the event my laptop gets stolen.

Well I did run into one problem with my setup though. On the Ubuntu side I ran all of the latest updates and after a reboot my Windows 7 option was missing from the Grub menu. The Truecrypt boot loader was still there, just the option to boot from Windows 7 was missing.

No problem though, I just had to add the Windows 7 entry manually. The first thing you should know is that Windows is installed on my /dev/sda1 partition. For the rest of this post I'll assume you have the same setup. Here is how I did it:
  • Create a script called 11_Windows in /etc/grub.d/ 

    sudo nano /etc/grub.d/11_Windows
  • Paste the following in 11_Windows

    #! /bin/sh -e
    echo “Adding Windows” >&2
    cat << EOF
    menuentry "Windows 7" {
    set root=(hd0,1)
    chainloader +1
    }
    EOF


  • Make the script executable

    sudo chmod a+x /etc/grub.d/11_Windows
  • Now update grub

    sudo update-grub
That's it, now after a reboot you should see Windows 7 as an option when you boot up.

[Via  Eric's Notes]


Oct 5, 2012

Can't Remove Static DNS Entries On Lenovo

Last night I had to do a monthly release at my company, which means sitting around after hours and babysitting the developers while they deploy code to make sure they aren't screwing up anything on the servers. Not really exciting stuff, but at least I get the day off today and a free meal just for staying late!

Anyway, the developer I was working with just got a brand new Lenovo Thinkpad T530 laptop for work running Windows 7. It's pretty bad ass and my Desktop Tech, Frank, set it all up for the developer. There was one issue that went over looked though. I'm not sure Frank would have caught it because setting up the laptop doesn't require a lot of connecting to network resources or file shares, or he would have caught this issue I think.

Anyway we are sitting around and the developer says, "Hey Paul, I can't connect to Server X for some reason." I asked him to try to ping Server X and he reported back that it was timing out. I asked him what the IP address he was getting for Server X was and he gave me some strange public IP address. That was the first WTF moment.

I asked him to run ipconfig /all and tell me what IP addresses he had for his DNS servers. He reported the first two being 216.146.35.240 and 216.146.36.240, but the last two were the DNS servers handed out by DHCP. I had him check his TCP/IP properties, and sure enough two static addresses were added. I had him remove them, but a few minutes later they popped back in. Again, WTF!

Well it turns out this is fairly common on Lenovo's. It is caused by some pre-installed software called Sendori. Not sure what the purpose of it is, but it hi-jacks the DNS settings and puts a static address in there. I just had the developer uninstall Sendori, and everything was fine.

Thank God for stuff like that, or I would never have anything to write about :-)

Oct 4, 2012

How Hack-Friendly is Your Password? [Infographic]

Password security has been a constant issue ever since computers were invented. The issue with passwords is that they are becoming easier and easier for hackers to crack them, that means you have to be just as diligent keeping your passwords secure.

Check out this infographic from the folks at LifeLock that breaks down how easy it is for the bad guys to crack your password:


Follow LifeLock on Facebook

This Infographic is a courtesy of Lifelock. Follow LifeLock on Facebook.

Wikileaks May Succeed in Drawing Votes Away From Obama

By now the first of several oligopoly debates has aired and the winner of the debate I suppose depends on if you are a Depublican or a Republocrat. You all know that half of America will be all googly eyed at their candidate and will completely shut out what the other candidate is saying. In short, these events don't matter.

[Edit - I did watch the debate, and I do have to say the Romney dominated. Even MSNBC (Obama's fan club) agrees.]

Yesterday, Democracy Now did a piece about how the Commission of Presidential debates is basically a scam that seeks to keep out viable 3rd parties. Well they are not the only ones realizing that this control by the two parties is a complete farce and voting for either party doesn't matter.

Now Wikileaks is trying to get out the word that voting for either party will invite absolutely zero change to our country. No matter who you vote for, you will essentially get the same government. They are asking for you to skip voting and instead donate to their cause. They are calling this campaign Vote Wikileaks.  Check out their video:



I don't know about you, but the majority of Wikileaks supporters I know lean very far to the left. Left leaning voters usually vote Democrat, and Obama is the star Democrat for sure. However, if Wikileaks supporters decide that supporting truth is more important than supporting a President with a myriad of failed policies, then they might succeed in siphoning away some much needed votes for Obama in this close election.

I personally agree with Wikileaks that voting for either Obama or Romney doesn't matter. They are more alike than they are different. I don't see a lot of change coming with either of them in office. I disagree on skipping voting though. Those who don't vote, vote for a dictatorship in my opinion. Those who don't vote accept the choices others make for them in that way. Therefore I would recommend listen to the reasoning behind this video, but instead of skipping your vote, vote for a 3rd party.

By voting for a 3rd party you tell the current two party system that they are broken, and you are not going to support it any more. Even if your candidate doesn't win, that is still one less vote for a failed two party system.

What are your thoughts on the subject. Let us know in the comments!

Oct 3, 2012

How To Transfer Your Bill Me Later Balance To a Credit Card

A little while ago I started using Bill Me Later for purchasing stuff for Bauer-Power and for Tech Chop. It was quick and easy, plus it easily integrated with my Paypal account. Well a few months ago I finally went big-time and got a business credit card to use with my online ventures and wanted to transfer the balance of my Bill Me Later account to the credit card.

The problem with that is that Bill Me Later only allows you to make cash payments by bank transfer. Same with trying to go through Paypal to make payments. That means in order to transfer the funds to your credit card you have to get a cash advance. That usually means borrowing at a ridiculously high rate. A rate that is higher than the normal purchase rate.

Well I found a good workaround if you have either an Android phone or an iPhone. There is an app called Squareup that allows you to accept credit cards from your smart phone. They offer a scanner, but you don't need it. You just need to sign up for a free account for an individual. Pretty simple right?

Now all you need to do is install their free app and login with your credentials. You can manually enter your card information and the amount you need to pay off your Bill Me Later balance. There is a charge of 2.75% per swipe  so you will want to account for that, however after you are done you will receive money in your bank account and your credit card company will look at it like a regular purchase transaction instead of a cash advance! Boom!

The money transfer will occur usually the next business day. That means the day after you do this, you can send your cash into Bill Me Later and clear out that account.

Know of an easier way to transfer your Bill Me Later balance to a credit card? Maybe one that won't cost you an extra 2.75%? Let me know in the comments.

Oct 1, 2012

I Couldn't Do It Damn It!

Last Friday I wrote about how I had deleted my personal Facebook profile, and I was going to delete my personal Twitter account today. Well, it turns out I don't have the strength to do it. My addiction is too strong. Not to mention that after having pressed the delete button on Thursday night it, and before undoing the delete on Sunday morning, I got to thinking about how futile that move really is.

The whole purpose of that exercise was a reaction to the news of the Stellar Wind project that the Government implemented under the Bush Administration right after 9/11. If you haven't heard of it here is a description from Wikipedia:

Stellar Wind is the open secret code name for certain information collection activities performed by the United States' National Security Agency and revealed by Thomas M. Tamm to New York Times reporters James Risen and Eric Lichtblau.[1] The operation was approved by President George W. Bush shortly after the September 11 attacks in 2001.[2] 
The program's activities involve data mining of a large database of the communications of American citizens, including e-mail communications, phone conversations, financial transactions, and Internet activity.[1] 
There were internal disputes within the Justice Department about the legality of the program, because data are collected for large numbers of people, not just the subjects of Foreign Intelligence Surveillance Act (FISA) warrants.[3] In March 2004, the Justice Department under Attorney General John Ashcroft ruled that the program was illegal. The day after the ruling, Ashcroft became critically ill with acute pancreatitis. President Bush sent White House counsel Alberto Gonzales and Chief of Staff Andrew Card, Jr. to Ashcroft's hospital bed, where Ashcroft lay semiconscious, to request that he sign a document reversing the Justice Department's ruling. However, Ashcroft was incapable of signing the document. Bush then reauthorized the operation, over formal Justice Department objections. Federal Bureau of Investigation (FBI) director Robert Mueller, Acting Attorney General James Comey, and many prominent members of the Justice Department were prepared to resign over the matter. Valerie Caproni the FBI general counsel, said, "From my perspective, there was a very real likelihood of a collapse of government." Bush subsequently reversed the authorization.[2] 
During the Bush Administration, the Stellar Wind cases were referred to by FBI agents as "pizza cases" because many seemingly suspicious cases turned out to be food takeout orders. Approximately 99 percent of the cases led nowhere, but 1 percent bore fruit.[2] One of the known uses of these data were the creation of suspicious activity reports, or "SARS", about people suspected of terrorist activities. It was one of these reports that revealed former New York governor Elliot Spitzer's use of prostitutes, even though he was not suspected of terrorist activities.[1] 
In March 2012 Wired Magazine published "The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)" talking about a new NSA facility and says "For the first time, a former NSA official has gone on the record to describe the program, codenamed Stellar Wind, in detail." Naming the official William Binney a former NSA code breaker. Binney goes on to say that the NSA has highly secured rooms that tap into major switches, and satellite communications at AT&T and Verizon both.[4] The article suggests that the otherwise dispatched Stellar Wind is actually an active program.

As Wikipedia says, the NSA isn't just monitoring social media. They are monitoring e-mail, phone conversations, financial transactions, and pretty much all Internet activity. That means that the only way to stay under the NSA's RADAR all the time, you pretty much have to go live in a tent our in the woods. Needless to say, deleting your Facebook makes no difference.

Plus I got to thinking that if the NSA gets me to get rid of my social media presence out of fear, then they in essence silence me and my dissent. Since freedom of speech is still legal in the United States at the time of this writing, that means that if they silence me they WIN. Well screw them! You won't silence me!


Virtual Electronic Currency as Anonymous As Cash

Bitcoin Magazine
Bitcoin Magazine (Photo credit: zcopley)
Okay, time for a little break from all of the politics and to get back to some new and exciting technology. This time the technology we are talking about involves money. Okay, there may be some politics in this, but nothing too crazy. Mainly some references to our ridiculous Federal Reserve program.

So what am I talking about? It's a relatively new virtual currency called Bitcoin. It is a peer-to-peer based currency which means that there is no central authority like a Government, bank or clearing house controlling it. Plus it is a very REAL currency with an exchange rate, that is actually doing much better than the American dollar. In fact at the time of this writing 1 bitcoin (BTC) is worth about $12.44 according to Mt. Gox, the Internet's number one Bitcoin exchange. Here is a description from the organization that created Bitcoin:

Bitcoin is an experimental new digital currency that enables instant payments to anyone, anywhere in the world. Bitcoin uses peer-to-peer technology to operate with no central authority: managing transactions and issuing money are carried out collectively by the network. Bitcoin is also the name of the open source software which enables the use of this currency.

Not only that, but all transactions are anonymous. Sort of like cash except even more so because in order to send money you don't have to be there to make the transaction. You can send it electronically. Plus all transactions are protected using very high grade encryption. That means if you are worried about privacy, this might be the perfect way to use your money without a nosey Government being all up in your business.

Also, unlike other forms of electronic transactions, there are no central banks or entities that the Government can use to trace where funds go. It's nice for the privacy conscious.

Check out this video made by We Use Coins, a group who is trying to make Bitcoin easier to use and understand for beginners.:



If you want to see an example of Bitcoin in action, you can take a look at Wikileaks. If you have been living under a rock, Wikileaks is a site that provides Government and corporate whistle-blowers a means of disseminating secrets to the public. They are also currently being persecuted by the US Government for releasing an epic ton of classified Government documents.

Wikileaks is using Bitcoin as one of their methods to accept donations. One of the main reasons is because the US Government put pressure on credit card companies and Paypal to make them stop processing donations to Wikileaks. Well since no Government controls Bitcoin, they can't stop it.

I personally am not ready to convert all of my money to Bitcoin, but I am trying it out. I am using a Bitcoin mining site right now to try to generate revenue, and if things go well I may use it more. Who knows?

Do you use Bitcoin? Why are why not? Any good tips? Where are some good online stores that accept Bitcoin? Let us know in the comments!



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam