Jan 19, 2018

History of public key cryptography: RSA Encryption Algorithm

We recently posted a video showing the history of the Diffie-Hellman Key Exchange. Today we are showing a video showing the history of the RSA Public Key Encryption Algorithm (cryptography).

How & why it works. Introduces Euler's Theorem, Euler's Phi function, prime factorization, modular exponentiation & time complexity.

Jan 18, 2018

OS Creators Have Released Patches for Meltdown and Spectre, But You May Not Get a BIOS Update

Like pretty much every IT professional out there, my company is scrambling to get our systems patched since the announcement of Meltdown and Spectre a couple of weeks ago. Just yesterday I wrote about how to tell if your Microsoft system was fully patched, and showed a screenshot from my Lenovo laptop where everything was patched. Here it is again:

Well, while going through all of my higher end systems at my day job I started to see a disturbing trend. That is that some budget systems like SuperMicro, and older HP systems either don't have a BIOS update to fix the Meltdown and Spectre vulnerabilities, or won't release one at all due to age. I'm sure other server vendors like Dell and IBM are in the same boat.

Here are a couple of examples. The first one is a SuperMicro server I have that isn't terribly old. The motherboard on it is a X9DRD-7LN4F. If you look at their support website, the last BIOS update for this motherboard was created in 2015! 

SuperMicro has said the following in regards to releasing BIOS updates for side channel speculative execution and indirect branch prediction information disclosure, however they have not given any specific dates when their systems will be patched:
We are working around the clock to integrate, test and release the updates as soon as they are made available. To address the issue systems will need both an Operating System update and a BIOS update. Please check with operating system or VM vendors for related information.
Similarly, we have several G6 HP Proliant servers that are still in operation. They have been rock solid machines, and we get third party support from Curvature for them.  Curvature's hardware replacement, and technical support has always been top notch, so why get rid of these older servers? Well, no BIOS updates is one reason now...

For instance, we still use an HP Proliant DL585 G6 for QA testing. Looking at their BIOS downloads, the last one available was created in 2014!

HP has issued a bulletin on Meltdown and Spectre, and as of now it looks like they are only going to be patching Gen 8, Gen 9 and Gen 10 servers. Those of us with older servers supported by third parties are probably going to be SOL.

If you are in a similar situation, you may need to start researching other ways to mitigate for this attack. Look into products like Sonicwall UTM firewalls with IPS built in. I specifically mention Sonicwall because they have released the following statement on their protection against exploits that use Meltdown and Spectre:
The SonicWall Capture Threat Research team is releasing protection against attacks that leverage these vulnerabilities to help defend our customers’ extended infrastructure.
  • 13149 Suspicious Javascript Code (Speculative Execution)
  • GAV: Exploit.Spectre.A (Exploit)
Long story short, if you thought you were out of the woods because your OS of choice released an update, you're not there yet. In fact, there is a good chance you will never fully get out of the woods on this one.

Jan 17, 2018

Tai Lopez NEEDS TO STOP Selling Me His #Bitcoin Course

Tai Lopez is famous for hanging out in his garage, showing off Lamborghinis, reading thousands of books, chilling with celebrities, and aggressively marketing his courses on YouTube. Unfortunately for us, he has now set his sights on the world of Bitcoin and cryptocurrency. PLEASE STOP!

Find out if your Windows PC or Server is fully patched for Meltdown and Spectre

We posted an article from Reuters a little while ago talking about the biggest security vulnerabilities that were recently discovered that impacts pretty much every system in the wild. These vulnerabilities are collectively known as Meltdown and Spectre.

Microsoft has released a number of patches for their systems recently, but that's not quite enough. On many systems, you must also installed your hardware vendor's latest BIOS updates as well.

To see if your Microsoft Windows system is fully patched for Meltdown and Spectre, Microsoft has created a Powershell script that can tell you, and give you recommendations on getting fully patched.

Here's what you need to do to run the script:
  • Load an elevated PowerShell prompt. Tap on the Windows-key, type PowerShell, hold down the Shift-key and the Ctrl-key and select the PowerShell entry to load it.
  • Type Install-Module SpeculationControl
  • You may get a prompt stating that “NuGet provider is required to continue.” Select Y to accept that.
  • You may get a prompt stating that you are installing an “untrusted repository.” Select Y to continue.
  • Type Import-Module SpeculationControl.
  • You may get an error stating that “running scripts” is disabled. If you do, type Set-ExecutionPolicy RemoteSigned. Repeat the command Import-Module SpeculationControl.
  • Type Get-SpeculationControlSettings.
Tip: You can restore the default ExecutionPolicy setting by running the command Set-ExecutionPolicy Default.

If you are fully patched, this is what you should see:

If you see any red outputs, follow the suggested actions provided by the script.

Are you are your systems fully patched for Meltdown and Spectre yet? Let us know in the comments!

[H/T Ghacks]

Jan 16, 2018

Top 5 Computer Security Threats

With increasing cyber community and vast system users’ computer security threats have increased significantly. In this article, we can discuss some computer security threats of recent times.

In recent times computer security of users has been at stake due to increased cyber and malware attacks. Computer users are prone to these threats as attacks have increased multifold in recent times. These computer security threats come in various forms and malicious content like malware, viruses, spyware, adware, Botnet, ransomware, and others. Let’s discuss top 5 computer security threats of recent times.

Virus: A Virus can replicate itself and infect a system without the knowledge or permission of the user. This small piece of software can spread when it is transmitted by a user via the Internet or over a network. It can also infect system removable media or external devices such as CDs or USB drives. These viruses can delete your important data, reformat the system hard disk, cause system crash or other losses. Even these viruses take up system memory and may cause erratic behavior on your system. These virus threats can be prevented significantly using anti-virus programs.

Ransomware: Ransomware is a malware which attacks user’s system and gets installed on it without user’s consent. It executes a malicious Crypto virology attacks to affect user’s computer adversely. Advanced Ransomware encrypts the victim’s files and other data making them inaccessible to the user and demands a ransom payment to decrypt it. It can also encrypt the system’s Master File Table or the entire hard disk. Ransomware is a form of denial-of-access attack where it prevents users from using their own system. These attacks are generally carried out using Trojan.

Phishing: In Phishing attacks, a phony web page is created and produced by the user that looks similar to a legitimate web page. This phony web page remains on a server of the attacker thus the attacker keeps full control of the page. Using these phony web pages’ users are tricked by attackers as users think they are on the legitimate page or trusted website. These phony web pages are created to steal user’s information like their names, passwords, credit & debit card details, and other sensitive information. Phishing attacks are generally carried out by email or instant messaging where compromised links are shared with the users.

Spyware: Spyware is a small piece of software program that is secretly installed on a system without the user’s consent. Spyware programs are used to keep a tab on user’s activities. These programs can collect a lot of sensitive and personal information of user like credit & debit card details, financial transactions, website visited, usernames & passwords etc. These programs can redirect web browsers to malicious websites or can install other malware easily.  Spyware can affect system speed and performance negatively.

Botnet:  A Botnet is also known as “Zombie Army” is a collection of software robots (or bots) that run automated tasks over the Internet. The term “Botnet” is commonly used to refer to a distributed network or compromised system (called “Zombie computer”) This “Zombie Army” run programs such as Trojan horses, worms or backdoors. Recent Botnet versions can automatically scan its environment and propagate themselves using various vulnerabilities on the system. They are used to launch Distributed Denial-of-Service (DDoS) attacks against various websites.

Above mentioned computer security threats can affect computers significantly. These threats can cause data loss or can block user access to their own system. Apart from these threats, there are many other threats as well like Worm, Trojan Horse, Keystroke logging, Adware, Spoofing, Pharming and lot others that can make your system crawl or sometimes halt the operations on it.

Jan 15, 2018

#Bitcoin and #Ethereum plummet as South Korea decides on total crypto shutdown

The value of ethereum slid by around $60 starting its decline at 10.00pm UTC to start Tuesday in free fall.

While Bitcoin’s fortunes mirrored its competitor losing $380 in a single day.

South Korea has announced a curb on crypto futures and vowed the come down hard on any criminal activities involving illegal currencies.

The country, which had been a big player in the cryptocurrency boom, is now considering a full shutdown of all exchanges.

The government has also vowed to support research and development into the blockchain on which cryptocurrencies are based.

On Wednesday it was revealed by Justice Minister Park Sang-ki that the government was preparing a law to close all the nation’s exchanges.

AMD CEO: Our processors are more affordable than Intel's

Despite some recent concerns over security flaws in its chips, AMD (AMD) is poised for another solid year.

The Austin, Texas-based chipmaker announced half a dozen new desktop and laptop processors sporting major performance upgrades over the past year, priced at a fraction of Intel’s (INTC) chips. “Our goal is to make sure that we provide step-function improvements for our customers,” AMD CEO Lisa Su told Yahoo Finance during a wide-ranging conversation at CES 2018 last week. “If you look at our Ryzen product line, for example, at every price point we offer more threads, more multithreaded performance.”

At CES 2018 last week, AMD claimed one of its Ryzen products, which puts computer processing and graphics on one chip, offers comparable data-crunching performance to an Intel Core i5-8400 with Nvidia GT 1030 graphics card, but for $120 less, translating to significant savings for shoppers who want to save a few bucks without compromising computer performance.

History of public key cryptography - Diffie-Hellman Key Exchange

The history behind public key cryptography & the Diffie-Hellman key exchange algorithm.

Jan 14, 2018

Chinese #bitcoin miners consider setting up in energy-rich Canada

The mounting pressure by Chinese authorities on the country’s cryptocurrency industry is forcing mining companies to look for alternatives, and Canada is one of the preferred hot spots.

Bitmain Technologies, the operator of some of the largest mining farms in China, is among several companies looking to expand overseas. The company’s spokesman, Nishant Sharma, told Reuters that it is eyeing bitcoin mining sites in Canada’s Québec province, which currently enjoys an energy surplus. He added that the company is in talks with regional power authorities in the province, and that it is also planning to expand in Switzerland.

Two Chinese miners said local authorities in China are increasingly unwilling to allow expansion and had started to shut down some mines in late 2017, as China clamped down on cryptocurrencies.

“We, and from what I understand many of our peers, are already making plans to go overseas,” said Li Wei, chief executive of ZQMiner, a Wuhan-based company which sells bitcoin mining equipment and has mines in three Chinese provinces.

According to public utility Hydro Québec, the energy surplus of the province is equivalent to up to 100 Terawatt hours over the course of ten years. One Terawatt hour powers about 60,000 homes in Québec during one year.

Jan 13, 2018

Introducing The Adventures of Brizzle Fo' Shizzle

I mentioned the other day that my son has his own YouTube channel. On his channel he does all sorts of things that little boys like to do, such as play video games, build stuff, play with Nerf guns, etc!

Well, we've been doing his little hobby weekly for the last seven months, and I thought it might be a good idea to get him a dedicated website where we can better take advantage of Google search traffic for people to find his videos! The thought process here is that there are millions of other channels on YouTube, so it's very easy to get lost in the weeds.

Introducing BrizzleFoShizzle.com!

C:\Users\pbauer\Desktop\The Adventures of Brizzle Fo' Shizzle

Pretty cool right? Now whenever he publishes a new video on his YouTube channel, we'll also publish it on his website! On top of that, his website is set to auto-post every new episode to his Twitter account! How cool is that?

If you have young kids, around the age of 7 or 8, they will love The Adventures of Brizzle Fo' Shizzle! You should definitely check it out!

Jan 12, 2018

My new toy! Android tablet for less than $100

I wanted to tell you all about a new toy that I bought myself for Christmas last month! It's my new Android tablet + keyboard combo that I found for around $85! I first saw similar items at my local Walmart, so I went home to look for more online when I found my new baby! 

It's an RCA Viking Pro 10.1" tablet! Here are the specs  from Amazon:
Design: Lightweight with a sleek, compact design,RCA Viking Pro tablet with Detachable Keyboard with Trackpad can be taken with you anywhere at any time. With built-in WiFi and Bluetooth, accessing the Internet is easy. The microSD card slot lets you store photos, videos and more so you never run out of memory 
Software: Mobile office,Comes with a free subscription to Office Mobile, including Word, Excel, PowerPoint and OneNote apps that are built for Windows tablets and designed for work on the go. 
Operating System: Android 5.0 OS (Lollipop) 
Display: 10.1-inch high-resolution (1280x800) IPS display 
Processor: Quad-Core processor 
Memory: 1GB 
Hard drive: 32GB onboard storage memory, additional memory via microSD card slot can be expanded to 64GB 
Webcam: Front Facing 2M pixel webcam, Rear 2M pixel webcam 
Ports: microUSB 2.0 port, USB 2.0 port, miniHDMI port, headphone jack, microphone jack, DC-in jack 
Wireless connectivity: WIFI 802.11 b/g/n 
Micro HDMI output expands your viewing: Micro HDMI 
Bluetooth: Bluetooth 4.0 

Here are some photos of it. I purchased the blue model. It also comes in black, pink and purple!

This one has a Bauer-Power sticker!

These pictures are from Amazon:

So far I love it! In fact, I wrote this article using it! It does take some getting used to though. The mouse pad doesn't have two mouse buttons. It's more like a Mac that way. still though, standard shortcuts like control + c and control + v work just fine for copying and pasting. I can also manipulate things with the touch screen if I need to as well, since it is a tablet after all.

Overall, I think this little tablet is great, and for less than $100, you can't go wrong!

Jan 11, 2018

PlainSight: An Open Source Computer Forensics Environment

I was Stumbling around the Internet the other day and came across a really cool open source project that combines a number of computer forensics tools into one environment. If you are unfamiliar with computer forensics, Wikipedia describes it as:
...a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information. 
Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail. 
Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high-profile cases and is becoming widely accepted as reliable within U.S. and European court systems.
Long story short, you use the art of computer forensics to discover destroyed data and/or compile evidence on computer systems. You see this in the movies when cops recover files from a wiped hard drive. Stuff like that...

Anyway, this open source project is called PlainSight!

From their page:
PlainSight is a versatile computer forensics environment that allows inexperienced forensic practitioners [to] perform common tasks using powerful open source tools. 
We have taken the best open source forensic/security tools, customised them, and combined them with an intuitive user interface to create an incredibly powerful forensic environment. 
With PlainSight you can perform operations such as:
  • Get hard disk and partition information
  • Extract user and group information
  • View Internet histories
  • Examine Windows firewall configuration
  • Discover recent documents
  • Recover/Carve over 15 different file types
  • Discover USB storage information
  • Examine physical memory dumps
  • Examine UserAssist information
  • Extract LanMan password hashes
  • Preview a system before acquiring it
You can see PlainSight in action in the demo section. However we think that the best way to learn about it is to download the PlainSight iso from the downloads section and boot a computer with it.
All of these tools in one place can be very handy for any IT professional. Not just for security guys, or law enforcement agencies.

Are you going to download their ISO and try out their tools? If so, let us know what you think in the comments!

Jan 10, 2018

S. Korea's major cryptoasset exchanges raided by authorities

South Korea’s largest cryptocurrency exchanges were raided by police and tax agencies this week for alleged tax evasion, people familiar with the investigation said on Thursday.

“A few officials from the National Tax Service raided our office this week,” an official at Coinone, a major cryptocurrency exchange in South Korea, told Reuters.

“Local police also have been investigating our company since last year, they think what we do is gambling,” said the official, who spoke on condition of anonymity. He said Coinone was cooperating with the investigation.

Bithumb, the second largest virtual currency operator in South Korea, was also raided by the tax authorities on Wednesday.

What will the price be at the peak of the #Bitcoin boom?

The true answer to the question of how high in price will the Bitcoin bubble go is really anyone's guess. Renowned financial guru, Max Keiser predicts that Bitcoin will at least trade up to $400,000 per Bitcoin. John McAfee is even predicting it will go up to $1 Million! Are either of them right?

Not according to The Economic Forecast Agency. At the time of this writing, they are showing a high closing of $129,428 in January of 2021, and a high of $138,488.

After this, they show a steady decline in price all the way into 2022.

Now, how accurate is this data? Well, to be honest, it's about as accurate as using a crystal ball. Which is to say, that any kind of market prediction is like that. Nobody truly knows how things will end up in the future. This will at least give you some numbers to go with your speculation!

What do you think about this prediction? Let us know in the comments?

Jan 9, 2018

Answering three of the biggest #Bitcoin questions

As someone who has been interested in Bitcoin since around 2012 when I first discovered it, I get a lot of people asking me about it lately. That's because of the huge boom in Bitcoin we saw last year in 2017.

I figured if those people were asking, then others probably wanted to know these things too. It's like when you have a question in class, and are afraid to ask, but when someone finally asks the question you are thankful that they did!

Well, here are the three biggest questions I get asked about Bitcoin!

  1. What is Bitcoin?

    I made this video back in 2012 that explains it fairly well. Back then I didn't think about it as an investment opportunity, I looked at it as a way of buying things anonymously online...

  2.  If it's trading at tens of thousands of dollars per Bitcoin, how can I afford to Invest?

    The good news is that you don't have to have tens of thousands of dollars to invest in Bitcoin. You can actually buy fractions of a Bitcoin to get started. For instance, if you only have $50 to invest, you can buy $50 worth of Bitcoin at whatever the going price is. In return, you will own a fraction of a Bitcoin worth that amount in dollars. Get it?

  3. How do I buy Bitcoin?

    The easiest way, in my opinion, is to use Coinbase. You can easily transfer money from your bank account, and buy Bitcoin or other cryptocurrencies like Litecoin, Etherium or Bitcoin Cash.
Bitcoin is expected to reach at least $400,000 in the future! If you can get in now, you still stand to make a lot of money!

I hope this post answers your questions. If you have any more, hit us up in the comments!

Jan 8, 2018

Google Chrome set to crack down on competitor ads in February

Just when I get excited to finally find a decent Adsense alternative in 2018, and start making real money again with Bauer-Power, I find out that Google announced something that may screw me over once again!

Apparently last month on December 19th, Google said that they were joining the Coalition for Better Ads, and will crack down on sites that fall short of industry standards starting in February. Examples are sites that repeatedly show autoplay videos, and full-page or pop-up ads.

From their announcement:

Yesterday, the Coalition for Better Ads announced the "Better Ads Experience Program." This Program provides guidelines for companies like Google on how they can use the Better Ads Standards to help improve users' experience with ads on the web. 
In June, we announced Chrome's plans to support the Better Ads Standards in early 2018. Violations of the Standards are reported to sites via the Ad Experience Report, and site owners can submit their site for re-review once the violations have been fixed. Starting on February 15, in line with the Coalition's guidelines, Chrome will remove all ads from sites that have a "failing" status in the Ad Experience Report for more than 30 days. All of this information can be found in the Ad Experience Report Help Center, and our product forums are available to help address any questions or feedback. 
We look forward to continuing to work with industry bodies to improve the user experience for everyone.

Now, my sites don't offer autoplay videos, or full-page ads. We do sometimes show overlays though for mobile users. It's unclear how this change will affect us, and that is kind of scary.

If you look at our stats, almost half of our visitors use Chrome to view Bauer-Power!

Via The Hill:
Sites will be able to appeal their status to Google after they change their advertising practices. 
The move may be popular among internet users who are annoyed by obtrusive ads, but it could also bring opposition from sites that rely on revenue streams from such ads.
As someone who has tried to use the Google appeals process after being kicked off of Adsense years ago, I can tell you that their appeals process isn't very smooth. In fact, they deny 99.999% of appeals.

It kind of makes me think that this is more of a move to squash their competition. After all, Google Adsense is still the number one advertising player in the game. If they can find a reason to not display ads from their competitors in their browser, wouldn't it make sense that they are doing this for selfish reasons?

What do you think about this news? Let us know in the comments!

Jan 7, 2018

Brazil planning to use #Ethereum to process petitions and write laws

(Cointelgraph) The Brazilian government is seeking to move popular petitions, an inefficient electoral system of the country, onto the Ethereum network, to process hundreds of millions of votes on the immutable Blockchain network.

In Brazil, popular petitions enable over 145 mln voters across the country to come to a consensus on important political decisions. But, for many decades, political experts and analysts have questioned the logistical issue of popular petitions, and political commentators have described the structural problem of the electoral system of Brazil as the basis for most of the country’s political issues.

Gabriel Barbosa, a research associate at the Council on Hemispheric Affairs, wrote, “when people are living paycheck to paycheck, or as the common saying in Brazil goes, ‘selling their lunch to buy their dinner,’ the cost of political participation becomes high enough so that people are excluded from the political process,” emphasizing the lack of proper institutions that handle the cost of political engagement.

Reminder: We re still giving out free Powered By Ubuntu Stickers

I'm a huge fan of Ubuntu, and have been since I first discovered it in 2005. Because I am such a fan, I've been trying to spread the news of this free and robust operating system for years, and in 2008 I started handing out free Ubuntu Stickers.

Back then I was printing them out myself, but in 2014 I had some professional stickers made for this purpose and began handing them out instead! Those are the ones I've been handing out since, and I continue to get the occasional request for them. I'm hoping this fresh new post gets the Internet buzzing again that they are still available!

Sometimes I feel like I have to start over again with getting the word out that I am still giving away these stickers! Well, that is what this post is all about. Letting everyone know that these free Ubuntu stickers are still available! So come and get 'em!

To order them, head on over to stickers.bauer-power.net, and follow the instructions to either send me a self addressed stamped envelope, or just pay for postage using the Paypal buttons. Either way works for me! Please note, that if you don't include a postage stamp on the return envelope, I cannot send you your stickers!

Besides the Ubuntu stickers, you also get a free Bauer-Power bumper sticker, and Mainwashed bumper sticker and a couple of edgy "do not consent" stickers as well!

Please share this with your Ubuntu loving friends!

Jan 6, 2018

Ubuntu to release Meltdown and Spectre patches January 9th, 2018

As we posted the other day from Reuters, two major CPU vulnerabilities were discovered recently that pretty much affects every electronic system with a processor in it. These vulnerabilities are called Meltdown and Spectre.

The unfortunate problem here is that it's actually a hardware and a manufacturing issue. Since it's not practical to replace every CPU in the world in every piece of hardware going back to 1995, bandaging the problem is now the job of operating system companies. Ubuntu Linux is no different.

In a recent Ubuntu Insights post, Dustin Kirkland from Ubuntu/Canonical said the following about Ubuntu's plans to patch on January 9th:
Canonical engineers have been working on this since we were made aware under the embargoed disclosure (November 2017) and have worked through the Christmas and New Years holidays, testing and integrating an incredibly complex patch set into a broad set of Ubuntu kernels and CPU architectures. 
Ubuntu users of the 64-bit x86 architecture (aka, amd64) can expect updated kernels by the original January 9, 2018 coordinated release date, and sooner if possible.  Updates will be available for:
  • Ubuntu 17.10 (Artful) — Linux 4.13 HWE
  • Ubuntu 16.04 LTS (Xenial) — Linux 4.4 (and 4.4 HWE)
  • Ubuntu 14.04 LTS (Trusty) — Linux 3.13
  • Ubuntu 12.04 ESM** (Precise) — Linux 3.2
  • Note that an Ubuntu Advantage license is required for the 12.04 ESM kernel update, as Ubuntu 12.04 LTS is past its end-of-life
Ubuntu 18.04 LTS (Bionic) will release in April of 2018, and will ship a 4.15 kernel, which includes the KPTI patchset as integrated upstream. 
Ubuntu optimized kernels for the Amazon, Google, and Microsoft public clouds are also covered by these updates, as well as the rest of Canonical’s Certified Public Clouds including Oracle, OVH, Rackspace, IBM Cloud, Joyent, and Dimension Data.
Another thing to note about this patch, as mentioned in the Inisghts Post, is that these kernel fixes that they will be releasing are not Livepatch-able. Long story short, these updates will require a reboot, so you should expect and plan for some downtime after applying the patches.

Some software vendors are reporting performance related issues to their patches. Kirkland said that Ubuntu does not currently have performance analysis information at this time for the Ubuntu patches.

Are you and your company preparing for the Meltdoan and Spectre vulnerabilities? Let us know about the sorts of things you are looking into, and want to know more about in the comments!

Jan 5, 2018

Hello Neighbor on Xbox One

For those of you that don't know, my son has his own YoutTube channel that I help him out with. He publishes videos every week. He does all sorts of videos about video games, playing around our small town, toys and other fun stuff. His show is called The Adventures of Brizzle Fo' Shizzle!

This week Brizzle (aka Brayden) shows us his new video game that he saved up for and paid for himself! It's called Hello Neighbor, and it just recently became available for the Xbox One. Check it out!

Most Influential in Blockchain 2017 – Charlie Lee, Creator of #Litecoin

After years of working at the first "Bitcoin Unicorn," Lee stepped out on his own in 2017 to take up arms against those who would delay bitcoin technical development. His weapon? The cryptocurrency network: litecoin.

With the network – once languishing, now revitalized – Lee pulled no punches, becoming the opinionated voice of reason in a market that's known for its insanity.

Jan 4, 2018

Security flaws put virtually all phones, computers at risk

(Reuters) - Security researchers on Wednesday disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel Corp, Advanced Micro Devices Inc and ARM Holdings.

One of the bugs is specific to Intel but another affects laptops, desktop computers, smartphones, tablets and internet servers alike. Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.

“Phones, PCs, everything are going to have some impact, but it’ll vary from product to product,” Intel CEO Brian Krzanich said in an interview with CNBC Wednesday afternoon.

Researchers with Alphabet Inc’s Google Project Zero, in conjunction with academic and industry researchers from several countries, discovered two flaws.

The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.

Men and the Power of the Visual

In the above video from Prager University, we learn why are men so attracted by a woman's legs, but not vice-versa? In five minutes, Dennis Prager explains why the answers to these questions reveal so much about male and female nature.

Jan 3, 2018

What is #Bitcoin backed by?

This question comes up all the time when discussing Bitcoin with people who are new to the whole idea of cryptocurrency. I mean, what is Bitcoin backed by anyway? Before we answer this question, let us ask you a question. What is the American Dollar backed by? I mean, up until 1971 the Dollar was backed by gold. Richard Nixon ended that.

Via Federal Reserve History:
President Richard Nixon’s actions in 1971 to end dollar convertibility to gold and implement wage/price controls were intended to address the international dilemma of a looming gold run and the domestic problem of inflation. The new economic policy marked the beginning of the end of the Bretton Woods international monetary system and temporarily halted inflation. 
The international monetary system after World War II was dubbed the Bretton Woods system after the meeting of forty-four countries in Bretton Woods, New Hampshire, in 1944. The countries agreed to keep their currencies fixed (but adjustable in exceptional situations) to the dollar, and the dollar was fixed to gold. Since 1958, when the Bretton Woods system became operational, countries settled their international balances in dollars, and US dollars were convertible to gold at a fixed exchange rate of $35 an ounce. The United States had the responsibility of keeping the dollar price of gold fixed and had to adjust the supply of dollars to maintain confidence in future gold convertibility.
Here is Nixon giving his famous speech on the decision:

Since this decision was made, the Dollar hasn't really been backed by anything. In fact, this decision allowed The Federal Reserve (Which isn't a government entity by the way) to print as much money as they want, pretty much any time they want, for whatever reason they want. This actually causes the Dollar to be worth less and less over time.

So if the Dollar is not backed by anything, then why is it worth anything at all? Well, not unlike gold itself, the main reason the Dollar is worth something is because we all agree that it is worth something!

The difference between Bitcoin and the Dollar then, besides it being digital in nature, is that it is backed by the Blockchain cryptography technology, and there is a finite amount of Bitcoins available. Moreover, there will only ever be 21 Million Bitcoins in circulation, which creates scarcity. An individual can't just create more Bitcoins whenever they feel like it, which prevents inflation. Because transactions, and holdings are "logged" in the Blockchain and checked by miners, there can be no double-paying and everyone can account for all transactions.

To further explain, here is a video via Mainwashed of the Winklevoss twins talking about what Bitcoin is backed by, and how it compares to gold.

If this still doesn't make sense, don't worry. A lot of new technologies don't make sense at first. Just look at Katie Couric from 1994 trying to understand what The Internet is.

Like it or not, Bitcoin is here to stay in one form or another. You better stop resisting, and start trying to understand it better.

Jan 2, 2018

#Bitcoin and top 6 alt-coins are up today

The top six cryptocurrencies are up according to coinmarketcap.com today! At the time of this writing Ethereum (ETH) and Bitcoin Cash (BCH) are up by 10.94% and 10.82% respectively.

Ethereum had the biggest change in 24 hours when it shot up last night by roughly $100.

Does this get you excited in 2018 or what? Let us know in the comments!

New Bauer-Power bumper stickers are in

Great news folks! I just got my shipment of Bauer-Power bumper stickers in! Even better news is that I am going to be giving them away along with my Do Not Consent stickers and my 5th Amendment stickers when you order your free Powered by Ubuntu stickers! It's like sticker overload!

Here's what the new bumper stickers look like:

Here is what they look like on the back of my dirty SUV:

Just when you thought it couldn't get any better, guess what? I will also throw in one of my new Mainwashed bumper stickers too!

If you haven't heard about Mainwashed, it's a right leaning libertarian news aggregation site that seeks to bring you lots of news in one place in order to fight the brainwashing you get from the mainstream lying media. 

If you are all about freedom, and you value your constitutional rights, then you would probably like Mainwashed. If you don't value that sort of thing, and are more into left-wing shit, like communism or whatever, you might want to give the sticker to your parents. They will appreciate it...

Anyway, to get these stickers, just follow the instructions at http://stickers.bauer-power.net!

How to disable SSL and Early TLS (TLS 1.0) for PCI-DSS Compliance in IIS and Apache

Well shit guys. The time is almost upon us where all companies that handle credit card transactions must disable what PCI-DSS calls "early TLS" and SSL. By now most of you should already have SSL 3.0 and below disabled to mitigate against attacks like POODLE and BEAST. By June 30th, 2018 though, you must now also disable TLS 1.0 too!

Is your organization still using the SSL/early TLS protocols? Do you work with online and e-commerce partners or customers who haven’t yet started the migration away from SSL/early TLS to a more secure encryption protocol? Read on for key questions and answers that can help with saying goodbye to SSL/early TLS and reducing the risk of being breached.    
What happens on 30 June 2018? 
30 June 2018 is the deadline for disabling SSL/early TLS and implementing a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged) in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data.
Awesome! Well, it really isn't that difficult to disable TLS 1.0 in IIS and Apache. I'll start with IIS first!

For IIS, download a tool I've written about in the past called IIS Crypto. Run the tool as an Administrator on your Windows IIS server, and under Protocols Enabled, uncheck everything except TLS 1.1 and TLS 1.2 then click Apply.

After you click Apply, reboot the server and you are good to go!

For Apache, at least in Ubuntu, all you have to do is modify your default-ssl.conf file located in /etc/apache2/sites-enabled/ using your favorite text editor, and find the section that says SSLEngine On and modify it to say:
SSLEngine on
SSLCipherSuite AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder On
Save the config, then restart Apache:
sudo service apache2 restart
Bang! Done! Now you aren't serving anything without encrypting it with either TLS 1.1 or TLS 1.2!

Are you and your company prepared to make this change by June 30th? Let us know your story in the comments!

#Ethereum is on fire right now! Is this due to #testnet for #Casper?

Ethereum, at the time of this writing is up to a high of $879.20 to USD according to coinmarketcap.com! I wasn't the only one relatively shocked by this. Twitter user @azerx tweeted the following:

Twitter user @muslenerd tweeted the following reply:

What is @muslenerd talking about? Well, according to BlockExplorer.com:
Ethereum developers have launched an alpha test network (testnet) for Casper, paving the way for the cryptocurrency to eventually transition to a proof-of-stake (PoS) consensus algorithm. 
Like bitcoin, ethereum currently operates on a proof-of-work (PoW) consensus algorithm, meaning that the network is secured and new currency units are issued through “mining,” whereby participants solve cryptographic puzzles to validate transactions and create new blocks. 
However, PoW has attracted criticism over the years, both for its tendency to centralize mining hardware into a few pools and for the amount of electricity it consumes.
Whatever the reason, Ethereum is up baby! Check out these charts via coinmarketcap.com:

This is great news for crypto-investors since most crypto-coins have been in a slump since just before Christmas!

What do you think about this? Let us know in the comments!

Jan 1, 2018

I2P: An alternative to Tor for online anonymity

I've been a big proponent of Tor since I first heard about it years ago when Cory Doctorow did a keynote speech at ToorCon in San Diego talking about the Electronic Frontier Foundation (EFF) back in 2006 I think. I mean, if you wanted to browse the internet without big brother spying on you, it was always my recommended option.

If you are unfamiliar with Tor, here is an explanation from their website:
Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.
Some people warn that there are flaws in the Tor network though where activity can still be monitored, and sometimes if you are not careful, traced back to you. How To Geek writes:
...when you use Tor, your Internet traffic is routed through Tor’s network and goes through several randomly selected relays before exiting the Tor network. Tor is designed so that it is theoretically impossible to know which computer actually requested the traffic. Your computer may have initiated the connection or it may just be acting as a relay, relaying that encrypted traffic to another Tor node. 
However, most Tor traffic must eventually emerge from the Tor network. For example, let’s say you are connecting to Google through Tor – your traffic is passed through several Tor relays, but it must eventually emerge from the Tor network and connect to Google’s servers. The last Tor node, where your traffic leaves the Tor network and enters the open Internet, can be monitored. This node where traffic exits the Tor network is known as an “exit node” or “exit relay.”
So what alternatives do you have? Well, you could spend some money and use a private VPN service, or you can check on I2P (Invisible Internet Project)!

From their About page:
I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based (a la IP), but there is a library available to allow reliable streaming communication on top of it (a la TCP). All communication is end to end encrypted (in total there are four layers of encryption used when sending a message), and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys).
So what's the difference between Tor and I2P? Well Ed Holden from IVPN wrote up a pretty lengthy article explaining the differences, but in conclusion he said:
We see that both Tor and I2P provide cryptographically sound methods to anonymously access information and comunicate online. Tor provides one with better anonymous access to the open internet and I2P provides one with a more robust and reliable “network within the network,” a true darknet, if you will. Of course, when implementing either of these two tools, one must always be aware that one’s ISP can see that he or she is using Tor or I2P (though they cannot determine the content of the traffic itself). In order to hide this knowledge from one’s ISP, one should make use of a high-quality VPN service to act as an entry point to either one’s anonymous network of choice or to the internet at large.
In the end, it all comes down to preference and making sure you are securing your computers at the highest possible level. Make sure you are not accidentally leaking info, and it really doesn't matter which one you use to surf the internet anonymously.

Do you use I2P? Do you use Tor? Why do you prefer either one over the other? Let us know in the comments!

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam