Dec 16, 2019

How To Disable Weak CBC SSL Ciphers in Nginx

I'm always looking for ways to improve my encryption settings on my personal email server. I'm constantly checking SSL Labs to see how my configuration stacks up. For a little while now they have been complaining that I use weak CBC ciphers still in TLS 1.2. However, since they have continued to give me an A+ rating I didn't really care until today.

I decided to fix it by disabling those ciphers, and it's actually pretty easy. The answer on how to do it comes from user imgx64 on Stack Exchange in this thread where he says all you have to do is add a couple of extra items near the end of your ssl_ciphers portion of your ssl.tmpl config file in Nginx:
You can use !SHA1:!SHA256:!SHA384 to disable all CBC mode ciphers. There are some non-CBC false positives that will also be disabled (RC4, NULL), but you probably also want to disable them anyway. 
Note that while GCM and CHACHA20 ciphers have SHA* in their name, they're not disabled because they use their own MAC algorithm. The SHA* in their name is for the PRF, not the MAC
I changed my ssl_ciphers string from:

ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!DSS:!aNULL;


To:

ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!SHA1:!SHA256:!SHA384:!DSS:!aNULL;

After I made that change and restarted the Nginx service my SSL Labs report went from this:



To:


Simple right? Did this help you out? Let us know in the comments!

Dec 4, 2019

SSL Labs Error: Chain Issues Incorrect order, Contains anchor

An issue came up the other day that frankly really isn't an issue. We had a client at my day job (that shall not be named) that ran an SSL Labs test against one of our sites and it came back with this message regarding the chain certificates:

Chain Issues Incorrect order, Contains anchor
I say this really isn't an issue because according to this forum thread from Qualsis, it really is just informational. Ivan Ristic said:
...It's not an issue in the sense that the anchor is not allowed, but that the extra certificate (which serves no purpose) is increasing the handshake latency. Some people care about that, which is why provide the information in the test.
The solution is relatively easy if you are running an Nginx or Apache server, just don't include the root (aka anchor) certificate in your web configs, and only include the intermediate cert.

My problem was a little more complex because we use Imperva's Incapsula CDN/WAF service, so in order to upload a custom certificate you need to import a PFX file. If you export the PFX file from a Windows server, it typically includes all certificates in the chain.

If you opt to not include all certificates in the chain when exporting, then import that to Incapsula, then SSL Labs will cap your grade to a B because you are missing the chain certs... Kind of no win theater situation.

The solution? First you need to have OpenSSL installed in Windows, or you can do this on a Linux box. Do the following:
  • Export your certificate to PFX format and don't include the chain certificates. 
  • Export your intermediate certificate in x509 format separately. Name the file intermediate.cer
  • Put both files in a folder then run the following from a command prompt or Linux terminal in the directory containing your files:
openssl pkcs12 -in <domainname>.pfx -clcerts -nokeys -out <domainname>.crt
openssl pkcs12 -in <domainname>.pfx -nocerts -nodes -out <domainname>.key
openssl pkcs12 -export -out <domainname>_new.pfx -inkey <domainname>.key -in <domainname>.crt -certfile intermediate.cer

Be sure to replace <domainname> with whatever your original PFX file's name. You will be prompted for your export password after each command.

After this is done, you can import your <domainname>_new.pfx file to Imperva's Incapsula service (Or whatever load balancer/SSL offload device your using) and re-run your SSL Labs scan. Boom! The issue will be gone!


Like I said above, all of this is kind of unnecessary. Your website will work fine and not be any less secure if you have the root/anchor certificate in your chain. Still, if you are a stickler for details, or you have clients that want it done, now you know how to do it.

Did you have to do something different to fix your issue? Did this help? Let us know in the comments!

Nov 18, 2019

Blockchain In Mobile Application Market (Infographic)

When someone mentions Blockchain, the first that that comes to mind for most people is cryptocurrency. Did you know that there are plenty of other use cases for Blockchain technology though?

Blockchain offers immense speed and highly-secured features, which is idea for banking, real estate and mobile applications!

Speaking of the latter, here is an interesting infographic we found for Blockchain in the Mobile Application Market!



Nov 11, 2019

How To Setup A L2TP/SSTP Client Access RRaS Server In Azure

Some of us still haven't outgrown the use of Microsoft RRaS as a VPN server. Why should we? It is simple to setup, easy to configure and just plain works!

The other day I decided to setup a RRaS server in Azure to replace an old one we had on premise. It turns out that RRaS isn't officially supported in Azure, but that isn't going to stop us is it?

The reason it apparently isn't supported is because of how routing is configured in Azure. At least, that's the Cliffs Notes version I gathered. I read an article from Richard Hicks that says that you can make it work by enabling IP forwarding on your RRaS VM, then adding a routing table to your vnet to make it work. He's half right, you should enable IP forwarding on your VM's NIC like this:




You'll also want to allow ports 443, 1701, 500 and 4500 to your VPN server in your Network Security Group:



That being said, the rest is easy!

  • Install the Remote Access role, and select Direct Access and VPN (RAS) and Routing.




  • After the install, run the getting started wizard and select the Deploy VPN only option (Unless you need direct access, but that is outside the scope of this post)
  • When you open the RRaS console, right click your server name and select Configure and Enable Routing and Remote Access.
  • Click Next, then select Custom Configuration (Since we're setting this up with a single NIC host)


  • Next select all options, then click Next again and follow the rest of the prompts to install RRaS. 


Now you're ready to configure everything. The only two things you need to know about setting up RRaS in Azure:

  1. You can't point RRaS to an internal DHCP server in Azure, and you can't point RRaS to Azure's DHCP services, so you have to assign IP's from a static address pool in the IPv4 tab under your RRaS server properties. This IP range can't be one that exists in Azure, or matches the host that you're using as your RRaS server.

  2. Since we're not using a custom routes, we need to configure NAT by adding both the Ethernet interface and the internal interface under NAT in the RRaS console.


The Ethernet properties should look like this under NAT:


The Internal interface properties should look like this:


After that, configure your SSL certificate, authentication, etc the way you normally would for RRaS. You'll find that this method is pretty easy and works pretty well. With the NAT setup, you are translating your static pool of RRaS addresses to the network interface of the Azure VM, so you don't have to worry about routes!

I originally setup the route table method way without NAT that was suggested in Richard Hick's post, but when I connected with my client, I couldn't access the internet. In order to access the internet through the VPN tunnel, I had to enable NAT. With NAT enabled, you don't need the routes! 

Did this post help you out? Did you did it a different way? Let us know in the comments!

Oct 21, 2019

How To Hack A Local Windows Password Offline With CHNTPW Live CD/USB


Many moons ago I used to make my own custom version of Ubuntu called Bauer-Puntu that had lots of useful tools already built in. One of the tools I would always install was an offline Windows password rest tool called chntpw.

I once made an awful how to video about using Bauer-Puntu and chntpw. You can watch it below:


The other day I was helping this really gorgeous cop I started dating reset the password on her laptop. Her ex-husband is kind of petty and changed her password just to piss her off. I went to use my trusty Bauer-Puntu USB drive, but the video drivers for it were out of date so it didn't work. Kind of a bummer...

Anyway, looking around I found out that someone made a dedicated live version of chntpw and it works like a charm! I tried it on a Windows 10 VM and it worked flawlessly!

From their page:
Chntpw (also known as Offline NT Password & Registry Editor) is a small Windows password removal utility that can run from a CD or USB drive. The latest version is 140201. Please download the Bootable CD image or the USB version for your own purpose:
  • cd140201.zip (~18MB) – Bootable CD image. (md5sum: f274127bf8be9a7ed48b563fd951ae9e)
  • usb140201.zip (~18MB) – Files for USB install (md5sum: a60dbb91016d93ec5f11e64650394afb)
You can also download chntpw for ALT Linux, Arch Linux, CentOS / RHEL, Debian, Fedora, Mageia, ROSA, Slackware, Ubuntu distributions from this link
If you need to download the old version, please visit Offline NT Password & Registry Editor’s official website
After you’ve downloaded it, you then need to burn chntpw to CD/USB drive in order to get it to work.
If you've been looking for a way to easily hack errr... reset a local Windows password, this is it!

What do you like to use to do offline password resets for Windows? Let us know in the comments!

Sep 30, 2019

Facilitating Your Crypto Trading with Automated Platforms: Superorder Case


Automated trading platforms are growing more popular as investors recognize the benefits that come with their adoption. The process of automated crypto trading is simple yet effective. It allows traders and investors to establish specific rules for trade entries and exits that relate to their trading strategies. The moment they confirm these rules, the algorithms do all the work on the traders’ behalf, meaning they buy and sell assets when the time is right.

For investors that want to reduce their trading efforts and minimize the manual labor in the trading process, automated trading platforms are the best ways to do it.

Automation in trading might sound overly complex for some traders, especially when coding is in the picture. However, what many don't know is that learning how to program your strategies is not necessary for some automated platforms.

Superorder Concept

Superorder is a crypto platform for professional traders that want to explore the benefits of automated trading. What this means is that crypto traders can use this feature to build and run their trading strategies, and avoid manual tracing of the market’s price fluctuations.

The Ukraine-born and USA-grown automated trading terminal was launched in 2018. Perhaps, the best thing about the platform is that traders don’t need to possess coding abilities, nor any programming languages to make their trading strategies. Instead, Superorder provides users with a convenient strategy editor based on blocks – various order types. They’re used to build specific trading chains that are executed automatically later.

That has to be one of the most positive aspects of automated trading, particularly for day traders. Knowing how difficult following a 24/7 market is, this feature comes as a refreshing advantage and a way to control professional trading and keep a balanced personal life.

How Does It Work? 

Automated trading revolves around specific strategies and money management rules that allow the systems to monitor trades with precision, and execute them when the time is right.

All automated platforms are not the same, although the main principles that they apply orbit around the idea of establishing rules for the system to automatically execute. Crypto traders and investors decide on the rules, and let the system know when they want to buy coins, and when it would be ideal to sell them to make a profit and minimize losses. The computer remembers these orders and follows the market changes 24/7. When the selling or buying price reaches the parameter that was entered on the system, it executes it.

There can be many different strategies according to the needs of the investors. What’s positive is that Superorder allows users to make a selection of rules and run simulations to test their strategy before applying it on the market.

After registering an account on Superorder, the trader needs to finish connecting his/her profile from the exchange platform that is being used (in this case it’s either Binance, Bittrex, BitMEX or CEX.IO), and start trading by setting up a strategy. Inside their terminal is where they will be doing this, and the interface makes it easy for traders to get around and start their automated trading.

Main Features 

Superorder offers several features, and we are going to go over some of the most important ones that make this platform stand out in front of its competitors. Although the company is rather new on the market, they still have a lot to offer.

  • Strategy Elements/Building Blocks 


One of the problems with most automated trading platforms is that they are somewhat limited to the elements that professional traders can use in their strategies.

Superorder offers nine elements or strategy building blocks, which can be easily located on their interface. They include: limit buy, limit sell, market buy, market sell, stop loss, sell trailing stop, buy trailing stop, and more. There are also conditional elements like tech indicators and forks.

The trailing stops are an advantage because they can be used even if the exchange does not support them. Additionally, there are also conditions called AND Fork, and OR Forks, which allow traders to split their strategy into two paths to make a more complex chain.

  • Cross-Exchange Orders

Traders can cross their order on multiple crypto exchanges to get the best experience. The process is as simple as using two blocks in the strategy builder. Moreover, the platform can handle more strategies running simultaneously on the same exchange and across different exchanges and coin pairings.

  • User-Friendly Interface 

Professional and even new traders shouldn’t encounter any issues with the platform’s interface, considering that it is manageable and easy to use. Even if they do find something that bothers them, users can easily adjust the terminal according to their unique preferences.

  • Platform Support


Superoder’s platform support is a bit limited. They do, however, introduce four big names in the industry. Currently, the platform supports Binance, Bittrex, BitMEX, and CEX.IO but the developers are planning on adding Bitfinex, Poloniex, and other exchanges soon.

Traders can synchronize to their chosen exchange, a process that will only take a few seconds and is nicely explained on the platform, step by step.

  • Free Trial 

For traders that are switching to automated trading, a trial period is a necessity. It’s also an essential feature to determine scams from real trading platforms that help users achieve growth, instead of tricking them to lose their money.

It’s an advantage that Superorder implemented a 3-day trial period, which should be enough to see whether the terminal is the right fit for you or not.

Final Thoughts

Superorder is a fitting platform for professional traders who want to take the shortcut leading to profits. It’s an advantage not to be dealing with programming languages as it takes a lot of time for traders to master it if they already haven’t. It's also useful that the platform is customizable and user-friendly.

The fact that this automated trading terminal allows easy and simple automated trading, with the opportunity to try it out without paying for two weeks, is certainly a positive aspect and a good sign for traders who want to switch to this type of crypto trading.

Overall, the process of automated trading can be remarkably helpful nowadays, and Superorder is one of the platforms that can successfully provide you with profits, all that while minimizing the manual effort traders would usually put into the process. In other words, professional traders can now enjoy earning profits with less effort.

Sep 16, 2019

How To Implement TLS 1.3 for iRedmail Roundcube in Ubuntu

As many of you know, I use iRedmail for my personal email server and I run it on an Ubuntu 18.04 VM on Linode. No big deal right?

Well, periodically I like to check to make sure my SSL settings are using the most up to date security by running servers tests against SSL Labs. I decided I needed to implement TLS 1.3. It turns out, it's really easy if you are using Nginx like iRedmail uses!

For the iRedmail Nginx configuration, all you have to do is edit the /etc/nginx/templates/ssl.tmpl file and add TLSv1.3 after TLSv1.2 in the ssl_protocols section! Should look like this:

ssl_protocols TLSv1.2 TLSv1.3;

That's it! Do that, save the file and restart the Nginx daemon by running sudo service nginx restart!

Now I'm running TLS 1.3!

Sep 11, 2019

What Makes Bitcoin the Internet of Money

When cryptocurrency is mentioned, people think about Bitcoin more than any other type of digital currency. It was among the first in this sector and it has been successful throughout its history. Although many people interact with Bitcoin, they may not understand the underlying technology.

According to experts, there are international laws involved in creating Bitcoin technology. It functions under blockchain technology which, as we are going to see, is the genesis of better financial operations around the world.

The Pillars of Bitcoin Technology

  • Decentralized verification - Before a transaction is termed complete, it is verified by numerous servers across the world. This reduces theft and fraud, making blockchain technology one of the most trusted today. It also eliminates the possibility of sending money twice.
  • Decentralized ledger - This is where Bitcoin has made its reputation. The transaction information is not stored in one location like with many other financial operations. It is distributed across different servers, which means that anyone can verify it. This increases the level of transparency.
  • Peer-to-peer network - Bitcoin is a global digital currency that mainly operates through a P2P network. This allows peers to collaborate in giving loans, mining, and every verifying transactions. This network is very hard to kill as it is now.
  • Use of digital signature - It sounds easy to forge, right? Wrong! Digital signatures that are used in Bitcoin technology are verified by several parties and they are the center of its success in minimizing digital money theft.

Bitcoin - The Internet of Money

According to experts at Nakitcoins, a website that helps people buy and sell Bitcoins, this digital currency is revolutionizing the world of money at a rapid rate just like the internet is changing the world. Many financial operations are copying these pillars of technology in various ways to improve their operations.

Banks have started applying the use of digital signatures to promote online banking. As of now, those who have successfully implemented this has started enjoying the fruits of reduced hacking and fraud cases.

Apart from financial institutions using Bitcoin technology, people have also accepted the use of Bitcoins to transact. It is a better option that has brought convenience to online buyers and sellers. Many businesses and suppliers across the world now use Bitcoin. Although other digital currencies are used, none have been as globally accepted as Bitcoin.

The other reason why Bitcoin has become very popular is that it is now a thriving business. Through various exchange platforms, people can buy and sell with the intention of making a profit. The digital coin has been making progress in its stability, which improves its reputation among everyone around in the world.

Banks have started applying the use of digital signatures to promote online banking. As of now, those who have successfully implemented this has started enjoying the fruits of reduced hacking and fraud cases.

Apart from financial institutions using Bitcoin technology, people have also accepted the use of Bitcoins to transact. It is a better option that has brought convenience to online buyers and sellers. Many businesses and suppliers across the world now use Bitcoin. Although other digital currencies are used, none have been as globally accepted as Bitcoin.

The other reason why Bitcoin has become very popular is that it is now a thriving business. Through various exchange platforms, people can buy and sell with the intention of making a profit. The digital coin has been making progress in its stability, which improves its reputation among everyone around in the world.

Conclusion

From these insights, it is evident that Bitcoin has indeed become the center of the world. It is penetrating every corner with many benefits. Anyone who gets an opportunity to work with Bitcoin hardly ever turns back.

Most importantly, Bitcoin technology and blockchain can be applied in many financial sectors so that they can also enjoy the benefits that come with it. Now that you know why Bitcoin is the internet of money, it is time to start interacting with the digital coins.




Sep 2, 2019

Highest Paid Blockchain Jobs [Infographic]

If you thought that blockchain only had to deal with cryptocurrencies, you are mistaken. Blockchain is being used in commercial applications now too. That means lots of careers await!

With that, here is an infographic I found that shows you the highest paid blockchain jobs out there! Check it out:


[Via MrDesigner]

Aug 26, 2019

Top 5 Tips on Logging in Java

Source - Pexels
One of the first decisions you have to make when building a website is which programming language you want to use. With all of the different options on the market, selecting the right programming language can be difficult. For years, developers have relied on the power of Java to build and power their websites. This language is both easy to use and very effective.

Did you realize the websites for LinkedIn, Indeed and Ali Express were all built using Java? If you are considering using this programming language, you need to consider a few important factors. If you are using Java to create a web-based or mobile application, monitoring runtime data is crucial. While some people rely on logging as a service, others prefer to do this manually.

Regardless of what method you use to monitor this data, you need to focus on logging as much information as you can. The following are some of the things you need to focus on when logging in Java.

1. Be Careful When Logging Sensitive Information

One of the biggest misconceptions most people have about logging is that they need to get as much information as possible. While having usable data is important, there are certain things you don’t need to store or log on your application. Logging things like a user’s login credentials or financial information is a horrible idea.

Most developers fail to realize that their plain text log files will be processed by a number of unsecured systems. This means that this sensitive information will be at risk. Not only is the practice of logging sensitive information negligent, it is also heavily regulated. This means that if you do not take the proper precautions to protect this data, you may be at risk of being fined.

2. Excessive Logging Creates Problems

Are you looking for a way to keep your website or application fast and responsive? If so, then you need to avoid excessive logging. Taking the time to figure out what data you want to monitor is crucial. The more files you are logging, the slower your site or application will ultimately get.

Not only will excessive logging lead to slower computing speeds, it can make it hard for you to actually read what a log file says. If there are too many log messages, you will be unable to pick out the ones that actually matter. You should really only be logging information that affects either the functionality of your app or the user’s experience.

By being selective with the data you are using, you can make finding and fixing problems much easier. Also, a faster app or website will be far more popular with consumers. The time you invest in cutting down on excessive logging will be worth it in the long run.

3. Making Sense of Cryptic Log Messages

When you start to parse the log files created by your application or website, you will need to view the details to make sense of them. One of the biggest mistakes beginner programmers make is failing to include enough information in these files. If these log messages are vague or cryptic, you will have a hard time making sense of them.

This is why you need to focus on putting things like timestamps, thread name, class name and log level is crucial. This information will act as clues when trying to figure out what is wrong with your app. The last thing you want is for your app to give you log messages you can’t understand.

One of the best ways to ensure you have no problem understanding what a log means is by using workflow rules. These if/then statements can create a predictable outcome and minimize problems during the development and deployment process. If you are curious about how to use this tool, you can find more information on workflow rules on DaniWeb crm's help pages here.

4. Incorrect Log Levels Can Create Confusion

Failing to create adequate log levels will lead to either a flood of unimportant data or the missing of significant events within your app or website’s infrastructure. You need to view choosing the right log level for your system as a priority.

For most logging frameworks, you can use terms like fatal, warn, debug or trace to label various log files. Ideally, you want to name these levels in a way that gives you information about how severe they are. Trace is generally the lowest log level, while fatal is the most serious. With these labels, you should be able to find out how severe the issues you are dealing with really are.

Source - Pexels


5. Ignoring Your Logs is a Bad Idea

The worst thing a developer can do is to work hard to create an adequate and detailed logging system  only to ignore the information it provides. You need to make a habit of looking at these files on a daily basis to ensure everything is working efficiently. Staying on top of the error logs can help you keep your app more dependable and functional.

Keeping Your Program Running

All of the time and effort you invest in logging will be worth it. By keeping track of how well an app is performing, you can detect issues before any real damage is done.

Aug 1, 2019

PR_CONNECT_RESET_ERROR connecting to Windows IIS web servers in Firefox only

I had a strange issue today at my day job that shall not be named. We have a test environment that our clients connect to that is running Windows IIS. Out of the blue, one of our clients said that in Firefox they couldn't connect to the test environment website, but all other browsers worked fine.

When you would connect to the site in Firefox, you would get the below error:


Secure Connection Failed

An error occurred during a connection to <website name> PR_CONNECT_RESET_ERROR



  • The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  • Please contact the website owners to inform them of this problem.

None of the other servers in our other environments had this issue.

Well, after checking TLS settings on servers that didn't have the issue and comparing them to the servers that did have the issue, I figured it out.

Using IIS Crypto, I found that these servers had SHA disabled. Once I checked the box to enable it, and rebooted the servers the issue went away.


Apparently Firefox doesn't support SHA 256 and above yet... Seems like they would though right?

Anyway, that fixed the issue for us. If you know of another way to fix this, let us know in the comment!

Jul 8, 2019

All About Facebook's Libra Cryptocurrency (Infographic)

Facebook's new cryptocurrency, Libra has been in the news a lot lately. Many people have questions about it. The infographic below tells you all about Libra!

Check it out:




[Via MrBTC]

Jun 24, 2019

How to Manage Your Cryptocurrency Portfolio Effectively – Tips and Strategies

A few years ago, many traders and investors in the cryptocurrency sphere didn’t have a portfolio. Instead, they invested all their money backing one currency, which was normally Bitcoin. Putting their financial weight behind one currency meant they were hoping that either their Bitcoin investments were going to continue growing (and for the most part it did) or they had bought up a rival Cryptocurrency in the hope it would put on a “Bitcoinesque” show. Those days the number of Bitcoin exchanges was noticeably smaller and their functionality wasn’t that wide.

Then in late 2017 and early 2018, the unthinkable happened. Overnight (if not faster) the bottom fell out of the market as a few investment groups who held a large portion of Bitcoin all cashed in at once. The currency went into freefall and the dreams of becoming incredibly wealthy by owning Bitcoin were dashed against the rocks.

Today there are still some who clung on to their Bitcoin and weathered the storm, still waiting for the currency to get to the value they purchased it at. With the latest positive trends in Bitcoin's price, this could come to fruition in the not too distant future. The Bitcoin's crash left a sour taste in many people’s mouths, some sold and made huge losses, some held on, but it was a sign for each investor that they needed to be more attentive to their funds.

Diversifying Instantly Adds a Layer of Protection

In the wake of this fallout, 2018 ushered in a period of stagnation across much of the market, but against a bleak backdrop, some currencies began to shine out. Currencies like Ripple and Ether were beginning to grow and investors began moving money away from Bitcoin and Bitcoin-based currencies (Bitcoin Cash, Litecoin) towards more promising prospects.

Another trend emerged, investors were beginning to buy multiple currencies across different exchanges and they were beginning to hedge risks. Instead of lumping all of their money in Ripple, they spread their investment pot over a range of Cryptocurrencies, meaning that if Ripple failed, another currency might perform well enough to offset that loss.

The emergence of Portfolio Management Tools and Apps

If you’re an investor or trader in 2019 or you’re looking for getting into Cryptocurrency trading then there are a few tips that you should abide by. The first tip is to check out some of the portfolio management tools and apps available (even before you have invested in any stock) and familiarise yourself with the interfaces, features, and functionality.

Using a portfolio management app will have plenty of long-term benefits but it will also help you get up and running if you haven’t traded before. Using a new portfolio and broker tool, CEX.IO Broker we will show you why.

CEX.IO Broker

There are other portfolio management tools available so make sure you try some others before selecting your app of choice. CEX.IO Broker gives you great functionality regardless of your experience level so that makes it great for the cryptocurrency portfolio management.

Integration with CEX.IO Exchange

With any portfolio management tool, you will need to make sure it behaves in the way you expect it to and this means on the most basic level it needs to communicate with the exchange that you’re trading on. There are a couple of fantastic portfolio management apps that use a multi-exchange platform to give you functionality across many different exchanges.

This is useful if you are a seasoned trader with multiple exchange accounts and have the patience to buy Crypto across a number of exchanges. This is specifically a strategy for those in the know about Cryptocurrency as using multiple exchanges can come with pitfalls especially if you select the wrong exchange or happen to use the one that is susceptible to hacking.

CEX.IO exchange is a world-leading exchange that has never been hacked and continues to provide competitive fees and lots of trading options. This makes it a favorite for seasoned pros and ideal for those looking to get their feet wet in a safe environment. Building on this strong framework, the CEX.IO Broker offers you additional trading functionality to mitigate risk.

Comprehensive Analytics

Another crucial thing that any self-respecting portfolio management platform will have is sophisticated features to analyze your trading experience. CEX.IO Broker collects historical data of your strategical moves, which allows you to take some lessons based on your own experience and benefit from it.

Other portfolio management apps have a wide range of analytics and data, some of them don’t provide much information beyond what is already available. But others like Blockfolio are revered within the community and provide critical insights into your Crypto investments. Blockfolio plugs into multiple exchanges but has no sync feature with these exchanges, relying instead on user input to help it manage and stay up to date with your buys and sells.

CEX.IO Broker provides the same Blockfolio sleek design and functionality as well as synchronizing with the CEX.IO exchange. It is worth trying Blockfolio out as it is free to use. It will also give you a very hands-on experience of what a good portfolio management app looks like, especially if you haven’t yet signed up to CEX.IO which you should do at the same time to feel out which fits your style best.

Security and Mitigating Risk

Last but not least, a crucial tip for managing your portfolio is to ensure that you're protecting your investment at all times and wherever possible you’re mitigating risk. Many portfolio platforms will offer comparison tools and notify you if things in the market change. Most do this in real-time although there are some that don’t have real-time functionality.

CEX.IO is very security conscious and even though thus far they haven’t been hacked they always advise that you keep your investment in private wallets and not on the exchange. The CEX.IO Broker also provides a comprehensive hedging strategy that will help you mitigate risk and offset any detrimental price changes.

In short, whether you’re a seasoned trader or not, if you have a portfolio you should have a portfolio management tool which at the very least alerts you to market changes in real time. If you find one of the better tools, these can actually not only keep you informed and ahead of the play, they can also help you protect your investment and expand your portfolio.

Jun 10, 2019

7 Reasons Why Mobile App Security Testing Is Crucial For Enterprises

To stay away from and diminish security breaks, we need to uncover shield vulnerabilities in all parts of our condition. We need to check the fringe (firewalls, switches, balancers, etc.) through framework organizations, mastermind division to web organizations, flexible and static mobile apps

We need to find shield openings of the web application before aggressors by making security testing a bit of the structure and improvement of the mobile application. We can in like manner discover vulnerabilities through versatile application security testing.

Why we need mobile application security testing?

1. Stay away from future attacks by estimating the acts of aggressors and imagining their moves

You haven't the faintest idea and can't ensure whether software engineers will or won't hack into your convenient web application, ambush your backend structures, and take your data. In any case, you can imagine possible future circumstances and reasonably related perils. You can make sense of the acts of software engineers to uncover absconds in the code and fix them before developers abuse them.

A penetration test is a kind of shield testing proposed thus. In a penetration test, analyzers use refined instruments and moved to learn of IT to figure the direction of an aggressor who enters the client's condition to get information or possibly get to higher assents without genuine endorsement.

2. Running live with the new flexible application without excess pressure

Preceding the association of another adaptable application to an IT circumstance, the compact application encounters required particular and customer affirmation testing's to ensure its course of action with the specific and business necessities. These affirmation testing's certification that this compact application satisfies the end-customers and can be maintained by IT gatherings.

Over social event specific and customer essentials, these flexible apps need to meet operational necessities, keeping the age condition as-is and not exhibiting security threats.

Experienced programming authorities and execution testing experts recommend us to grasp the philosophy from the thoroughly considered Design, Build, Go-live, to routine RUN and Support works out.

3. Change the building, for instance, orchestrate, fragments of the versatile application if significant

Through convenient security testing, you may discover security vulnerabilities that may later incite genuine security breaks after the flexible applications goes live.

Thinking about deformities in the source code, strike vectors, bottlenecks, and security openings before uncovering the flexible application, you can change the designing, the arrangement and the code of the application. Fixing issues at this stage are more affordable than keeping an eye on them later on when you find that the building of the application is defective or when a break happens. The cost at these stages will cover specific issues just as legal, PR, and anything are possible from that point.

4. Untouchable merchants are new to huge business IT condition and express endeavor safety efforts and compliances

Essentially every compact application uses some web benefits that continue running on the backend. Adaptable application security testing isn't simply attempting the source code yet likewise the direct of the application at the endpoint: how it works with limit, supports, singular data, how to verify the correspondence between the convenient application, its backend systems, and the web organization.

Exactly when software engineers need to spill data, they don't need to hack the compact application in light of the way that hacking web organizations are adequate.

Thusly, it is essentially progressively basic to perform adaptable application security testing if it is made by a pariah convenient application headway association. An external programming vender does not know or can't know all security techniques and standards. Adaptable application creators from a pariah, lacking foundation with enormous business IT structure, are not prepared to fittingly execute application security essentials to fulfill attempt necessities.

False security is considerably more horrendous than an unsteady application. If we expect and acknowledge an irregular condition of security, protection, and reliability, anyway when in doubt the security level is low, we may send fragile data genuinely to attackers. If we understand that the security isn't set, we don't send this data through this inconsistent channel.

5. Know the capacities and experience of the application progression association that fabricates your convenient applications

Security and application improvement are two unmistakable locales, and you don't anticipate that flexible application architects should be security experts. Fashioners' fundamental scope of capacities is in the frontend coding and User Experience (UX). They are set up to guarantee the application contains the required features and business functionalities. Originators are based on the User Interface (UI) to make their application easy to collaborate and fantastic to look at, less on the security side.

Nevertheless, you have to ensure that the end-movement of the versatile application has wellbeing endeavors arranged into it. In case the dealer doesn't have the security scope of capacities in-house, they should unite as one with associations that have security as one of their inside abilities.

Application security is a tidiness thing that each flexible application progression workplaces need and grasp in their applications. Unfortunately, relatively few do this since application security isn't poor. If the business doesn't show security as a need, security won't be completed or executed a tad.

By testing the security of the adaptable application, you can get to the capacities of the vendor.

(Examine this article to get some answers concerning the best 5 flexible application security issues you need to consider while making compact applications.)

6. Test the responsiveness of your undertaking IT gathering

By getting adaptable application security testing as a segment of a convenient application headway process and a compact assignment, you can test the responsiveness of your undertaking security gathering. We can check the period of the response, idea of the response, and the reaction accuracy.

If the security bunch doesn't properly react, by then, there is something erroneously in the process which ought to be tended to. On the other hand, if the assistance is re-appropriated, we can test the idea of this organization.

7. Fulfill outrageous industry security rules and agree to rules

Security Testing is essential for significantly secure ICT conditions. It is basic for the ISO 27001 affirmation, HIPAA, FIPS 140-2, OWASP logic, and for some circumstance directed by cybersecurity law.

Security testing has been an essential bit of an item application headway cycle, and there is no reason security should not be a required bit of a convenient application improvement cycle.

Jun 3, 2019

Two More Alternatives To Twitter and Facebook For Conservatives

Back in April we wrote about an alternative to Twitter and Facebook for people who value free speech and don't want to worry about getting banned for their political beliefs. In that article we named Gab.com as that alternative.

Well, having spent some time there over the last month or so, we realized two things about Gab:

  1. It is legit full of racists. I'm talking real racists too, not the bullcrap label that Democrats put on all conservatives in general. I'm talking the real deal here.
  2. The community there is very small, so those racists stand out quite a bit more than they would otherwise.
Needless to say, it wasn't the alternative we were looking for really.

Since then we discovered two more alternatives. One of them seems really promising!

Telegram

The first one is called Telegram

From their page:



I heard about them from the folks over at Infowars after they got completely de-platformed by Instagram and Facebook. If you didn't hear about that, our political site Mainwashed did a video about it below:



Paul Joseph Watson, a regular on Infowars, claimed he received 3000 followers overnight on Telegram.


Other than the guys at Infowars, I really haven't heard much more about it though. If you've used it, please let us know what you think in the comments!

Parler

The other alternative to Facebook and Twitter for conservatives we heard about is called Parler! The CEO of Parler was recently featured on the Laura Ingraham show:



In fact, The Hill also reported about it saying that President Trump's campaign team was checking it out as a viable alternative to Twitter.

From the piece:
President Trump's 2020 campaign manager is reportedly scouting a social media site aimed at a conservative audience for a potential new platform for the Trump campaign. 
Politico reported Tuesday that Trump campaign manager Brad Parscale is considering creating an account for Trump on the social media platform Parler, which has attracted right-wing activists banned from other social media platforms such as Facebook and Twitter.
The very next day after these two reports we noticed a mass exodus from Twitter to Parler. A huge group of people we follow with our Mainwashed account have made the move to Parler.

We did setup an account over there for Mainwashed, and even became verified! In fact, after our first day we had over 1,000 followers!


It looks like you can gain lots of followers the old fashioned way (that you used to be able to do on Twitter) by mass following like-minded users, and having them follow you back. So far there doesn't appear to be a limit to that. Not sure if that's a good or bad thing, I'll leave that up to you to judge.

Never the less, the community at Parler is booming and vibrant. It is very active and to us it looks very promising!

I even put out a poll on my person Twitter account seeing which one of these Twitter and Facebook alternatives was the best one:



As you can see, after over 1300 votes, Parler was the clear winner at 71%!

What do you think about these platforms? Have you tried any of them? Let us know what you think in the comments!

May 27, 2019

Anatomy of an IoT Attack



Connected devices are increasingly being used for cyber attacks. They often lack critical device protections and organizations fail to segment their networks in order to reduce the attack surface.


May 24, 2019

Ransomware - Anatomy of an Attack



See how an effective ransomware attack comes together. This is why today's enterprises require effective security. Via Cisco.


May 22, 2019

Worth the upgrade - Ubuntu 19.04 First Impressions



Here we are again with another Ubuntu release in the form of 19.04 'Disco Dingo'. Apart from making me a proud Aussie, what else does this distro have to entice users to upgrade?


May 13, 2019

Google Cloud's High-Speed Network (Infographic)

Have you ever wondered what's under the hood of Google's High Speed Cloud Network? Well the wait is over, because Google has released a pretty interesting infographic showing us all how it works.

Via Google's Cloud Team's Email:

When your data and users live across oceans, you need more than a fast ship to connect them. Google Cloud's high-speed network has points of presence in over 35 countries, with environmentally friendly solutions that offer you the speed and bandwidth you need.
Click image for full size PDF version


Pretty impressive isn't it? Let us know what you think about it in the comments!

Apr 29, 2019

How to Deleted Online Social Media Accounts No Longer In Use

Protecting your identity online is essential for your brand, reputation and credit worthiness, far more important than updating your Instagram and Facebook every day. Several times a year the news will cover a serious data breach of information being held by major banks, insurance companies and/or social media platforms. Once the data is taken, it can be misused or even lead to identity theft. Deleting your old social media accounts is a vital step to help ensure some measure of identity protection. It is imperative that you keep your online access to your current accounts safe and protected and delete any old accounts.

Here is a guide that will help you delete your old accounts on the most popular social media sites.

Facebook 

Moving onto the biggest social network platform of all time, Facebook, with over a billion users, keeps things simple and makes it incredibly easy for you to deactivate your account.

Once you go into the "settings" tab from the down arrow in your browser, select your Facebook information and then select delete your account and information". When you are in this menu you will go to delete your account and must add the password to confirm.

Foursquare 

Foursquare hit the internet over a decade ago to let friends know where you are and figuring out where they are. In order to delete your Foursquare account, you will have to access the platform from your computer. Move onto the "privacy" settings tab where you have to scroll to the end of the page and find an option to delete your account. When you select this option you will go to a page where you need to confirm whether you want to delete your account or not.

Google 

Google is the undisputed search engine leader with one of the most interconnected ecosystems. By creating one account for Google you are able to access a plethora of different applications and websites without having to create separate accounts. In order to delete your Google+ or Gmail account, you will need to delete your entire Google account.

Go to "Google account settings" and choose "delete account and services". There you will see the "delete products" option, where you can access all of your Google applications. You need to sign in to all of the websites first before you can delete your account.

Instagram 

Facebook's younger brother is possibly the most used social media platform by Millennials, according to Hootsuite. Thanks to its focus on visual communication, it is the go-to place in order to find talented artists.

Deleting your account is very simple and takes little time to properly accomplish. While you can manage your privacy settings using the mobile app, you must go through an internet browser in order to delete your account. Simply go to the "delete your account page", and there you will have to provide a reason for deleting your account. Once you provide the reason, you will provide your password and then select the option to permanently delete the account.

Linked In 

LinkedIn is the social network for professionals looking for new opportunities to connect with other professionals and grow their business and careers. If you are on the platform, the profile should be complete and up-to-date. If you are no longer using the platform, delete the account. At the top right corner of any page of LinkedIn, you will first have to access the "privacy and settings" tab. From there, choose the "account" tab and then select closing your LinkedIn account. You will have to give your feedback and verify your account before you can delete it. From there you will see a post telling you of the consequences of deleting your account and then the final page which will be for confirmation.

MySpace 

This social media platform has been bought and sold several times since its glory days (2005 to 2009). In 2016 their database was breached and leaked to a dark market website. To delete your MySpace account, you will first have to login to the account that you want to delete. From there, select the "gear" icon and choose the "account" tab. There, you will see an option to delete your account. Before you can delete your account you will have to provide a reason after which you will receive an email for confirmation. Open the email and follow its instructions.

Pinterest 

Pinterest is a web-based pinboard or bulletin board, a place to bookmark images found online. To delete your Pinterest account you will first have to go to the triple dot icon on the website and select the "edit settings" option. From there you will have to go down to the "account" page and select "deactivate account". From there you will click "yes" to receive an email, which you need to open and follow in order to permanently delete your account.

Snapchat 

Snapchat is a service that, for a short time, rivaled Facebook and was the go-to social media app for many people. As is the case with Instagram, you cannot delete your account from the mobile app; you must delete it from a proper browser.

From the website browser, go to "delete your account" and enter your username and password. Your account does not delete instantly and it takes about 30 days to remove all of the information.

Twitter 

Regardless of how famous your really are, everyone has a Twitter handle. Many people follow and get their news from the tweets of everyone from legitimate newsmakers and media organizations to raving fans of our favorite sport teams. Deleting your Twitter account is incredibly easy. It takes at least 30 days for all of your tweets to get deleted. Select "settings and privacy" from the form on the menu and go into the account tab. From there you will have to deactivate your account and enter your password to confirm the action.

Tumblr 

Tumblr probably has one of the most bustling communities on the internet, which is also why it is very easy for anyone to delete their account. While you are able to delete your account, the content other people have reposted will remain available on the site. To delete your account, click on the person-shaped icon on the website, and go to "settings". There select "delete account", entering your email and password to confirm the process. Tumblr also states that it takes them a few days to properly wipe all of your content.

Whatsapp 

Whatsapp is a free messaging app to send Voice over IP (VoIP), images, video calls and documents using a mobile device. To delete your account, simply open your Whatsapp and go to the "settings" menu. From there, select account and go to "Delete my account", after which you will have to enter your phone number in international code and tap "delete".

YouTube 

YouTube is second only to Facebook as a social media platform, owned by Alphabet, the owner the parent company of Google. A well-managed channel can help to improve website ratings. A channel not in use should be deleted. Deleting your channel from the largest video-sharing platform on the internet is quite simple. You will first have to sign into your YouTube account and go to your advanced settings. From there, choose "delete channel" and then opt for "delete channel permanently". This will launch a prompt where you can confirm if you want to delete your channel or would still like to keep it.

Final Words of Advice 

According to industry experts and a recent article in Consumer Reports, it is a best practice to reduce the risk of having your personal and professional data being misused or stolen by keep your current accounts secure and deleting accounts no longer in use.

Apr 22, 2019

Conservative alternatives to Google, YouTube, Facebook and Twitter

We've been blogging a lot lately on the big tech companies and their censorship of conservative thought. If you watch CNN or MSNBC for your news, you might think these sorts of things are just a conspiracy.

Well, they most certainly aren't. In fact, Project Veritas recently did some reports exposing Twitter and Facebook's bias. Here are those videos:





In January a story broke about how Google manually manipulates search results in an effort of censorship.

Via The Daily Mail:
A document that appears to be a leaked internal Google discussion thread, reportedly indicates that the tech giant regularly manipulates certain controversial search results. 
An anonymous source inside the company disclosed the thread to Breitbart, which reported this week that Google has a 'blacklist' containing search terms that are deemed sensitive and thus should be manually filtered.  
Included on the list of 'controversial search queries' are several terms related to abortion, Parkland shooting survivor and gun control advocate David Hogg and Democratic Congresswoman Maxine Waters.   
The thread, if authentic, would appear to go against Google CEO Sundar Pichai's sworn testimony in front of Congress last month that the company does not 'manually intervene' in its Google search results. 
Google also owns YouTube and there are plenty of stories where YouTube has banned, or demonetizes conservative channels.

Via USA Today:
...If something vaguely conservative and intellectually stimulating manages to get past Google’s content gatekeepers, they just remove it. YouTube, which is owned by Google, routinely demonetizes, restricts and censors conservative content. One target of YouTube was Dennis Prager’s PragerU, which had 40 of its videos restricted. Prager sued the social media video giant this year following these unfounded restrictions. YouTube has also been known for banning pro-life videos.
You get my point right?

Well there are alternatives that people can use. Alternatives that value free speech, privacy and don't manipulate and ban people for their beliefs! Here they are:

FACEBOOK and TWITTER Alternative:

Gab


GOOGLE Alternatives:

StartPage

Duck Duck Go

YOUTUBE Alternative:

BitChute



I'm sure there are others, but these are the ones people are most talking about. All claim to make privacy a priority, and value your rights.

Do you know of any others? Let us know in the comments!



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam