My wife has been wanting to learn Italian for some time now, in order to be able to fully communicate with my family. For the most part, my family speaks mostly italian, with bits of broken english. My mom does a great job of translating for her at the dinner table, but she would rather be able to hold conversations one her own.

Enter Rosetta Stone. I’ve heard nothing but good things about their software and learning program, and with the introduction of their iPad app, it seemed like a great way for her to learn on-the-go.

Over the next few months, I will be writing a series of reviews on Rosetta Stone, and my wife’s progress in learning Italian. This is an article I wish I would have been able to find, so I’m glad I’m the one writing it. We just received our software the other day.. More details and a through review will follow. Stay tuned.

No related posts.

I wanted to take a few moments and commend the Subgraph staff on their excellent work of their open source vulnerability scanner, Vega.

Vega does a fantastic job of scanning targets and listing potential vulnerabilities in a very short amount of time. Vega has quickly become my primary web vulnerability scanner, and the absolute first tool I use when I’m performing any type of web app testing. It’s fast, and continuously comes up with more resulting data than any other scanner I’ve come across.

As a Mac OSX user, I generally do most of my penetration testing from within a Backtrack virtual machine. Since Vega is built on Java, it runs on Mac OSX. It’s fairly new software, so it has its fair share of bugs, but you can always download and compile from their development branch to get the latest, cutting-edge updates.

There is also a feature for a built-in web proxy which I will write more about in a more detailed review. In the meantime, I suggest you check out Vega. It’s an absolute 10.

Related posts:

1. How to create a bootable USB Flash Drive with UNetBootIn and use it to install Mac OSX, Linux, or any other Operating System
2. Parallels 7 destroys VMWare Fusion 4 in Windows and Linux Pen Testing Environments
3. XSS-Harvest: Harvesting Cross Site Scripting, Clicks, Keystrokes and Cookies

Why spend days, weeks or even months trying to penetrate layers of network security when you can just trick a user into running a file that allows you full access to their machine and bypasses anti-virus, firewalls and many intrusion detection systems?

This is most commonly used in phishing attacks today – craft an e-mail, or create a fake website that tricks users into running a malicious file that creates a backdoor into their system. But as a security expert, how could you test this against your network? Would such an attack work, and how could you defend against it? (click image to enlarge)

The Backtrack Linux penetration testing platform includes one of the most popular social engineering attack toolkits available. My previous “How-To” on Backtrack 4′s SET has been extremely popular. Well, Backtrack 5′s SET includes a whole slew of new features and I figured it was time to update the tutorial.

We will use SET to create a fake website that offers a backdoored program to any system that connects. So here goes…

Okay, timeout for a disclaimer: This is for security testing purposes only, never attempt to use any security checks or tools on a network that you do not have the authorization and written permission to do so. Doing so could cost you your job and you could end up in jail.

1. Obtain Backtrack 5 release 1.You can use the LiveCD version, install it on a new system or run it in a Virtual Machine.
2. The first thing you will want to do is update both the Metasploit Framework and the Social Engineering Toolkit to make sure you have the latest version. Update both, restart SET and check updates one more time.
3. Select number 1, “Social Engineering Attacks”
4. Next select 2, “Website Attack Vectors”. Notice the other options available.
5. Then 1, “Java Applet Attack Method”. This will create a Java app that has a backdoor shell in it.
6. Next choose 1, “Web Templates” to have SET create a generic webpage to use. Option 2, “Site Cloner” allows SET to use an existing webpage as a template for the attack webpage.
7. Now choose 1, “Java Required”. Notice the other social media options available.
8. Pick a payload you want delivered, I usually choose 2, “Windows Reverse_TCP Meterpreter”, but you have several to choose from including your own program . Number 13, “ShellCodeExec Alphanum Shellcode” is interesting as it runs from memory, never touching the hard drive, thus effectively by-passing most anti-virus programs.
9. Next choose an encoding type to bypass anti-virus. “Shikata_ga_nai” is very popular, Multi-Encoder uses several encoders, but number 16 is best, “Backdoored Executable”. It adds the backdoor program to a legitimate program, like Calc.exe.
10. Set the port to listen on, I just took the default.

Now Backtrack is all set and does several things. It creates the backdoor program, encodes and packs it. Creates the website that you want to use and starts up a listening service looking for people to connect. When done, your screen will look like this (click image to enlarge):

Okay we are all set. Now if we go to a “Victim” machine and surf to the IP address of the “attacker” machine we will see this (click image to enlarge):

If the “Victim” allows this Java script to run, we get a remote session on our attacking machine (click image to enlarge):

You now have access to the victims PC. Use “Sessions -i” and the Session number to connect to the session. Once connected, you can use linux commands to browse the remote PC, or running “shell” will give you a remote windows command shell. (click image to enlarge)

That’s it, one bad choice on the victim’s side and security updates and anti-virus means nothing. The “Victim” in this case was a fully updated Windows XP Professional with the top name anti-virus internet security suite installed and updated.

They can even surf away or close the webpage, because once the shell has connected the web browser is no longer needed. Most attackers will then solidify their hold on the PC and merge the session into another process effectively making the shell disappear.

This is why informing your users about the dangers of clicking on unknown links in e-mails, suspicious web links, online anti-virus messages and video codec updates is critical. It can be very hazardous to your network.

The easiest way to stop this type of attack is to simply run the FireFox add-in “Noscript”, also BitDefender AV 2012 seems very, very resilient against these types of attacks.

Cross-posted from Cyber Arms

Related posts:

1. The Social Engineering Toolkit (SET) 1.5 released
2. Social-Engineer Toolkit v1.5 Released – OSX Support Added
3. Pangolin 3.2.3 – Automatic SQL injection penetration testing tool New Release !

This is a major concern because it can ultimately expose the WPA passphrase used to join the network.

Due to the fact that WPS is an expanded EAP type, SecureState added support to the EAPScan tool of the EAPeak Suite to actively probe an access point to checkif WPS is enabled.

Wi-Fi Protected Setup is used for easily configuring wireless devices to join a network. Many of the inner workings of WPS are explained in Viehböck’s whitepaper.

The protocol itself is based on the Extensible Authentication Protocol (EAP), specifically the use of an “Expanded EAP” type as described in RFC3748 Section 5.7. WPS uses a Vendor ID of 0x372A, but like most Expanded EAP types, it defines and utilizes its own fields.

The latest revisions of EAPScan has added support for the –check-wps option which will actively probe an access point to determine if WPS is enabled.

This option is functionally similar to specifying an EAP type of 254 and an identity of “WFA-SimpleConfig-Registrar-1-0” which can also be specified from the command line.

Once WPS is identified, one of the tools based on  Viehböck’s paper, such as reaver-wps, can be used in an attempt to attack the access point.

Figure 1: EAPScan using the –check-wps option

Find out more about resources related to this attack here:

Stefan Viehböck’s Whitepaper:http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf

EAPeak Suite: eapeak

SecureState:http://www.securestate.com/

Expanded EAP Specification: http://tools.ietf.org/html/rfc3748#section-5.7

Reaver-WPS Tool: http://code.google.com/p/reaver-wps/

Cross-posted from SecureState

Related posts:

1. Cracking WEP Security Video Tutorials – Wireless Password Hacking
2. Pangolin 3.2.3 – Automatic SQL injection penetration testing tool New Release !

After many hours of trial and error, I have been able to put together a guide to getting Metasploit 4 and Armitage working properly on Mac OSX. I would also like to give a tremendous amount of credit to BrianCanFixIT @ Faulty Logic. His blog post on setting up Armitage helped me through the missing piece of getting the PostgreSQL database up and running properly.

Prerequisites

1. Install XCode (I am running v4.2)

PostgreSQL Installation

1. Download and Install PostgreSQL via the free GUI installer.
2. Setup your root PostgreSQL password during installation.
3. Launch the newly installed PGAdmin III application.
4. Connect (double click) on the local PostgreSQL database and enter your root password when prompted.
5. Under the PostgreSQL drop down, right click on “Login Roles”, and select “New Login Role”
6. Set the role name to msfuser.
   
7. Click on the definition tab, and set the password as msfpassword.
8. Click OK to continue.
9. Next, right click on the databases list, and select “New Database”.
10. Set the name to metasploitdb, and set the owner to msfuser.
11. Press OK, and we’re done. You can close PGAdmin.

MacPorts

1. Download and install MacPorts from http://www.macports.org/install.php
2. Good Tip: add “/opt/local” to your spotlight privacy settings to avoid excessive compile times & unnecessary indexing by spotlight.
   (System Preferences->Spotlight->Privacy->”+”)
3. Quit terminal & relaunch to accept new path settings added by MacPorts

Install Ruby, RubyGems (PostgreSQL and MsgPack)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

# Run as Root
sudo bash
 
# Update MacPorts
port selfupdate
 
#Install Ruby
port install ruby19 +nosuffix
 
# Install PostgreSQL gem connector (64bit Systems)
env ARCHFLAGS='-arch x86_64' gem install pg -- --with-opt-include=/Library/PostgreSQL/9.1/include/ --with-opt-lib=/Library/PostgreSQL/9.1/lib/
 
#Install Ruby Msgpack
port install msgpack
 
#Install the gem MSGPACK
gem install msgpack
 
# Add Ruby to your path
export PATH=/opt/msf3:$PATH
 
# Ensure that /opt/local/bin appears before /usr/bin, else edit ~/.bash_profile file and source it
echo $PATH

Metasploit 4 Installation

1
2
3
4
5
6
7

# Download Metasploit via Subversion
sudo svn co https://www.metasploit.com/svn/framework3/trunk/ /opt/local/msf/
 
# Create a system link to the msf applications
# This is done because including it in your path configuration doesn't seem to work. 
 
sudo ln -s /opt/local/msf/msf* /opt/local/bin

Configure the Metasploit Database

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

 
# Create the configuration directory
sudo mkdir /opt/local/config
 
# Create/Edit the following file 
sudo vi /opt/local/config/database.yml
 
# Include the following in your database.yml file
 
# These settings are for the database used by the Metasploit Framework
# unstable tree included in this installer, not the commercial editions.
#
 
production:
  adapter: "postgresql"
  database: "metasploitdb"
  username: "msfuser"
  password: "msfpassword"
  port: 5432
  host: "localhost"
  pool: 256
  timeout: 5

Running Metasploit and Armitage

1
2
3
4
5
6
7
8
9

 
# Include the database location in your config
export MSF_DATABASE_CONFIG=/opt/local/config/database.yml
 
# Launch Metasploit
sudo msfrpcd -U msfuser2 -P msfpassword2 -t Msg
 
# Launch Armitage
sudo armitage

Enjoy!

Related posts:

1. Metasploit Framework 4.0 Released!
2. Spoof your MAC address in OSX Lion and Snow Leopard – Quick 3 Step Guide.
3. Pangolin 3.2.3 – Automatic SQL injection penetration testing tool New Release !

DavMail is a POP/IMAP/SMTP/Caldav/Carddav/LDAP exchange gateway allowing users to use any mail/calendar client (e.g. Thunderbird with Lightning or Apple iCal) with an Exchange server, even from the internet or behind a firewall through Outlook Web Access. DavMail now includes an LDAP gateway to Exchange global address book and user personal contacts to allow recipient address completion in mail compose window and full calendar support with attendees free/busy display.

Download DavMail here.

Related posts:

1. Sparrow Mail for Mac OSX – my growing email obsession.
2. Mail 5 for OSX Lion: 5 things Apple should fix to make it perfect.
3. Mass Email Marketing and Mailing List Manager for OSX with MaxBulk Mailer

The easiest to use journal / diary / text logging application for the Mac is also the best looking. Day One is designed and focused to encourage you to write more. Using the Menu Bar quick entry and Reminder system, your memories and thoughts will be quickly preserved. Dropbox sync allows easy backup and syncing with the Day One iPhone and iPad applications.

I didn’t think I would use this as much as I do, but the reminder system is awesome. It pops up a notification once a day (which can be manually set), and reminds me to enter a quick thought. I generally don’t enter more than a few sentences, but over time, it will be a nice stream of collected throats. I’m really glad that I started using this. It will be nice to be able to look back and read whatever was going on in my life at the time.

Price: $9.99 | Homepage | App Store Link

Jumsoft Money

Personal Finance Manager

The best designed financial management app for Mac OSX. Period. There is finally a decent financial management app for the Mac.

Money provides small businesses and home users with a tool to track their finances. Among other features, version 4 features a redesigned interface, allows direct downloads from banks, and institutes smart importing rules and a document-based system that allows multiple users to work with a single copy of the application.

A slick interface. A document-based system designed for multiple users. A brand-new way of adding transactions. Direct downloads from financial institutions. Smart importing rules. Overhauled reports. More convenient budgets. Check-printing capability.

Price: $38.99 | Homepage | App Store Link

YummySoup!

Recepie Manager

Yummysoup! is a simple yet excellent recipe management application.
The web importer helps you browse popular recipe websites like Epicurious, AllRecipes, Cookstr, and lets you automatically import recipes from 11 of the most popular cooking sites all with a single click. YummySoup! also makes quick work of importing recipes from any other website. Just highlight-and-go.Edit, e-mail, print, browse, and view your recipes in a powerful full-screen view.

YummySoup! is, in my wife’s opinion, the nicest looking, and easiest to use recipe manager for the Mac. Now that the iPad app is available, she can easily sync her data and not have to keep her laptop in the kitchen while she is cooking.

Price: $19.99 | Homepage | App Store Link

Mac Family Tree

Family Tree Maker

When I first started using Mac Family Tree, I didn’t realize how much I would get into it. It’s incredibly easy to use, and equally as addictive. Mac Family tree allows you to browse and create custom 3D tree diagrams. You can also easily import/export GEDCOM files, which is the standard format for online family trees.

Going back and researching my family lineage turned out to be a lot of fun. My mom even got involved and purchased her own copy so she could help with our family tree. My mom is not a very savvy computer person. She recently purchased her first mac, and the fact that she can easily navigate the application is a testament to to how well the interface is designed. We now share access to the same tree over dropbox so we can both access / modify it as needed.

If you want a more in-depth review of Mac Family Tree Maker, please check out this great review at MacNN

Price: $59 | Homepage | App Store Link

Timing

Personal Time Tracker

Timing might actually be my favorite app of the bunch. Simply put, Timing tracks your application usage. It runs in the background; you never even know it’s there. When you finally open the application, you can see exactly how much time you spent on your computer, and where it was spent. You can also categorize the applications by group, which allows me to see how much time I’m spending with certain types of applications. Timing automatically tracks which documents you are editing, which applications you use, and the domains of the websites you visit. Afterwards, just drag and drop activities into projects. Development apps are one of my personal groups, so I can track trends in usage (daily, weekly, monthly, etc). This turned out to be a great organizational tool for me, since it now allows me to so see how much time I have (or haven’t) been using wisely.

Price: $19.99 | Homepage | App Store Link

Investoscope

Stock / Fund Tracker

Investoscope is a portfolio tracker for the individual investor. This is actually the only stocks app that I was able to find with this level of detail and ease. There aren’t many apps currently available in the app store for monitoring and tracking stocks / mutual funds, but this one is a winner. Admittedly, I only use a basic level of features to track my current and potential future mutual funds. The reporting features look pretty awesome though, as I have the time I will defiantly get more into this app. The price point is a little high, but if you want a way to properly research and plan for buying and selling stocks, you might have to bite the bullet and invest in this app.

Price: $59 | Homepage | App Store Link

Related posts:

1. Chronicle – Family Bill Tracking and Payment for Mac OSX done right
2. 12 must have Mac OSX apps and utilities for 2011
3. Growl, the Original Notification System for Mac, gets a Lion Overhaul

★

Related posts:

1. FBI cracks International Bot Network !
2. Parallels 7 destroys VMWare Fusion 4 in Windows and Linux Pen Testing Environments
3. Prep for the CEH v7 exam: Tune your Web Hacking Skills with these Live Hackable Simulation Environments

You must run all three of these commands in order to fully change the computer’s hostname.

1
2
3

sudo scutil --set ComputerName "newname"
sudo scutil --set LocalHostName "newname"
sudo scutil --set HostName "newname"

Related posts:

1. Burn ISO to bootable USB flash drive in Mac OSX terminal (via command line Diskutil)
2. Convert iPhone sms.db to txt (csv or excel) via command line
3. Parallels 6 in OSX Lion – Solving “Unable to Load the Parallels Driver”

NightLion and Parallels have teamed up to give away away 4 copies of their new Parallels Desktop 7 product for Mac OSX. Parallels Desktop for Mac has been my desktop virtualization tool of choice for a while now. It crushes VMWARE in any speed and performance tests that I’ve ever put it through.

Security Training Through Virtualization

In the past few months, I’ve been using virtual machines to run pen testing tools like Backtrack and full simulation pen testing environments to prep for my CEH v7 exam. Parallels is a great tool for running one of the many hacking simulations available (previously discussed in this article). As we continue to narrow the scope of our content to more security related software and reviews, I contacted Parallels to offer this giveaway as a way to promote additional awareness for the growing number of security professionals using Mac OSX.

4 Copies up for grabs! Here’s How to Win

• 1 winner will be chosen each week, for 4 weeks.
• Follow @NightLion and @ParallelsMac on Twitter
• Retweet the message below to enter.
• Each retweet will be counted as another vote
• Weekly contest winners will be announced on Twitter and on this site.
• Leaving a comment on our site probably wouldn’t hurt.

Related posts:

1. Parallels 6 in OSX Lion – Solving “Unable to Load the Parallels Driver”
2. Parallels 7 destroys VMWare Fusion 4 in Windows and Linux Pen Testing Environments
3. iPhone Explorer – Free software to use your iPhone as a usb flash drive

I started using Parallels 7 to run virtual machine labs to practice my security assessment skills. I’ve read a ton of reviews comparing Parallels 7 to VMWare Fusion 4, but I wanted to try testing the two myself. I’ll save you the time and energy of this article and let you know now that Parallels Desktop 7 smoked VMWare Fusion 4.

Tests Performed

Tools Used

• BackTrack 5: Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.
• Hackxor: Web app hacking game where players must locate and exploit vulnerabilities to progress through the story
• Metasploitable – Exploitable VM to test against
• Windows Vista

Tests Performed

• Running Backtrack 5 alongside Metasploitable and Hackxor virtual machines
• Converting pre-made VMWare images to Parallels images

Performance Results

The following machines were using in the performance testing of the two products:

• 2011 Macbook Pro, 2ghz Core i7
  • 8gb ram, OSX Lion 10.7.2.
  • OSX and Applications running on OWC Mercury Extreme SSD
  • VMs running on 7200 rpm Scorpio Black
• 2009 Mac Pro, Quad Core Xeon
  • 8gb ram, OSX Lion 10.7.2
  • OS and VMs running on separate 7200 rpm Scorpio Black hard drives

Final Score – Parallels is the clear winner

Parallels Desktop 7 is the clear winner. VMWare’s performance really doesn’t even come close. VMWare has some nice features, especially in the department of Windows unity/integration. Unfortunately, VMWare just doesn’t cut it when compared to Parallels’ overall performance. With Parallels, Bootup and load times are significantly faster. Overall system performance is also better when running virtual machines. In my opinion, Parallels Desktop 7 is the clear winner.

Parallels Giveaway Contest

As a result of the incredible performance tests, I was able to contact Parallels and arrange for a giveaway to our audience. Starting later this week, We will be giving away 4 copies of Parallels Desktop 7 for Mac, 1 per week for the next 4 weeks. Stay tuned for directions and more information on the contest!

Related posts:

1. Parallels Desktop 7 for Mac – Free Giveaway Contest!
2. Parallels 6 in OSX Lion – Solving “Unable to Load the Parallels Driver”
3. Prep for the CEH v7 exam: Tune your Web Hacking Skills with these Live Hackable Simulation Environments

“An important component of preparing for a potential HIPAA compliance audit is to complete a “walk through” to make sure privacy and security policies and procedures are practical and effective.”

We have long recommended this informal process and in fact have supplied a short HIPAA Compliance Check List:

HIPAA Compliant Checklist

1. Have you formally designated a person or position as your organization’s privacy and security officer?
2. Do you have documented privacy and information security policies and procedures?
3. Have they been reviewed and updated, where appropriate, in the last six months?
4. Have the privacy and information security policies and procedures been communicated to all personnel, and made available for them to review at any time?
5. Do you provide regular training and ongoing awareness communications for information security and privacy for all your workers?
6. Have you done a formal information security risk assessment in the last 12 months?
7. Do you regularly make backups of business information, and have documented disaster recovery and business continuity plans?
8. Do you require all types of sensitive information, including personal information and health information, to be encrypted when it is sent through public networks and when it is stored on mobile computers and mobile storage devices?
9. Do you require information, in all forms, to be disposed of using secure methods?
10. Do you have a documented breach response and notification plan, and a team to support the plan?

It is critical that you make sure that your written policies and procedures are the actual business rules by which you run you company. The auditor will compare staff actions with the written policies and procedures to see if they match.

Cross-posted from Compliance Helper

Related posts:

1. Passing the G2700 ISO 27001/27002 certification: What Materials you will need for the Exam.

At first, I tried signing up for Godaddy’s Premium DNS server. The service itself is really nice because it allows you to batch modify your DNS records. In order to use Godaddy’s premium DNS, the domains have to be pointed to Godaddy’s DNS Servers.

Godaddy’s Vanity DNS Failure

Godaddy also offers custom vanity DNS, but it only applies to the specific domain domain that has registered for the vanity domain. In short: If my domain has vanity name server (e.g., ns1.curvve.net), I can’t point another domains’s DNS records to my vanity name servers. Believe me, I tried. If you have a domain that is registered with Godaddy, and you try to add your custom vanity name servers to that domain, Godaddy will throw an error.

Vanity Name Server Workaround

My solution is actually fairly simple:

1. Pick the domain that you want to use as your name server domain (in my case, curvve.net).
2. Edit the DNS details of that domain in the DNS Manager.
3. Create an A-record (Host) alias for each of the name servers you want to use, and point them to the correct IP address of the corresponding DNS servers.

GoDaddy Update for Premium DNS Users

Optional for use with Godaddy Premium DNS
Setting up custom DNS with Godaddy is now a bit easier, especially if you want to manage your DNS from Godaddy’s Premium DNS services.

• In order to create your custom name server, go to the Premium DNS Manager, find the domain you want to use, and pressed the “advanced settings” link.
• Click on the “Vanity Nameservers” tab.
• Activate the vanity name servers.
• Now, if you point any domain to those vanity name servers, GoDaddy will automatically recognize them and they will still appear in your DNS Manager.

Related posts:

1. Linkinus – Extraordinarily awesome IRC client for Mac

Google dorks can be defined as keywords in a Google search that dig out juicy information like usernames , passwords , documents files , databases etc. from websites (simple and to the point). These google dorks can also be used in Intelligence Gathering.

Read the post here.

★

Related posts:

1. Automatically Sync iPhone & iCal with Google Calendar
2. Disable Google Instant Search
3. Experimenter Breeds Swarm Intelligence – Robots ‘Evolve’ the Ability to Deceive

Some of simulations are website files (don’t place these in a live server), others are full virtual machines. I’m on a Mac, so my emulator of choice is Parallels Desktop 7. It’s considerably faster than VMWare, but I will be doing a full review on that another time. It’s important to note that the HackXor simulation below is a VMWare image, but Parallels has no problem converting it.

Related posts:

1. Test your Web Penetration Skills with Damn Vulnerable Web App
2. Live Hacking DVD v1.3 Beta – Download !
3. Parallels 7 destroys VMWare Fusion 4 in Windows and Linux Pen Testing Environments

Related posts:

1. OmniFocus Theme 3: Clean, simple and elegant
2. PuTTY SSH Custom Dark Color Theme for Windows
3. Creating a Mac OS X 10.7 Lion Bootable Flash Drive

Within a day of release, Growl soared to the top of the paid charts in the Mac App Store. That alone should tell you something.

Growl has been (and still is) the defacto standard for notifications on your mac. Growl is one of those rare apps that instantly becomes indispensable, and you just can’t live without.

The new version of Growl, besides adding support for OSX Lion, adds a completely redesigned interface and several new features worth mentioning:

• New Rollup notification lists everything that happened while you were away
• Full notification history, so you can see what has been going on.
• Networking so that two or more macs can forward notifications to each other
• Works with the iPhone and iPad via Prowl.
• Completely skinnable alerts

The low price of $2 is extremely reasonable considering just how much you end up using this app without even realizing it. Bottom line, this app is rock solid; Apple couldn’t have done it any better.

Price: 1.99 | Homepage | App Store Link

Related posts:

1. Mail 5 for OSX Lion: 5 things Apple should fix to make it perfect.
2. Subversion SVN, OSX and Finder Integration: SmartSVN (Finally, a Tortoise equivalent)
3. How to Enable and Make Scrollbars in OSX Lion Visible

Download Damn Vulnerable Web App

★

Related posts:

1. Prep for the CEH v7 exam: Tune your Web Hacking Skills with these Live Hackable Simulation Environments
2. Pangolin 3.2.3 – Automatic SQL injection penetration testing tool New Release !
3. XSS-Harvest: Harvesting Cross Site Scripting, Clicks, Keystrokes and Cookies

Overview

Navicat comes in several specific database flavors, including MySQL, SQL Server, SQLite, Oracle and PostgreSQL. Navicat Premium handles support for all of those databases combined. First and foremost, The interface feels like it is a native mac app. It is so incredibly intuitive that setting up a connection to a local or remote database doesn’t take longer than a minute. Once connected, navigating through the database schemas is as simple as point and click; everything flows exceptionally well. Kudos to the application designers, they did a tremendous job.

Here are my top 5 favorite (and most useful) features of Navicat:

1. Connect using SSH / HTTP Tunnel

W O W . I’ll be honest, my jaw almost hit the floor when I saw this feature. I’ve often had problems connecting to remote MySQL databases because of various permission issues. I can’t describe just how useful this feature is. All I have to do is create an SSH tunnel to my server with my SSH credentials, and I can connect to the DB at localhost with absolutely no issues. This feature alone makes this product worth every penny in my book.

2. Database Wide Search

The name says it all. There have been many times when I am looking for a particular piece of data nested in some unknown table. Rather than writing a complex query, Navicat will just search all of the tables for you; it’s fast and painless.

3. The Reverse Database to Modeling Tool is insane!

This is probably one of the coolest feature’s I’ve ever seen in a DB tool. Just select Reverse Database to Model and Navicat will literally take all of the database tables and lay them out in a graphical data modeler. It’s awesome. You can then make changes to the DB via the graphical model and SYNC it back with the tables. This feature is AWESOME.

4. Import / Export

Last but not least, the import/export feature of Navicat makes it so incredibly easy to backup or restore your databases without having to go through the effort of either doing is via the command line or through phpMyAdmin. It’s a real time saver.

5. Many Different Database Flavors Available

Navicat Premium handles database connections for MySQL, SQL Server, SQLite, Oracle and PostgreSQL. I personally only use the MySQL and PostgreSQL, but that’s part of what makes Navicat so great (and affordable). You don’t necessarily have to shell out for the most expensive package if you don’t need it. Just focus on the databases that you care about to keep your costs low, and you still get all of the same features.

Rating

Ease of Use: 10
Look and Feel: 10
Functionality: 10

Overall Rating: 10/10

Price: $69 – $249 | Trial? Yes | Navicat Homepage

Related posts:

1. How to Automatically Backup Multiple MySQL Databases on Centos Linux
2. Querious 1.0.2 (MacOSX)
3. Parallels 7 destroys VMWare Fusion 4 in Windows and Linux Pen Testing Environments

For those of you that don’t like to read long winded reviews, I’ll get right to the point: As an OSX user, you probably share the distaste left by Intuit over the previous Quickbooks product releases. In fact, at the time that Quickbooks 2012 was announced, I was in the process of looking at online alternatives. Even though I am still highly annoyed at the fact that Quickbooks still does not support automatic credit card processing, I can honestly say that Quickbooks 2012 has blown me away. Quickbooks 2012 represents a significant improvement in both workflow and user interface. The process flows and smooth UI feel like you are working in a Mac application it’s terrific. In my opinion, this version represents a huge leap forward in finance and accounting programs for the Mac.

The Interface

The first thing I noticed is how much smoother the process flow of the application is. Entering an invoice is still just as easy, but the updated UI allows you to quickly click not the payment button, grab the invoice you want from the list on the left, and rapidly enter a payment. The entire prices is incredibly smooth.The one thing I hated about Quickbooks 2011, was the it always took me a good amount of time to figure out where the ‘receive payments’ button was located. Now everything is centrally located; it just makes sense.

Importing Bank Transactions

This process has also gotten considerably easier. I have a stack of unmatched transactions sitting in my register because I haven’t wanted to go through them one at a time. QB 2012 is defiantly better at handling unmatched transactions, but it’s not quite 100% in my opinion. The new batch ‘Add Multiple’ and Renaming Rules options go a long way in speeding up this process. Once you add a vendor to your register once, you can click the Add Multiple button to have quickbooks automatically enter the rest for you.

While this does save a considerable amount of time, a perfect solution would be to have an “Add All” button, which goes ahead and enters everything for you, using a generic spending category. I know it’s not proper accounting, but sometimes you need to just get things done and move on. It’s certainly a nice to have feature, but by no means a deal breaker for me. The new import functionality is awesome.

Progress Invoicing

At first I just glanced over this, but this is actually a pretty cool feature. I generally collect deposits on projects, but have always just worked off the same invoice. Now, I create an estimate for the entire project, and I can have quickbooks generate a ‘Progress Invoice’ for the amount that I would like to bill for. Then I can have separate invoices for each piece that I’ve built. This will change my workflow a little bit, but I think it’s worth it. I think my this is something that my customers will greatly appreciate.

Automated Reoccurring Merchant Account Transactions are STILL missing

Can you tell that this is a sore spot for me? Intuit, if you read this review, please add this feature! This is probably the most frustrating part about Quickbooks. Merchant account support has been available for the Mac for 4 years now. Automatic credit card billing has been available for windows for over 5 years. Why can’t this feature be added to the Mac version? Doesn’t it make sense that the merchant account features of both products would match, especially considering the fact that the only merchant account service available to use within Quickbooks is owned by Intuit? All of my billing is done on the first of the month. Why can’t I automate that process of billing my same 20 clients each month so I don’t have to manually bill them one at a time?

Overall Impressions

I definitely don’t consider myself pro Intuit, as they’ve certainly given the shaft to Mac OSX users in the past… but I have to give credit where credit is due: Quickbooks 2012 is fantastic. I wouldn’t hesitate to pay the upgrade price tag, as this app now towers over all other small business finance apps for OSX.

Ease of Use: 10
Look and Feel: 10
Functionality: 8
Overall Rating: 9

Price: $249 | Trial? yes | Homepage

Related posts:

1. Pentagon Powerpoint outlining Military purchasing and product life cycles.

Download the script here: http://sourceforge.net/projects/automysqlbackup/develop/

★

Related posts:

1. How to Automatically Backup Multiple MySQL Databases on Centos Linux
2. Automate server to server backups with rsync and ssh
3. Suexec Policy violation error – permission denied running php as CGI suexec error (centos / plesk)

After trying a few different pieces of software, I settled with PDF Index Generator. It took some time to get over the initial humps, but PDF Index Generator is actually a really powerful piece of software. I ultimately ended up creating two separate indexes for reference purposes (which I will get into in a minute).

Step 1: Create the Index List

Creating the initial index was a completely grueling process. It was pure grunt work, and unfortunately, there is no way around it.

PDF Index Generator will create an index list for you, but it will index every word, minus the built in ‘excluded’ words. I thought the application would be able to automate the creation of the index terms, but I quickly found out that the software can’t determine groupings of words and phrases: e.g., ‘information security management’. The Index creator can index each word individually, but it would have no way of knowing that Index Security Management is a term that you want to specifically search for, unless you manually specify it in the ‘include list’.

To try and expedite this process, I copy and pasted the index (word list) from several ISO 27001 books, and the GIAC G2700 exam information prep guides. Finally, I used the U-Certify practice exams and copied the answer to all of the questions into the word lists. This actually accounted for most of my most valuable infuriation as the multiple choice answers covered just about ever combination of technical term needed to create a full and robust word index.

Step 2: Clean the List

The my initial index ‘include’ list was a mess, so here’s how I cleaned it:

• I copied / pasted the list into Excel
• Removed the duplicate entries
• Sorted the list alphabetically
• Copied the data back out to a flat text file.

My index word list was complete, with a staggering 3,759 words.

Step 3: Creating the printed PDF Index with PDF Index Generator

To generate the index, I used PDF Index Generator. It is a Java app, so it will run on any operating system. I scoured the web for a program that will create indexes of PDF documents, and there really weren’t many out there. Of the few I found, PDF Index Generator is definitely my choice. It’s not a very expensive app, and it gets the job done.

The user interface is very simple to use, and there are actually only a handful of steps involved. You select your file, determine how to index the PDF document (include lists, exclude lists, etc), and process. It’s pretty simple. I will say that the one thing that I didn’t like is the header/sub header creation process. The app doesn’t do a very good job of working with sub headers, so I didn’t include any in my index. Here are some additional comments on the app:

PROs

• Professional, customizable output
• Exports as PDF or appends index to existing PDF
• Extremely simple to import your own Include and Exclude text lists

CONs

• software can’t determine groupings of words and phrases (e.g., ‘information security’).
• Java process hangs when trying to add/edit sub headers, so save often
• Words that are plural are not automatically detected, e.g., system and systems
• Having to manually create the Headers / Sub Header terms is painful
• Aesthetically, since the program is written in Java, it doesn’t have the same look and feel as a native OSX app

Final Thoughts

Overall, I had a good experience with the app. Here are my ratings:

Ease of Use: 7
Look and Feel: 5
Functionality: 9

Overall Rating: 7/10

Related posts:

1. CSS3 Generator
2. Ultimate CSS Gradient Generator
3. @font-face Generator – CSS3 cross browser compatible

http://osxdaily.com/2008/01/17/how-to-spoof-your-mac-address-in-mac-os-x/

★

Related posts:

1. Mac OSX Address Book to Thunderbird 3 Contacts Converter (vCard to CSV or LDIF)
2. Guide to Installing Metasploit 4 and Armitage on Mac OSX Lion
3. OSX Dark Terminal Theme for Mac Snow Leopard with Custom Bash Prompt

1. Flashlight Activator
   Being able to use my phone as an emergency flashlight has saved me on a few occasions. You shouldn’t have to fumble with unlocking your phone, finding the right app, starting it, then starting the flashlight. Being able to have a assign a quick key command (such as double clicking the lock button) to turn on the flashlight is really helpful when you finally need it.
2. Folder Closer
   When you open a folder and click on an app, the open folder should automatically close. Instead, it’s waiting for you when you return to your home screen, forcing you to click it closed; it’s really annoying.
3. Action Menu
   Action Menu enhances the copy/paste function of your iPhone by adding a bunch of add-ons to it. The most important being a stored favorites preset menu where you can quickly paste repetitive information.
4. Lock Screen Notification Center (Lockinfo)
   iOS5′s new notification center is great, but why can’t I have a notification center view on my lock screen?
5. Pictures for Address Book and SMS messages (Cyntact)
   It’s now the 5th version of iOS and we still don’t have contact pictures next to people’s names?
6. Multi Icon Mover
   Handy for moving icons in batch
7. SBSettings
   All of those handy, easily accessible settings are a real time saver.

Related posts:

1. iPhone 4 Jailbreak!! All Devices jailbreak for iOS4!
2. Untethered Jailbreak Apple TV2 and all iOS 4.2.1 devices with greenpois0n RC 6

Spam Sieve has been a god send for me. It’s by far the best email spam filter for the mac, period. I’m forced to continue to check one of my email boxes which is littered with about 50-100 spam messages a day. Server controls can only do so much, and OSX Mai’s built in spam control is nonexistent.

There isn’t a lot to say except that Spam Sieve provides the missing link to filtering your junk mail. If you need to filter spam on your mac email, either with Mail, Thunderbird or Postbox, you need Spamsieve. Once you have the application open, you can install the correct plugin for your mail client. From there, open up mail and start training some messages. It doesn’t take long before you are fully up and running.

The only thing I don’t like about Spamsieve is the icon that continues to hang around the dock everything your email has launched. Luckily, there is a quick way to get around that. Click here for instructions on removing the SpamSieve icon from your dock.

Price: $30 | Trial? Yes | Homepage

Related posts:

1. Mail 5 for OSX Lion: 5 things Apple should fix to make it perfect.
2. Sparrow Mail for Mac OSX – my growing email obsession.
3. Spam Drops 1/3 After Rustock Botnet Gets Crushed

My wife and I needed a way to spy on monitor her teenage daughter. I experimented with a few key logging solutions for the mac, but none were as elegant as Refog. It only took me a few minutes to setup, and once it was up and running, I never had to go back and mess with any of the settings. Overall, the capabilities of Refog are awesome.

• Invisibility mode can easily be toggled with a user defined hot key
• All applications were logged, including passwords
• Distinctions for which application was being logged and at what time (e.g. chat, Facebook, etc)
• Screenshot capturing
• Website history
• Application history

Once the logs were captured, I could easily log in from a remote machine and grab the logs. Alternatively, there is an email delivery system which automatically emails you a copy of the logs.

There’s not much more to say about it. If you need a key logging solution, I would look no further than Refog.

Price: $39.95 | Trial? Yes | Homepage

Related posts:

1. Archiver – Simple, Powerful Archiving for Mac OSX

This will be a two part article. The first, being a set of links and guides to gather the information necessary to pass the G2700 ISO 27001 certification exam. The second, will be how to create a printed index of your collected material, so you can quickly find the information you need during the exam.

After a bit of research, I was able to compile a set of material to material to bring to the exam. Here’s what you need to look for.

• ISO27k SOA Sample
• ISO 27001 Standard
• ISO 27001 Controls
• ISO 27001 Implementation Guide
• Policies Guidelines Standards and Procedures
• Principles of Information Security
• Detailed info on the PDCA method
• Smart Policy Objectives
• IT Governance – Chapter 5
• IT Security Handbook – Chapter 41
• How to Achieve ISO 27001 – Chapter 4
• ISMS Steps with ISO Controls
• ISMS Implementation guide
• 12 principles of Risk Management
• Risk Treatment Plans
• Access Control
• IPSec Overview
• Writing an Information Security Policy
• Measuring the Effectiveness of Security using ISO 27001
• Risk Management Framework Steps
• Security Risk Analysis and Management
• ISO 27001 – ISMS Requirements
• ISO 27001 and ISO 27002 Information Security Definitions
• Risk Management – ISO 27005
• ISO 27001 implementation checklist
• ISO27002 code of practice
• Measuring the Effectiveness of Security using ISO 27001
• ISO Responsibilities
• FMECA
• BCM – BS 25999
• Organization of information security
• Fundamentals of Information Systems Security
• CRAMM
• Four key benefits of ISO 27001 implementation
• Information Security Policy Development Guide for Large and Small Companies
• Tackling ISO 27001 – A Project to build an ISMS
• The Sans G2700 practice exam (copy and paste from your practice tests)
• uCertify study guide and exam questions

Here are some great resources to start out with:

ISO 27001 Security

ISO 27001 Information Security Standard in Plain English

Related posts:

1. Create a Printable Document Index with PDF Index Generator
2. HIPPA Compliance Checklist 2011
3. Prep for the CEH v7 exam: Tune your Web Hacking Skills with these Live Hackable Simulation Environments

http://usdebt.kleptocracy.us/

★

Related posts:

1. How To Mass Export All Of Your Facebook Friends’ Private Email Addresses

Conceited Software’s Linkinus is the be-all end-all for Mac IRC clients. I realize that’s a fairly strong statement to make, but it’s well deserved. Linkinus is easy enough for new-IRC users to grasp, and powerful enough for veteran IRC users to maximize. A common trend of the apps I like to review, Linkinus has an extremely clean and un-cluttered user interface; an accomplishment for an IRC client. Linkinus also boasts some pretty powerful features including:

• Smart Highlighting
• Embedable Media
• Applescript Support
• Ident Manager
• Custom Themes
• Custom Channel and Server settings

Another note of praise is the fact that you can customize server and channel settings just by clicking on the name (in the sidebar). You can add things like custom join commands, ident switching, and specific word highlighting for traffic monitoring.

I don’t say this often, but I have to admit that Conceited Software has really thought of everything on this one. I can’t think of a single feature I would add. With that being said, if you plan on using IRC on your Mac, look no further than Linkinus. At $9.99, it’s a steal.

Ease of Use: 10
Look and Feel: 10
Functionality: 10

Overall Rating: 10

Price: $9.99 | Trial? Yes | Homepage | App Store Link

Related posts:

1. Cornerstone SVN – The Ultimate Subversion Client for Mac OSX
2. Create vanity name servers with Godaddy (ns1, ns2) and use your custom DNS with external client domains

The wait for an updated desktop and iPhone app of the Hit List has been long overdue, and I think it was worth the wait. The Hit List’s sync is blazing fast and extremely reliable. It’s a great solution. Interestingly enough, if it wasn’t for Cultured Code’s lack of OTA sync for Things, I probably would never have switched away from it. I guess this is a true tale of the Tortoise and the Hare.

The Hit List for Mac

Simple, Powerful Task Manager with OTA Sync

The Hit List is very powerfultask list that is dead simple to use; it’s as easy as Wunderlist, and considerably more powerful. While I still continue to use Omnifocus, my wife has made the switch to The Hit List. It’s perfectly suited for her needs without giving her the feeling of being overly complex and overbearing. There are a few features that I would still like to see before making a switch, but I am probably in a special class of tech users. I actually think that The Hit List would be a perfect solution for most people.

The wait for an updated desktop and iPhone app of the Hit List has been long overdue, and I think it was worth the wait. The Hit List’s sync is blazing fast and extremely reliable. It’s a great solution. Interestingly enough, if it wasn’t for Cultured Code’s lack of OTA sync for Things, I probably would never have switched away from it. I guess this is a true tale of the Tortoise and the Hare.

• Clean interface; Does not seem overwhelming
• Very well organized.
• Entering tasks is fast and the keyboard shortcuts give it a very fluid feel
• Switching between list and context mode is very nice and well thought out.
• Printing looks as great on paper as it does on screen. This was a very big deal for my wife who likes to take paper with her.
• The Hit List also syncs with iCAL! This hasn’t worked for Omnifocus for quite some time. It’s a feature that I really miss.
• Over-the-air sync is lightning fast.

Again, the entire process is very simple and streamlined. The whole thing is incredibly well done.

Suggestions / Wish list

• The Repeating tasks feature is hard to find. I had written a portion of this article on the lack of repeating tasks before I found out that The Hit List actually supported it. I would consider adding a ‘Repeat’ button in the taskbar.
• Project Start / Due dates. I would like to be able to set a start or due date for an entire task list, rather than having to assign it to each task.
• Predictive tag/context feature can be confusing to someone who doesn’t understand what is going on. I would consider turning that off by default.
• There should be a way to define a default list for contexts or tags (e.g. Tasks in my Walgreens and Target contexts always fall under my ‘Shopping’ list)
• Today shows tasks in the “next three days”. This is kind of confusing and annoying. The today view should only show you tasks that are due today. Upcoming should show you what’s coming next.
• Add a Time field to the start and due options. This is useful for keeping appointments, or scheduling a task at a particular point in the day (e.g, ‘Take out Trash’)
• Add the ability to enter multiple tasks in the Quick Entry window. Hit enter to cycle to the next task, or Esc when done entering tasks.
• Setting to hide tasks that have not started (or will not start for x amount of days). For example, I have a Bills list, which contain a list of monthly repeating bills that need to be paid. There should be an active filter to not show items which have not yet started. Seeing every bill in the list becomes confusing.

Ease of Use: 9

Look and Feel: 10

Functionality: 7

Overall Rating: 8.5/10

Price: $49.95 | Trial? Yes | Homepage | App Store Link

The Hit List for iPhone

The iPhone app was definitely worth the wait. It’s not as full featured as I would like, but again, for someone like my wife, it’s perfect. However, considering this is the first release of the app, I understand that it’s just a starting point. Overall, it is very well laid out and extremely easy to use. The only downside that I’ve found is that it seems to be extremely buggy; the app crashes quite a bit for me.

• The rapid entry feature is by far my favorite feature of the iPhone app. All other GTD companies should take not of this feature as I consider it to be ground-breaking and simple.
• The interface is very well designed and streamlined.
• The batch moving feature is very useful.

Suggestions / Wish List

• Push Notifications for due tasks.
• Ability to reduce the font size of tasks of the tasks lists and folders. The size 16 font is a bit large. I would probably drop the icon size, too.
• When looking at a task, you should be able to click a field to edit it, rather than clicking edit, then the field name
• An iPad app
• Buggy

Overall, The Hit List is a great app which, depending on your specific needs, you should definitely consider.

Ease of Use: 9

Look and Feel: 8

Functionality: 6

Overall Rating: 7/10

Price: $9.99 | Trial? Yes | Homepage | App Store Link

Related posts:

1. iPhone Explorer – Free software to use your iPhone as a usb flash drive
2. Mass Email Marketing and Mailing List Manager for OSX with MaxBulk Mailer
3. FItness HD – Health, Diet, Exercise, and Nutrition Tracker for iPad and iPhone