Which Software Is Right For My Business?

Every business can benefit from using software to speed up processes and improve organisation. But with so programmes out there on the market, how do you know which software is right for you? Certain software may be too simple for your needs, whilst other software may be overly complex. There are also factors such as cost to consider. Here are just some ways to help make the right choice when looking for software for your company.

Check online reviews

Online reviews are great at giving you unbiased information on software including the pros and cons. You may find professional reviews in tech publications are the most insightful as these people have tested lots of different software and so have more know-how when it comes to which programme is best (comparison guides are a great read). That said, user reviews can also be handy as they may offer information in layman terms and show how software can be applied in a real life setting. There are also video reviews out there on Youtube that may include walk-throughs of the software on screen so that you can see what it looks like.

Download free trials

Some software companies will offer the opportunity to download a free trial. This allows you to use the software for a few days and get to grips with its interface, helping you to determine whether its right for you. You can get your employees to test it out too if they’re also going to be using it and then you can vote whether you think it’s worth buying. Free trials may not always give you a full experience of what software is like to use – some features may be locked – but you can get a good idea just from the basic settings whether a programme is right for you.

Attend software demos

Some companies will host software demos in which a spokesperson will give a presentation and answer any questions regarding the software. Software demos can be very salesy and you’re likely to get very biased information as a result, however the chance to ask questions and possibly even negotiate pricing can make demos a worthwhile event. They’re also great chances to network with other business owners and get an idea of a software company’s target market.

Consider specialist software

There’s a lot of generic one-size-fits-all software when it comes to processes like accounting and project management. Some of this software is very popular and therefore has had a lot of money poured into improving it and making it reliable, however it may be too generic for some niche companies that need more specific features. Looking for specialist software such as veterinary software or architect software could be more beneficial in certain cases. It’s worth testing out a mix of specialist and generic software.

Go bespoke

There’s also the option to pay a software development company to build your own software. This could be designed entirely to your specs, giving you all the features you need. This can be more expensive, so make sure that you’re going to get regular use out of this software – it could be a way of combining the functions of multiple programmes into one software, saving you money in the long run.

Facebook, Privacy, and Staying Safe Online

Care about your privacy in the wake of all the Facebook news?

Switch to Mozilla Firefox as your main browser. It is now faster than Chrome or Internet Explorer, it uses less memory, and it goes a lot further to care for your privacy online and keep you safe. https://www.mozilla.org/en-US/firefox/new/

Use Facebook in a restricted container to prevent it from tracking you when you are not on Facebook: https://blog.mozilla.org/fire…/facebook-container-extension/

Install the uBlock Origin add-on for Firefox to prevent trackers, ads (which are in and of themselves trackers), malware, and other nasties from harming you online. https://addons.mozilla.org/en-…/firefox/addon/ublock-origin/

Install EFF’s Privacy Badger add-on for Firefox to prevent even more tracking that uBlock doesn’t necessarily cover. https://addons.mozilla.org/…/firef…/addon/privacy-badger17/…

This setup will not only help you keep Facebook at arm’s length, it will help you in general to avoid malicious advertisements, malware, ransomware, and various types of web browser hijacking while surfing the Internet.

Enjoy, and stay safe!

Firefox Captive Portal Spam in Burp Suite

About a year ago, Mozilla added “captive portal” support to Firefox in an attempt to enhance usability when connecting to free WiFi portals, such as at an airport or a hotel. You have probably interacted with captive portals in the past, and if you are a Firefox user, you may have wondered why you had to open Chrome or IE or Safari to be able to log into the WiFi system, as you could only get the “Sign In” page to pop up in one of those browsers before getting access to the full Internet.

Firefox added support for these “Sign In” pages about a year ago, so that you don’t need to use a (shudder) different browser. That is all well and good, except for when it comes to using Burp Suite as a proxy for Firefox. If you are a pentester, you are probably used using Firefox (especially on Kali Linux) for your traffic proxying through Burp, as they make it easier than any other browser to set up and disable the proxy.

However, you may now be seeing a ton of requests like this:

Disable the detectportal.firefox.com requests

Seeing all those requests in Burp, much less thinking about all the noise they generate otherwise, is annoying. Because you probably won’t ever need to use a Captive Portal on your pentesting machine (a VM, in my case), you can completely disable Firefox’s attempts to detect them. Just browse to about:config and enter network.captive-portal-service.enabled. Double click it to change its value to “false” and you should be good to go.

That’s all, folks!

 

 

 

A Review of EaseUS Data Recovery Software for Mac

I have never really had the need for data recovery software until recently, when I mistakenly deleted a bunch of data off of a USB thumb drive, thinking I had backed it up somewhere. Much to my chagrin, I had not in fact backed it up. There were some files I was really going to miss, such as recordings of music I had made in Logic, and some various photos I’ve carried around with me over the years.

As I quickly learned, these type of apps do not run cheap. After doing some digging, I ran across a promising candidate called EaseUS Data Recovery. As far as data recovery software goes, they seemed to have been around a while, and had some good reviews. At $89.95, though, I expected it to do great things. Not only did I want Mac data recovery, I wanted a tool that would let me recover data from external hard drives, USB thumbs drives, and more. EaseUS promised to do that.

Installing The App

There were a few concerning things that happened during the installation process. For starters, Little Snitch reported outbound connections to track.easus.com. I could understand the need to reach out and check the license key, but over port 80? The subdomain “track” indicated that this was collecting some sort of metrics. I’m not sure I feel OK about that, especially over an unencrypted connection.

I let it pass through, and the installation continued. Another outbound connection warning appeared:

Hmm…another non-SSL connection to their website. I would hope that a company charging $90 for an application would be able to (and be smart enough to) get an SSL certificate to encrypt these connections, thereby helping protect their customer’s privacy.

Post Installation

Once installed, I went to plug in the license information that EaseUS had provided to me to register the product and assure I was getting all the features. When I did this, another unencrypted outbound alert appeared, which I can only assume contained my license key information as the software called home to validate it:

EaseUS doesn’t seem to care about encrypted data transfers. Not good!

The last complaint about the installation process is that I was left with a new taskbar widget that looked like a weather alert. 35 degrees? What is that?

Turns out this is a widget that provides “S.M.A.R.T.” monitoring of my drives. I’m not sure what that acronym stands for, but this widget was added for me without my knowledge, and it was promising to monitor my drives for issues. I decided to disable it since I am not a fan of widgets being added for me without asking.

Recovering Data with the Recovery Wizard

At this point, things got considerably better. The application was a breeze to figure out and use. I was first asked what type of files I wanted to recover. I left all of them checked since I wasn’t sure what all was on my deleted USB thumb drive.

From there, I was given a list of drives on my system:

Selecting my USB drive, I proceeded. Within a minute I was shown a bunch of files that were recoverable from my USB drive. I was able to choose what I wanted to be restored.

After that, all it took was clicking the Restore button, and I was asked where I wanted to save everything. Another 2 minutes later, I had all my files back! I’m not sure why I’d want to Tweet about that or “share my happiness” on Facebook, but I was given that option when the operation was complete.

MP3’s worked, images were viewable, and everything was good. I did notice a few filename characters had been replaced with a “#” sign, but they still operated normally. The EaseUS software did exactly what it said it would do.

Summary

All in all, this is a good product based my testing experience, and I’d recommend it if you need to recover data from a computer or external drive. There are some installation shenanigans to be aware of, as the software tries to install its monitoring widget without your consent. The worst part of it all is that the outbound calls to easus.com are not encrypted. EaseUS: get your stuff encrypted, please!

Tool Sharpening

As honest Abe Lincoln said, “Give me six hours to chop down a tree and I will spend the first four sharpening the axe.”

For the last six months, I have been playing the part of Hey Blinkin, getting the tools in my toolbox sharpened, honed, configured, and ready as I am inches away from starting the PWK/OSCP course. As soon as some paperwork clears, I’ll be signing up, hopefully to start in mid-July. You may have seen me posting things I’ve learned so far here on my blog. I intend to keep it up, as finding other OSCP adventurer blogs, tips, and tools along my journey has been invaluable. I hope to pay it forward here.

That said, here are a few very sharp tools I’ve come to love (as recently as this evening):

iTerm 2 – http://iterm2.com/ – a better Terminal app for Mac. Highly configurable, integrative, and versatile. Not exactly a pentesting tool, but something anyone doing command line work on a Mac should check out.

Sn1per – https://github.com/1N3/Sn1per – a super-thorough and invasive reconnaissance tool. It is very noisy and not recommended for actual pentesting, but it is great for working on CTF and Vulnhub VMs.

OSINT Framework – http://osintframework.com/ – a hefty, well-organized set of free tools for gathering all kinds of information. Originally geared towards security, it includes a lot of other fields as well. Follow it on GitHub here.

 

Microsoft Windows has Free Virtual Machines

Wish I had know about these earlier. Microsoft offers free Windows virtual machines for VirtualBox, VMWare, and others. You can choose from Windows 7, Windows 8, or Windows 10 (a few different flavors of each). They last 90 days before expiring, but you can snapshot them right after you install them to make it easy to reset that 90 days by rolling back to the snapshot.

Officially, these are for testing out the Edge browser, but you can also use them for whatever else 😉

Check them out here:

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/