You now need to register to use the software (you're prompted during installation), and some of the tasks that needed manual intervention are now automated (such as updating the transforms, which is now done as part of the installation process). Also, where previously you needed to go through and accept the disclaimers on certain transforms before you used them, now on first use you are presented with a dialog box which helps with not breaking up your work flow.

Limits are also reduced - one which I reached regularly on 2.0 was the 75 transforms per day - I don't remember seeing where these new limits are documented, but maybe there is something over on the Maltego blog I missed.

                                 

Click here to download:

Maltego_3.0_Community_Edition_.zip (1626 KB)

Following the trend of other popular software, the Java Runtime is also bloating out with other 'useful-less' components, so on a default install you can find yourself with extra memory resident processes, browser plug-ins and helper objects which are just not required to provide applications access to the Java Runtime.

Because of this, I now update my own lab environment with a scripted silent install of Java - it does not include the extra plug-ins and browser helper objects during installation, or the memory resident updater tool. Are there any other suggestions to keep the Java Runtime installation down to a minimum? I believe in only installing what is absolutely required.

There are now quite a number of podcasts available, covering all areas of Information Security - I find it a great way to stay up to date with the industry news, particularly when commuting. A fairly comprehensive list can be found at http://getmon.com/, while my current regular favorites are below:

• Paul Dot Com Security Weekly (feed) - one of the longest established US based security podcasts, normally around 2 hours long, with interviews, technical segments and industry news.
• Risky Business (feed) - an Australian based ~30 minute show, neatly split into news, interview and sponsor interview
• 2600 | Off The Hook (feed) - airs every Wednesday night at 7:00 PM EST in New York City on listener supported WBAI 99.5 FM.

I've created an aggregated feed of my Podroll, which makes subscribing quick and simple - on my phone, it means adding just one feed, instead of lots of different feeds for different podcasts (very useful when rebuilding your phone after flashing the latest ROM)... I did try RSSmix.com, which IronGeek also uses, but I found updates through the site don't seem to be that regular (and the site itself can run pretty slow as well), which means missing out on the latest content. Instead, I use Yahoo Pipes to merge and manipulate the various feeds together, and then publish through Feedburner to get some extra control / statistics.

You can subscribe to my Podroll feed here (http://feeds.andrewallen.co.uk/andrewallen/podroll), or you can view the Yahoo Pipes source here.

Update - Dec 14

I've updated the pipe to include the following feeds, and also strip posts with no enclosures:

• RB2 (feed)
• Network Security Podcast (feed)
• Security Justice (feed)
• Securabit (feed)
• Tenable Network Security Podcast (feed)

If you are following the latest releases in regards to BackTrack, following a recent update you may have experienced error when PostgreSQL attempts to start:

Starting PostgreSQL 8.3 database server: main* The PostgreSQL server failed to start. Please check the log output:

Then further down:

could not load server certificate file “server.crt”: No such file or directory

Here is a quick fix - at the console, type:

cd /etc/ssl/certs
ls -ld /etc/ssl/private
sudo ls -l /etc/ssl/private/
make-ssl-cert generate-default-snakeoil -force-overwrite
cd /etc/ssl/certs

Re-run the update commands, and you should be good to go:

apt-get update
apt-get upgrade
apt-get dist-upgrade

After having used Chrome for so long on my Mac (in the dev channel via the very useful Chromium Updater), switching back to Firefox reveals an interesting habit - searching via the address bar. In Chrome, you can type your search directly in the address bar and you'll get redirected to Google for your search results, however in Firefox it reacts slightly differently - it will carry out a Google "I'm feeling lucky" search which will direct you to the first result Google returns.

You can customise this behavior in the 'about:config' page within Firefox. Type 'about:config' into the address bar, and then update the 'keyword.URL' field to your chosen search engine. For example, if you wanted to use Scroogle instead, you would type:

• http://www.scroogle.org/cgi-bin/nbbw.cgi?Gw=

By the way, If you are not already using Scroogle, it's a simple way to anonymise your search requests.

It's quite common that you need to remove some software when running in Safe Mode, particularly when you find your system is unusable when running normally. However, by default, the key service required to manage installed software is not running, and cannot be started (the Windows Installer Service, aka MSIServer).

Here is a quick way around this issue - by adding the registry entry below, you'll then be able to start the service and remove / install the software you require.

reg add "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer" /VE /T REG_SZ /F /D "Service"
sc start msiserver`

Once this change is made, it will remain permanent, and you won't need to re-apply it in the future, although you'll still need to start the msiserver service when required.

30/09/2009 13:30:34.98 C:\>