Member You - Computers and Technology

What's in a Name?
Product naming is a key aspect of branding. The name you ultimately choose will reflect who you are, your company’s personality and vision. But more importantly, it must unforgettably embody the promise of your product’s main benefit to your potential customers. It can dovetail generically with your competition, but ideally, it should stand out from the crowd. Where to begin? Here are some basic guidelines.If the field’s too crowded, be uniqueMSN Search, Netscape Search, AOL Search, they all stayed in the same category, so you could play it safe and go with Stupendous Search or Super-Duper Search. This works for a time, but as soon as the field gets too crowded, you’ll be lost in the mush of sameness with ever diminishing name recognition. If you’re in it for the long haul, better to break away from the crowd with a name like Google, Yahoo, or even Dogpile (though I’m not a fan of going into the scat category just to be unique). Even Kinkos—the founder's nickname (he had kinky red hair in school)—is different enough to be memorable.Avoid tongue twistersThere’s a little part in all of us that hates to be embarrassed. When we ask for a product or talk about it with friends, we want to sound literate and no

perience leads us to believe that there is a significant chance that your data is already at risk from SQL Injection.

Whether an attacker is able to see the data stored on the database or not, really depends on how your website is coded to display the results of the queries sent. What is certain is that the attacker will be able to execute arbitrary SQL Commands on the vulnerable system, either to compromise it or else to obtain information.

If improperly coded, then you run the risk of having your customer and company data compromised.

What an attacker gains access to also depends on the level of security set by the database. The database could be set to restrict to certain commands only. A read access normally is enabled for use by web application back ends.

Even if an attacker is not able to modify the system, he would still be able to read valuable information.

What is the impact of SQL Injection? Once an attacker realizes that a system is vulnerable to SQL Injection, he is able to inject SQL Query / Commands through an input form field. This is equivalent to handing the attacker your database and allowing him to execute any SQL command including DROP TABLE to the database!

An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to manipulate existing queries,

Domestic Merchant Account Options
A domestic merchant account may be the best option for your company. That’s because when you have an account managed by a company located in your country of residence, both you and the lender are familiar with laws and business codes that can impact the way your company operates. An offshore entity, in contrast, may be less familiar with and less observant of the rules that govern spending and payment transactions in your country.Your domestic merchant account may be beneficial in other ways, as well. When selecting a lender, you can choose one that you know something about. Perhaps you have had other dealing with this bank or institution, or you may know other business owners who maintain accounts there. It is likely, if you follow business news, that you have read something about the corporation and are aware of its standing in the professional community or the overall industry. Working with a company that you know and trust can help to build solid relationships that can blossom into additional promising directions. You may be able to secure other types of accounts or lending in the future if your merchant account turns out to be a rewarding experience for both parties.Applying for a domestic merchant account may be easier than doing business with a

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organisations. It is perhaps one of the most common application layer attack techniques used today.

Web applications allow legitimate website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser.

Databases are central to modern websites – they store data needed for websites to deliver specific content to visitors and render information to customers, suppliers, employees and a host of stakeholders. User credentials, financial and payment information, company statistics may all be resident within a database and accessed by legitimate users through off-the-shelf and custom web applications. Web applications and databases allow you to regularly run your business.

SQL Injection is the hacking technique which attempts to pass SQL commands through a web application for execution by the backend database. If not santised properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out.

Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs.

These website features are all susceptible to SQL Injection attacks.

SQL Injection: A Simple Example Take a simple login page where a legitimate user would enter his username and password combination to enter a secure area to view his personal details or upload his comments in a forum.

When the legitimate user submits his details, an SQL query is generated from these details and submitted to the database for verification. If valid, the user is allowed access. In other words, the web application that controls the login page will communicate with the database through a series of planned commands so as to verify the username and password combination. On verification, the legitimate user is granted appropriate access.

Through SQL Injection, the hacker may input specifically crafted SQL commands with the intent of bypassing the login form barrier and seeing what lies behind it. This is only possible if the inputs are not properly sanitised (i.e., made invulnerable) and sent directly with the SQL query to the database. SQL Injection vulnerabilities provide the means for a hacker to communicate directly to the database.

The technologies vulnerable to this attack are dynamic script languages including ASP, ASP.NET, PHP, JSP, and CGI. All an attacker needs to perform an SQL Injection hacking attack is a web browser, knowledge of SQL queries and creative guess work to important table and field names. The sheer simplicity of SQL Injection has fuelled its popularity.

Why is it possible to pass SQL queries directly to a database that is hidden behind a firewall and any other security mechanism?

Firewalls and similar intrusion detection mechanisms provide little or no defense against full-scale SQL Injection web attacks.

Since your website needs to be public, security mechanisms will allow public web traffic to communicate with your web application/s (generally over port 80/443). The web application has open access to the database in order to return (update) the requested (changed) information.

In SQL Injection, the hacker uses SQL queries and creativity to get to the database of sensitive corporate data through the web application.

SQL or Structured Query Language is the computer language that allows you to store, manipulate, and retrieve data stored in a relational database (or a collection of tables which organise and structure data). SQL is, in fact, the only way that a web application (and users) can interact with the database. Examples of relational databases include Oracle, Microsoft Access, MS SQL Server, MySQL, and Filemaker Pro, all of which use SQL as their basic building blocks.

SQL commands include SELECT, INSERT, DELETE and DROP TABLE. DROP TABLE is as ominous as it sounds and in fact will eliminate the table with a particular name.

In the legitimate scenario of the login page example above, the SQL commands planned for the web application may look like the following:

SELECT count(*) FROM users_list_table WHERE username=’FIELD_USERNAME’ AND password=’FIELD_PASSWORD”

In plain English, this SQL command (from the web application) instructs the database to match the username and password input by the legitimate user to the combination it has already stored.

Each type of web application is hard coded with specific SQL queries that it will execute when performing its legitimate functions and communicating with the database. If any input field of the web application is not properly sanitised, a hacker may inject additional SQL commands that broaden the range of SQL commands the web application will execute, thus going beyond the original intended design and function.

A hacker will thus have a clear channel of communication (or, in layman terms, a tunnel) to the database irrespective of all the intrusion detection systems and network security equipment installed before the physical database server.

Is my database at risk to SQL Injection? SQL Injection is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against SQL Injection, there are a large number of web applications that remain vulnerable.

According to the Web Application Security Consortium (WASC) 9% of the total hacking incidents reported in the media until 27th July 2006 were due to SQL Injection. More recent data from our own research shows that about 50% of the websites we have scanned this year are susceptible to SQL Injection vulnerabilities.

It may be difficult to answer the question whether your web site and web applications are vulnerable to SQL Injection especially if you are not a programmer or you are not the person who has coded your web applications.

Our experience leads us to believe that there is a significant chance that your data is already at risk from SQL Injection.

If improperly coded, then you run the risk of having your customer and company data compromised.

Even if an attacker is not able to modify the system, he would still be able to read valuable information.

Mouse Clicks Or Street Smarts, What Wins Sales
If you ask salespeople what wins sales today, they will tell you they are the key to success and all they need is quality time with customers. The belief is that building a strong customer relationship can only be accomplished one-on-one. Salespeople live in a world where personality, drive and commitment to customer relations are the creed to success. Salespeople believe they are the magic ingredient to increased sales. Are they?If you ask the typical buyer what is important in their decision making process, they will say timely and quality information is the key. The buyer is challenged with the speeding clock of time and doing more than one task. Buyers are seeking the fastest way to make the right decisions. Buyers thrive on information and information is often plentiful with the stroke of a few keys and mouse clicks. Buyers look for trusted resources that allow them to do their job easier and faster.As we evaluate this scenario, we can understand the dilemma of a traditional salesperson and buyer relationship. On one hand, the traditional salesperson wants more time with the buyer to build a strong relationship. Unfortunately, the contemporary buyer wants to spend less time with salespeople, unless they are trusted resources with the quality and

L Injection attacks.