Trailrunner7 writes “Database security super-genius David Litchfield has found a way to manipulate common Oracle data types, which weren’t thought to be exploitable, and inject arbitrary SQL commands. The new method shows that you can no longer assume any data types are safe from attacker input, regardless of their location or function. Litchfield wrote, “In conclusion, even those functions and procedures that don’t take user input can be exploited if SYSDATE is used. The lesson here is always, always validate and prevent this type of vulnerability getting into your code. The second lesson is that no longer should DATE or NUMBER data types be considered as safe and not useful as injection vectors: as this paper[PDF] has proved, they are,” he writes.”

Read more of this story at Slashdot.

Share This

Share This

holy_calamity writes “New Scientist commemorates spam’s 30th anniversary, a week from this day. The first spam message — archived here — was sent to 393 users of ARPANET on May 2 1978 by someone from computing pioneers DEC. They had to type in all the addresses by hand first.”

Read more of this story at Slashdot.

Share This

Share This

andrewd18 writes “According to F-Secure, over 500,000 webservers across the world, including some from the United Nations and UK government, have been victims of a SQL injection. The attack uses an SQL injection to reroute clients to a malicious javascript at nmidahena.com, aspder.com or nihaorr1.com, which use another set of exploits to install a Trojan on the client’s personal. As per usual, Firefox users with NoScript should be safe from the client exploit, but server admins should be alert for the server-side injection. Brian Krebs has a decent writeup on his Washington Post Security Blog, Dynamoo has a list of some of the high-profile sites that has been hacked, and for fun you can watch some of the IIS admins run around in circles at one of the many IIS forums on the ‘net.”

Read more of this story at Slashdot.

Share This

Share This

An anonymous reader writes “I have recently been tasked with switching our SSL certificate provider and it’s proving not to be simple. We use an internal authority for our own stuff and then we purchase certificates to protect outward-facing sites (a lot of them). My question for this community is: How do you select a certificate authority to use? There’s price, service (why we’re leaving our last vendor), warranty, and products offered as the only differentiators I can find. Is there any public resource that would show me actual customer reviews of CAs like Verisign, GeoTrust, Comodo, Trustwave, and DigiCert? Our last vendor did a really poor job with support and I would like to make a reasonably educated decision.”

Read more of this story at Slashdot.

Share This

Share This

Filed under: Audio, World wide web, Web services, web 2.0

We’ve seen desktop applications that let you record music from internet radio streams. But ChiliRec is the first web app we’ve seen that rips music from online radio stations and stores it in folders.

Here’s how it works. When you visit the Chilirec site, you can choose from a long list of on the web radio streams. By default, each single stream is selected, but you can uncheck the boxes next to any stations you don’t want to record. Once you’ve selected your streams, ChiliRec will rip the songs from each station and store them on the internet. You can access them from a list of recordings, play them with a Flash-based media player, or create and save playlists. You can also save files as MP3s to your desktop. Keep in mind, audio recorded from an internet stream may not sound as good as a track bought from iTunes or other stores, and sometimes the beginning or end of the song might be cut off.

ChiliRec does not let users add their own radio streams. We have a feeling the service is constantly recording each of the streams in its directory, and when you sign up for an account it simply gives you access to the stored recordings starting at the moment you hit record. That would use up a lot less bandwidth and storage space than actually creating separate recordings for each user.

[via Go2Web20]

Read

Share This

Share This

U.S. Senate Committee on Banking, Housing, and Urban Affairs
Committee has jurisdiction over banking, economic policy, financial institutions, price controls, deposit insurance, economic stabilization and defense production, exports

M&T Bank : Personal Banking
Pursuing an education is difficult enough without having to worry about paying for it. That’s why at M&T Bank, we offer a full range of student banking products.

TD Canada Trust - Banking - Electronic Banking
Synovate Award: Global Finance: TD Canada Trust rated ” Best On the web Banking ” in customer service in 2007 among the country’s five major banks. TD Canada Trust rated ” Ideal

Welcome to EvergreenBank
Describes banking products available for personal and business finances, along with investor information, and on the web accounts access.

Financial Supervisory Commmission, Executive Yuan-Banking in Taiwan
FSC issues “Directions for Disposal of Non-performing Loans by Financial Institutions” (2008/3/18 ) Chunks of Bowa Bank auctioned off (2008/3/18 ) E.Sun Commercial Bank gets

First Independent Bank - We’re Ready When You Are :: First Independent
First Independent Bank - Is a locally owned Vancouver Washington bank. With nearly 100 years of heritage. First Independent Bank is improving security, refining products and

RBC Royal Bank Gateway
For information about RBC Financial Group including corporate communications, investor relations, careers and more.

Banking Jobs / Financial Resumes | Bankjobs.com
Banking Jobs and Resumes: Career site for the financial services industry. Jobs and resumes for the banking and financial industry. Preview all resumes and search jobs for free.

U.S. Bank - Personal banking including checking accounts, on the web
Find personal banking services you can trust from U.S. Bank, the trusted name in personal banking. U.S. Bank offers checking account information, on the web banking, phone banking

Division of Banking Home Page
The mission of the Division of Banking is to protect and educate the public and promote confidence in the regulated industries through administration of statutory

Banking Jobs in Banking Job Search.
Jobs.com - Banking Jobs - powered by Monster Looking to hire employees ? Post a job and recruit the most qualified candidates today.

First Banking Center - Hometown Banking At Its Ideal!
As a hometown bank, First Banking Center’s goal is to offer you financial products to match your banking needs while contributing to the economy of the communities we serve.

Share This

Share This

Dionysius, God of Wine and Leaf, writes “There are places where criminal activity is centralized: the backbone hubs located in hosting facilities across the country. All of the Internet’s activity, legal and illegal, flows through these ‘choke points,’ and the feds, of course, are already tapping those points and siphoning off data. What Mueller wants is the legal authority to comb through the backbone data, which is already being siphoned off by the NSA, in order to look for illegal activity.”

Read more of this story at Slashdot.

Share This

Share This

Dionysius, God of Wine and Leaf, sends us to DarkReading for a backgrounder on new rules from the FTC, taking effect in November, that’ll require any business that handles private consumer data to check its customers and suppliers against databases of known on the web criminals. Companies that fail to do so might be liable for big fines or jail time. In practice, most companies will contract with specialist services to perform these checks. Yet another list you don’t want to get on. “The [FTC’s] Red Flag program… requires enterprises to check their customers and suppliers against databases of known on the web criminals — much like what OFAC [the Treasury Department’s Office of Foreign Asset Control] does with terrorists — and also carries potential fines and penalties for businesses that don’t do their due diligence before making a major transaction.”

Read more of this story at Slashdot.

Share This

Share This

Filed under: Earnings reports, Bad news, Competitive strategy, General Motors (GM), Economic data

American Axle & Manufacturing Holdings Inc. (NYSE: AXL) reported this morning a loss for its first-quarter, on pressure from a United Auto Workers strike at five U.S. plants that started eight weeks ago.

The company said it swung to a loss during the first quarter of $27 million, or 52 cents per share. This is a significant decline from the same period a year ago when the company was able to report a quarterly profit of $15.7 million. Its earnings per share also came in a year ago at 30 cents, exceeding analysts’ forecast for a profit of “only” 23 cents per share. For this quarter, analysts were anticipating earnings of $ 0.04 a share.

American Axle also announced a drop of 24% in its quarterly revenue, which slipped down to $587.6 million, compared with $802.2 million a year earlier. As a main factor that impacted the company’s sales numbers, American Axle blamed the ongoing strike by its United Auto Workers employees that slashed revenue by $132.6 million and operating income by 56 cents per share. In addition, lower production volume of trucks and SUVs at General Motors Corp. (NYSE: GM) and Chrysler LLC contributed to a decline in sales.

Currently, the company is continuing its negotiations with the union. As a measure to maintain its U.S. plants, American Axle is considering slicing wages and benefits that it sees three times higher than competitors. “While it would be tragic to dismantle American Axle’s original U.S. manufacturing base, American Axle will be forced to take into account additional restructuring and capacity rationalization actions if the UAW refuses to accept the changes needed to accomplish market cost competitiveness at these facilities,” the company’s Chief Executive stated.

Eliza Popescu is a financial writer for the on the web investment advisory service Investor’s Observer.

Share This

Share This

Filed under: Earnings reports, Launches, Competitive strategy, Microsoft (MSFT), Sony Corp ADR (SNE)

After over four years and billions of dollars in losses, Microsoft (NASDAQ: MSFT)’s game division has finally started to make money. Although Wall Street was disappointed with some of the software company’s numbers for Windows and Office, the firm’s “entertainment and device” division made $89 million on $1.58 billion in revenue. In the same quarter last year, the operation lost $324 million on $936 million in revenue.

According to the company, “Cumulative console sales surpassed 19 million during the quarter, up 74% from a year ago. Server and Tools revenue growth of 18% added to its string of consecutive double-digit revenue.” The Xbox has finally arrived.

The news shows that Microsoft is willing to spend massive amounts of money to enter a business and stick to it. When the Xbox was launched, Sony (NYSE: SNE) ruled the game business and there was no reason to think that Microsoft could do well. Gaming couldn’t take advantage of Microsoft’s core strengths in Computer and server software. The move was an attempt at diversification.

After all the years of battling, the Xbox 360 now outsells Sony’s PS3 in most months. If the software company could only make money on MSN.

Douglas A. McIntyre is an editor at 247wallst.com.

Share This

Share This