It’s always nice to have an alternative, a choice, an option – and when it comes to getting information and support for Applied Systems products, you do have alternatives. One of those alternatives is http://appliedusers.ca – a portal site offering great web-based forums, a wiki and a blog – definitely worth a look if you have not dropped by already. All are welcome, it’s free and there is no membership required.
This is a first for me so I’m hoping I’m doing this right!
I hope to see many of you at our November meeting.
Applied appears to have branched their development again and has announced a new product dubbed “EPIC”, which one can only hope is not as in “EPIC FAIL” (what is epic fail?). Where this fits in the product line-up and what this new product means to the life cycle of TAM, Vision and even DORIS, remains to be seen. From what I’ve seen, the Interface has certainly been dressed up, but even their own EPIC website says very little about the product. They will no doubt be revealing more at the upcoming (November 25th) SWOUGAS meeting.
More about EPIC here
Had a bit of an outage over the weekend while SWOUGAS was moved onto some shiney, new hardware. We are also working on ironing out some problems with our ISP. Now we just have to catch up on the site updates.
Sure, you’ve heard of fuel injection, sub-cutaneous injection and maybe even water injection, but what the heck is SQL (pronounced ’sequel’) injection and why should it concern you? SQL injection makes headlines almost weekly, especially in media targeted to information security professionals. Occasionally it makes more mainstream headlines, but it tends to be something people know is bad, but they’re not sure why or how it affects them.
SQL injection is actually one part of a two-prong attack and targets web servers with database back-ends. The injection exploits weak form validation code – that is code that is suppose to check information entered in a form field and reject or clean it if it contains invalid characters or has an incorrect length. The goal of most SQL injection attacks these days is not to steal data, but to use the server to do the attackers bidding, which may be to redirect traffic to other sites or to plant (inject) html iframes or malicious javascript in order to spread malware. That is the second prong of the attack – the first prong concerns site admins, the second prong concerns web surfers.
Protecting yourself from the malware portion of this exploit requires keeping your browser up-to-date, keep your security software up-to-date and since these exploits often use javascript, you could use a browser plug-in like NoScript to change script running behaviour from allow by default to deny by default.
If you are running any kind of webserver, especially if it is publicly accessible and you have forms that allow users to submit information to a database, you should double-check that your form validation is solid and secure. If the code is not homegrown and you are running some kind of content management or blog – check Secunia or Milw0rm to see if that code is exploitable.
I’m cheating this time – I’ve already written this article on another site – so…
http://brokertech.parallel42.ca/blog/?p=63
Not all power supplies are created equal.
Finally been able to get WordPress added to the site to allow for some additional dynamic content and contributions from members and other interested parties. If you wish to contribute send a request to webmaster@swougas.org and I will get you setup with a login / password.
