Secure Application Development links

Oct 14, 2008 in Security

Hi,

I have been putting some secure application development documents together recently and have found some good general tutorials and guidelines which I thought I would post here.

Other Resources

No Comments »

E-Commerce Glossary

Jun 18, 2008 in Banking and EFTPoS

Acquiring Institution
The which holds the partaking in a financial , typically the first involved in the of a .

Applet
A small computer program which facilitates the performance of particular tasks.

Bandwidth
The capacity of a to carry or process information. The higher the bandwidth the faster graphics-laden pages will download.

Browser
Short for browser, a software application used to locate and display pages. The two most popular browsers are Netscape Navigator and . Both of these are graphical browsers, which means that they can display graphics as well as . In addition, most modern browsers can present multimedia information, including sound and video, though they require plug-ins for some formats.

Caching
The automatic copying and storage of frequently used information onto a computer system – Typically caching is seen whilst surfing the (graphics, etc.) and used by Services Providers (’s) to reduce the amount of requested from the user onto the .

Issuer
The which issued the cardholder’s and .

Cardholder
The individual participating in the financial whose is being credited or debited.


The additional information printed on the to be processed. This is used to verify if the was present when the was initiated.  This is the additional digits imprinted on the usually on the reverse side for & Mastercard and on the front for AMEX.

Certificate
An x.509 certificate used to entities such as Merchants and Gateways. Certificates can be used to identify and/or encrypt sensitive such as numbers and personal cardholder information.

CGI
Common Gateway : A protocol that allows a page to run a program on a . Forms, counters, and guest books are common examples of CGI programs.

Any piece of software can be a CGI program if it handles input and output according to the CGI standard. Usually a CGI program is a small program that takes from a and does with it, like putting the content of a form into an e-mail message, or turning the into a database query. CGI “scripts” are just scripts which use CGI. CGI is often confused with Perl, which is a programming language, while CGI is an to the from a particular program.

Client
A computer or software that requests a service of another computer system or process (a “”). For example, a workstation requesting the contents of a file from a file is a client of the file . A browser is commonly referred to as a client.

Clients and Servers
In general, all of the machines on the can be categorised as two types: servers and clients. Those machines that provide services (like servers or FTP servers) to other machines are servers. And the machines that are used to connect to those services are clients.

When you connect to Yahoo at www.google.com to read a page, Google is providing a machine (probably a cluster of very large machines), for use on the , to service your request. Google is providing a . Your machine, on the other hand, is probably providing no services to anyone else on the . Therefore, it is a user machine, also known as a client. It is possible and common for a machine to be both a and a client !

Cookie
A file sent by some servers to your computer’s hard drive to enable you to quickly and easily return to particular sites. Cookies give rise to concerns as they are often used to store information used for marketing purposes.

The main purpose of cookies is to identify users and possibly prepare customised pages for them. When you enter a site using cookies, you may be asked to fill out a form providing such information as your name and interests. This information is packaged into a cookie and sent to your browser which stores it for later use. The next time you go to the same site, your browser will send the cookie to the . The can use this information to present you with custom pages. So, for example, instead of seeing just a generic welcome page you might see a welcome page with your name on it.

CRN
The Customer Receipt Number (CRN) is used to assist the holder, the gateway and the to confirm the has been processed and to track the throughout the end-to-end process. This is often used when making enquiries about a or for tracking.

Cybersquatting
Bad faith, abusive domain name registration. Cybersquatters register company and product names as domain names with a view to selling them at inflated prices to the “rightful” owners.

/CVC
The additional information printed on the to be processed. This is used to verify if the was present when the was initiated.  This is the additional digits imprinted on the usually on the reverse side for & Mastercard and on the front for AMEX.

Database
A collection of : part numbers, product codes, customer information, etc. It usually refers to organised and stored on a computer that can be searched and retrieved by a computer program.

Deep link
A hypertext link directly to a page, often bypassing home pages or other identifying pages.

Certificate
A pop up window that allows you to identify the level of used to secure a particular site.

Signature
A complex numeric “signature” designed to be used, in conjunction with special software, to the sender of a message and guarantee that the contents of the message have not been altered during to the recipient. The EU has adopted legislation which makes signatures legally valid. The Bill (Cth) 1999 has the same effect in .

Domain Name
The plain English name given to a host destination on the , for example, www.madrock.net. The suffix, dot.com is known as the generic top level domain, the prefix madrock. The domain name forms part of the Address or URL.

A name that identifies one or more IP addresses. For example, the domain name .com represents about a dozen IP addresses. Domain names are used in URLs to identify particular pages. For example, in the URL http://www.madrock.net, the domain name is madrock.net.

Download
To transfer information from one computer to your computer.

Dynamic page
A document that is created from a database in real-time or “on the fly” at the same time it is being viewed, providing a continuous flow of new information and giving visitors a new experience each time they visit the site.

Dynamic sites offer the user the ability to interact with the site. This interaction can take place in the form of a search for products, a questionnaire that automatically posts results or polls. Basically, dynamic pages and content are generated from the input of the user.

EC
.

Often referred to as simply e-, business that is conducted over the using any of the applications that rely on the , such as e-mail, instant messaging, shopping carts, services, and FTP, among others. can be between two businesses transmitting funds, goods, services and/or or between a business and a customer.

ECI
The Indicator (ECI), is used to determine the source of the original request. This is a program that the banks have developed and have mandated it’s use.

Interchange (EDI)
Systems set up by businesses, which facilitate the exchange of information.


The process of scrambling to prevent it being viewed by unauthorized persons.

Expiry Date
The date printed on the indicating when the will expire. Not to be confused with the issue date found on some cards.

Firewall
An barrier and/or traffic filter.

Forms
Forms are pages comprised of and “fields” for a user to fill in with information. They are an excellent way of collecting and information from people visiting a site, as well as allowing them to interact with pages. Forms are written in HTML and processed by CGI programs.

Frame
A means of dividing a screen into a number of compartments. Frames may give rise to legal disputes if sites created by third parties are framed as your own.

FTP servers
One of the oldest of the services, File Transfer Protocol makes it possible to move one or more files securely between computers while providing file and organisation as well as transfer control.

Fulfilment
1. Process of supplying goods after an order has been received.
2. Process of reacting to a customer’s request, covering everything that has to happen from the time the customer places an order until they are completely satisfied.

Host
Any computer on a that provides services or information to other computers on the . A host is also called a .


The software and/or business processes which combine the ’s (website, back office, etc.) order system with the System.

IP address
Every computer connected to the is assigned a unique number known as an Protocol (IP) address. Since these numbers are usually assigned in country-based blocks, an IP address can often be used to identify the country from which a computer is connecting to the .

Gateway
A system allowing incompatible computer networks to send and receive information.

HTML (Hypertext Markup Language)
Language used to translate documents into a form which can be sent over the .

Hyperlink
A highlighted phrase in a document which permits linking to another document or part of a document.

Content Host (ICH)
Those who host or propose to host content on the . Anybody who is responsible for a site, news group or bulletin board that contains articles, graphics or other content provided by others. The host may/may not also produce their own content and/or provide to the through a carriage service, ie they may also be an .

Service Provider ()
A company that provides an connection through some kind of carriage service, for example Sprint, Chello Broadband, Telstra Bigpond, Adam , Internode. ’s may/may not also be ICHs.

Mail servers
Almost as ubiquitous and crucial as servers, mail servers move and store mail over networks (via LANs and WANs) and across the .


This is an set up with a to process orders from customers.


The entity receiving payments for goods and/or services.


The ’s into which transactions are credited or debited.


The software installed on the ’s sites or back office system to enable real-time or batched of financial transactions.

Administrator
The individual(s) responsible for the maintenance of the , including issuing and importing certificates.

MTL
Layer (MTL)

PAN
Primary Number (PAN) is the number printed on the customers to reference the cardholder’s financial . This is typically the number.

Gateway
The Gateway provides a central point of contact/ switching with the for the software or devices. The Networks gateway provides advanced integrated , services (Mainframe, Mini, Windows, UNIX, OS400, Desktop/, PoS Terminals. Loyalty systems, etc.) and / customised solutions not offered by regional or global institutions.

An system for real-time charging of cards when a customer places an order. Normally requires a .

A common question from merchants is “Do we have to change banks to use gateways?”

The answer is NO!  - All you need to do is open a facility with one of the supported banks, Networks can ensure you open the correct one for your needs. The facility is then linked to a nominated for example: of New Zealand, ANZ, St George , NAB, Commonwealth, Westpac, of America, of Scotland, Barclay’s, of Queensland, etc. The is then transferred at the end of each day from your to your nominated .

“Pretty Good
A of program used to scramble .

Portal
A site that gathers together many sites under a common branding, for example, Yahoo and Excite.

Private key
The which permits information to be decoded in a public key system.

Public key
The which is used to send a secure message in a public key system.

Secure Certificate
A document that is used to certify that a user or organisation is who they say they are. They contain information about who it belongs to, who it was issued by, expiry date and information that can be used to check out the contents of the certificate. It is as an important part of the SSL system for establishing secure connections.


A computer that provides a service to other computers (known as clients) on a .

Shopping cart
A shopping cart is a piece of software that acts as an store’s catalogue and ordering process. Typically, a shopping cart is the between a company’s site and its deeper infrastructure, allowing consumers to select merchandise; review what they have selected; make necessary modifications or additions; and purchase the merchandise.

Shopping carts can be sold as independent pieces of software so companies can integrate them into their own unique solution, or they can be offered as a feature from a service that will create and host a company’s e- site.

Spam
The use of email or newsgroups to send unsolicited information.

SSL
Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the . SSL works by using a private key to encrypt that’s transferred over the SSL connection. Both Netscape Navigator and SSL, and many sites use the protocol to obtain confidential user information, such as numbers. By convention, URLs that require an SSL connection start with https: instead of http:.

Letting your customers know that you have SSL gives your site credibility and may encourage customers to deal with you in confidence.

A protocol used to protect information - typically used between the cardholder’s browser and the ’s webserver and throughout the process. 128bit SSL is typical used as a minimum level within the & Financial industries.

A Secure uses an SSL certificate. It is generally a piece of space that can only be dealt with by using SSL ensuring that transferred between the space and the browser is encrypted.

Static page
In site terms, static means pages that are not interactive. Because the site visitor does not have any control over the information provided, the pages and information do not change with each visit. There is not a two-way communication between the user (client) and the site () in a static page.

Uniform Resource Locator (URL)
An address.

page
A specific group of related files on the , which is usually viewed as a single document.

servers
At its core, a serves static content to a browser by loading a file from a hard disk and serving it across the to a user’s browser. This entire exchange is mediated by the browser and talking to each other using HTTP.

site
A collection of pages stored on a file .

No Comments »

Wordpress Dust-317 Theme Tweeks

May 10, 2008 in Wordpress

I recently had a couple of complaints in regards to the new Website. It turns out the site looks OK in but does not seem to work very well with .

I ran the W3C Validator located at http://validator.w3.org/

When executed against the site it found 11 errors. The files and fixes (highlighted in RED) are described below.

File: Header.

Error: required attribute “” not specified

< =”/ src=”<? (’template_directory’); ?>/js/.js”></>

< =”/ src=”<? (’template_directory’); ?>/js/sweetTitles.js”></>

I have also seen some other errors in Header., but they don´t seem to be a big problem.

Error: document does not allow element “li” here; missing one of “ul”, “ol”, “menu”, “dir” start-tag.

Update

I finally worked out what was going on…

It was the mod_rewrite (RewriteEngine) in the .htaccess file.

I´m running WPSuperCache, so I thought this may have caused some issues.

As it turned out it was the section of the .htaccess which was causing the problems. I probably modified it at some stage…

Another Problem Found and Fixed

I have been having problems when placing graphics into a posting, where although the WYSIWYG editor shows the correct layout, the below the image wraps around the graphic when the site is viewed.

After some looking around, I found a similar article written in relation to a different . As it turns out the fix for the -317 is the same.

Edit the -317 located in the -317 directory. Search for this line.

#content p img{float:left;border:none;margin-right:10px;margin-bottom:10px;}

Remove the float:left; for the above line, making it look like this.

#content p img{border:none;margin-right:10px;margin-bottom:10px;}

Thatś it… now the sits under the graphics OK.

No Comments »

Bluetooth - Security

Mar 24, 2008 in Bluetooth

Redirected from Bluetooth

Source

1
2 Wireless- History
3 Wireless- Technologies
4 - Introduction
5 - Advantages
6 - Applications
7 - Issues
7.1 The
7.2 The
7.3 The BLUEBUG
7.4
7.5 Warnibbling
8 Future of
9 See also:
10 Reference List

is a new that utilises waves as a way to communicate wirelessly between devices. It sets up that incorporate all of a persons devices into one system for both convergence and convenience.

Wireless- History

Many people put the invention of [wireless] down to Guglielmo Marconi, who in 1895 sent the first telegraph across the English Channel. Only twelve years later began being used in the public sphere. [Mathias, p.2] Up until then however, many wireless pioneers conducted trials across lakes where the used to transmit the signal was longer than the distance across the lake. [Brodsky, p. 3] After its introduction the main use of wireless was for military where its first use was for the Boer War. [Flichy, p. 103] The invention of ensured the feasibility of wireless technologies. [Morrow, p. 2] By the 1920s, had become a well-recognised mass medium. [Flichy, p. 111] From the 1980s until now, wireless have been through several stages, from 1G (analogue signal), 2G ( signal) and 3G (always on, faster rate). [Lightman and Rojas, p. 3] The history of is a much more recent one, with the first -enabled products coming into existence in 2000. Named after Harald Blatand the first, king of Denmark around twelve hundred years ago, who joined the Danish and Norwegian kingdoms, is founded on this same unifying principle of being able to unite the computer and telecommunication industr[ies]. [Ganguli, p. 5] In 1994 the Company began looking into the idea of replacing cables connecting accessories to and computers with wireless links, and this became the main inspiration behind . [Morrow, p. 10]

Wireless- Technologies

is not the only wireless currently being developed and utilised. Other wireless technologies, including 802.11b, otherwise known as Wi-Fi, Infrared Association (IrDA), Ultra- Wideband (UWB), and Home RF are being applied to similar technologies that use with mixed results. 802.11 is the most well known , excluding , and uses the same , meaning that they are not compatible as they cause interference with each other. 802.11 is being implemented into universities in the US, Japan and China, as well as food and beverage shops where they are being used to identify students and customers. Even airports have taken up the 802.11 , with airports all over America, and three of Americas most prominent airlines promoting the use of it. [Lightman and Rojas, p. 202-3] Infrared Association is extremely inferior to that of . Its limitations include only being able to communicate point-to-point, needing a line of sight, and it has a speed of fifty- six kilobytes per second, whereas is one megabyte per second. [Ganguli, p. 17] The Ultra- Wideband is superior to that of in that it can transmit at greater lengths (up to 70 metres), with only half of the power that uses. [Ganguli, p.17] HomeRF is a that is not very well known. It is used for and voice communication and targeted for the residential market segment and does not serve - class WLANs, public systems or fixed wireless . [Ganguli, p.17-18]

- Introduction

is a short- range device that replaces cables with low power waves to connect devices, whether they are portable or fixed. The device also uses hopping to ensure a secure, quality link, and it uses ad hoc networks, meaning that it connects peer-to-peer. It can be operated worldwide and without a because it uses the unlicensed Industrial- Scientific Medical (ISM) band for that varies with a change in location. [Ganguli, p. 25-6] The user has the choice of point-to-point or point-to-multipoint links whereby communication can be held between two devices, or up to eight. [Ganguli, p. 96] When devices are communicating with each other they are known as piconets, and each device is designated as a master unit or slave unit, usually depending on who initiates the connection. However, both devices have the potential to be either a master or a slave. [Swaminatha and Elden, p. 49]

- Advantages

There are many advantages to using wireless technologies including the use of a , the inexpensive cost of the device, replacing tedious cable connections, the low power use and implemented measures. The use of an unlicensed ensures that users do not need to gain a license in order to use it. Unlike Infrared which needs to have a line of sight in order to work, waves are omnidirectional and do not need a clear path. The device itself is relatively cheap and easy to use, one can be bought for around ten American dollars, and this price is currently decreasing. Compare this to the expensive cost of implementing hundreds of cables and wires into an office and there is no competition. Of course, this is the main reason for the take -up in -enabled devices; it does away with cables. Another of Bluetooths advantages is its low power use, ensuring that battery operated devices such as and personal assistants wont have their battery life drained with the use of it. This low power consumption also guarantees minimal interruption from other operated and wireless devices that operate at a higher power. has several enabled measures that ensures a level of and , including hopping, whereby the device changes sixteen hundred times per second. Also within the tools are and that guarantee little interference by unauthorised hackers. [Ganguli, p. 330] One of the best advantages of devices, especially the hands free device that connects to a mobile , is that it removes from the brain region. [Tsang, p.1]

- Applications

The applications that are in or current use for the include such areas as automotive, medical, industrial equipment, output equipment, -still cameras, computers, and systems. [Lightman and Rojas, p. 201] is an ad hoc user, and therefore it may be used for social networking, i.e. people can meet and share files or link their devices together to play games or other such activities. [Smyth, p. 70] Using , a mobile can become a three- way , where at home it connects to a landline for cheaper calls, on the move it acts as a mobile and when it comes in contact with another -enabled it acts as a walkie- talkie. This walkie- talkie option allows for free interaction and communication, as is not connected to any telecommunications . [Gupta, p.1] also allows automatic synchronization of your desktop, mobile computer, notebook and your mobile for the user to have all of their managed as one. [Gupta, p.1]

- Issues

has several which range in level of risk and how widespread the action is. These have the ability to provide criminals with sensitive information on both and personal levels. The only way to avoid such is for manufacturers, distributors, and consumers to be provided with more information on how they are committed, current activity and how to combat them. This information can be used on a level for manufacturers, it can be used by distributors at retail levels to teach consumers the risks and it can be used directly by consumers to be aware of the . The outcome of such research will allow end users of products to have an upper hand in this wireless warfare. is in early stages with regards to both the attackers, their techniques and consumers understanding of these attacks. Some research has been conducted into what the attackers are doing and how they do it. Adam Laurie of A.L Ltd