Thursday, August 21, 2008
Domain Price Hike
A dispute over the cost of internet domain names has spilled over into the US Congress, where allegations of monopolisation and unreasonable price hikes surfaced in a congressional hearing on Wednesday. The dispute arises out of a lawsuit settlement reached on 1 March in which the Internet Corporation for Assigned Names and Numbers (Icann) gave VeriSign the right to raise fees on dot-com domains by seven per cent annually. The settlement, approved by Icann's board by a 9-5 vote, ended a legal spat that started with VeriSign's controversial move to take control of all unassigned dot-com and dot-net domain names in 2003. Those guaranteed price hikes struck some members of the House of Representatives' Small Business Committee as unreasonable. Rep Sue Kelly, a New York Republican, said: "When you're talking about increased prices and you're allowed to do that at VeriSign, I don't know that's going to produce any better safety or security from anyone who's paying that additional cost. And I haven't heard anything today that tells me that would be the case." While Icann - which was created by the Clinton administration - makes most decisions about domains on its own, the March settlement needs to be approved by the US Commerce Department before it becomes final. That requirement has politicised the dispute, with registrars that sell dot-com domains and must pay the higher prices trying to gain ground in Washington against VeriSign, which has a far more muscular lobbying operation. During Wednesday's hearing, domain registrars attacked the deal as a way to let VeriSign milk consumers for the foreseeable future. WG Mitchell, CEO of Network Solutions (which split from VeriSign in 2003), said: "I have no objection to VeriSign continuing to run the dot-com registry. What I do have is an objection to it being done in a manner that gives a perpetual monopoly to a company with unregulated price increases." Mitchell estimated that consistent seven per cent price increases over that time period would eventually yield $1.3bn in new revenue for VeriSign - more than half of which would be paid by the estimated 10.5 million small businesses that use the internet. Icann and VeriSign have defended the deal, making arguments about internet security which have been echoed in letters sent to the Commerce Department by sympathetic politicians. The agreed-upon percentage increase means that the most dot-com fees would rise between now and 2012 is $1.86, given the current wholesale dot-com domain name rate of $6, Icann general counsel John Jeffrey said. Craig Goren, CEO of Clarity Consulting, a 50-person IT company based in Chicago, said: "If I had to give up the latte I bought this morning in order to ensure that reliability remains the same, I'd do it in a heartbeat." It's not clear what happens next. While Congress doesn't have the authority to block approval of the settlement unless new laws are enacted, even the threat of congressional action could spur the Bush administration to try to negotiate new concessions. What's more, other members of Congress have raised red flags about the proposed agreement. Rep Rick Boucher, a Virginia Democrat, urged the Bush administration in a letter earlier this year to examine the proposal carefully, saying it could have "serious anti-competitive implications". He also asked the House Energy and Commerce Committee to launch a formal investigation. In responses to members of Congress, the Bush administration has expressed tentative support of the settlement. John Kneuer, a Commerce Department acting assistant secretary, said "the resolution of long-standing and costly litigation would be a positive step". Kneuer added, though, that the Commerce Department is "in consultation" with the Justice Department's antitrust division.
Thursday, August 14, 2008
SQL Injection Alert
This information was in general interest by QualISpace to clients with reference to SQL Injection. QualiSpace received reports of SQL Injection Hacks from a few clients with websites hosted on network.
Following are suggestive Measures by QualiSpace:
Update your database usernames to have strong passwords. Make sure that you are using the most current version of the software that is available, if your website makes use of commercial software. Try to avoid QueryString based navigation of database driven sites, where ever possible. Strictly restrict any and all file upload functions that may be present on your site, so that only desired file extensions (i.e. .jpg, .pdf) can be uploaded.
It is not a usual phenomenon for ANY site hosted with QualiSpace to be hacked. As a general tendency it is assumed that it took place due to some server vulnerability or security failing on the part of QualiSpace; however, So far, the source of these reported hacks has been found to be within the website application coding / database setup itself. Therefore we are sending out this notice in order to bring this concern to light.
As per the analysis the problem in a couple of cases turned out to be poor password strength for database users. In some cases it was the application error that revealed the database username and password within the error message for all to see. In some unfortunate cases the hack was due to a poorly implemented file upload feature that allowed a hack script to be uploaded. The hacks took place due to Classic SQL Injection as well.
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. An SQL Injection Hack is when a website's application(s) and/or form(s) are not properly coded to prevent executable SQL statements from being submitted directly to the database.
It is highly advisable for everyone to educate themselves, and then correct this problem on their own site(s) before they become victims. The solution to the problem is to follow the Best Security Practices as underlined in the following URLS:http://msdn.microsoft.com/en-us/library/ms161953.aspxhttp://msdn.microsoft.com/en-us/library/bb671351.aspx
For verifying your web site for the vulnerability visit: http://support.microsoft.com/kb/954476
QualiSpace considers the security of network of servers and hosted services to be our highest priority. SQL Injection Hacks are closely connected with the coding and setup of each website instead with the server upon which the site is hosted.
Following are suggestive Measures by QualiSpace:
Update your database usernames to have strong passwords. Make sure that you are using the most current version of the software that is available, if your website makes use of commercial software. Try to avoid QueryString based navigation of database driven sites, where ever possible. Strictly restrict any and all file upload functions that may be present on your site, so that only desired file extensions (i.e. .jpg, .pdf) can be uploaded.
It is not a usual phenomenon for ANY site hosted with QualiSpace to be hacked. As a general tendency it is assumed that it took place due to some server vulnerability or security failing on the part of QualiSpace; however, So far, the source of these reported hacks has been found to be within the website application coding / database setup itself. Therefore we are sending out this notice in order to bring this concern to light.
As per the analysis the problem in a couple of cases turned out to be poor password strength for database users. In some cases it was the application error that revealed the database username and password within the error message for all to see. In some unfortunate cases the hack was due to a poorly implemented file upload feature that allowed a hack script to be uploaded. The hacks took place due to Classic SQL Injection as well.
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. An SQL Injection Hack is when a website's application(s) and/or form(s) are not properly coded to prevent executable SQL statements from being submitted directly to the database.
It is highly advisable for everyone to educate themselves, and then correct this problem on their own site(s) before they become victims. The solution to the problem is to follow the Best Security Practices as underlined in the following URLS:http://msdn.microsoft.com/en-us/library/ms161953.aspxhttp://msdn.microsoft.com/en-us/library/bb671351.aspx
For verifying your web site for the vulnerability visit: http://support.microsoft.com/kb/954476
QualiSpace considers the security of network of servers and hosted services to be our highest priority. SQL Injection Hacks are closely connected with the coding and setup of each website instead with the server upon which the site is hosted.
Wednesday, August 6, 2008
QualiSpace Announces Virtual Private Servers Promo!
On Wednesday August 6th 2008, QualiSpace, a leading ICANN Accredited domain name registrar and hosting company announced Virtual Private Servers Promotional Offer for all new as well existing Customers and Resellers. All the clients can avail the benefits of Dedicated Server at a fraction of its cost.Powered by Parallels Virtual Private Servers and its integrated migration tools, clients now have an efficient way to maximize their serving resources while nearly removing the risk of downtime. Clients who begin on a Virtual Private Server may later upgrade to a Dedicated Server without the hassle of reinstalling their operating system or changing ip addresses.
Promotional offer for Virtual Private Servers will make it cost effective and flexible for service providers to integrate Virtual Private Servers into their portfolios, resulting in provision of wide range services for their end customers at competitive prices.
"All I could say is, head start with little, upgrade as required and when a dedicated server becomes indispensable, sit back, relax have a cup of coffee while your VPS gets a hardware enhancement without even lifting a finger. Parallels provides us with the ideal software solution to make this contribution possible", said Ashish Shah, CEO.
Unlike virtual machines and hypervisors, Virtuozzo addresses the challenges of operating system sprawl faced by today's data centers. Its unique architecture and management tools make Parallels the ideal solution for provisioning, monitoring and managing virtualized server resources. About QualiSpace:QualiSpace (www.qualispace.com) was established in the year 2001, with the sole aim to provide world class web services to its customers. Based in India and with an independent data center in Columbus, Ohio, QualiSpace is a premier provider of Dedicated Servers, Shared Hosting and Domain Name Registration. The company has been able to add to its client list due to its emphasis on support and services. QualiSpace is backed by a dedicated team of technical experts providing customer service 24x7.
Promotional offer for Virtual Private Servers will make it cost effective and flexible for service providers to integrate Virtual Private Servers into their portfolios, resulting in provision of wide range services for their end customers at competitive prices.
"All I could say is, head start with little, upgrade as required and when a dedicated server becomes indispensable, sit back, relax have a cup of coffee while your VPS gets a hardware enhancement without even lifting a finger. Parallels provides us with the ideal software solution to make this contribution possible", said Ashish Shah, CEO.
Unlike virtual machines and hypervisors, Virtuozzo addresses the challenges of operating system sprawl faced by today's data centers. Its unique architecture and management tools make Parallels the ideal solution for provisioning, monitoring and managing virtualized server resources. About QualiSpace:QualiSpace (www.qualispace.com) was established in the year 2001, with the sole aim to provide world class web services to its customers. Based in India and with an independent data center in Columbus, Ohio, QualiSpace is a premier provider of Dedicated Servers, Shared Hosting and Domain Name Registration. The company has been able to add to its client list due to its emphasis on support and services. QualiSpace is backed by a dedicated team of technical experts providing customer service 24x7.
Subscribe to:
Posts (Atom)
