Friday, October 26, 2012

2012: A Year in Review of Cyber Crime


The worst fear of many computer users is waking up one day only to find out they have had their bank
account emptied to the last penny and their identity stolen. The worst part about it is that this is exactly
what happens to thousands of Americans each week and to even more people worldwide.

The unfortunate fact is that 2012 was another year in which millions of people were affected by cyber
crime in some way, be it that they were simply recipients of fraudulent emails, infected by a virus or had financial property stolen from them.

In fact, there have already been two major cyber crimes that have affected hundreds of thousands of
people this year alone.

1. The Reveton Virus: Your Computer as Ransom

It is one thing to have your personal data and financial information held at ransom, but it is a completely
new thing to have your computer locked until you pay up.

That's exactly what the Reveton virus does. It locks renders your computer unable to be used until you
pay the malicious people behind it a certain amount of money.

The Reveton virus installs itself on a user's computer when the user opens an email attachment. Once
the attachment is opened, a bogus screen pops up and says that the user's computer has been disabled.
The only way to reactivate it is to pay a “fine” by using a prepaid card service that hackers use to scam
people out of their money.

There's another reason that this malware weighs in at the most dangerous of 2012, it often leaves other
malicious software on the user's computer, which can then steal the user's confidential information
even after he or she has paid the ransom.


Top 5 Kindle Fire HD Accessories


It was Apple's day yesterday, but today it's a bit easier to see things in a more neutral light. With that $329 price point, the $199 Android tablets like the Nexus 7 and Kindle Fire HD aren't too threatened - Apple have gone into the market with a premium product at a premium pricepoint, and the $199 line will continue for now. Indeed, for a product that is $130 cheaper the Fire HD is surprisingly competitive, with a higher resolution display better suited for video and game content as well as a rich books ecosystem that rivals Apple's.

Today we'll be considering this tablet and some of the best accessories that are available for it on the market - if you're trying to choose between this and an iPad Mini, does that mean you have $130 to spend on Kindle Fire accessories? It's not a bad plan... let's see what we can get for that sum!


5. Slimline Rotating Leather Style Stand Case

We'll start off with a Slimline Leather Style Case. This Kindle Fire HD case is relatively inexpensive and available in multiple colours to allow you to really express yourself beyond the bland black colour of the Fire HD. The case also includes a rotating stand that allows you to stand your Kindle Fire HD in portrait or landscape modes easily, making it perfect for playing games, watching films or browsing the web. All with that leather look and feel, but without the environmental impact of real leather.




Businesses Utilize Twitter to Hear Consumers


One of the most important aspects of any business is to know when the consumer needs a change in the products or services that are offered. When consumers talk about a service or product offered, it is vital that the business listens. There is no better way for a business to listen than through the use of social media options on the market. In particular, most businesses are finding a ton of success with the use of Twitter to listen to their consumers.

Why Twitter?

The reason so many businesses find Twitter to be the better social media site to use is because the
tweets are short and to the point. There are no huge paragraphs to read through in order to find out
what people liked and did not like. It is simple and to the point. When a business has followers on
Twitter, whether these are those who found the company or followers that the company utilized the
ability to Buy Twitter Followers, they are all going to give information that is needed with one simple
tweet.

Once a tweet has been posted, this opens up a huge discussion that invites other followers to join in for
their opinion. Through the information that is received in these informal sessions, a business can make
improvements which will affect how they run their business from here on out. And this could be the way in which the business beats the competition.

Thursday, October 18, 2012

Java : Read / Write Excel file (.xls or .xlsx) using Apache POI


We will see how we can read or write excel file (.xls or .xlsx) using Apache POI. To know more about Apache POI, click here.

You can download latest version of JAR files from http://poi.apache.org/download.html.

In our case we are using Apache POI 3.8. To run below example you will need to download poi-bin-3.8-20120326.zip file from http://poi.apache.org/download.html. You will get below JAR files, add those in your claspath.

  • dom4j-1.6.1.jar
  • xmlbeans-2.3.0.jar
  • poi-3.8-20120326.jar
  • poi-ooxml-3.8-20120326.jar
  • poi-ooxml-schemas-3.8-20120326.jar

Please see the self explanatory Java code.

Thursday, October 4, 2012

Why PreparedStatement is used to prevents SQL Injection?

What is a SQL Injection?

In simple language SQL injection is injecting malicious sql code into the application's sql that may help attacker to retrieve sensitive information like user name / passwords etc OR it can also be used by hackers for login without authentication.

For example, We have a human resource management system, where in employee logs in and can view his / her sensitive information like attendance, salary etc. To log on to system every employee requires username and password. Now suppose below function is used to do authentication.

private boolean isAuthenticate(String userName, String password) {

Statement stat = connection.createStatement();

String query = "SELECT 1 FROM EMPLOYEE WHERE USER_NAME  = '"+userName+"'  AND PASSWORD = '"+password+"';";

ResultSet rset = stat.executeQuery(query);

if (rset.next()) {
return true;
}
else {
return false;
}
}


if the above query fetches result then allow the user to enter into the system else don't allow. You might think that the above process is correct but it's not like that, the above function has a serious flaw. let's see how.