Here is your RollingDigital eMerchant Newsletter
Home Admin Panel Affiliates Panel Members Panel Demo Site Support RollingOrder
 
Useful Links
Web Resource Directory
Copyright Search
Patent Search
Trademark Search
 
Security
FREE Security Testing
LAN-Guard
Ad-Aware
 
Webmasters
Broadband
Speed Testing
Clip Art
ColorSchemer
Gif-Cruncher
 
Premium
Search Engines
and Directories
About
Alexa
All the Web
AOL
Claymont
EntireWeb
Google
Inter-Change
iWon
Jayde
LookSeek
Lycos
MSN
NationalDirectory
Netscape
NetSearch
REX
Search It
Searchalot
SurfGopher
TrueSearch
WalHello
What-U-Seek
 
Specialty Search Engines
Submit your site FREE to over 900
Search Engines, Directories and Link Pages
February 23, 2005 - Vol. 3.2
"RollingDigital Trots-Out It's Heightened Security Version 3.1 Upgrade"
Increased security for our eCommerce Transaction Processing System


Danbury, CT — It has only been a month since RollingDigital™ announced the debut of Version 3.0 of their online transaction processing and precision performance marketing software. This was a major upgrade over prior versions (for details about 3.0 see previous newsletter). Following closely on the heals of this achievement they proudly trotted-out Version 3.1 today. So what's all the fuss about, you ask?

"3.1 is essentially a performance and security upgrade," said Walt Runkis, the company's Chief Executive and software designer. "It brings our transaction processing platform into the world of Object Oriented Programming (OOP), and makes it completely compliant with both the VISA Cardholder Information Security Program (CISP) standards, and the PHP Security Consortium (PSC) guidelines."

Every page of information, every input form, every database table, every piece of sensitive personal data, and every aspect of the platform's functionality are now serviced by a library of Object Oriented Classes. Chief among them are the new Gatekeeper and Cipher classes, which protect the entire system from from all known forms of cyber attack. "Over the past few months," Walt chuckles, "I had to go to 'Hacker's School,' so to speak, in order to acquire the skills I needed to analyze and improve our crucial security standards. Then we carefully took the system apart, and using the CISP and PSC security guidelines as a roadmap, rewrote the code to accommodate every suggested security measure." Walt also lamented, "It's sad, in a way, that nearly all the improvements that went into building Version 3.1 are invisible to our eMerchants and users. It would be great if Gatekeeper could be personified, like they did in the movie, "Tron," so people could see what a thing of beauty it truly is."

More information about 3.1's capabilities appear below.

Our New Home
Our family eMerchants are now located in our new data center. Several have already reported faster load times and snappier operations. One feature we implemented since the move was to set-up a server-level email protection program for spam filtering and antivirus protection using SpamAssassin and Dr. Web. By default, everyone's email accounts were set to scan all incoming mail for virus and to mark potential spam with an announcement header. That's great, but you can train it to be even better. One of the features many have found valuable was to delete the spam instead of marking it. Walt used to receive between 200 and 300 pieces of spam every day. He set SpamAssassin to delete all emails that appeared 4 times and now he only has about 10 to 15 pieces downloaded. The rest just disappear. The only problem he reports, now, is he no longer gets 50 daily reminders about where to buy discount Viagra. Now there's a problem!

* New addresses. Now that your eCommerce website is located on our new server you can start using a wide variety of additional reports and features. All of this can be accessed from the following control panels:

   -- http://control.rollingbank.net     (your Plesk Website Control Panel)

   -- http://admin.rollingbank.net      (your eMerchant Administrator Control Panel)

   -- http://affiliates.rollingbank.net  (your Affiliate's Control Panel)

   -- http://members.rollingbank.net   (your Customer/Member's Control Panel)
  
The best way to get started is to go to your eMerchant Administrator Control Panel and click on the "eMerchant Welcome Page" link.

* Important Policy Changes. Starting this March, we will no longer provide free web hosting to eMerchants who DO NOT process an average of at least $5,000 in online sales each month. Accounts that have monthly sales of less than $5,000 will be charged $19.95 per month for hosting. These charges will be billed to your credit card. Please be sure you have a valid credit card number entered in your personal information file. To administer your personal information in your eMerchant Administrator Control Panel, click on "Manage My eMerchant Account" in the "My Merchant Agreements and Reports" section. If paying by credit card is unacceptable, you can pay by check for a year's hosting service in advance. Contact Walt if you want to pay annually by check.

Potential Security Attacks Safeguarded by our Version 3.1 Upgrade
We can't reveal how our system works, but for those of you who are interested in the details of such matters, some of the more serious security threats that 3.1 protects against are listed below.

* Spoofing. This is an attack that endangers the privacy of Internet users and the integrity of their data. Web spoofing allows an attacker to create a "shadow copy" of a website. Once the shadow copy is up and running, all access to a website is funneled through the attacker's server, allowing the attacker to monitor all user activities including the sending and receiving of passwords and account numbers that users enter. The attacker can also cause false or misleading data to be sent to Web servers in the victim's name, or to the victim in the name of any Web server. A victim's email may also be spoofed causing false emails to be sent in the victim's name. In short, the attacker observes and controls everything a victim does on the Web.

* SQL Database Injection. Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL database commands to expose hidden data, or to override valuable ones, or even to execute dangerous system level commands on the database host. This is accomplished by the application taking user input and combining it with static parameters to build a SQL query.

* Error Reporting. Standard attack tactics involve profiling a system by feeding it improper data, and checking for the kinds, and contexts of the errors that are returned. This allows the cracker to probe for information and determine possible weaknesses. For example, if an attacker gleans information about a page based on a prior form submission, he/she may attempt to override or modify variables, or to .

* Poisoning or Capturing User Submitted Data. One of the ways crackers can exploit a website to commit identity fraud is to download a website and alter its code. Combine this practice with the Spoofing techniques discussed above, and you have a powerful means to create fraud and havoc. Using these techniques an attacker can steal or corrupt data, or insert code blocks to spy on legitimate user's activities, destroy data integrity, or crash the server.

* General information. The upgrades mentioned above only mention the more important changes. There are many more—some were cosmetic—but there were also a large number of upgrades that make the system stronger, safer, more fault tolerant, more efficient, and easier to use. Most of these are "under the hood," so to speak, and may not be immediately visible. Version 3.1 has been thoroughly tested, but as always, if you find a bug please fill out a trouble ticket at: http://support.rollingdigital.com.

For more information about RollingDigital:

RollingDigital™ was founded in 2001 with the mission of “Building Tomorrow’s Information Paradigm.” To this end, we have developed a group of information technologies (patents pending) which make it possible and practical to create the “global content economy” we call Content-Mogul™. RollingOrder™, RollingBank™ and TravelingMultimedia™ are wholly owned subsidiaries of RollingDigital, LLC. They were built to facilitate a wide range of online and wireless financial trans-actions. Our online transaction processing platform is a complete order-entry system that is fully integrated with a precision performance marketing engine that runs on a redundant, ultra-secure, ecommerce platform. State-of-the-art security is maintained by using an integrated set of near-military grade data encryption protocols and industry-accepted security compliance standards.

For more information contact:

Walt Runkis
Voice: +1 203.445.9975
walt@rollingdigital.com

www.rollingdigital.com
www.rollingorder.com
www.contentmogul.com
Funding for RollingDigital was provided by Scibios, LLC www.scibios.com.
Author: Walt Runkis - walt.rollingdigital.com
Copyright © 2005 RollingDigital, All rights reserved

This newsletter is being sent to RollingOrder eCommerce Merchants and friends.
To be removed from the RollingDigital eMerchant Newsletter Click Here followed by "Send."