"The Banter" A Quarterly Newsletter: Vol. 4, 3rd Quarter :: July 2008

New This Quarter At Intersoft! Changes to the CAN-SPAM ACT For Email Marketing The Newly Redesigned xSellit Storefronts Just Released! Tech Tips: SQL Injections. What it means for your website. Our Clients in the Spotlight: SafeBaby Breast Milk Tracking Make Me Laugh Intersoft Jobs: Sales Positions Wanted New This Quarter At Intersoft! We are pleased to announce a new premium spam filtering service, SecureTideTM, from our partners at AppRiver, a leader in Spam & Virus elimination. SecureTideTM, is a fully managed email protection service, eliminating up to 99% of unwanted email before it even reaches you! It is a powerful and flexible service that enables you to manage, control and protect your email. There is no hardware or software to install and we offer a Free 30 Day trial! To learn more about SecureTideTM and to sign up for the service please contact Sales at 1.888.WEB.7228 (888.932.7228). Back to Top Changes to the CAN-SPAM ACT For Email Marketing In May of this year, the Federal Trade Commission approved new rule provisions under the CAN-SPAM Act of 2003. The new provisions are as follows: An e-mail recipient cannot be required to pay a fee or provide other information other than their email address to opt out of a mailing list. The opt out must be simple and either be an emailed reply requesting to opt out or a simple web page. The definition of "sender" was modified to make it easier to identify which party in the email is responsible for meeting the requirements of the CAN-SPAM Act if more than one party is involved such as if a party is advertising in an email. A "sender" of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations as their valid mailing address on the email message. A definition of the term "person" was added to clarify that CAN-SPAM's obligations are not limited to actual people. Some other topics addressed were the time to process Opt Out's are to be kept at 10 days. "Forward to a Friend" types of emails & websites were acceptable and if the company offers something of value to send the message, then the company needs to honor the CAN-SPAM requirements. To view the full details of the CAN-SPAM Act please visit the Federal Trade Commissions website at, http://ftc.gov/opa/2008/05/canspam.shtm Back to Top The Newly Redesigned xSellit Storefronts Just Released! This quarter we've released the newly redesigned xSellit Storefront's. This new version includes many new features to the Startup & Professional packages to make it easier to sell online and manage your storefront! The new Enterprise package now has the capability of creating an entire custom Storefront without the high cost of custom development. Some new features include, a newly redesigned shopping navigation; the ability to easily list products in multiple categories; integrated UPS Shipping; alternate payment methods; Gift Wrapping & Messaging capabilities; Sale Items; automatically updated RSS Feeds & Google Sitemaps, great for Search Engine Optimization! A Sort By feature was added which allows sorting of Product Listings by Price, Alphabetically & by Popularity. Product Filtering capabilities are now available to allow for filtering of Product Listings by any Product Option such as Size, Color & Scent! New Cross Selling & Related Item tools allow you to feature other products on a Product's More Information page that you'd think your customer would like, which is a great way for up-selling! A newly redesigned Administration Area now offers a Control Panel for ease of use and quick links to the most widely used portions of the site! To get your newly redesigned xSellit Storefront or to upgrade your existing Storefront, contact us at 1.888.WEB.7228! www.goxsellit.com Back to Top Tech Tips: SQL Injections. What It Means For Your Website. By Jessica Sudo There are many types of SQL Injections out there. The older types of injections found exploits in Microsoft Windows Servers & Microsoft SQL Server. These injections needed direct access to these servers in order to be performed. Since these exploits have been patched a new breed of SQL Injections have arrived. During, the beginning of the first quarter of 2008 (roughly around March) a new exploit has been discovered. This exploit does not rely on unpatched or open holes on Web Servers or Database Servers, like it's previous cousins, but now exploits vulnerabilities in Web Site Applications such as your website. Hackers (mostly coming from China) are using what is called "Malbots". These malbots are automatic programs that utilize Search Engines to find websites with .asp?, .aspx? pages. Once found, the malbots will trigger a SQL Command directly into the browser's Address bar to execute an insert of text into your records in your database and can even delete entire database tables within seconds! Currently, this exploit has been tame and has not caused too much destruction (as to delete entire database tables). This injection is currently adding a script tag to database text fields so that once an end user hits the website it will open a hidden iframe which secretly directs the end user's browser to a .js file. While the contents of these javascript files vary and are hard to decipher (since they are written in Chinese), they all attempt to exploit vulnerabilities on end user's computers, which include already patched Microsoft vulnerabilities and vulnerable ActiveX Controls. Any website that uses a database can potentially be exploited by the new breed of SQL Injections. MS SQL, Oracle, Access & MySQL databases can all be exploited to be hacked. It just depends on the type of SQL commands that are sent to the database. All website development languages also can be exploited such as, ASP, ASP.NET & PHP. So, at this point, no website can be considered safe unless the developed code strictly prohibits the use of such SQL commands from the Address bar and even user inputted fields such as Billing Information on a website's checkout process. Since this new vulnerability has just recently been exploited, all Intersoft's customers that are using a database are subject to this exploit. It is highly recommend that customers contact your Sales Representatives for a website update at 1.888.WEB.7228. If you have tech question that you would like us to write about email us at techtips@intersoftgroup.com. Back to Top Our Clients in the Spotlight: SafeBaby Breast Milk Tracking Website: http://www.safebabybmt.com NeoMed, the company that offers the first comprehensive safety system for Enternal feeding, now offers a system that helps you manage the identification, storage, and feeding of breast milk in the NICU/PICU. Partnering with Paragon Data Systems, experts in automatic identification systems, they have developed a system using bar code technology. Back to Top Make Me Laugh We will feature a new comic every quarter that'll be sure to make you laugh! Back to Top Intersoft Jobs: Sales Positions Wanted Intersoft is looking for qualified Sales Applicants to join our Group! If you know of anyone looking for a Sales position that you feel would be a good fit with our company please have them check out our job description at: http://www.intersoftgroup.com/jobs/jobs.aspx All qualified sales applicants can email their resume to: jobs@intersoftgroup.com Back to Top