Welcome to part two of Exploring Buffer Overflows in C! If you have not taken the time to read the previous article I highly recommend doing so before going any further. In this post, I will be walking you through a simplified version of a buffer overflow exploit and will draw heavily on the vocabulary and theory discussed out in the last post. You can find Part One on Tallan’s Blog here. It also would be helpful to be familiar with hexadecimal numbers, which you can read about here. With that out of the way, let’s get to hacking.
Before We Begin
Before we can start we have to pick a target. Several methods exist to detect potential buffer overflows, ranging from manually reading the code to automated testing. Assuming you do have the source code of a program, searching for insecure…
Cybersecurity is one of the fastest evolving tech fields and the stakes are high. Mistakes can be in the order of millions of dollars. Computers have invaded all aspects of our everyday lives. Although this means I can access millions of cat pictures with the touch of a button, it is dangerous to assume that everyone using a computer is in it for the fuzzy felines. Credit cards, passwords, and social security numbers are moving across the internet just as quickly as cat pictures but with a lucrative black market. There is a lot to gain from a successful hack and hackers will be doing their best to break into the systems we rely on and use daily. Ranging from high-tech exploits such as 2018’s Spectre and Meltdown to low-tech exploits like phishing and social engineering, it is important for…
Let’s jump right back into the thick of this topic. In the first part of this blog series, we discussed why insurers should be empowering their customers to complain in fairly general terms. Check out the link to our Decision Maker’s Guide to Complaint Enablement for more background on this topic.
This post dives deeper into a few key metrics: retention rates, customer lifetime value, and quantity of feedback gathered. To do so, we’ll take a look at the financial impact of non-complainers. While you read, it may also be helpful to consider whether you are currently measuring or utilizing any data to achieve similar goals.
Before getting to specifics, here’s a quick recap of what was covered last time:
J.D. Power’s 2018 research tells us that the industry average score for providing a satisfying purchase experience is 839 out of 1,000.1
For most Microsoft IT professionals, migrating or updating a native mode SQL Server Reporting Services (SSRS) installation from one version to another is a rare, if not once-in-a-lifetime, event – and probably one you would prefer a root canal to. Because software upgrades of all types tend to get postponed as long as possible, if you find yourself finally tasked with such an upgrade, several unpleasant things are likely true:
The effort is in crisis mode, driven by software (SSRS, OS) going off support, hardware becoming unreliable, or a line-of-business application that must itself be upgraded but cannot be until SSRS is.
The current installation was not done by you and whomever did is long gone, so you are not that familiar with it and would frankly rather not be. SSRS is not your “thing”.
The current installation is poorly documented, if at…
Microsoft recently announced the end of support (EOS) for SQL and Windows 2008. What does that mean for you? Maybe nothing, but if your company is currently running either version you need to consider your options. There are two important dates to make note of – July 9th and January 14th. SQL Server 2008 support ends on July 9, 2019 and Windows Server 2008 support ends January 14, 2020. Option 1 is to migrate to Azure. When you’re ready to, you can modernize your applications. Option 2 is to continue to run on 2008 until support ends and then decide. We can help to weigh your options.
Are you ready to get started? We can help!
Here’s an interesting fact from a Forbes article published earlier this year, regarding end-consumers in the insurance industry:
“91% of non-complainers just leave”1
This tells us that there are two types of customers in the insurance world: complainers, and non-complainers. Among non-complainers, more than nine out of ten actively choose to take their business to another company. The insurer they leave behind must deal with the following consequences:
Loss of future revenue streams
Lack of insight into why the customer chose to leave in the first place
The significance these metrics have on bottom line revenue can’t be understated. These are customers that were already paying for a service – that had already gone through a decision-making process, chosen one insurer, and were so dismayed with some aspect of their service that they chose to begin this entire search process again.
But there’s a simple…
It’s taken a year for me to feel confident enough to even chime in, on a high level, about the products we’ve created, and the platforms we utilize. I can dabble in conversation about chatbots and Microsoft’s Cognitive Services. I understand now, more or less, what ‘the cloud’ is and its benefits. But, this is why teamwork makes the dream work, you know. My colleagues can build you a solution to any business challenge. Anything. You’ve got a problem, they’ll solve it.
But, now it’s my turn. I am going to express why what they can do matters.
You’ve all heard of Machine Learning. We partnered with RetailWire to produce a Webinar on ML for Retail back in April and that’s where my understanding really began to take shape. In a nutshell, Machine Learning can be set-up and do in minutes and…
SQL Server’s AlwaysOn technology (available since SQL Server 2012) provides high-availability and disaster-recovery database functionality which largely supplants mirroring and log-shipping – in fact, mirroring is now deprecated. Exactly what functionality is available and how robust it is, varies by release (2012+), edition (Standard versus Enterprise) and the physical infrastructure devoted to it. AlwaysOn is fairly easy to set up (though it requires cooperation from both Windows Server and networking admins) and, relative to the required effort, provides exceptional durability for SQL Server databases. AlwaysOn is not a complete OOTB durability solution and has significant gaps – e.g. it does not maintain SQL Server logins and roles synchronized across multiple servers – but it is an excellent start for the needs it caters to.
This post assumes the reader has at least a basic familiarity with SQL Server backups, as well…
Let’s say the Finance Department of a clothing retailer has some great reports that let them see all the sales across the United States; so great, in fact, that they want to share them with all Regional Managers so they can communicate about the hot spots in their region. The problem is the Regional Managers aren’t permitted to see data outside their region, and giving them access to these reports would allow them to filter to any region they wanted. We could create separate Datasets and reports filtered to the region for the manager that is given access to them, but that would be time-consuming, and a nightmare to maintain. Luckily, Power BI provides the ability to implement Row-Level Security (RLS).
So, what is RLS? Simply put, it controls a user’s access to each individual row of the Dataset. In…
The Microsoft Office Store contains a growing library of custom Power BI visualizations developed by Microsoft and the community. While Power BI offers built-in visualizations, custom visuals can be downloaded for free and are used to enhance the way you display your data within reports and dashboards. Tallan has now taken its Power BI expertise to the next level by contributing our very own custom visual. Introducing the ‘Calendar by Tallan’ Power BI Custom Visual!
When associating dates with data, the first real-world visual that comes to mind is a standard 12-month calendar. While other custom calendar visuals exist in the Office store, the offerings did not portray the dates in this familiar manner or display the range of data desired. Tallan’s Calendar visual enables you to view the aggregation of data across a range of dates in a standard calendar…