The Information Systems and Computer Applications examination covers material that is usually taught in an introductory college-level business information systems course.

Archive for April 16, 2017

Shoney’s Hit By Apparent Credit Card Breach

Krebs on Security

It’s Friday, which means it’s time for another episode of “Which Restaurant Chain Got Hacked?” Multiple sources in the financial industry say they’ve traced a pattern of fraud on customer cards indicating that the latest victim may be Shoney’s, a 70-year-old restaurant chain that operates primarily in the southern United States.

Image: Thomas Hawk, Flickr.

Shoney’s did not respond to multiple requests for comment left with the company and its outside public relations firm over the past two weeks.

Based in Nashville, Tenn., the privately-held restaurant chain includes approximately 150 company-owned and franchised locations in 17 states from Maryland to Florida in the east, and from Missouri to Texas in the West — with the northernmost location being in Ohio, according to the company’s Wikipedia page.

Sources in the financial industry say they’ve received confidential alerts from the credit card associations about suspected breaches at dozens of those locations, although it remains unclear whether the problem is limited to those locations or if it extends company-wide. Those same sources say the affected locations were thought to have been breached between December 2016 and early March 2017.

It’s also unclear whether the apparent breach affects corporate-owned or franchised stores — or both. In last year’s card breach involving hundreds of Wendy’s restaurants, only franchised locations were thought to have been impacted. In the case of the intrusion at Arby’s, on the other hand, only corporate stores were affected.

The vast majority of the breaches involving restaurant and hospitality chains over the past few years have been tied to point-of-sale devices that were remotely hacked and seeded with card-stealing malicious software.

Once the attackers have their malware loaded onto the point-of-sale devices, they can remotely capture data from each card swiped at that cash register. Thieves can then sell the data to crooks who specialize in encoding the stolen data onto any card with a magnetic stripe, and using the cards to buy gift cards and high-priced goods from big-box stores like Target and Best Buy.

Many retailers are now moving to install card readers that can handle transactions from more secure chip-based credit and debit cards, which are far more expensive for thieves to clone. Malware that makes it onto point-of-sale devices capable of processing chip card transactions can still intercept data from a customer’s chip-enabled card, but that information cannot later be used to create a cloned physical copy of the card.

Character selectivity

Oracle Scratchpad

A recent OTN posting asked how the optimizer dealt with “like” predicates for character types quoting the DDL and a query that I had published some time ago in a presentation I had done with Kyle Hailey. I thought that I had already given a detailed answer somewhere on my blog (or even in the presentation) but found that I couldn’t track down the necessary working, so here’s a repeat of the question and a full explanation of the working.

The query is very simple, and the optimizer’s arithmetic takes an “obvious” strategy in the arithmetic. Here’s the sample query, with the equiavalent query that we can use to do the calculation:

select * from t1 where alpha_06 like 'mm%';

select * from t1 where alpha_06 >= 'mm' and alpha_06 < 'mn';

Ignoring the possible pain of the EBCDIC character set and multi-byte national-language character sets with “strange” collation orders, it should be reasonably easy to see that ‘mn’ is the first string in alphabetical order that fails to match ‘mm%’. With that thought in mind we can apply the standard arithmetic for range-based predicates assuming, to stick with the easy example, that there are no histograms involved. For a range closed at one end and and open at the other the selectivity is:

( ( 'mn' - 'mm') / (high_value - low_value) ) + 1/num_distinct

The tricky bits, of course, are how you subtract ‘mm’ from ‘mn’ and how you use the values stored in the low_value and high_value columns of view user_tab_cols. So let’s generate the orginal data set and see where we go (running on 12c, and eliminating redundant bits from the original presentation):

rem     Script:         selectivity_like_char.sql
rem     Author:         Jonathan Lewis
rem     Dated:          Sep 2013

execute dbms_random.seed(0)

create table t1 nologging as
with generator as (
        select rownum id
        from dual
        connect by rownum <= 1000
        cast(dbms_random.string('l',6) as char(6))      alpha_06
        rownum <= 1e6 -- > comment to avoid WordPress formatting issue

execute dbms_stats.gather_table_stats(user,'t1',method_opt=>'for all columns size 1')

column low_value  format a32
column high_value format a32

        table_name = 'T1'
order by

select min(alpha_06), max(alpha_06) from t1;

set autotrace traceonly explain

        alpha_06 like 'mm%'

set autotrace off

It will probably take a couple of minutes to generate the data – it’s 1M random strings, lower-case, 6 characters fixed – and will take up about 12MB of space. Here are the results from the stats and min/max queries, with the execution plan for the query we are testing:

-------------------- ------------ ---------- -------------------------- --------------------------
ALPHA_06                  1000000    .000001 616161616E72               7A7A7A78747A

------ ------
aaaanr zzzxtz

Execution Plan
Plan hash value: 3617692013

| Id  | Operation         | Name | Rows  | Bytes | Cost (%CPU)| Time     |
|   0 | SELECT STATEMENT  |      |   157 |  1099 |   265  (20)| 00:00:01 |
|*  1 |  TABLE ACCESS FULL| T1   |   157 |  1099 |   265  (20)| 00:00:01 |

Predicate Information (identified by operation id):
   1 - filter("ALPHA_06" LIKE 'mm%')

Given that there are power(26,6) = 308,915,776 different combinations available for lower-case strings of 6 charactgers it’s not too surprising that Oracle generated 1M different strings, nor is it particularly surprising that the lowest value string started with ‘aaa’ and the highest with ‘zzz’.

So how do we get 157 as the cardinality for the query or, to put it another way, how do we get 0.000157 as the selectivity of the predicate. We need to refer to a note I wrote a few years ago to help us on our way (with a little caveat due to a change that appeared in – what number would Oracle use to represent ‘mm’ and the other three strings we need to work with ?

According to the rules supplied (and adjusted in later versions) we have to:

  1. pad the strings with ASCII nulls (zeros) up to 15 bytes
  2. treat the results as a hexadecimal number and convert to decimal
  3. round off the last 21 decimal digits

We can model this in SQL with a statement like:

SQL> column dec_value format 999,999,999,999,999,999,999,999,999,999,999,999
SQL> select round(to_number(utl_raw.cast_to_raw(rpad('aaaanr',15,chr(0))),'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'),-21) dec_val from dual;


1 row selected.

As an alternative, or possibly a cross-check, I created a table with a varchar2(6) column, inserted the four values I was interested in and created a histogram of 4 buckets on the column (there’s a suitable little demo at this URL) and got the following endpoint values:

ENDPOINT_NUMBER                                   ENDPOINT_VALUE
--------------- ------------------------------------------------
              1  505,627,904,294,763,000,000,000,000,000,000,000
              2  568,171,140,227,094,000,000,000,000,000,000,000
              3  568,191,422,636,698,000,000,000,000,000,000,000
              4  635,944,373,827,734,000,000,000,000,000,000,000

Once we’ve got these numbers we can slot them into the standard formula (not forgetting the 1/1,000,000 for the closed end of the predicate) – and to save typing I’m going to factor out 10^21 across the board in the division:

Selectivity = (568,191,422,636,698 – 568,171,140,227,094) / (635,944,373,827,734 – 505,627,904,294,763) + 1/1,000,000

Selectivity = 20,282,409,604 / 130,316,469,532,971 + 1/1,000,000

Selectivity = 0.00015564 + 0.000001 = 0.00015664

From which the cardinality = (selectivity * num_rows) = 156.64, which rounds up to 157. Q.E.D.

Black Bird Cleaner, una herramienta ligera para limpiar y optimizar Windows

No es la primera vez que en Genbeta hablamos sobre programas para optimizar el sistema operativo. En otras ocasiones ya hemos hablado sobre las bondades de software como System Ninja en el caso de Windows, o Stacer en el de Linux. Hoy vamos a hablar de Black Bird Cleaner, una herramienta de limpieza y optimización para Windows que hasta ahora había pasado desapercibida para nosotros.

El programa se puede descargar y usar gratuitamente, si bien hay una versión de pago. En este sentido, no se diferencia mucho de otras soluciones similares. Lo que sí es interesante es el poco espacio de disco que ocupa, apenas un megabyte.

La herramienta cuenta con una interfaz simple que organiza sus funciones en distintas pestañas, que pasamos a enumerar y a explicar brevemente a continuación:

  • Cleaning. En esta pestaña podrás limpiar las distintas cachés de tu sistema operativo, así como archivos temporales y ficheros residuales. Vale la pena señalar que puede detectar y limpiar la “basura” de hasta 50 navegadores.
  • PC Optimization. Aquí se listan algunos ajustes básicos, como liberar memoria RAM, optimizar el sistema de archivos o acelerar el apagado del PC, así como buscar archivos de instalación que tengas guardados en el PC.
  • Disk Analyzer. Con esta función se busca en todos los discos duros del ordenador los archivos más grandes, que se pueden eliminar haciendo clic con el botón derecho encima del archivo en cuestión.
  • Service Manager. Se trata de una función similar a la pestaña “Servicios” del Administrador de Tareas, si bien es más limitada que la nativa de Windows y, si no se maneja con cuidado, puede “romper” la instalación o estropear el arranque del sistema operativo.
  • System Information. En esta perstaña veremos una serie de detalles ordenados acerca de nuestro ordenador. Contiene un montón de datos que se pueden consultar, si bien para usuarios finales muchos de ellos no serán seguramente de utilidad. Ahora bien, para usuarios con un perfil mucho más técnico seguramente sí serán de ayuda.

Por las pruebas que hemos podido realizar, el programa es poderoso teniendo en cuenta su tamaño. Está muy bien que intente ir más allá que otras herramientas con las que compite, así como que cuente con ciertos ajustes que pueden resultar de utilidad a todos los usuarios.

Ahora bien, dentro de todo esto hay una parte negativa: en algunos puntos un usuario final puede perderse si decide ir más allá de realizar una limpieza del disco duro. No se trata de un programa para todo el mundo, y si te animas a probarlo te recomendamos que procedas con mucho cuidado. Como ya dijimos antes, quizá los usuarios con un perfil más técnico se sientan más cómodos con él.

Más información | Black Bird Cleaner
En Genbeta | Siete herramientas gratis para borrar de forma segura tus discos duros HDD o SSD

También te recomendamos

¿Qué pasa si tengo el cortafuegos de Windows desactivado?

Cómo cambiar el aspecto del puntero del mouse en Windows 10

7 trucos rápidos para cuidarte el rostro (sin dejarte la piel ni el presupuesto)

La noticia Black Bird Cleaner, una herramienta ligera para limpiar y optimizar Windows fue publicada originalmente en Genbeta por Sergio Agudo .