Purchase your Section 508 Compliance Support guide now!

Purchase your Section 508 Compliance Support guide now!

Gold

One hundred thirty-three analysts have projected gold will hit $2,500 an ounce - 90 of them say the precious metal will hit $5,000 - including the original gold bug, James Dines. Still others, like analyst Peter Schiff, are calling for $10,000 an ounce gold!



What does that mean for the average investor and should we take out our grandparents and Ludacris' gold fillings???

Sent wirelessly from my BlackBerry device on the Bell network.

Envoyé sans fil par mon terminal mobile BlackBerry sur le réseau de Bell.

Debit cards truth

Some debit card issuers offer no protection against fraud and theft.



What you may not know is that to reap those benefits, you may have to use the card with a signature instead of a PIN, says Linda Sherry, director of national priorities for Consumer Action, a national consumer education and advocacy group based in San Francisco.



Federal law limits personal liability for unauthorized transactions to $50 for credit cards, but offers more limited fraud protection for debit cards.



How to protect yourself: Find out if your bank offers theft and fraud protection. Get specific. Under what circumstances is it honored? How do you have to use the card? What's your timetable for reporting the loss?



"Most of these promises have limits and asterisks," says Ed Mierzwinski, consumer program director with U.S. Public Interest Research Groups.



As for disputed funds, some banks will put them back in your account, provisionally, while they investigate. Others will wait until their inquiries are completed.



"We still like to tell people if they're ordering things online or over the phone, they might want to use a credit card because they have superior charge-back protection," says Sherry. "When something goes wrong with a credit card, you're not out the money."

Sent wirelessly from my BlackBerry device on the Bell network.

Envoyé sans fil par mon terminal mobile BlackBerry sur le réseau de Bell.

Cognos Business Intelligence on the IBM Cloud

Technote (troubleshooting)


Problem(Abstract)

A serious security vulnerability (CVE-2010-4476) has been identified which can cause the Java Virtual Machine to enter an infinite loop. The issue exists in the Java class libraries and affects all products that use Java. This issue is described in more detail at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476

Environment

Cognos Business Intelligence on the IBM Cloud

Resolving the problem

To resolve this issue, it is necessary to update the JDKs (that are installed with IBM DB2 and IBM WebSphere Application Server) to an interim fix JDK level containing the fix for the issue.
Before you update your JDK on a production system, it is strongly recommended to:
Apply the patch in a test environment to verify that your product is working correctly
Make a backup before you apply any changes

For up-to-date information, please refer to the support website at:
http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html

The necessary interim fixes can be downloaded at:

JDK: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-sdk6&S_PKG=amd64_6sr9fp1&S_TACT=105AGX05&S_CMP=JDK

UpdateInstaller: ftp://public.dhe.ibm.com/software/websphere/appserv/support/tools/UpdateInstaller/7.0.x/LinuxAMD64/7.0.0.15-WS-UPDI-LinuxAMD64.tar.gz

WebSphere: ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM32173/7.0.0.0-WS-WASJavaSDK-LinuxX64-IFPM32173.pak

1) Stop the Cognos Service
    Logon as user “baadmin” on a GUI based environment (e.g. VNC via SSH tunnel).Stop the IBM Cognos service using the following command:sudo /sbin/service cognos10 stop
2) Upgrade the JRE used for IBM DB2 as follows:
    Install JDK 6 SR9The JDK 6 SR9 package is 64-bit AMD/Opteron/EM64T platform (ibm-java-x86_64-sdk-6.0-9.0.bin)Ensure execute permission is set on the installer file:chmod +x ibm-java-x86_64-sdk-6.0-9.0.binExecute the installer file:sudo ./ibm-java-x86_64-sdk-6.0-9.0.binFollow the on-screen instructions and choose the default location for install directory (/opt/ibm/java-x86_64-60).

Update database manager configuration
    Logon as user “db2inst1” (password is set to the same password as baadmin password selected by user during instance creation):su – db2inst1Verify existing JDK_PATH:db2 get dbm cfg | grep JDK_PATHNote: which should pointing to /home/db2inst1/sqllib/java/jdk64Update JDK_PATH:db2 update dbm cfg using JDK_PATH /opt/ibm/java-x86_64-60Verify existing JDK_PATH:db2 get dbm cfg | grep JDK_PATHNote: which should now pointing to /opt/ibm/java-x86_64-60


3) Upgrade the JRE used for IBM WebSphere and IBM HTTP Server
    Install latest version of UpdateInstallerThe IBM UpdateInstaller is 64-bit AMD/Intel platform (7.0.0.15-WS-UPDI-LinuxAMD64.tar.gz)Uncompress the downloaded file:tar -zxf 7.0.0.15-WS-UPDI-LinuxAMD64.tar.gzExecute the installer file:sudo ./UpdateInstaller/installFollow the on-screen instructions and select update an existing installation by selecting “/ opt/IBM/WebSphere/UpdateInstaller”.Once the installation is completed, select the "Launch IBM Update Installer..." option on the "Installation Complete" page to bring up the IBM Update Installer.Install WebSphere Application Server FixpackSelect “/opt/IBM/WebSphere/AppServer” in the production screen.Select “install maintenance package” in the maintenance operation screen.Select the fixpack location, which is the directory containing the fixpack file (7.0.0.0-WS-WASJavaSDK-LinuxX64-IFPM32173.pak)Ensure the fixpack is selected, and follow the on-screen instruction to complete the update.Repeat the above steps for IBM HTTPServer.

4) Start Cognos 10 Service
    Logon as user “baadmin” on a GUI based environment (e.g. VNC via SSH tunnel).Restart the IBM Cognos service using the following command:sudo /sbin/service cognos10 start

security vulnerability

Flash (Alert)


Abstract

Last updated on April 19, 2011.

This Security Alert addresses a serious security vulnerability (CVE-2010-4476) which can cause the Java Virtual Machine to enter an infinite loop. This issue is described in more detail at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476.

To find out about applying the JRE patch to Cognos Business Intelligence on the Cloud, go to http://www.ibm.com/support/docview.wss?uid=swg21470017.

To find out about applying the JRE patch to Cognos Business Intelligence Special Edition, go to https://www-304.ibm.com/support/docview.wss?uid=swg21497107.

To find out about applying the JRE patch to the Cognos Now! 4.6.0 appliance, go to http://www.ibm.com/support/docview.wss?uid=swg21473104.


Content

Products Affected
The issue exists in the Java class libraries and affects all products that use Java. IBM Cognos products that use Java include



Description
This vulnerability can cause the Java Runtime Environment (JRE) to hang, enter an infinite loop, or crash when converting "2.2250738585072012e-308" to a binary floating-point number. The result can be a denial of service exposure. This same problem can occur if the number is written without scientific notation (that is, using all of the 324 decimal places). Any Java program that uses the Double.parseDouble method is at risk of this vulnerability.


Solution
To prevent this vulnerability from affecting your product, you must apply a patch to your existing version of Java or install a version of Java that contains the fix.

If you do not require the fix, no action is necessary.

Before you update your JRE on a production system, it is strongly recommended to:
• Apply the patch in a test environment to verify that your product is working correctly
• Make a backup before you apply any changes

Linux or UNIX Installations
On Linux or UNIX, the JRE is not provided by Cognos as part of the product. The JRE used with Cognos is a separately installed component that is available from the operating system, application server or Java vendor.

To resolve the security vulnerability, you will need to patch or upgrade the JRE to a version that is recommended by the Operating System, Application Server or Java vendor. Ensure you stop the Cognos Services before applying the patch and restart the Cognos Services once the patch has been successfully applied.

The following table provides links to vendor-supplied details and solutions to this vulnerability:
IBMhttp://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html
HPhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXFPUPDATER
Oraclehttp://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html



Windows Installations

Typically, a JRE is packaged with the Windows versions of Cognos products. However, you may also use a version of Java that already existed on your system.

If you are using a JRE that already existed on the system, the solution is to update the JRE to a version that is recommended by the Operating System, Application Server or Java vendor.

If you are using the JRE version that is provided with your Cognos product, interim fixes are now available for several of the Cognos products. To determine if an interim Windows fix is available for your Cognos product as well as download and installation information, please follow the instructions at http://www.ibm.com/support/docview.wss?uid=swg24029220.

It is necessary to stop the Cognos services before applying the patch and then restart the Cognos Services once the patch has been successfully applied.

Cognos is continuing to develop interim fixes for the remaining affected products. These fixes will be made available as soon as possible.

If you cannot wait for the patch to become available from Cognos, you can also manually apply the patch to your JRE using the following steps.


Determine which version of JRE you are using
  1. In a command window, go to the cognos_location/bin/jre directory.
    If you are using a 64-bit installation, go to the cognos_location/bin64/jre directory.

  2. Type the following:
    java –version

    The resulting message will indicate whether you have an IBM or Sun version of JRE.

To apply a patch to an IBM version of JRE, do the following:
Go to the following Web page, and following the instructions provided: http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html

  1. Download the ParseDoubleTest.jar from the link above to verify if you need to apply the patch.

  2. Copy the ParseDoubleTest.jar file to the cognos_location/bin/jre directory.

  3. Open a command window in the location where you downloaded the file, and type the following:
    java –jar ParseDoubleTest.jar

    If the result is “Test Succeeded”, you do not have to apply the patch.

  4. If you have to apply the patch, download the appropriate patch file from http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html.

    For example, for JRE version 1.4 on Windows, download PM31983_FIX_1.jar.

  5. Download the Java Update Installer from the following location: http://www.ibm.com/developerworks/java/jdk/alerts/updateinstaller.html

    Unzip the UpdateInstallerforJava.zip.

  6. Ensure that you have the patch file and the unzipped Java Update Installer in the same location.

  7. In a command window, go to the location where you downloaded the patch file and the Java Update Installer, and enter the following command:

    java -jar JavaUpdateInstaller.jar -install [patch JAR file] [JAVA_HOME of target JDK]

    For example, for IBM Cognos products, the [JAVA_HOME of target JDK] is cognos_location/bin/jre/.

    If you are installing the update for JRE version 1.4 to a default IBM Cognos installation location, the command would look like the following:

    java -jar JavaUpdateInstaller.jar -install PM31983_FIX_1.jar C:/Program Files/IBM/cognos//bin/jre//bin


To apply a patch to a SUN version of JRE, do the following:
  1. Download the compressed file for Java SE Floating Point Updater Tool:
    http://www.oracle.com/technetwork/java/javase/downloads/index.html#fpupdater

  2. Uncompress the file, and then copy fpupdater.jar to cognos_location/bin/jre//bin.

    If you are using a 64-bit installation, copy fpupdater.jar to cognos_location/bin64/jre//bin.

  3. In a command window, go to the cognos_location/bin/jre//bin directory, and enter the following command:

    java -jar fpupdater.jar -u -v



Cross Reference information
Segment Product Component Platform Version Edition
Business AnalyticsCognos Business IntelligenceNot ApplicableAIX, HP-UX, HP Itanium, Linux, Solaris, Windows10.1, 8.4.1, 8.4, 8.3All Editions
Business AnalyticsCognos MobileNot ApplicableWindows10.1, 8.4.1, 8.4, 8.3All Editions
Business AnalyticsCognos Series 7Not ApplicableAIX, HP-UX on PA-RISC, Solaris, Windows7.5, 7.4All Editions
Business AnalyticsCognos Now!Not ApplicableAIX, HP-UX, Linux, Solaris, Windows4.6, 4.5All Editions
Business AnalyticsCognos ExpressNot ApplicableWindows9.0, 9.5All Editions
Business AnalyticsCognos Real-time MonitoringNot ApplicableAIX, HP-UX, Linux, Solaris, Windows10.1All Editions
Business AnalyticsCognos Business ViewpointNot ApplicableAIX, HP-UX on PA-RISC, HP Itanium, Linux, Solaris, Windows8.4.1, 8.4, 10.1All Editions
Business AnalyticsCognos 8 ControllerNot ApplicableWindows8.5.1, 8.5, 8.4, 8.3All Editions
Business AnalyticsCognos Executive ViewerNot ApplicableWindows9.5All Editions
Business AnalyticsCognos FinanceNot ApplicableWindows7.5, 7.4All Editions
Business AnalyticsCognos PlanningNot ApplicableWindows10.1, 8.4.1, 8.4, 8.3, 8.1All Editions
Business AnalyticsCognos TM1Not ApplicableAIX, Linux, Solaris, Windows9.5.1, 9.5, 9.4All Editions
Business AnalyticsCognos Analytic ApplicationsNot ApplicableAIX, HP-UX, Linux, Solaris, Windows8.4.2, 8.4.1, 8.4, 8.3All Editions
Business AnalyticsCognos 8 Workforce PerformanceNot ApplicableAIX, Solaris, Windows, HP-UX8.3, 8.2All Editions
Business AnalyticsCognos Consumer InsightNot ApplicableLinux1.1All Editions
Business AnalyticsCognos 8 Go!Not ApplicableWindows, AIX, HP-UX, Linux, Solaris8.4.1, 8.4, 8.3All Editions