One hundred thirty-three analysts have projected gold will hit $2,500 an ounce - 90 of them say the precious metal will hit $5,000 - including the original gold bug, James Dines. Still others, like analyst Peter Schiff, are calling for $10,000 an ounce gold!
What does that mean for the average investor and should we take out our grandparents and Ludacris' gold fillings???
Sent wirelessly from my BlackBerry device on the Bell network.
Envoyé sans fil par mon terminal mobile BlackBerry sur le réseau de Bell.
Debit cards truth
Some debit card issuers offer no protection against fraud and theft.
What you may not know is that to reap those benefits, you may have to use the card with a signature instead of a PIN, says Linda Sherry, director of national priorities for Consumer Action, a national consumer education and advocacy group based in San Francisco.
Federal law limits personal liability for unauthorized transactions to $50 for credit cards, but offers more limited fraud protection for debit cards.
How to protect yourself: Find out if your bank offers theft and fraud protection. Get specific. Under what circumstances is it honored? How do you have to use the card? What's your timetable for reporting the loss?
"Most of these promises have limits and asterisks," says Ed Mierzwinski, consumer program director with U.S. Public Interest Research Groups.
As for disputed funds, some banks will put them back in your account, provisionally, while they investigate. Others will wait until their inquiries are completed.
"We still like to tell people if they're ordering things online or over the phone, they might want to use a credit card because they have superior charge-back protection," says Sherry. "When something goes wrong with a credit card, you're not out the money."
Sent wirelessly from my BlackBerry device on the Bell network.
Envoyé sans fil par mon terminal mobile BlackBerry sur le réseau de Bell.
What you may not know is that to reap those benefits, you may have to use the card with a signature instead of a PIN, says Linda Sherry, director of national priorities for Consumer Action, a national consumer education and advocacy group based in San Francisco.
Federal law limits personal liability for unauthorized transactions to $50 for credit cards, but offers more limited fraud protection for debit cards.
How to protect yourself: Find out if your bank offers theft and fraud protection. Get specific. Under what circumstances is it honored? How do you have to use the card? What's your timetable for reporting the loss?
"Most of these promises have limits and asterisks," says Ed Mierzwinski, consumer program director with U.S. Public Interest Research Groups.
As for disputed funds, some banks will put them back in your account, provisionally, while they investigate. Others will wait until their inquiries are completed.
"We still like to tell people if they're ordering things online or over the phone, they might want to use a credit card because they have superior charge-back protection," says Sherry. "When something goes wrong with a credit card, you're not out the money."
Sent wirelessly from my BlackBerry device on the Bell network.
Envoyé sans fil par mon terminal mobile BlackBerry sur le réseau de Bell.
Cognos Business Intelligence on the IBM Cloud
Technote (troubleshooting)
Problem(Abstract)
A serious security vulnerability (CVE-2010-4476) has been identified which can cause the Java Virtual Machine to enter an infinite loop. The issue exists in the Java class libraries and affects all products that use Java. This issue is described in more detail at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476Environment
Cognos Business Intelligence on the IBM Cloud
Resolving the problem
To resolve this issue, it is necessary to update the JDKs (that are installed with IBM DB2 and IBM WebSphere Application Server) to an interim fix JDK level containing the fix for the issue.
Before you update your JDK on a production system, it is strongly recommended to:
Apply the patch in a test environment to verify that your product is working correctly
Make a backup before you apply any changes
For up-to-date information, please refer to the support website at:
http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html
The necessary interim fixes can be downloaded at:
JDK: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-sdk6&S_PKG=amd64_6sr9fp1&S_TACT=105AGX05&S_CMP=JDK
UpdateInstaller: ftp://public.dhe.ibm.com/software/websphere/appserv/support/tools/UpdateInstaller/7.0.x/LinuxAMD64/7.0.0.15-WS-UPDI-LinuxAMD64.tar.gz
WebSphere: ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM32173/7.0.0.0-WS-WASJavaSDK-LinuxX64-IFPM32173.pak
1) Stop the Cognos Service
Update database manager configuration
3) Upgrade the JRE used for IBM WebSphere and IBM HTTP Server
4) Start Cognos 10 Service
Before you update your JDK on a production system, it is strongly recommended to:
Apply the patch in a test environment to verify that your product is working correctly
Make a backup before you apply any changes
For up-to-date information, please refer to the support website at:
http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html
The necessary interim fixes can be downloaded at:
JDK: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-sdk6&S_PKG=amd64_6sr9fp1&S_TACT=105AGX05&S_CMP=JDK
UpdateInstaller: ftp://public.dhe.ibm.com/software/websphere/appserv/support/tools/UpdateInstaller/7.0.x/LinuxAMD64/7.0.0.15-WS-UPDI-LinuxAMD64.tar.gz
WebSphere: ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM32173/7.0.0.0-WS-WASJavaSDK-LinuxX64-IFPM32173.pak
1) Stop the Cognos Service
- Logon as user “baadmin” on a GUI based environment (e.g. VNC via SSH tunnel).Stop the IBM Cognos service using the following command:sudo /sbin/service cognos10 stop
- Install JDK 6 SR9The JDK 6 SR9 package is 64-bit AMD/Opteron/EM64T platform (ibm-java-x86_64-sdk-6.0-9.0.bin)Ensure execute permission is set on the installer file:chmod +x ibm-java-x86_64-sdk-6.0-9.0.binExecute the installer file:sudo ./ibm-java-x86_64-sdk-6.0-9.0.binFollow the on-screen instructions and choose the default location for install directory (/opt/ibm/java-x86_64-60).
Update database manager configuration
- Logon as user “db2inst1” (password is set to the same password as baadmin password selected by user during instance creation):su – db2inst1Verify existing JDK_PATH:db2 get dbm cfg | grep JDK_PATHNote: which should pointing to /home/db2inst1/sqllib/java/jdk64Update JDK_PATH:db2 update dbm cfg using JDK_PATH /opt/ibm/java-x86_64-60Verify existing JDK_PATH:db2 get dbm cfg | grep JDK_PATHNote: which should now pointing to /opt/ibm/java-x86_64-60
3) Upgrade the JRE used for IBM WebSphere and IBM HTTP Server
- Install latest version of UpdateInstallerThe IBM UpdateInstaller is 64-bit AMD/Intel platform (7.0.0.15-WS-UPDI-LinuxAMD64.tar.gz)Uncompress the downloaded file:tar -zxf 7.0.0.15-WS-UPDI-LinuxAMD64.tar.gzExecute the installer file:sudo ./UpdateInstaller/installFollow the on-screen instructions and select update an existing installation by selecting “/ opt/IBM/WebSphere/UpdateInstaller”.Once the installation is completed, select the "Launch IBM Update Installer..." option on the "Installation Complete" page to bring up the IBM Update Installer.Install WebSphere Application Server FixpackSelect “/opt/IBM/WebSphere/AppServer” in the production screen.Select “install maintenance package” in the maintenance operation screen.Select the fixpack location, which is the directory containing the fixpack file (7.0.0.0-WS-WASJavaSDK-LinuxX64-IFPM32173.pak)Ensure the fixpack is selected, and follow the on-screen instruction to complete the update.Repeat the above steps for IBM HTTPServer.
4) Start Cognos 10 Service
- Logon as user “baadmin” on a GUI based environment (e.g. VNC via SSH tunnel).Restart the IBM Cognos service using the following command:sudo /sbin/service cognos10 start
security vulnerability
Flash (Alert)
Abstract
Last updated on April 19, 2011.This Security Alert addresses a serious security vulnerability (CVE-2010-4476) which can cause the Java Virtual Machine to enter an infinite loop. This issue is described in more detail at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476.
To find out about applying the JRE patch to Cognos Business Intelligence on the Cloud, go to http://www.ibm.com/support/docview.wss?uid=swg21470017.
To find out about applying the JRE patch to Cognos Business Intelligence Special Edition, go to https://www-304.ibm.com/support/docview.wss?uid=swg21497107.
To find out about applying the JRE patch to the Cognos Now! 4.6.0 appliance, go to http://www.ibm.com/support/docview.wss?uid=swg21473104.
Content
Products Affected
The issue exists in the Java class libraries and affects all products that use Java. IBM Cognos products that use Java include
Description
This vulnerability can cause the Java Runtime Environment (JRE) to hang, enter an infinite loop, or crash when converting "2.2250738585072012e-308" to a binary floating-point number. The result can be a denial of service exposure. This same problem can occur if the number is written without scientific notation (that is, using all of the 324 decimal places). Any Java program that uses the Double.parseDouble method is at risk of this vulnerability.
Solution
To prevent this vulnerability from affecting your product, you must apply a patch to your existing version of Java or install a version of Java that contains the fix.
If you do not require the fix, no action is necessary.
Before you update your JRE on a production system, it is strongly recommended to:
• Apply the patch in a test environment to verify that your product is working correctly
• Make a backup before you apply any changes
Linux or UNIX Installations
On Linux or UNIX, the JRE is not provided by Cognos as part of the product. The JRE used with Cognos is a separately installed component that is available from the operating system, application server or Java vendor.
To resolve the security vulnerability, you will need to patch or upgrade the JRE to a version that is recommended by the Operating System, Application Server or Java vendor. Ensure you stop the Cognos Services before applying the patch and restart the Cognos Services once the patch has been successfully applied.
The following table provides links to vendor-supplied details and solutions to this vulnerability:
Windows Installations
Typically, a JRE is packaged with the Windows versions of Cognos products. However, you may also use a version of Java that already existed on your system.
If you are using a JRE that already existed on the system, the solution is to update the JRE to a version that is recommended by the Operating System, Application Server or Java vendor.
If you are using the JRE version that is provided with your Cognos product, interim fixes are now available for several of the Cognos products. To determine if an interim Windows fix is available for your Cognos product as well as download and installation information, please follow the instructions at http://www.ibm.com/support/docview.wss?uid=swg24029220.
It is necessary to stop the Cognos services before applying the patch and then restart the Cognos Services once the patch has been successfully applied.
Cognos is continuing to develop interim fixes for the remaining affected products. These fixes will be made available as soon as possible.
If you cannot wait for the patch to become available from Cognos, you can also manually apply the patch to your JRE using the following steps.
Determine which version of JRE you are using
To apply a patch to an IBM version of JRE, do the following:
Go to the following Web page, and following the instructions provided: http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html
To apply a patch to a SUN version of JRE, do the following:
The issue exists in the Java class libraries and affects all products that use Java. IBM Cognos products that use Java include
- Business Intelligence products:
□ Cognos Business Intelligence* versions 10.1, 8.4.1, 8.4.0, 8.3.0
□ Cognos Business Intelligence Developer Edition versions 10.1, 8.4.1
□ Cognos Business Intelligence Starter Edition versions 10.1, 8.4.1
□ Cognos PowerPlay versions 10.1, 8.4.1, 8.4.0, 7.5.0, 7.4.x,
□ Cognos Mobile versions 10.1, 8.4.1, 8.3.1, 8.3.0
□ Cognos Now! versions 4.6
□ Cognos DecisionStream version 7.1.4
□ Cognos Impromptu Web Reports versions 7.5, 7.4.x
□ Cognos NoticeCast versions 7.5, 7.4.x
□ Cognos Web Services versions 7.5, 7.4.x
□ Cognos Visualizer versions 7.5, 7.4.x
□ Cognos Query version 7.4.x
□ Cognos Express versions 9.5.0, 9.0.0
□ IBM Smart Analytics System Business Intelligence Module (all versions)
* Cognos Business Intelligence includes all BI components such as Reporting, Analysis, Data Manager, Virtual View Manager, Go! Search.
- Financial Performance Management products:
□ Cognos Business Viewpoint versions 10.1, 8.4.1, 8.4.0
□ Cognos Controller versions 8.5.1, 8.5.0, 8.4.0, 8.3.0
□ Cognos Finance versions 7.5.0, 7.4.x
□ Cognos Metrics versions 10.1, 8.4.1, 8.4.0, 8.3.0
□ Cognos Planning versions 10.1, 8.4.1, 8.4.0, 8.3.0, 8.1.x
□ Cognos TM1 versions 9.5.1, 9.5.0, 9.4.1, 9.4.0 - Analytic Applications products:
□ Cognos Banking Risk Performance - Credit Risk versions 8.4.2, 8.4.0
□ Cognos Customer Performance Sales Analytics versions 8.4.2, 8.4.1, 8.4.0
□ Cognos Financial Performance Analytics (AP, AR & GL) versions 8.4.2, 8.4.1, 8.4.0
□ Cognos Supply Chain Performance Procurement Analytics versions 8.4.2, 8.4.1, 8.4.0
□ Cognos Workforce Performance versions 8.4.2, 8.4.1, 8.4.0, 8.3.0, 8.2.0, 8.1.x
□ Cognos Consumer Insight version 1.1.0
Description
This vulnerability can cause the Java Runtime Environment (JRE) to hang, enter an infinite loop, or crash when converting "2.2250738585072012e-308" to a binary floating-point number. The result can be a denial of service exposure. This same problem can occur if the number is written without scientific notation (that is, using all of the 324 decimal places). Any Java program that uses the Double.parseDouble method is at risk of this vulnerability.
Solution
To prevent this vulnerability from affecting your product, you must apply a patch to your existing version of Java or install a version of Java that contains the fix.
If you do not require the fix, no action is necessary.
Before you update your JRE on a production system, it is strongly recommended to:
• Apply the patch in a test environment to verify that your product is working correctly
• Make a backup before you apply any changes
Linux or UNIX Installations
On Linux or UNIX, the JRE is not provided by Cognos as part of the product. The JRE used with Cognos is a separately installed component that is available from the operating system, application server or Java vendor.
To resolve the security vulnerability, you will need to patch or upgrade the JRE to a version that is recommended by the Operating System, Application Server or Java vendor. Ensure you stop the Cognos Services before applying the patch and restart the Cognos Services once the patch has been successfully applied.
The following table provides links to vendor-supplied details and solutions to this vulnerability:
Windows Installations
Typically, a JRE is packaged with the Windows versions of Cognos products. However, you may also use a version of Java that already existed on your system.
If you are using a JRE that already existed on the system, the solution is to update the JRE to a version that is recommended by the Operating System, Application Server or Java vendor.
If you are using the JRE version that is provided with your Cognos product, interim fixes are now available for several of the Cognos products. To determine if an interim Windows fix is available for your Cognos product as well as download and installation information, please follow the instructions at http://www.ibm.com/support/docview.wss?uid=swg24029220.
It is necessary to stop the Cognos services before applying the patch and then restart the Cognos Services once the patch has been successfully applied.
Cognos is continuing to develop interim fixes for the remaining affected products. These fixes will be made available as soon as possible.
If you cannot wait for the patch to become available from Cognos, you can also manually apply the patch to your JRE using the following steps.
Determine which version of JRE you are using
- In a command window, go to the cognos_location/bin/jre directory.
If you are using a 64-bit installation, go to the cognos_location/bin64/jre directory. - Type the following:
java –version
The resulting message will indicate whether you have an IBM or Sun version of JRE.
To apply a patch to an IBM version of JRE, do the following:
Go to the following Web page, and following the instructions provided: http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html
- Download the ParseDoubleTest.jar from the link above to verify if you need to apply the patch.
- Copy the ParseDoubleTest.jar file to the cognos_location/bin/jre directory.
- Open a command window in the location where you downloaded the file, and type the following:
java –jar ParseDoubleTest.jar
If the result is “Test Succeeded”, you do not have to apply the patch. - If you have to apply the patch, download the appropriate patch file from http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html.
For example, for JRE version 1.4 on Windows, download PM31983_FIX_1.jar. - Download the Java Update Installer from the following location: http://www.ibm.com/developerworks/java/jdk/alerts/updateinstaller.html
Unzip the UpdateInstallerforJava.zip. - Ensure that you have the patch file and the unzipped Java Update Installer in the same location.
- In a command window, go to the location where you downloaded the patch file and the Java Update Installer, and enter the following command:
java -jar JavaUpdateInstaller.jar -install [patch JAR file] [JAVA_HOME of target JDK]
For example, for IBM Cognos products, the [JAVA_HOME of target JDK] is cognos_location/bin/jre/.
If you are installing the update for JRE version 1.4 to a default IBM Cognos installation location, the command would look like the following:
java -jar JavaUpdateInstaller.jar -install PM31983_FIX_1.jar C:/Program Files/IBM/cognos//bin/jre/ /bin
To apply a patch to a SUN version of JRE, do the following:
- Download the compressed file for Java SE Floating Point Updater Tool:
http://www.oracle.com/technetwork/java/javase/downloads/index.html#fpupdater - Uncompress the file, and then copy fpupdater.jar to cognos_location/bin/jre/
/bin.
If you are using a 64-bit installation, copy fpupdater.jar to cognos_location/bin64/jre//bin. - In a command window, go to the cognos_location/bin/jre/
/bin directory, and enter the following command:
java -jar fpupdater.jar -u -v
| Segment | Product | Component | Platform | Version | Edition |
|---|---|---|---|---|---|
| Business Analytics | Cognos Business Intelligence | Not Applicable | AIX, HP-UX, HP Itanium, Linux, Solaris, Windows | 10.1, 8.4.1, 8.4, 8.3 | All Editions |
| Business Analytics | Cognos Mobile | Not Applicable | Windows | 10.1, 8.4.1, 8.4, 8.3 | All Editions |
| Business Analytics | Cognos Series 7 | Not Applicable | AIX, HP-UX on PA-RISC, Solaris, Windows | 7.5, 7.4 | All Editions |
| Business Analytics | Cognos Now! | Not Applicable | AIX, HP-UX, Linux, Solaris, Windows | 4.6, 4.5 | All Editions |
| Business Analytics | Cognos Express | Not Applicable | Windows | 9.0, 9.5 | All Editions |
| Business Analytics | Cognos Real-time Monitoring | Not Applicable | AIX, HP-UX, Linux, Solaris, Windows | 10.1 | All Editions |
| Business Analytics | Cognos Business Viewpoint | Not Applicable | AIX, HP-UX on PA-RISC, HP Itanium, Linux, Solaris, Windows | 8.4.1, 8.4, 10.1 | All Editions |
| Business Analytics | Cognos 8 Controller | Not Applicable | Windows | 8.5.1, 8.5, 8.4, 8.3 | All Editions |
| Business Analytics | Cognos Executive Viewer | Not Applicable | Windows | 9.5 | All Editions |
| Business Analytics | Cognos Finance | Not Applicable | Windows | 7.5, 7.4 | All Editions |
| Business Analytics | Cognos Planning | Not Applicable | Windows | 10.1, 8.4.1, 8.4, 8.3, 8.1 | All Editions |
| Business Analytics | Cognos TM1 | Not Applicable | AIX, Linux, Solaris, Windows | 9.5.1, 9.5, 9.4 | All Editions |
| Business Analytics | Cognos Analytic Applications | Not Applicable | AIX, HP-UX, Linux, Solaris, Windows | 8.4.2, 8.4.1, 8.4, 8.3 | All Editions |
| Business Analytics | Cognos 8 Workforce Performance | Not Applicable | AIX, Solaris, Windows, HP-UX | 8.3, 8.2 | All Editions |
| Business Analytics | Cognos Consumer Insight | Not Applicable | Linux | 1.1 | All Editions |
| Business Analytics | Cognos 8 Go! | Not Applicable | Windows, AIX, HP-UX, Linux, Solaris | 8.4.1, 8.4, 8.3 | All Editions |
Subscribe to:
Posts (Atom)