Law - Responsibility to Protect Essay Example | Topics and Well Written Essays - 3000 words

Law - Responsibility to Protect - Essay Example During this occasion, all member states agreed to be held accountable for crimes against humanity such as mass killings, genocide, and ethnic cleansing. The principle of R2P is anchored on the responsibility of the state to protect its population from large-scale man-made atrocities. When the state is either incapable of or unwilling to fulfil this obligation, then the responsibility passes to the international community. The latter should first explore diplomatic persuasion and other similarly peaceful avenues to avert or arrest the catastrophe. Should these means fail, then the use of coercive force is justified in order to intervene in the interest of the oppressed population (America, 2009). Since the launching of R2P, there have been instances where countries were clearly remiss in the observance of this accountability. There had been mass killings and other widespread violation of human rights, which in turn led to a decimation of a large number of the population in Bosnia, Cam bodia, Darfur, Kosovo, and in the eastern portion of the Democratic Republic of Congo (America, 2009). There have likewise been fresh initiatives in the implementation of R2P. In January 2009, the Global Civil Society Coalition on the Responsibility to Protect was launched. ... Human Rights (UDHR), which was adopted and proclaimed on December 10, 1948 by the UN General Assembly, is the founding document of the international law of human rights (Renee Cronin-Furman, 2010); the UDHR is in turn founded on the principle that â€Å"the protection of human rights knows no international boundaries† (Buergenthal, 1997:704), and therefore an obligation exists for any and all members of the international community to ascertain that governments guarantee their protection over their people. A conceptual conflict exists between the doctrine of state sovereignty and non-intervention and the doctrine of human intervention. Classical political realism stresses the dominance of the sovereign state as the principal actor by which rights are created and given effect, and human relationships regulated. Humanitarian intervention, on the other hand, is a relatively new concept, a product of normative discourse because it infuses values into the appreciation of the human c ondition, and espouses certain norms held to be morally right over that which is morally wrong. The doctrine of state sovereignty is firmly embodied as policy in the UN Charter; in contrast, the Charter made no mention of the right of humanitarian intervention in any of its provisions, although humanitarian intervention likewise poses a challenge to state sovereignty. However, despite the lack of any explicit acknowledgement of the doctrine, the Security Council had always incorporated the implicit right to intervene, even with the use of military force, for humanitarian reasons in its decision-making, such as the resolutions it adopted in the case of Korea in 1950 and the Congo in 1962. The rationale of the concept is well elucidated by Thakur (2003) when he wrote: â€Å"Intervention for human

The Brand Effect Assignment Example | Topics and Well Written Essays - 750 words

The Brand Effect - Assignment Example All these factors must have congruence or compatibility in order for them to work towards the success of the business. There are five dimensions to a framework of a particular brand. These are sincerity, excitement, competence, sophistication and ruggedness (Achouri, Bouslama 2010). The consumer is then able to feel confident about a particular product that meets these qualities. This is because he or she can connect emotionally with the product as well. They will therefore, have to rely on brand equity in order to establish the consumer personality of the product produced by a given company (Punyatoya 2011). According to (Fetscherin, Heinrich 2014), there are four quadrants that determine the attachment of a consumer to a product. In the first, the product is highly functional but a small emotional connection to the consumer. In such a case, the customer invests in the brand functionally. It is not price sensitive. The second quadrant has consumers who have both a high functional and emotional connection to the product. The third quadrant has consumers who both low functional and emotional connections to a product. This means that they are not necessarily loyal to a particular brand. In the fourth quadrant, there are consumers who have a low functional but high connection to the product emotionally. This means that the brand does not possess all the qualities consumer is searching for, but they just use it as it emotionally compensates for missing factors. These factors are studied for a business-marketing manager to come up with the appropriate marketing skills. (Punyatoya 2011) Illustrates that a little investment product will require a strong endorser to attract the attention of customers and convince them more effectively to accept the brand. On the other hand, a high involvement product simply requires a strong argument in order to get a hold of the

Sql Injection Attacks Pose Computer Science Essay

Sql Injection Attacks Pose Computer Science Essay In recent years, SQL injection attacks pose a common and serious security threat to web applications: they allow attackers to obtain unrestricted access to the database underlying the applications and to the potentially sensitive information these database contain, and it is becoming significantly more popular amongst hackers. According to recent data, between Q1 2012 and Q2 2012, there has been an estimated 69 percent increase of this attack type. [1][2] As you can imagine, a hacker gaining administrator access to your server means that you will have effectively lost all of the data on that server to the invader. Worse yet there is now a beachhead behind your firewall from which attacks on other server and services can now be made. In this way SQL injection can provide access to all company or personal data. In the web environment, end -user privacy is one of the most controversial legal issues, therefore, all types of SQL injections which are dangerous for the components of the web application must be prevented. This article introduces the SQL injection in the first section then provides some techniques for defecting and preventing this kind of attack in the second section. Section 1: Introduction of SQL injection attack SQL injection is an attack technique which can be used by the attacker to exploit the web application; as a result the attacker may gain unauthorized access to a database or to retrieve information directly from the database. Attacker can exploit SQL injection vulnerabilities remotely without any database or application authentication. SQL injection attackers are straightforward in nature an attacker just passes malicious string as an input to an application for stealing confidential information. There are four main kinds of SQL Injection attacks [3]: SQL manipulation, Code injection, Function call injection and Buffer overflows. SQL manipulating usually involves modifying the SQL query through altering the WHERE clause. In this class of attack, amend the WHERE clause of the statement so the WHERE clause constantly results in TRUE [4]. In the case of code injection an attacker introduces new SQL statements into the input field instead of valid input. The classic code or statement appends a SQL server command to make SQL statement vulnerable. Code injection only works when multiple SQL statements per database request are supported or keywords like AND, OR are supported by the database. Function call injection is the addition of database functions or user defined functions into a vulnerable SQL queries. These function calls can be used to make internal calls or modify data in the database that can be harmful to the users. SQL injection of buffer overflows is a subset of function call injection. In several commercial and open-source databases, vulnerabilities exist in a few database functions that may result in a buffer overflow. Once an attacker realizes that a system is vulnerable to SQL injection, he is able to execute any SQL command including DROP TABLE to the database; hence the attack must be prevented. Protection Methods for SQL Injection attacks: To build secure applications, security and privacy must be carefully considered, and developer must be aware about it. The main goals of information security are Confidentiality, Integrity and availability. A single unprotected query can be harmful for the application, data, or database server; hence the SQL injection must be prevented. SQL injection attacks can be protected with simple changes in server site programming as well as client side programming. Developers must be aware of all types of attacks and take care for all possible attacks. Developers should authenticate user input against rules; ensure users with the permission to access the database have the least privileges; also do not leak any critical info in error log files. Taking user input from predefined choices: In this way the web application can be secured from malicious attacks. The attacker cannot insert custom queries or any type of harmful script which can disturb the integrity of the database. This is a simple yet effective way to curb web application attacks. This can be established by making simple changes into the server site code. Bind variables mechanism: Bind variable is another technique to control SQL injection attacks. Using bind variables helps in improving web application performance. The web application developer should use bind variables in all SQL statements. In Java language there is a mechanism called prepared statement, this implements the concept of bind variables mechanism. Input validation: This is the simplest method for defense against SQL injection attacks. User input should always be treated with care and there a number of reasons to validate all of the user input before further processing. Every passed string parameter ought to be validated. Many web applications use hidden fields and other techniques, which also must be validated. If a bind variable is not being used, special database characters must be removed or escaped. In most databases the single quote character and other special characters are a big issue, the simplest method to avoid them is to escape all single quotes. This can be established by using client side scripting language. Validation code can help to avoid wasting server resources by restricting requests that would not return useful results and they can provide much more helpful messages to the user than a SQL error message or empty result set would likely provide. Also, they can help stop SQL injection by rejecting, outright, any forms of input that could be used to perform a SQL injection. With the benefits that validation can bring, it is generally wise to validate all user input, even when fully parameterized database calls and uses and uses an account with limited permissions. Use only stored procedures The greatest value for using stored procedures in preventing SQL injection is that the DBA can set permissions for the application account so that its only way to interact with the SQL server is through stored procedures. This would mean that most SQL injection attacks would fail due to lack of permissions even if the calling program did not parameterize. This of course still leaves open the possibility of SQL injection working through dynamic SQL inside the stored procedures, but the stored procedures can be given an execute as clause which limits their permission to only those needed by the procedure. It is generally easier to verify that all stored procedures are written to guard against SQL injection then it is to check every place where the application interacts with SQL server. Limit permission The most important thing is that we should never user admin rights for web based application. The safe way is to give the user as little rights as possible in other word user rights should allow him to do only what is necessary and nothing more. If the account does not have permission to drop a table, then it will not be dropped even if the command is slipped to SQL server. Similarly, if the account has only read access, although the attack my have right to gain some information, he/she will be not able to modify or destroy the data, which is frequently worse. Even the read permission should be strictly limited by database, to limit which tables can be viewed. And if the application only needs selected columns from a table, then read permission on the view can be granted rather than the full table. Conceal error messages: Injection attacks often depend on the attacker at least some information about the database schema. [4] One common way for hackers to spot code vulnerable to SQL injection is by using the developers own tools against them. For example, to simplify debugging of failed SQL queries, many developers echo the failed query and the database error to the log files and terminate the script. In this case, error messages are useful to an attacker because they give additional information about the database that might not otherwise be available. It is often thought of as being helpful for the application to return an error message to the user if something goes wrong so that if the problem persists they have some useful information to tell the technical support team. Hence, the generated error becomes a literal guideline to devising more tricky queries. For example, applications will often have some code that looks like this: try { } catch (Exception exception) { MessageBox.Show(log on failed, exception.Message); } A better solution that does not compromise security would be to display a generic error message that simply states an error has occurred with a unique ID. The unique ID means nothing to the user, but it will be logged along with the actual error diagnostics on the server which the technical support team has access to. The code above would change to something like this instead: try { } catch (Exception exception) { int id = GetIdFromException(exception); MessageBox.Show(log on failed, id.ToString()); } Code review: Code review can be incredibly difficult to implement, especially in a team of old-timers who are not used to it. But once done, it will not only decrease the number of defects in your code, it will also increase the collaboration and help team building, improve brotherhood amongst developers and will propagate best practices and improvement of skill across an entire team or department. Use automated test tools: Even if developers follow the coding rules and do their best to avoid dynamic queries with unsafe user input, we still need to have a procedure to confirm this compliance. There are automated test tools to check for SQL injections and there is no excuse for not using them to check all the code of your database applications. To make a summary: Encrypt sensitive data Access the database using an account with the least privileges necessary Install the database using an account with the least privileges necessary Ensure that data is valid Do a code review to check for the possibility of second-order attacks Use parameterized queries Use stored procedures Re-validate data in stored procedures Ensure that error messages give nothing away about the internal architecture of the application or the database Conclusion SQL injection is one of the more common and more effective forms of attack on a system. Controlling the malicious SQL code/script on the web application and maintaining the end privacy is still a key challenge for the web developer. These issues must be considered seriously by the web developers involved in developing websites using databases.

Essay --

1.0 Introduction 1.1 Background of the study This research is to study the implication of Federal Reserve (Fed) tapering of quantity easing (QE) on trade finance industry, particularly in emerging markets. Fed quantitative easing (QE) is a channel to revive national economy when standard monetary policy has become ineffective. It primarily objectives are to stimulus domestic growth and help the sluggish US real estate market after financial crisis of 2007 - 2008. It was used by Fed because its policies rate have been lower close to zero after subprime crisis. QE has resulted increasing of foreign fund into the emerging markets for higher returns. Oppositely, when Fed announced a tapering of some of it QE policies contingent upon continued showing of positive sign of economy growth in year 2013, the emerging markets economic started get uncertain and growth slower. There is a concern about emerging nations with large current account deficits, weak public finances and high external borrowings relative to reserves will receive worst-affection with capital outflows when the Fed started tapering of QE in 2014. Furthermore, the current liquidity crisis in China and prolonged of European debt crisis would worsen the negative impact of tapering on the economic growth in emerging markets. The continuing of economic sluggish in China and Eurozone while the United States (US) economic growth not benefiting emerging nations exporting and external trade. Hence, the prediction is emerging market will experience a slower economy after tapering of QE. This research is to study perspectives and challenges in trade finance industry in the era post tapering. 1.2 Problem statement The recent sharp fall in currency and capital markets uncertainty in... ...roach allows this interviewees to discuss their opinions, views and experiences in depth, Furthermore, the researcher may seek further clarification whenever it is necessary. The interview will consists nine open questions developed for the targeted interviewees. The questions may vary for the he top management, middle management and general level employees. The interviewees' responses will lead to the length of the interview. However, the targeted length of the interview is about 30 - 45 minutes accordingly. In addition, some secondary data will be collected from the public journals, expert analysis and company reports to further clarify the information collected from the interviews. These data collected will be used in the evaluation and analysis process together with the information from the respondents to enhance the quality of the findings of the research.

Benefits of Cost Accounting Information

Cost accounting offers benefits for manufacturing companies. A cost accounting information system offers benefits for many companies. Cost accounting is a type of accounting method concerned with the cost of goods manufactured and /or sold. Many factors are taken into consideration when cost accountants analyze business costs . The information determined by these accountants is used for inventory valuation , financial statements and decision making . Inventory Valuation Cost accounting offers the benefit of having an accurate inventory valuation of all inventories on hand . This includes all raw products used to make goods , all work-in -process inventories and all finished goods ready for sale. Cost accountants take all costs into consideration and are able to determine the value of all of these inventories on hand . This information is useful for financial statements and for management of the company . Managers use this information to determine selling goals and production needs . Maximum Efficiency Cost accounting is beneficial to determine the maximum efficiency production amounts . Cost accountants take all costs into consideration when calculating this amount . Manufacturing costs consist of direct labor , materials and manufacturing overhead. These costs are all calculated and added up to find a per- unit cost price for manufactured items. When the cost price is calculated, these accountants begin determining a hypothesis of production rates . Many times cost accountants determine that if production is increased slightly, overhead costs remain the same. If this is the case, increasing production actually results in a lower per -unit cost for production , and the end result is a higher profit . Decision Making The information determined by cost accountants is used for decision making for future company needs . Short -term goals and decisions are made as well as long-term strategic decisions. The analysis of cost information is used to compare projected costs to actual costs . This is useful for businesses when budgets are created . Often times, unforeseen costs occur with production , and they are determined in this way. Unforeseen costs are added into the future budgets at rates calculated by cost accountants . Cost accounting also helps companies establish approximate future cash flows . Short -term production goals and marketing decisions are set based on this information. Long -term production plans are also calculated.

Technological scholarship

The article reports on the increasing ubiquity of cell phones or mobile phones, which have begun to supplant the function of telephones, and how the unique qualities of cell phones – particularly their symbiotic relationship with other forms of telecommunications – present unique cultural ramifications for society at large. The author notes that cultural studies have generally neglected scrutinizing the telephone – essentially the fixed counterpart of the cell phone – despite the respective work done in the area of communications and technological scholarship.However, there does exist a modest amount of literature on the technology for the author to conduct a brief review of literature relevant to such an interest, but he observes that these have emerged largely in the wake of the cell phone, reasoning that studies about the increasing complexity of telecommunications technologies and the proliferation of social and cultural functions of cell phones made i t difficult to ignore the invisibility of the telephone as a social object and cultural technology.The author notes that works centered upon the cultural and social dimensions of cell phones tend towards comparative study and cross-cultural analysis simply because the rapid proliferation of cell phone use across the world beg the question of how use is related to varied national and social contexts. (Goggin, pg. 4) However, the author’s contention is that such studies do not sufficiently account for the cultural aspects of cell phones themselves.He maintains that because cell phones are not just a communication technology, but a cultural medium which borrows liberally from the cultural components of other mediums. The author notes that as a mobile cultural technology, cell phone culture finds its closest precedent in the Sony Walkman – associated with a specific set of social practices, a particular demographic of users and represented within the language of culture it self. (Goggin, pg. 7-8)However, the author also points out that the Sony Walkman and the cell phone parallel as a fusion of multiple technologies developed by a wide configuration of businesses, industries and services and in that sense are devices which emerged due to the cultural convergence of various interests. This is an important point to note, as it presages the author’s succeeding point, which is that technology and society shape each other in tandem, as posited by the actor-network theory of human-technology relationships.Essentially it: â€Å"refuses †¦ formulaic oppositions between technology and society [and] declines the lures of technological determinism [and] the countervailing reaction that society determines technology. † (Goggins, pg. 11) Furthermore, he maintains that the ‘success’ of technologies is viewed under the actor-network theory as determined by relationships rather than as a consequence of the stable and linear progression of historical conditions. Simply put, â€Å"a technology needs to be loved, nurtured and, above all, materially fashioned and supported.As such, the ‘state’ of a technology is determined by the interaction between it and society. Before concluding with an outline of the remainder of the books contents, the author finishes his introduction by noting that the future of cell phone studies and examinations of the interactions between culture and cell phone technology may draw rich inspiration from Internet studies. Like the cell phone, the Internet is a technology that has been the subject of many works of techno-cultural scholarship.Initial studies became obsolete due to directions of evolution that went unpredicted, but present important lessons in techno-cultural scholarship in revealing the extent to which such a highly personal technology resists the very determinism that actor-network theory refutes. As such, cell phone studies must recognize the intimate relationsh ip between a technology and the uses it acquires through its interaction with culture. (Goggins, pg. 13)REFERENCES Goggin, G. (2006) Cell phone culture: mobile technology in everyday life. London/New York, Routledge.