« Payroll Associates doesn't care about its customers | Main | UNIX scripting tip: guard against bad directory names »

October 17, 2009



uhm... SQL injiection... ok, bad programming practice or maybe some bug slipped in but...

"This suggests that the bad guy has had ongoing access to limited data on the OE site (full name, email address, username, password) since the beginning, and it's only now that they finally got the last piece of the puzzle. This suggests that this latest incident is part of the initial ongoing breach, not a second breach. I could be wrong on this too."

Now that means storing password in CLEAR TEXT inside a database accessible from a web front-end and this in turn isn't just "poor programming" it's CRIMINAL if you think that people should trust those folks


Paychoice has the worst customer service and they have made many mistakes with my payroll. One thing after the other. For example they had wrong employees on our payroll, they screwed up our workmans comp, sometimes I would get reports and sometimes not, direct deposit was screwed up and the list goes on. I have since went with another payroll company and paychoice still after 15 days has not deposited my payroll taxes back into my account. I have called them, e-mailed them, and even faxed them and they never reply. They are the most unprofessional payroll company I have ever encountered. I hope this helps other small businesses when they have to choose a payroll company. Do yourself a favor and go with a reputable company. Life is so much easier with professionals that know what they are doing. I know I learned my lesson.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)


  • Steve Friedl is a software and network security consultant in Southern California. He has been a C and UNIX developer since 1981 and has an exceptionally broad background in this area. Some areas of expertise include:

    • C and C++ systems software development on the UNIX and Win32 platforms
    • Communications, including serial and TCP/IP based controllers
    • Enterprise internet security administration and configuration
    • Penetration tests, audits, and network reviews
    • Security forensics, reverse engineering, and tools development
    • General UNIX and Windows system/network administration
    • The Windows Printing System
    • Database software development
    • Technology problem solving and research
    • Technical writing and standup training

Unix Wiz

Stephen J. FriedlSoftware ConsultantOrange County, CA USASteve@unixwiz.net