Google buys Kiwi-founded Wildfire

Google has bought Kiwi-founded social advertising company Wildfire for a reported US$250 million.

Victoria Ransom and Alain Chuard started Wildfire four years ago as a New Zealand-based adventure travel company.

Looking to give away a free trip to their fans on Facebook, the couple decided to create an application.

The software they developed has helped them build a 350-strong company now based in the Redwood City, California.

Widlfire announced the news today in a company blog.

"Today we are about to start a new chapter of our story and we couldn't be more excited to share the news: Wildfire is joining Google!

"We truly could not think of a more perfect home for Wildfire."

A Google blog said "with Wildfire, we're looking forward to creating new opportunities for our clients to engage with people across all social services. We believe that better content and more seamless solutions will help unlock the full potential of the web for people and businesses."

The Wall Street Journal said Google had acquired the company for an as yet undisclosed price but its sources were confident of a figure around US$250 million.

Wildfire helps companies promote themselves through social media platforms such as Facebook, Twitter and Pinterest.

The company states on its website that it has over 16,000 clients, including 30 of the top 50 global brands.

The Wildfire blog said the company would operate "as usual" and there would be no changes to its service.



Mountain Lion Offers New Features for Small Business Customers

Apple has just released the latest version of its OS, Mountain Lion, which includes a whole host of features that may be helpful for small businesses and entrepreneurs, including a system-wide sharing application, a new alerts system, and a gatekeeper platform for improved cyber-security.

Mountain Lion

Mountain Lion includes changes to the Notification Center, which streamlines alerts from different programs like Mail, Calendar, Messages, and even third party apps. Having all alerts come from one notification center could have an impact on productivity, since users wouldn't have notifications and distractions coming from several different programs at the same time.

Another time saver could be Mountain Lion's system-wide Sharing application, which can make it easier for companies to share files and media content from one centralized platform. The system can also integrate with social media platforms like Facebook, Twitter, Flickr, and Vimeo, so companies that use social media marketing can make sharing easier and more streamlined.

Apple has also gotten rid of iChat in the new OS, and replaced it with a new Messages app, which people can use to communicate with anyone using an iPhone, iPad, or other mobile devices with iMessage. So companies that switch over to Mountain Lion can easily communicate with other employees, collaborators, and clients while they're on the go, which could prove to be exceedingly helpful due to the large number of businesses that have begun using iPads and other mobile devices.

And finally, Apple's new Gatekeeper platform aims to make downloading software from the internet safer, especially for companies that don't have an excess of IT resources. Gatekeeper gives users more control over what apps are installed, and helps to protect users from installing malicious apps and other software from any sites on the web.

Though most businesses have stuck with Windows operating systems through the years, the new OS from Apple could at least be worth a second look. Mountain Lion includes over 200 new features, though many are smaller changes that some Mac users might not even notice.

The software update is currently available for $19.99 from the Mac App Store.




Apple tells court Samsung copied iPhone design

An attorney for Apple told a jury that rival Samsung faced two options to compete in the booming cellphone market after Steve Jobs introduced the iPhone to critical acclaim in 2007: Innovate or copy.

Attorney Harold McElhinny claimed Samsung chose to copy, making its smartphones and computer tablets illegal knockoffs of Apple's popular products.

Samsung "has copied the entire design and user experience" of Apple's iPhone and iPad," McElhinny told a 10-person jury during his opening remarks at the closely watched patent trial.

Samsung denies the claims and its lawyers were expected to deliver their opening statement later in the day.

Samsung has previously countered that Apple did the stealing. It has also said some of the technology at issue such as the rounded rectangular designs of smartphones and tablets has been the industry standard for years.

The witness lists of both sides are long on experts, engineers and designers and short on familiar names.

For example, Apple CEO Tim Cook is not scheduled to testify.

Cupertino-based Apple filed its lawsuit against Samsung last year and is demanding $2.5 billion in damages, an award that would dwarf the largest patent-related verdict to date.

The case marks the latest skirmish between the two companies over product designs. A similar trial began last week, and the two companies have been fighting in other courts in the United Kingdom and Germany.

US District Judge Lucy Koh in San Jose last month ordered Samsung to pull its Galaxy 10.1 computer tablet from the US market pending the outcome of the patent trial. However, she barred Apple attorneys from telling jurors about the ban.

"In some sense, the big part of the case is not Apple's demands for damages but whether Samsung gets to sell its products," said Mark A. Lemley, a professor and director of the Stanford Program in Law, Science, and Technology.

A verdict in Apple's favour could send a message to consumers that Android-based products such as Samsung's are in legal jeopardy, Lemley said.

A verdict in Samsung's favor, especially if it prevails on its demands that Apple pay its asking price for certain transmission technology, could lead to higher-priced Apple products.

In court papers filed last week, each company laid out its legal strategy in trial briefs.

Apple lawyers argue there is almost no difference between Samsung products and its own, and that the South Korean company's internal documents show it copied Apple's iconic designs and its interface.

Samsung denies the allegation and counter-claims that Apple copied its iPhone from Sony. Samsung lawyers noted that it has been developing mobile phones since 1991 and that Apple jumped into the market in 2007.



Bootstrapping a Global $7M Software Company from Kolkata, India

Those who know me know that I am a strong advocate of bootstrapping. Of course, it's not always feasible, but when it is, as in the case of Pallav Nadhani, CEO of FusionCharts, I believe every entrepreneur should bootstrap.

bootstrapping

Pallav was born in the small Indian town of Bihar where he lived until the age of 15. After that, he lived in Kolkata with his father, a man with an entrepreneurial spirit of his own. Pallav's father had started his own Web design company and Pallav helped out. He'd gotten his first computer at age nine and used it to teach himself Basic and C++. While helping out at his father's Web design company, Pallav “picked up a few different Web technologies.”

One day, while browsing the Web, he discovered ASPToday.com, which was published by Wrox Publication. The idea for FusionCharts came when Pallav noticed that desktop applications didn't look as good as Web applications, and came up with an idea to change Excel's charting to a “webified interface.”

He described his idea in a tutorial article that ASPToday.com published. Pallav earned $1,500 for that article and used it to fund what would grow into a multi-million dollar operation with close to 500,000 people using its products.

Many people who read Pallav's article started contacting him. They wanted to know if he could customize some aspect of his tutorial. So, he decided to create all of the requested customizations and use them as the foundation on which to build a product that he could sell. Because he didn't know how much he should charge, Pallav started out only charging $15 because that was the minimum amount that a payment gateway he had signed up with would accept. That was in 2001.

Once Pallav's first customers deemed the product a good one, Pallav put it up on a website and started marketing it by writing articles about “why people should not be using outdated charts in Excel when there was a better technology.” He had no money at the time, so guerilla PR â€" writing articles that indirectly promoted his product â€" was the only option available to him.

FusionCharts gained traction with the help of recommendations from clients whom Pallav helped integrate his application into the product for free, only charging them a licensing fee. In return, they wrote recommendations that led to more clients. Pallav continued to write guest posts. He also visited Web forums and talked about the features of his product.

Because one of the clients for whom Pallav provided free integration services had a wide reach, Pallav's business grew steadily early on. He launched the first version of his product in October 2002. By March of 2003, the company had earned $10,000. In 2003, the company earned $100,000; in 2004, $300,000; and in 2005, FusionCharts earned $750,000 in revenue and so on.

Increased earnings allowed Pallav to start paying for online advertisements, which helped the company to grow even faster. By 2006, FusionCharts had almost earned $1 million and had a staff of 10 people.

Of course, pricing has come a long way. Where Pallav once charged $15 dollars for a product that's designed for developers who can integrate charting with software applications, he now charges from $199 to $13,000 for the reseller license. Enterprise licensing can cost as much as $100,000.

FusionCharts has another product that's designed for SharePoint users who require visualization on the platform. The fee for that is $1,299 per server. The third product is for non-technical users who need visualization that's better than what they can get with PowerPoint. For that, the charge will be $49 per user.

The introduction of the iPad presented Pallav with a serious challenge because FusionCharts' products require Flash and Apple doesn't support it. Pallav's answer was to partner with one his competitors to create a hybrid product that works on iPad, iPhone, Android, PCs and the Web, a strategic move that gave FusionCharts a big boost in business and, consequently, revenue.

Today, FusionCharts is a $7 million enterprise with a global clientele, many of them Fortune 500 companies. Pallav has increased his team to 60 people and increased its product offering to a total of 14. In 2011, FusionCharts opened a location in Bangalore.

Pallav has no interest in financing because, as he puts it, financing would not help him grow at this point. He runs a lean operation that for the seven years of its existence ran at 80% profit margin.

That's quite an accomplishment for a young man who started his company with $1,500.

Boot Photo via Shutterstock




Apple and Samsung begin court battle

A jury has been selected in the US to decide the merits of Apple's claims that Samsung Electronics' smartphones and computer tablets are illegal knockoffs of the iPhone and iPad.

Lawyers for both sides were expected to deliver their opening arguments this morning in a San Jose federal courtroom, followed by Apple calling its first witness.

Apple filed a lawsuit against Samsung Electronics last year alleging the world's largest technology company's smartphones and computer tablets are illegal knockoffs of its popular iPhone and iPad products.

Cupertino-based Apple is demanding US$2.5 billion ($3.1 billion) in damages, an award that would dwarf the largest patent-related verdict to date.

Samsung countered that Apple is doing the stealing and that some of the technology at issue such as the rounded rectangular designs of smartphones and tablets have been industry standards for years.

The trial is expected to last more than a month.

The case is just the latest skirmish between the two companies over product designs. A similar trial began last week, and the two companies have been fighting in courts in the United Kingdom and Germany.

Industrywide, some 50 lawsuits have been filed by myriad telecommunications companies jockeying for position in the burgeoning US$219 billion market for smartphones and computer tablets.

US District Judge Lucy Koh in San Jose last month ordered Samsung to pull its Galaxy 10.1 computer tablet from the US market pending the outcome of the upcoming trial, though the judge barred Apple lawyers from telling the jurors about the ban.

Brian Love, a Santa Clara University law professor and patent expert, said that even though the case will be decided by 10 jurors, the judge has the authority to overrule their decision if she thinks they got it wrong.

Mark Lemley, a Stanford Law School professor, said a verdict in Apple's favour could send a message to consumers that Android-based products such as Samsung's are in legal jeopardy.

A verdict in Samsung's favour, especially if it prevails on its demands that Apple pay its asking price for certain transmission technology it controls, could lead to higher-priced Apple products.

- AP



Internet avengers track down mean-spirited hacker

A group of internet "hactivists" has hunted down and handed over a hacker who destroyed a Kiwi website which raises funds to help feed hungry children.

Documentary-maker Bryan Bruce discovered his website Redsky Film and Television had been hacked on Saturday. A message appeared on the site to say it had been hacked by "@AnonVoldemort".

He posted a message on a Facebook page connected to his site, asking internet users to help fix the problem and find the hacker.

He never expected the Anonymous group of hackers to help.

The group was earlier this year involved in protests against the closure of Kim Dotcom's Megaupload filesharing website.

Websites including the FBI, Universal Music and Recording Industry Association of America were taken "offline" by the Anonymous group hours after Megaupload was closed down.

Mr Bruce told the Herald he did not know exactly who had helped him - or how - but within a day he had an email with the details of the hacker, believed to be a 35-year-old man living in Madrid with his mother.

He has passed the information on to police in Spain and is waiting for their response.

The website included a store where copies of Mr Bruce's documentaries could be bought, including the award-winning Inside Child Poverty - A Special Report. He donates all sales from that DVD and a percentage from others to a charity that provides breakfasts for hungry schoolchildren.

As a result of the hacking, the website will now be out of action for at least a month and it will cost a significant amount of money to get it working again.

"In bringing down the site he was bringing down a charity, basically," Mr Bruce said.

"I posted on Facebook 'can anybody help me with this' because I don't understand how all this hacking stuff works. It's beyond me.

"Two or three people picked it up and, as I understand, they contacted some top hackers in a group called Anonymous."

Mr Bruce was told that hackers had a code of conduct and Anonymous was upset by what had happened to his site.

"Apparently, one of the rules is you don't hack charity sites, you don't hack sites of people trying to help kids. This guy was trying to impress them, to try and get into their group and boasting about what he'd done - but they turned on him, they chased him."

Mr Bruce said it was good to see Anonymous doing the right thing.

"This is the other side of this group. I'm not going to make comment about what they do in other areas, but this was a real Robin Hood thing. They just decided this was not good. It's extraordinary."

PROVIDING FOOD
* Copies of Inside Child Poverty documentary can still be bought online.
* See: tinyurl.com/cqcwl37
* Proceeds go to children's charities.

By Anna Leask | Email Anna

12 Ways to Automate Profits and Make Money Faster

What's one way you have used automation to make your business more money?

The following answers are provided by the Young Entrepreneur Council (YEC), an invite-only nonprofit organization comprised of the world's most promising young entrepreneurs. The YEC recently published #FixYoungAmerica: How to Rebuild Our Economy and Put Young Americans Back to Work (for Good), a book of 30+ proven solutions to help end youth unemployment.

1. Create Custom Sales Paths

When we run email promotions, our order forms automatically redirect customers to different upsell offers based on their previous purchases. For example, different segments of our email database will see an offer for product X and other segments will see an offer for product Y, depending on whether or not they have purchased the product yet.
- Phil Frost, Main Street ROI

2. Automatic Print Services

We offer print services and have software that will automate the entire ordering process. It works well for us because we don't need to pay a sales rep to take orders â€" it's just free money!
- Jordan Guernsey, Molding Box

 

3. Set Email Autoresponders

Once a prospect opts in anywhere on any of our sites, we have set up email autoresponders to continue the conversation and build the relationship. These emails vary from free offerings to upsells to paid products. Every message they receive, however. is in alignment with whatever they initially signed up for. It creates an opportunity to build the know, like and trust factor and increase sales.
- Erin Blaskie, BSETC

One of the additions to my business that have made us more money is to ask people to share our free stuff. This allows us to reach more people, and also be a more valuable provider at the same time. It also makes sense that if someone enjoyed some of our work, their friends will too.
- Nathalie Lussier, Nathalie Lussier Media

5. Mechanical Turk Makes It Easy

We used Amazon Mechanical Turk to sort out and categorize hundreds of thousands of sales leads. It's a huge time saver and a boost to your sales.
- Alexander Torrenegra, VoiceBunny

 

6. No More Followup Reminders

Even when followup with a lead or client should not be automated, the triggers can be. By setting reminders and automating the message, it cuts the time it takes to reach out. Smart CRMs with task notifications trigger emails containing the lead name, email, phone number and details regarding the conversation, making it easier to enable personalized followup.
- Kelly Azevedo, She's Got Systems

7. Collecting Leads Automatically

My business collects a traveler's information through a contact form (powered by Wufoo) on the homepage. Based on the data, Wufoo triggers an email to send to a specific list on my Mailchimp account. Because this happens automatically, it saves me time, money, and increases the response rate of tourism agencies, resulting in more booked tours and more money for my business.
- Jun Loayza, Tour Woo

8. Put Business Processes in Writing

I have a step-by-step direction manual for every position in my company. Therefore, it becomes easy for employees to know exactly what they need to do for effectiveness in their position. Also, it has reduced the learning curve when new employees are on-boarded, which adds more money to my bottom line quicker.
- Lawrence Watkins, Great Black Speakers

9. From Manual to Outsourcing

If you find yourself doing the same things over and over again, then you can probably write it down, teach someone how to do it and outsource it. As an entrepreneur, you should only be focused on things that cannot be trained, documented or done by someone less skilled. If you find your self doing those types of tasks you should outsource the solution and make it automatic.
- Lucas Sommer, Audimated

10. Banking and Invoicing Automation

Most banks and invoicing software allow you to automate almost every task, and while this may not make your business more money, it will certainly free up your time to focus on the tasks that do make your business money. If you bank or invoicing software doesn't allow you to automate a process, it's time to look for a new provider.
- Derek Johnson, Tatango

11. People Make the Technology Tick!

We experience the best success when we compliment automations with a human touch. Instead of simply sending an automated email for example, we program our CRM to schedule phone calls for our sales department before and after emails are sent. From our clients' perspective, it's like we're saying: “We're sending you an email,” “Here's that email,” a “Did you get that email?,” Works like a charm!
- Robert Sofia, Platinum Advisor Marketing Strategies, LLC

12. Tricky Transactional Emails

Our sites functionality is largely based upon the social aspects of sharing links online. To improve our user retention and return rate, we implemented automatic transcriptional emails that alert users anytime someone follows them, likes their content, or leave them a comment. We have seen an increase in traffic and ad impressions since its implementation.
- Hack Murphy, Di.tl



How to Use Social Media to Establish Trust

Life as a small business owner is all about trust. Trust is how we make consumers feel comfortable purchasing from us instead of big box stores and its how we get them to keep coming back. And through the world of social media, we have a slew of new ways to develop trust in our customers' eyes to make them feel good about our business. But are you taking advantage of them?

Below are six ways SMBs can use social media to establish trust with customers.

1. Turn customers into allies

Social media works to break down the invisible wall that has existed for too long between business owners and the people they serve. Through blogs and social networks businesses are able to talk to consumers more intimately, to share information without selling, and to seek their customer's advice on matters related to their business. Those that take advantage of this can turn customers from marks to allies. By bringing customers deeper into your business and giving them a sense of investment in your company, you earn their trust and loyalty. You show them you value their opinion and how important they are to your business. As a result, they become part of your company forever.

2. Build up online reviews

More and more studies are showing the correlation between online reviews and consumer trust. For example, last year a 15 Miles survey found that 25 percent of consumers admitted ratings and review information made their decision for them about whether or not to make a purchase. It didn't influence it. They didn't just consider it. It made it. And those numbers are going up, not down.

If you're a company who has not taken advantage of the review revolution, the simple truth is you're going to be passed over for a competitor who has. One of the most powerful things social media has done is to help make important purchasing information more available to the consumers looking for it. As an SMB, establishing trust means soliciting reviews from customers and vendors, as well as managing and responding to the reviews that you do get. Build reviews into your sales cycle and encourage customers to get vocal about your business. And don't worry about hiding from negative reviews; as long as you handle them correctly, they actually help your trust and credibility.

3. Establish social proof

The same studies that are showing the relationship between trust and online reviews, are showing that customers expect to be able to find certain information about your brand on the Web. If they don't, it makes them wonder why it's not there. And not in a good way.

Just like consumers want to see reviews about your business they also want to see that you have a Web site and a dedicated online presence. They also want to see that you have a Facebook page. Or a Twitter account. Or a blog. Heck, they want to see you commenting on the same blogs they're commenting on. All of this acts as social proof, making you look more “legitimate” in the eyes of wary customers and building your trust levels. The expectation in today's market is that businesses are using these platforms. And if you're not, or if you are but they can't find it, they drawn their own conclusions as to why. The more visible you are to customers and the more places they can find you, the more they trust your brand.

4. Follow up after purchase

Social media offers additional customer touch points, which again works to build trust in the brand. Whether it's an after-purchase email message explaining features or set up, or a tweet to check on someone's experience, the more you can use social media as a way to follow up and check in on customers, the more you're going to show yourself as a company worth their dollars. And because monitoring can be automated through tools and alerts, this becomes a painless way for brands to stay in the loop with their customers.

5. Respond well to feedback

Hey, it's not all rainbows and butterflies out there. When you enter the world of social media you're going to find customers singing your praises and customers wanting to take you to task. By responding calmly and openly to customers who have less-than-stellar things to say about your brand, you show them that you value your opinion and that you're a company not afraid to take and respond to criticism.

6. Bring value

Last week I shared how simply starting a company blog makes you a better business owner. The core of that post is that by solving your customers' problems, both big and small, it makes you more aware of their needs and how your company can help. The other side of the coin is that by providing content and showing customers you understand their struggles, you build trust with them. Social media helps businesses build more loyal customers by putting the focus on education, not selling. And the result of that is we trust the brand helping us to solve our problems, not just pad their wallets.

As a small business owner, your business relies on trust more than a larger business. If your customers don't trust that you can solve their needs and that you'll be around in the morning, they're going to seek out other companies. Thankfully with social media we have even more touchpoints to build trust with customers.

Image credit: johnkwan / 123RF Stock Photo




Sustainability And The Summer Olympics

The 2012 Olympic and Paralympic Games in London aren't just about badminton and beach volleyball. They're also a chance to show the world what can be done with environmental sustainability at one monstrous event.

2012 olympics

Organizers of this year's event claim it will be the “most sustainable” Olympics to date, and they've spent years planning how to make it so â€" from how Olympic Stadium was constructed to the food served at the games to the transportation options offered. These measures will also likely have a lasting effect on London, as local businesses and Olympic vendors were pushed to adopt more sustainable practices and new urban green spaces were created for visitors.

Here's a look at some of the interesting green practices springing up at this year's summer games:

Sustainable fish. Roughly 14 million meals are expected to be served at this year's Olympics, and many of those will likely be fish and chips. In early 2011, London committed to being the world's first “Sustainable Fish City.” All caterers at the Olympics were required to serve sustainably sourced fish, which often meant finding new sustainable fishery suppliers. “Sustainable seafood” is that which is harvested at a sustainable rate, as to not deplete the world's dwindling supply.

“Zero” Waste. London has billed itself the first “zero waste” Olympics, and the organizers put out several reports explaining how they planned to make that happen. It included ambitious recycling and reusing programs, as well as reducing packaging needs and other waste. Food waste at the games will be composted. About 90% of the material waste in the construction of the Olympic stadium was recycled or reused, so it didn't end up in a landfill.

Transportation. Organizers are encouraging visitors to walk, bike or take public transportation to get around the city and spent $15.5 million upgrading urban walkways and bike paths. An estimated 8,000 bikes are available for rent around the city through London's Barclays Bike Hire program, which launched in summer 2010. BMW, as part of its Olympics sponsorship, is providing more than 200 electric vehicles as fleets and setting up charging points around the city.

City greening. A few years ago, London officials started beautifying their city in preparation for the games. This included adding more park space and greenery around the Olympic Stadium. In London, for instance, more than 3,000 trees were planted in preparation and more than 15 tons of waste removed from the parks and waterways.

Despite all these steps, skepticism has been growing in recent weeks over whether the 2012 Olympic Games will achieve their “zero waste” goal. Some critics point to missed opportunities and green shortcomings. A recent report by BioRegional, a group that worked with Olympic organizers on their original sustainability plan, also says London could have done more.

But even so, the London Olympics will hopefully serve as a role model for future Olympic hosts and show how large-scale events can help propel cities' and local businesses' green endeavors forward.

Olympic 2012 Photo via Shutterstock




FYIcode: A New Concept for Telephone Marketing

We've had QR codes, billboards, and Internet ad banners, but they were all limited to a short message. FYIcode, a new service that provides audio information for those on the go, seeks to build something that will bridge the gap that exists between a prospective customer and the information that he or she seeks.

It does this by allowing you to record a 60-second message attached to an identifier code or name that describes your business and current offers. Your prospects can pick up the phone, dial FYIcode's number, say “Paul's flower shop” (for example), and hear your recording. After the recording, the person can either say “1″ or “2,” which gives them the option to either reach your establishment via the phone or get a text message with your mobile website, respectively.

Here's how the system works in a video.

I actually called the number mentioned in the website, and received an answer after it rang once. It told me to either say “word” to say the name of the institution or establishment i'm seeking, or “number” to say a numerical code. I chose “word” even though I was just going to say a number, and it understood my input anyway. The number was “123456,” which is the test code for FYIcode. Shortly after I said the code, the default message for FYIcode appeared.

I'm not sure if it's the poor peering I get from my telephone line or something wrong on behalf of FYIcode, but it sometimes misinterprets what I say. Sometimes, I also say gibberish words and end up with a result regardless. The system works fine, generally. Out of ten tries, nine of them responded perfectly to my input. I'd admit that the one time it didn't respond, I said the numbers rather quickly. You'll have to speak clearly and slowly so that the robot understands you.

For businesses seeking to have an FYIcode, the standard price is $49 a year, giving you everything described here. Overall, the service is very reliable and hasn't caused any problems at the time of this review. Its interpretation system is slightly rudimentary, but customers will get where they want to go without much fuss.

Used correctly, the system can provide valuable information to your customers as well as promotions offered by your establishment. It certainly helps make your local marketing efforts more fluid and might entice more people to come on over.



BT global security practice head claims one in three Android apps are malicious

The head of the global security practice at BT, Jill Knesek, has claimed that more than a third of all Google Android applications contain some form of malware.

According to EETimes, Jill Knesek said that after analysis of more than 1,000 Android applications, BT discovered that a third were compromised with some form of active or dormant malware.

“Almost every device is compromised with some kind of malware, although often it's not clear if that code is active or what it is doing,” she said in a panel discussion at the NetEvents Americas conference.

However when asked by ZDNet about the claim, BT said that the opinions were reflective of information available from public studies. BT said that it had done some testing on both Android and Apple OS environments, but not on the scale reported in the last week.

Paul Ducklin, Sophos's head of technology for Asia Pacific, questioned the comment, saying that if one in three apps is infected and the average device has ten apps installed, then it doesn't sound terribly far-fetched that almost every device might be compromised.

He said: “But if it's often not clear whether a device is infected, how can we be so sure that one in three apps really is compromised? Perhaps the risk is much smaller and more knowable than Knesek suggested?

Knesek's comments come a few days after G Data's Security Labs found a piece of malicious software for Android that shops for paid-for apps. Named ‘MMarketPay.A', it automatically buys paid apps without the knowledge of the smartphone or tablet user.

It said that the malware is hidden in fake GO Weather, Travel Sky or E-Strong File Explorer apps, and is being distributed through various Chinese websites and third-party provider app marketplaces. It said that the Trojan gains access to the mobile provider's app store and can then download and install additional malware or paid apps. While this is currently only targeting Chinese users, G Data Security Labs believed it could spread to Europe.

G Data said that the malware changes the mobile device's access point name and connects to China Mobile and the Trojan intercepts the confirmation message and provides a response via a specific server. The malware can then access China Mobile's app store without logging in, then purchase and install any apps at the victim's expense at any time.

Ralf Benzmüller, head of G Data's Security Labs, said: “We are watching the development of a new and lucrative business model for cyber criminals here. Hence we think it is quite possible that a modified version of this malicious app will appear in Europe and target the customers of European mobile providers."

The Trend Micro 2012 Q2 threat report said that 25,000 Android malware apps had been identified in the second quarter of 2012, an increase of 317 per cent over the number of samples found in the first quarter of 2012. However Trend Micro said that it had seen only one in five Android devices with a security app installed.



BT global security practice head claims one in three Android apps are malicious

The head of the global security practice at BT, Jill Knesek, has claimed that more than a third of all Google Android applications contain some form of malware.

According to EETimes, Jill Knesek said that after analysis of more than 1,000 Android applications, BT discovered that a third were compromised with some form of active or dormant malware.

“Almost every device is compromised with some kind of malware, although often it's not clear if that code is active or what it is doing,” she said in a panel discussion at the NetEvents Americas conference.

However when asked by ZDNet about the claim, BT said that the opinions were reflective of information available from public studies. BT said that it had done some testing on both Android and Apple OS environments, but not on the scale reported in the last week.

Paul Ducklin, Sophos's head of technology for Asia Pacific, questioned the comment, saying that if one in three apps is infected and the average device has ten apps installed, then it doesn't sound terribly far-fetched that almost every device might be compromised.

He said: “But if it's often not clear whether a device is infected, how can we be so sure that one in three apps really is compromised? Perhaps the risk is much smaller and more knowable than Knesek suggested?

Knesek's comments come a few days after G Data's Security Labs found a piece of malicious software for Android that shops for paid-for apps. Named ‘MMarketPay.A', it automatically buys paid apps without the knowledge of the smartphone or tablet user.

It said that the malware is hidden in fake GO Weather, Travel Sky or E-Strong File Explorer apps, and is being distributed through various Chinese websites and third-party provider app marketplaces. It said that the Trojan gains access to the mobile provider's app store and can then download and install additional malware or paid apps. While this is currently only targeting Chinese users, G Data Security Labs believed it could spread to Europe.

G Data said that the malware changes the mobile device's access point name and connects to China Mobile and the Trojan intercepts the confirmation message and provides a response via a specific server. The malware can then access China Mobile's app store without logging in, then purchase and install any apps at the victim's expense at any time.

Ralf Benzmüller, head of G Data's Security Labs, said: “We are watching the development of a new and lucrative business model for cyber criminals here. Hence we think it is quite possible that a modified version of this malicious app will appear in Europe and target the customers of European mobile providers."

The Trend Micro 2012 Q2 threat report said that 25,000 Android malware apps had been identified in the second quarter of 2012, an increase of 317 per cent over the number of samples found in the first quarter of 2012. However Trend Micro said that it had seen only one in five Android devices with a security app installed.



Tesco criticised for password and browser security measures

Tesco has come under fire for emailing users passwords in plain text.

According to research by Troy Hunt, Tesco does not salt or hash its passwords and at best they are encrypted, but the chances are that they are stored in plain text.

He also claimed that passwords are not protected in email and that pages on the website are loaded up over HTTPS, but embed resources loaded over HTTP, and that the HTTPS session was disrupted on the ‘Safe Shopping Guarantee' page. Also, the online shopping session is not in HTTPS, meaning that cookies are being sent over HTTP.

He began by tweeting with Tesco Customer Care, telling them that if they are emailing passwords to customers, "they are well short of industry standards on a number of fronts". Tesco responded by saying that "Passwords are stored in a secure way. They're only copied into plain text when pasted automatically into a password reminder mail" and that "all customer passwords are stored securely and inline with industry standards across online retailers".

A letter from Ben Clark in 2010 gained a response from Tesco, it was posted on Pastebin. He pointed out that his original password was sent to him in plain text and suggested that it was not storing the password in a hashed format.

He said: “This is a very basic level of security that would protect your customers should your database get compromised by preventing anyone from seeing your customers passwords. It also prevents potentially malicious people within the organisation from being able to see the password.”

Tesco responded to Clark by saying that its IT support team said that although information is not encrypted, the level of security surrounding the password means that only the senior technical positions could access the information.

Tesco has not responded to requests for comment.



Tesco criticised for password and browser security measures

Tesco has come under fire for emailing users passwords in plain text.

According to research by Troy Hunt, Tesco does not salt or hash its passwords and at best they are encrypted, but the chances are that they are stored in plain text.

He also claimed that passwords are not protected in email and that pages on the website are loaded up over HTTPS, but embed resources loaded over HTTP, and that the HTTPS session was disrupted on the ‘Safe Shopping Guarantee' page. Also, the online shopping session is not in HTTPS, meaning that cookies are being sent over HTTP.

He began by tweeting with Tesco Customer Care, telling them that if they are emailing passwords to customers, "they are well short of industry standards on a number of fronts". Tesco responded by saying that "Passwords are stored in a secure way. They're only copied into plain text when pasted automatically into a password reminder mail" and that "all customer passwords are stored securely and inline with industry standards across online retailers".

A letter from Ben Clark in 2010 gained a response from Tesco, it was posted on Pastebin. He pointed out that his original password was sent to him in plain text and suggested that it was not storing the password in a hashed format.

He said: “This is a very basic level of security that would protect your customers should your database get compromised by preventing anyone from seeing your customers passwords. It also prevents potentially malicious people within the organisation from being able to see the password.”

Tesco responded to Clark by saying that its IT support team said that although information is not encrypted, the level of security surrounding the password means that only the senior technical positions could access the information.

Tesco has not responded to requests for comment.



Be Careful What You Click on Facebook – It May Impact Your Online Reputation

As a small business owner, you carefully guard your online reputation. You devote large amounts of time to maintaining your Facebook and Twitter accounts and you wouldn't dream of posting anything the slightest bit unprofessional. Sure, you may follow the goings-on of the Kardashians avidly in your spare time, but why would you post about it on your business account?

Unfortunately, many Facebook users have been doing just that. And the worst part is, they didn't even realize they'd done it. Sites like Socialcam have been automatically posting videos viewed by Facebookers directly into their timelines, which alerts everyone who gets their newsfeeds to see them.

While that's bad enough for Aunt Sarah, it can severely damage the reputation of a small business owner. Say, for instance, you see an enticing news item about Justin Bieber in the ads on Facebook. You click to see what it's all about, not realizing that everyone who subscribes to your updates on Facebook will see it. Since you're logged into your business account on Facebook, anything posted to your timeline represents not only you, but your entire business. A few customers see you as unprofessional and you've lost not only a few Facebook fans, but some customers as well.

Evan Stein, owner of CMIT Solutions in New York, has been warning clients about this issue for a while. Stein is happy to announce the company is finally doing something about it. After being admonished by privacy advocates, the company announced it would be changing its app so that the auto-post feature is set to off by default, requiring users to change it if they want to share what they view with everyone.

However, Stein is quick to point out that Socialcam isn't the only app automatically posting information to users' timelines. He points to two apps that also post information on items viewedâ€"Washington Post Social Reader and Spotify. The only way to truly prevent this from happening is to take control of your apps.

“Hiding such notifications is quite easy,” Stein says. “Simply hover your mouse over the notification, and a drop-down arrow will appear. Click the arrow and then select ‘Hide all by (name of app).'”

While you're tweaking your notifications, this is a good time to take a look at all of your apps. You set these posting preferences when you install the app, then forget about them. There may be apps that automatically post information about your activities to your timeline, but there may also be apps that send information about your activities to the company that provided the app. By regularly auditing your app preferences, you can make sure nothing is being shared about you that you don't authorize.

“Whether or not you want to install these apps on your Facebook page is, of course, up to you,” Stein says. “However, definitely don't install them on your company's Facebook page. Appearing obsessed with Jersey Shore to your friends and family is one thing, but it's probably something best kept hidden from your customers.”



Locog selects Good Technology for mobile device management

The Olympics organisers have selected Good Technology's Good for Enterprise to secure its extensive mobile workforce during London 2012.

The London Organising Committee of the Olympic and Paralympic Games (Locog) selected the technology for 14,000 personal and sponsor-provided mobile devices.

Locog said that it chose Good for Enterprise to provide its team with secure access to email services, calendar, contacts and applications, while safeguarding against lost or stolen mobile devices. 

Gerry Pennell, Locog's CIO, said: “London 2012 will be the first Games to be impacted by the consumerisation of technology, our team expect IT services that work around them. Good Technology's secure, containerised solution means we don't have to compromise on devices or security â€" we were impressed that in just four hours it integrated into our wider corporate IT infrastructure and gave us exactly what we wanted.”

Andrew Jacques, general manager EMEA at Good Technology, said: “Being part of such an important event is an honour and something the whole team is proud of. Staging the Games is a huge challenge and we are delighted to be supporting Locog by securing its team of mobile workers.”



Microsoft names BlueHat prize winner

Vasilis Pappas has been named as the first winner of Microsoft's BlueHat prize, awarded for the development of a new, innovative computer security defence technology.

Pappas won with his ‘kBouncer', an exploit mitigation technology that detects abnormal control transfers using the last branch recording feature of Intel processors to mitigate return-oriented programming (ROP).

According to Microsoft, ROP is an advanced technique that attackers use to combine short pieces of benign code, already present in a system, for a malicious purpose. It said that as it uses supported hardware features, kBouncer can be implemented with lower cost to performance and development time.

This technique was defended against in the winning and two runners-up technologies. The first runner-up was Ivan Fratric, who created ROPGuard, and the surprise second was Jared DeMott for /ROP.

Mike Reavey, senior director of the Microsoft security response center, said: “A year ago we posed a challenge to the researcher community and asked them to shift their focus from solely identifying and reporting individual vulnerabilities to investing in new lines of defensive research that could mitigate entire classes of attacks.

“It's with great pleasure that we congratulate the winner of our inaugural BlueHat prize contest for his submission of a novel defensive technology that advances the challenging issue of exploit mitigation of some of the most popular attack techniques we're seeing today.”

Matt Thomlinson, general manager of the Microsoft Trustworthy Computing group, said that it has integrated some of the finalists' technologies into its Enhanced Mitigation Experience Toolkit (EMET) 3.5 technology preview.

Dave Forstrom, Microsoft Trustworthy Computing director, said: “It's great to see an initiative to collaborate and share innovations [from] a year ago evolve into prototypes with one now available this quickly as a new freely available computer security tool. Even in an enterprise that is fully updated against known vulnerabilities, EMET provides defences that protect assets from the yet unknown threats. EMET can easily be used on home machines to protect against known, and unknown, vulnerabilities.”

Pappas is currently a PhD student at Columbia University in New York, and collected a $200,000 (£128,000) prize. Fratric was awarded $50,000 (£32,000) for his submission, while DeMott won $10,000 (£6,000) for his entry.

The BlueHat contest was announced at the 2011 Black Hat conference in Las Vegas and was designed to challenge the security community to look beyond the norm of problems such as vulnerabilities and instead focus on developing innovative solutions to pressing security challenges.

A panel of Microsoft security engineers judged the submissions based on: practicality and functionality; robustness; and impact. However security firm Subreption criticised the contest, saying that entrants would be selling themselves short, as Microsoft would own the intellectual property of the entry.



Famous Bloggers Founder Loses Domain Names

If you're an online entrepreneur, there are few things more important than the security of your domain names. Building an audience and marketing your Website depends upon the security of these names and of the passwords that protect them. It also depends upon the password security of  other accounts you use in your business. So imagine how it might feel to suddenly discover that the domain names to two of your most valuable sites are suddenly gone!

Here's What Happened

It's your worst nightmare. On Wednesday of last week, blogger and online entrepreneur Hesham Zebida says he discovered, to his dismay, that two of his most valuable domain names had been mysteriously transferred from his Web hosting account. He says he then received an e-mail from someone claiming to have the domains and offering to sell them back. Zebida.com

What he did next. After contacting his hosting company, Zebida spent the next four days doing what many of us might, contacting everyone imaginable including law enforcement and his connections in the online blogging community, working to get his domains back. He finally succeeded, but admits he didn't get much sleep in the process. Here's what we can all take from his ordeal. Famous Bloggers

Lessons Learned

It's your responsibility. Zebida blames his hosting company for allowing his domains to disappear in the first place and for not working hard enough to resolve the problem on his behalf, but the fact is that hosting companies regularly post warnings like this one. It is every Website owner's responsibility to do what they can to secure their site, as Zebida says he now realizes. Go Daddy

What you can do. If you want to go the extra mile and avoid issues with your domain names and other online security problems, Webmaster Mitz Pantic has some suggestions for you. Don't rely on your hosting company alone to protect your site and domain names. Take the time to learn what's necessary to protect your online business from harm. Let's Build Websites

Risks Abound

Don't fool yourself. You may believe that only big companies need to deal with attacks on their Websites and that small businesses are too far under the radar to draw the attention of attackers. You're wrong. In a recent Twitter chat with representatives from online security provider Symantec, members of our community learned the threat is real. Small Business Trends

Protecting your Website. Of course, as blogger and online entrepreneur Scott Dudley reminds us, it's not just your domain name that's vulnerable to attack. The content management software you use to create your Website may also allow unwanted access, resulting in lost visibility and lost business. Take steps to protect your site. Lo Cost Marketing

What the Future Holds

The problem with progress. New developments in Web standards may bring even more security challenges in the not-too-distant future. For example, new tools known collectively as HTML5 could make your humble Website as sophisticated and powerful as desktop software, but resulting security risks may give any Webmaster pause. Technology Review



Targeted Cyber Attacks Against Small Biz: Chat Recap

Last week on July 19th we held a Twitter chat - and achieved a “personal best” for the Small Business Trends community.  Our #SMBchat made it as the top trending topic on Twitter.  And we've got the screenshot to prove it!  Thanks to all who participated and made it a huge success.

#SMBchat a Top Twitter Trending Topic

The topic was “Targeted Cyber Attacks, No Longer a Big Biz Problem” and we were fortunate to have two world-class security experts from Symantec join us:

Many thanks to Symantec for making the experts available and for sponsoring this chat!

As usual, we bring you a sampling of some of the interesting and insightful tweets.  Yours truly, Anita Campbell (@Smallbiztrends) was asking the questions of our expert guests and the community:

Q1: How likely is it that a small business will face a malicious cyber attack?

  • 36% of all cyber attacks target small businesses. Poll by @Symantec PDF here: http://t.co/hAhGY1xg  - @TJMcCue
  •  50% of SMBs think they're not a target for cyber attackers, but 73% have been victims of cyber attacks: http://t.co/Vr5Ym3uU  - @SymantecSMB
  • Can it be 100% likely? Isn't it already happening?  - @DIYMarketers
  • Extremely likely. Just looking at WordPress-based sites, 78% sites old versions. All things insecure out of the box insecure.  - @dynamicnet
  • I've had to alert 3 clients that their Websites were hacked. They didn't know because it's not their homepage! â€" @PeggyDuncan
  • Symantec blocked more than 5.5 billion attacks in 2011, an increase of 81 percent over the previous year â€" @SymantecSMB

Q2: What are the most common types of malicious cyber attacks that small businesses face?

  • Interesting things happening with targeted attacks. They're becoming everyone's problem, not just govs. & enterprises â€" @SymantecSMB
  • My email account was hacked and I might need to stop using it because I can't get it fixed…. â€" @BasicBlogTips
  • Malware comes attached in spam. But Web-based attacks, drive-by downloads: http:/bit.ly/LwyWTV are very prevalent. - @KPHaley
  • Increased data usage means everyone is challenged to apply secure processes. Threats to bigbiz = threats to smallbiz  - @ZimanaAnalytics
  • Once you get hacked, spammers use your site as the staging ground for their spam efforts. â€" @robert_brady

Q3: If small businesses use Macs, instead of PCs, do they need to worry about cyber attacks and malware? Why or why not?

  • SMBs using Macs must take steps to protect info: http:/bit.ly/Q2MyIc  - @KPHaley
  • I have Mac and I am not very worried after I checked if I had the Flashback malware. But I will look out for a good protection. â€" @Lyceum
  • Mac users as well as PC users are both targets. Just this year alone, Mac has been heavily targeted by malware and virus â€" @dynamicnet
  • Virtualization software for running Windows on a Mac can be just as vulnerable as a PC  - @ZimanaAnalytics
  • From a security standpoint treat your Mac like a PC, protect it.  - @KPHaley
  • Shortened links make it tough to know where you're going to land. Malware authors love that too. - @KPHaley

Q4: What are the top steps SMBs can take to stay safe from Internet-based threats?

  • Deploy reliable security solution on both Windows and Mac endpoints. Keep security software & OS updated with latest patches. â€" @SymantecSMB
  • I like 7 Tips for Protecting SMB's Information: http:/bit.ly/Q2MyIc Nice overview. - @KPHaley
  • Keep site applications up to date. Use secure, unique per application passwords â€" http://t.co/NzZYDJpv might help. â€" @dynamicnet
  • Make sure you back up your website AND your computer network â€" to more than one device or service. â€" @HowardLewinter
  • Educate employees about Internet safety, train to be wary of email attachments, links from unknown sources â€" @SymantecSMB
  • Bad guys [are] like roaches, they run when light shined on them. Lists get out of date quickly. â€" @KPHaley

Q5: What is a “Comprehensive Security Plan” and how does a small biz create one?

  • SMBs first need to know what they need to protect. It's important to understand your risk and assess your security gaps â€" @KPHaley
  • Your security plan should include password polices, endpoint protection, secure email and Web assets, encryption and backup. - @KPHaley
  • Plan should include how when (since nothing is hacker proof) hacks, malware, etc. get in, then what (time, money)? â€" @dynamicnet
  • If the bad person knows you use just one centralized system.. you now made their life so much easier. Layers matter.  - @dynamicnet
  • #SMBChat is happening right now on SMB security, worth following the conversation. â€" @Bislr

Q6: What if despite prevention efforts, your business gets hit with a malware attack. What steps should you take to recover?

  • Encourage employees to come forward immediately if they spot a virus or malware, rather than try to resolve it themselves. â€" @SymantecSMB
  • Hopefully you have been maintaining a proper backup. Then you can roll back to previous. â€" @robert_brady
  • Assess the damage. Determine reporting requirements. Report as applicable. Recover, Debrief for what needs to improve. â€" @dynamicnet
  • @robert_brady Great point about backup! If infected roll back to last known good backup. â€" @SymantecSMB
  • 61 percent don't even have a written plan, according to @Symantec â€" so, do that first to have a security process.  - @TJMcCue
  • In the same thought, 1 in 10 SMBS have suffered from a data hack http://www.darkreading.com/smb-security/167901073/security/news/240003962/one-in-10-smes-have-suffered-from-a-data-hack.html  â€" @port80software

Q7: Passwords are a problem, especially as cloud apps grow all requiring passwords. What are some best practices?

  • Strong passwords have 8 characters or more and use combination of letters, numbers & symbols. â€" @KPHaley
  • People like to use the same password to access personal & business resources. Do NOT re-use passwords. - @KPHaley
  • Passwords should be unique per application. http://t.co/NzZYDJpv might help for how to create passwords. - @dynamicnet
  • Bad guys love re-used passwords. - @KPHaley
  • We require auto password changes every 90 days. Employees cannot share password info â€" @BasicBlogTips
  • At BARE minimum, have strong email & banking passwords different from each other & social media passwords â€" @CathyWebSavvyPR

Q8: If you don't have internal IT or have limited staff, how do you get help for your biz?

  • Cloud-managed security is a great option for SMBs with limited IT staff. Learn about Symantec's SMB: http://bit.ly/NfVHN9 â€" @SymantecSMB
  • Most infections can be prevented by adhering to organizational policy and exercising caution, so employee training is critical. â€" @SymantecSMB
  • Small biz with no it can often get help from chamber of commerce, fellow small biz, why even twitter. However, confirm facts. - @dynamicnet
  • Cloud-managed security is great option 4 SMBs w limited IT staff.  - @DIYMarketers
  • Make sure you're working with an expert BEFORE you have a problem â€" not just cyber issues but anything that's important 2 biz. â€" @HowardLewinter

Wrap up:

  • Great to see #SMBChat trending  - @michaelsharkey
  • Thanks for the #SMBchat security discussion - @NoahJS
  • We enjoyed reading all the commentary during the #SMBChat It's great to see people connecting and discussing  - @BusinessDotCom
  • Tip: If you liked what someone said on a chat, follow them, connect later this week; cld be yr next client or biz partner!  - @CathyWebSavvyPR

See also the recap on the Symantec blog.

Note:  to make the recap easier to read, tweets above have been edited to remove redundant information, such as hashtags and answer numbers, and fix obvious misspellings.  The above represents only a small portion of the tweets - it is intended to cover key highlights for reader convenience.




Speak My Language: Getting Customers to Listen

How do you get and keep the attention of people who do not have to listen to you? I mean, life and marketing is not like grade school and your audience doesn't have to be in the room so to speak. From tutoring teenagers in voluntary summer programs to building a following online or a loyal client base, the process of communication is fascinating to me.

capture attention

How do you captivate an audience enough to get them to listen to you and buy from you?

Kristen Zhivago at RevenueJournal has a simple take on it. In ‘Why Do They Love You,” she suggests that you “have someone you trust to interview your customers.” Isn't it funny how simple solutions keep rising to the surface.

So What Is The Right Way To Say It?

How many times have you run around in circles with your marketing copy, new product development ideas, and other processes inside your small business, trying to find the “right” way to do things? Who wants to put energy into things that your staff won't use and that you clients won't buy?

What if you could speak their language? What if you knew the magic words? What if you knew how to talk to potential clients?

According to Zhivago, author of Roadmap to Revenue, you learn how to talk to future clients by interviewing and listening to your current ones. The goal is to learn from successful relationships and then repeat that behavior. There is nothing like a well-placed conversation and honest feedback.

It's Hard To Serve People You Don't Understand 

It's even harder to understand people that you don't listen to.  Feedback gets you beyond guessing and assuming, it gets you to a place of knowing.  The more you know, the better decisions you can make.

Personally, when it comes to public speaking and training, I learned that it's not my clever acronyms, credentials or catch phrases (though they do help start a conversation) that gets and keeps my audiences' attention. In their own words it's the personal stories, authentic enthusiasm and simple and clear way of breaking things down that keeps them listening.

Before I talked to them, I assumed it was something else.

What assumptions have you made about your customers and what actions are you taking to verify your hunch?

Capturing Attention Photo via Shutterstock




Google\'s Penguin Update: What You Need To Know To Ensure Your Website Can Be Found

As a small business, you need to precisely define your budget and make sure that every dollar invested gets at least doubled. When creating a website and web content for your company, you need to make sure the site is created with respect to the latest industry standards and that the content is good enough to get you listed at the first SERP (search engine results page) page.

Being the biggest and the most popular search engine, Google often releases updates to its search algorithms. The purpose of these updates are to keep up with many black-hat methods in SEO (search engine optimization) where people would fill their sites with a bunch of keywords just to get their site as a first result for specific keywords. However, these updates are often quite unfair to small businesses which can't invest money in special SEO techniques (good ones or bad).

Recently, Google released the Penguin, their latest update to the search algorithm. Penguin specifically targets over-optimized websites, causing small businesses to implement some updates to their sites. If you take into consideration that most small business sites run on WordPress (or any other template-using CMS), you'll probably see that almost every one of them has the same footer â€" including the link to the site itself. This is just one of the things Google's Penguin update might penalize you for. Unfortunately, now you, as a small business, should either do this change (and a bunch of other ones) yourself or you'll have to hire a professional to do it.

Todd Bailey, SEO expert at WebiMax claims that “Google search is now releasing over 50 updates each month to their search engine, disrupting any consistency of guidelines and punishing small businesses that lack the resources to respond.”

You've probably seen the effects of the Penguin update; the search results are dramatically changed since April 24th and petitions are circulating all across the web for the retraction of the Penguin update. There are also some concerns about Google's honesty in all of this â€" some people will say that Google did this on purpose to “remove” small businesses from the search results, forcing them to start using AdWords campaigns more.

As a small business with a limited budget for your web, there is only one thing that will keep you visible â€" the content. Create a blog on your website and write about your business and your niche regularly. Don't focus too much on the size of the text, but on the quality because that is the only thing that will drive organic traffic to you, regardless of the changes Google or any other search engine introduces.

Take some time during the week(end) and write up 2-3 blog posts for the following week and make blogging your habit. You won't see the change right away, but as with your business, you should write your blog for the long term effect and results.



Black Hat 2012: SSL handling weakness leads to remote wipe hack

LAS VEGAS -- The best-laid plans, and the seeds for a sweet hack, are sometimes sewn over a few drinks.

Peter Hannay, a researcher based at Edith Cowen University in Perth, Australia, recalled a conversation over a few cold ones with a client who was curious what an attacker could do should they pwn an Exchange Server. Patiently, Hannay explained bad things could happen; a lot of things could get broken. An attacker would be able to push policy updates and a lot more.

"How about pushing a remote wipe command to every mobile device connected to Exchange?" the client asked.

At that moment, the wheels began to turn for Hannay. Surely an attacker who was to gain direct access to Exchange could issue any command via policy change they desired. But since Exchange is a network service, Hannay wondered, perhaps there would be a way to duplicate the service and issue commands.

With help from some willing students and faculty, Hannay learned the answer is "yes" to all of the above. Thursday at the 2012 Black Hat Briefings, Hannay described the technique he and his cohorts developed to issue remote wipe commands against Apple iOS and Android devices, taking advantage of an SSL handling weakness in both platforms. Ironically, Windows-based phones were immune to his attack.

"This could ruin a lot of days," Hannay said.

Hannay had believed SSL would intervene, and the attack would never work.

"At the very least, we're not going to get a trusted certificate for any random connection to our server. And surely, SSL on the device would also prevent us from receiving a connection," Hannay said. "I also figured some Exchange security, or shared secrets between Exchange and the device would step in."

Nope.

Hannay's attack does not exploit a vulnerability in Exchange. Instead, it takes advantage of a weakness in the way Android and iOS devices handle SSL certificates. Hannay was able to run a man-in-the-middle attack using the popular Wi-Fi Pineapple tool and a self-signed SSL certificate, which both devices accepted with only slight interference on iOS. Windows phones would not connect to the phony server. Once the user checked email from the device, a short Python script written by Hannay would execute, sending a remote wipe command to the phone, and the phone would revert itself to factory settings.

Hannay said that to mitigate the flaws, Apple and Google must implement fixes to their respective platforms. Both companies have been notified.

It's been a bad 12 months for digital certificates. A breach at Dutch certificate authority (CA) DigiNotar last fall was the most egregious misstep. More than two dozen CA servers were breached and hundreds of forged certificates were signed against 20 different domains. Microsoft, Google and Mozilla quickly announced they'd deemed DigiNotar certificates untrustworthy and blocked them. The CA eventually filed for bankruptcy protection.

Hannay, meanwhile, plans to explore where he can apply his hack next, hinting it could be used to steal data or penetrate remote backup or sync features.

"I think it should be possible," he said.




Your Employees Are Your Best Asset For Social Media Success

As your company grows you find that you want to tighten up and control what your company publishes online, especially through social media. One of the ways to “let a thousand flowers bloom” is to open up your social media and enable employs to freely participate in corporate social engagement.

Of course this can only be properly done with training. Here's a video interview I did in Feb 2011 on Dell's head of social media. Dell has a campaign to train it's employees in the proper use of social media and thus can enable more employees to communicate with customers through social networks.

In a recent press release McKinsey Global Institute writes:

Two-thirds of this potential value lies in improving collaboration and communication within and across enterprises. The average interaction worker spends an estimated 28 percent of the workweek managing e-mail and nearly 20 percent looking for internal information or tracking down colleagues who can help with specific tasks. But when companies use social media internally, messages become content; a searchable record of knowledge can reduce, by as much as 35 percent, the time employees spend searching for company information. Additional value can be realized through faster, more efficient, more effective collaboration, both within and between enterprises.

The amount of value individual companies can capture from social technologies varies widely by industry, as do the sources of value. Companies that have a high proportion of interaction workers can realize tremendous productivity improvements through faster internal communication and smoother collaboration. Companies that depend very heavily on influencing consumers can derive considerable value by interacting with them in social media and by monitoring the conversations to gain a richer perspective on product requirements or brand image-for much less than what traditional research methods would cost.

To reap the full benefit of social technologies, organizations must transform their structures, processes, and cultures: they will need to become more open and nonhierarchical and to create a culture of trust. Ultimately, the power of social technologies hinges on the full and enthusiastic participation of employees who are not afraid to share their thoughts and trust that their contributions will be respected. Creating these conditions will be far more challenging than implementing the technologies themselves.

I encourage you to read and download the full report.



Xero Makes Changes to Improve Cloud-Based Accounting Software

Online accounting software company Xero has made some changes in the past few months to better help business owners manage their finances. These changes aim to improve the company's online accounting services so that small business owners can spend less time managing their finances and more time growing their business.

xero

Earlier this month, Xero integrated with ADP's online payroll platform, allowing the more than 150,000 small business owners who use RUN Powered by ADP to easily and securely transfer financial data between ADP's payroll solution and Xero's cloud-based software.

RUN Powered by ADP is a popular tool that offers improved compliance tools for payroll, tax administration and employee management. This change aims to allow both business owners and accounting professionals to manage payroll and other HR tasks more efficiently.

Xero also recently acquired WorkflowMax, a full-practice management suite that has allowed Xero to strengthen its cloud-based offerings. Since many businesses and accountants have begun switching over to online financial management systems, Xero wanted to make it easier for accounting professionals to not only manage their clients and finances, but also to deal with all of their other business functions within the same software.

WorkflowMax helps those businesses with important management functions such as tracking time, filtering job leads, generating reports, and creating invoices. With all of the added functions offered by WorkflowMax, accounting professionals can cut back on using different services for each management task, and just use one cloud-based service to run their business while easily collaborating with clients and colleagues.

Founded in 2006, Xero aims to help both business owners who want direct, real-time access to their finances, as well as accounting professionals who serve business clients. With software for everything from invoicing to online accounting, plus a wide range of available add-ons, Xero claims to be the world's easiest accounting software, and also to have everything business owners need to run a business.

Pricing for monthly plans ranges from $19 to $39 with different features for small businesses with different accounting needs.

To learn more about Xero, visit Xero.




Seven Mistakes Harming Your Business\'s Mobile Strategy

Lextech Global Services has developed mobile apps and strategies for businesses throughout the world, including several Fortune 500 businesses. Through his work with mobile technology, CEO and founder Alex Bratton has identified key areas where businesses can improve on current mobile strategies. Today, Bratton says, businesses are feeling so much pressure to develop apps, they may be destroying their own effectiveness. Bratton advises against simply creating a mobile version of your existing CRM or website.

“This hurried and incomplete approach leads to detrimental development mistakes, leaving businesses with a mobile presence that can hamper revenue growth, ROI and customer experience,” Bratton says. “This type of app wastes valuable IT resources and sets businesses up for failure.”

Bratton names seven specific mistakes businesses make when developing a mobile strategy.

  • Creating a “Me Too” App. If the only reason your business is developing an app is to keep up with the competition, Bratton says you may be going into it for all the wrong reasons. ” Just because you're afraid to fall behind in the market doesn't mean it's time to go mobile.” Determine whether or not there's a real business benefit to developing an app.
  • Lack of a Good Business Plan. Bratton has found many businesses leave specifics out of their business plan or, even worse, fail to develop a business plan at all. Careful planning can give your app direction, increasing your chance of having a ROA (return on app investment).
  • Transferring Your Entire Website into Mobile. Bratton recommends the five percent rule: transfer only five percent of your web system's typical content into your web app.
  • Serving All Users with One App. Consider making a suite of apps, each tailored to a specific need of your end users. Bratton also recommends approaching app development on a task-level basis.
  • Overlooking Offline Use. Your end users won't be able to connect from everywhere. Consider creating an app that your end users can still access if they are unable to access wi-fi or cell phone towers.
  • Only Testing In-House. If your technical team are the only ones testing the app, you may be missing feedback from those who matter most. Have end users test your app for the most valuable feedback.
  • Trying Too Hard. Avoid excessive gimmicks to get users to download your app. “Instead, focus on the app's professionalism, ease-of-use and value-added,” Bratton says.

Lextech focuses on creating apps that have professional, easy-to-use interfaces and integrate with a variety of platforms. Lextech's apps have won the Bronze Edison award for Best New Technology Product of the Year, Coolest App and Most Monetized App from iOSDevCamp, and a Chicago Innovation Award. In addition to providing mobile web development and mobile planning, Lextech also focuses on customer support once an app has been deployed. Most recently, Sonic Automotive announced a partnership with Lextech to help take its online car-buying experience to the mobile format.



MSSP and mobile support added by BeyondTrust

BeyondTrust has announced the launch of multi-tenant support for MSSPs and a context-aware management solution for mobile devices.

BeyondTrust said that Retina CS 3.5 includes enhanced protection agent deployment and policy management for multi-tenant support for mobile connectors and Retina Insight.

According to the company, Retina CS is a vulnerability management solution that integrates private cloud security into existing vulnerability management practices, providing organisations complete visibility and management of all vulnerabilities.

The new version, Retina CS 3.5, allows users to visualise the before and after effects of remediation recommendations, as well as the ability to view resources within the organisation, such as mail and database servers, domain controllers, new assets and critical mobile vulnerabilities.

Brad Hibbert, executive vice president of product engineering at BeyondTrust, said: “A recent Gartner report advises that organisations looking to invest in cloud infrastructure by leveraging an MSSP should have the provider also support the security for the cloud offering.

“MSSPs can offer a new level of security and comfort to their client base with Retina CS 3.5 by providing security risk discovery, prioritisation, remediation and reporting across their dynamic IT infrastructure, helping to close critical security gaps.”

Retina CS 3.5 also includes a connector to BeyondTrust's PowerBroker mobile solution. According to the company, PowerBroker Mobile is the first product to integrate Retina CS technology since the successful acquisition of eEye Digital Security and integrates context-aware management with vulnerability and patch information.

PowerBroker Mobile offers coverage for Android, Apple iOS, BlackBerry and ActiveSync devices, and is a mobile device provisioning and configuration platform, with policy management for virtual private networks (VPNs), email, passwords, device encryption, remote locking GPS tracking and remote wipe, according to BeyondTrust.

Hibbert said: “With PowerBroker Mobile we're bridging policy management and mobile health by taking vulnerability assessment information as part consideration. Our goal is to provide organisations with a solution that easily integrates management functionality with security information, for any user that brings their own devices to work.

“Managing the health and risks associated with mobile devices shouldn't be so costly and complex and that's why we're introducing PowerBroker Mobile to the market.”



When You\'re In Trouble, Just Consult an Expert!

Experts are hard to come by. That is, unless you have an Internet connection! The Internet gives us an almost infinite resource for knowledge, but also provides us with the ability to consult with experts in different industries who often answer people's questions in their own free time.

If you're wondering about the best way to troubleshoot a problem on your servers, or even one way to fix a leaky fridge, you can simply ask a question on any experts network. Some companies provide you with general consultation services where you are paired up with someone who has expertise in your industry.

You probably have already felt that your competitors know something you don't, and you can't just ask your neighbors for that information. Competition won't tell you what they're doing right, of course.

Despite all this, you can actually employ the services of a consultant from a website that offers these services at a “pay for what you need” basis. Here are a few of those:

  • Maven - The definition of “maven” is “an expert or connoisseur.” Maven lives up to this definition by providing you with consultation services from individuals who are experts in any particular field. If you want to know the latest trends in your business, you can ask Maven to conduct a survey of its members working in your field. Within a short time, you'll get results of what's going on in your industry.
  • Experts Exchange - This kind of service allows you to get answers to your technology questions.  Experts sign up here to work with a point-based system and you can sign up to ask any amount of questions you want for $12.95 a month. You can get answers here that you wouldn't have gotten in free places like Yahoo Answers. This platform makes sure you get the top expert for the particular question you're asking.

If you've got a small business, chances are you won't find it convenient to have to hire a panel of experts to get what you're looking for. The Internet makes it possible for you to have experts work on your case without having to ever leave the office.



IDS described as being 13 years out of date and not good enough

Intrusion detection systems (IDS) have been labelled as not being good enough now or for the last 13 years.

Speaking at a recent Websense event, Martin Jordan, director of the information protection team at KPMG, said that "13 years ago IDS did not work and it still does not give much back" and the security industry needs to improve defences against modern malware and botnets.

He said: “There is some advanced IDS and there is threat management, but the state of IDS is still not enough.”

Asked if he felt that IDS was out of date, Jordan said: “I don't think it addresses the threat. IT departments shouldn't see it as a magic button, as it is all technology and it is all fallible, you can only solve a problem by dealing with the threat appropriately, by gauging what it is.

“I have to help by securing our own network and we are protecting 40,000 people worldwide, and quite often the first thing I look at is the Websense folders, as they are a very rich source of intelligence. So IDS will never solve it but a move towards better solutions will be better for you.”

Speaking to SC Magazine, Metadigm CTO Steven Malone said that it was interesting that he had referenced IDS and not IPS (intrusion prevention systems).

He said: “Around five years years ago, IDS vendors suddenly decided they were intrusion prevention/protection rather than just intrusion detection and IDS morphed into IPS.

“However, with the complexity of APTs on the increase and UTM technology maturing, it's easy to see how blended threats now require blended security rather than standalone products. UTM vendors with a solid offering such as Check Point and Fortinet are in a prime position to service this demand.”

Didier Guibal, executive vice president of worldwide sales at Websense, said: “You cannot do without traditional defences and you need to take a separate look at things.

“You cannot spend 80 per cent of your resources on solutions that only address 30-40 per cent of the threats, so you have to take another look at how you are spending the budget and then beyond that, have a top down strategy so you have a constant additional layer that is consistent with the technology.”



Qualys opens Android app analysis framework

Qualys has launched an open-source framework to allow users to find out what their Android apps are doing.

Named the Android Security Evaluation Framework (ASEF), the company said that it allows researchers to harvest behavioural data from hundreds of installed application on a device, analyse their run pattern and assess whether they are doing more than what they are supposed to and if personal information is exposed.

According to a blog by Parth Patel, vulnerability signature engineer at Qualys, he created ASEF to perform Android app analysis, while alerting the user about other possible problems.

“[You should] use it to become aware of unusual activities of your apps, expose vulnerable components and help narrow down suspicious apps for further manual research,” he said.

He said that ASEF takes a set of apps, either pre-installed on a device or as individual APK files, and migrates them to the test suite that runs through test cycles on a pre-configured Android Virtual Device (AVD).

This will simulate the entire lifecycle of an Android app on an Android device, triggering behavioural aspects of it and collecting data using ADB (Android debug bridge utility, which is available as a part of an Android SDK) and network traffic using Tcpdump.

Patel said: “During such a simple yet thorough approach of performing a behavioural analysis for various apps, interesting results were found about apps leaking sensitive information such as IMEI, IMSI, SIM card or a phone number of a device.

“Some malicious apps might just send this data in clear text over the internet, and are much easier to be caught by analysing collected behavioural data. However some malicious apps can be sophisticated enough to detect the default settings of a virtual Android device and might behave differently in such settings.”

Patel also said that ASEF is available as open source so users can gain access to security aspects of Android apps by using this tool with its default settings.

“ASEF will provide automated application testing and facilitate a plug and play kind of environment to keep up with the dynamic field of Android security,” he said.



MSSP and mobile support added by BeyondTrust

BeyondTrust has announced the launch of multi-tenant support for MSSPs and a context-aware management solution for mobile devices.

BeyondTrust said that Retina CS 3.5 includes enhanced protection agent deployment and policy management for multi-tenant support for mobile connectors and Retina Insight.

According to the company, Retina CS is a vulnerability management solution that integrates private cloud security into existing vulnerability management practices, providing organisations complete visibility and management of all vulnerabilities.

The new version, Retina CS 3.5, allows users to visualise the before and after effects of remediation recommendations, as well as the ability to view resources within the organisation, such as mail and database servers, domain controllers, new assets and critical mobile vulnerabilities.

Brad Hibbert, executive vice president of product engineering at BeyondTrust, said: “A recent Gartner report advises that organisations looking to invest in cloud infrastructure by leveraging an MSSP should have the provider also support the security for the cloud offering.

“MSSPs can offer a new level of security and comfort to their client base with Retina CS 3.5 by providing security risk discovery, prioritisation, remediation and reporting across their dynamic IT infrastructure, helping to close critical security gaps.”

Retina CS 3.5 also includes a connector to BeyondTrust's PowerBroker mobile solution. According to the company, PowerBroker Mobile is the first product to integrate Retina CS technology since the successful acquisition of eEye Digital Security and integrates context-aware management with vulnerability and patch information.

PowerBroker Mobile offers coverage for Android, Apple iOS, BlackBerry and ActiveSync devices, and is a mobile device provisioning and configuration platform, with policy management for virtual private networks (VPNs), email, passwords, device encryption, remote locking GPS tracking and remote wipe, according to BeyondTrust.

Hibbert said: “With PowerBroker Mobile we're bridging policy management and mobile health by taking vulnerability assessment information as part consideration. Our goal is to provide organisations with a solution that easily integrates management functionality with security information, for any user that brings their own devices to work.

“Managing the health and risks associated with mobile devices shouldn't be so costly and complex and that's why we're introducing PowerBroker Mobile to the market.”



Chick-Fil-A Comments Put Brand in Jeopardy

Chick-Fil-A president Dan Cathy has discovered what some business owners already know, that what you say and do may have an impact on your brand not only in positive but also in negative ways. Cathy's recent comments on gay marriage have landed his business in the middle of a contentious debate. The situation can be a cautionary tale for other business owners contemplating stands on controversial issues:

A Poor Choice of Words

Playing chicken with public opinion. Cathy's comments about supporting the “biblical definition of the family unit” have angered gay rights activists, some customers, some political leaders and, yes, even the Muppets. Of course, business owners, like everyone else, have the right to free speech, but exercising this freedom may affect your business. CBS News

Having your waffle fries and eating them too. After Cathy's remarks to a religious news site and over the radio angered customers and political leaders, some of whom are now threatening to block the company's expansion plans, Chick-Fil-A is trying to disengage from the debate. But the question is whether or not it's too late. The Los Angeles Times

The Seeds of Discontent

Brand runs afoul with customers too. Lest anyone think activists, political leaders, and business partners were the only ones offended by Cathy's remarks, a marketing research company says the Chick-Fil-A brand has taken a hit with American consumers too, since Cathy's remarks became public. YouGov

Trouble in the hen house. What's worse, the Chick-Fil-A controversy has even encouraged a bit of brand co-opting. Witness YouTube chef and comedian Hilah Johnson's creation, the Chick-Fil-Gay, a do-it-yourself home version of the chicken franchise's popular sandwich, made for home consumption to show opposition against the company's stand. The Stir

The Eye of the Storm

Chick-Fil-A appreciation day. Meanwhile, not everyone is on Cathy's back, and some leaders are even urging support for the values he espoused during two controversial interviews that have angered some and energized others to defend the company. Former US Presidential candidate Mike Huckabee is advocating support for Cathy's remarks and his business in a nationwide show of solidarity Wednesday. Facebook

Don't mix business with religion. Of course, franchise expert Joel Libava points out in a recent post that the Chick-Fil-A president's real mistake was not simply espousing a politically incorrect opinion. It's also that he made the mistake of mixing business with religion. Some say it's unwise to discuss politics or religion with others. Maybe business owners should take the hint, too. The Franchise King

Amazon chief wades into debate. While controversy over Chick-Fil-A's stand on gay marriage still rages, another business leader, Jeff Brazos, CEO at Amazon, has donated $2.5 million in support of a same-sex marriage referendum in Washington state. Some will question whether his stand also invites criticism from those on the other side of the debate. The Washington Post