FBI undercover operation leads to huge online credit card fraud sting

Federal authorities said Tuesday they arrested 24 individuals in a massive international law enforcement effort targeting online credit card fraud and other financial cybercrime. The arrests were the result of a two-year undercover FBI operation.

Eleven of the suspects were arrested in the U.S.; the rest were arrested in seven foreign countries, including the United Kingdom and Bulgaria. In all, 13 countries were involved in the cybercrime sting.

“The allegations unsealed today chronicle a breathtaking spectrum of cyber schemes and scams,” Preet Bharara, U.S. attorney for the Southern District of New York, said in a statement. “As described in the charging documents, individuals sold credit cards by the thousands and took the private information of untold numbers of people. As alleged, the defendants casually offered every stripe of malware and virus to fellow fraudsters, even including software enabling cyber voyeurs to hijack an unsuspecting consumer's personal computer camera.”

In June 2010, the FBI set up an undercover carding operation â€" called “Carder Profit” â€" to target cybercriminals engaged in online financial fraud.  The site was configured to allow the FBI to monitor and record discussion threads as well as the IP addresses of users when they accessed the site.

The FBI said it prevented estimated losses of more than $205 million during the undercover operation by contacting many affected institutions and individuals. The agency notified credit card providers of more than 411,000 compromised credit and debit cards.

Among those arrested in the U.S. include Mir Islam, also known as “JoshTheGod,” who allegedly trafficked in stolen credit card information and claimed to be a member of the Underground Nazi Hacktivist Group (UGNazi) hacking group and a founder of Carders.org. Authorities said he was arrested in Manhattan Monday night after meeting with a person he thought was bringing him counterfeit credit cards but was actually an undercover FBI agent. Islam was arrested after he tried to withdraw money from an ATM using one of the counterfeit cards. The FBI said it seized the Web server for UGNazi.com and the domain name of Carders.org, taking both sites offline.

Last week, a hacker claiming affiliation with UGNazi said the group was responsible for Thursday's two-hour Twitter outage, but Twitter denied the allegation. UGNazi has claimed responsibility for several politically and socially motivated attacks against Google, BP, Comcast, and last month's CloudFlare security breach.

Another suspect in Tuesday's carding crackdown, Michael Hogue, allegedly offered malware for sale including a program that recorded keystrokes and allowed the user to turn on the Web camera on a victim's computer to spy on the person.

Others arrested are involved in a variety of crimes, including hacking into corporate databases and selling the information, selling stolen credit card data, and using stolen credit cards to receive Apple replacement parts fraudulently.

 




New Google tablet rumoured for launch tomorrow

Google will announce its play into the tablet computer market at a conference in San Francisco tomorrow morning, according to internet speculation.

Allegedly leaked documents obtained by gadget website Gizmodo Australia say the tablet - called Nexus 7 - will have a 7-inch screen and be priced under US$200 ($NZ252).

The tablet will have a battery that lasts approximately 9 hours and run the Jelly Bean version of the Android operating system, Gizmodo reported.

The Nexus 7 will house 1 gigabyte (GB) of RAM and come in two versions - one with 8GB of internal storage and the other with 16GB.

The later will be priced at US$249 while the former will sell for US$199 , Gizmodo said.

It will also come equipped with a near-field communications (NFC) chip, which allows devices to make mobile payments and transfer files to other tablets or phones.

The Nexus 7 will reportedly be manufactured by Taiwan-based hardware company Asus.

If the rumours of the Nexus 7 are true, it is expected Google will announce the tablet at its developers conference tomorrow morning.

According to Gizmodo, the tablet will have a speedy release and go on sale in Australia next month.

Commentators do not believe the Nexus 7, if announced, will be a direct rival Apple's iPad, which has a larger 9.7-inch screen and is around double the price.

According to US website Business Insider the move would be "an attempt to take down the [Amazon's] Kindle Fire" in the hope of it becoming the second most popular tablet in the market.

If the Nexus 7 is the announced tomorrow it would come just over a week after Microsoft unveiled its new tablet.

The Microsoft "Surface" device will come with Windows 8 and a fold down "multi-touch" keyboard which the company said will allow users to type faster than using an on-screen keyboard.

While the Nexus 7 may be taking aim at the Kindle Fire, the Surface is believed to be targeting the iPad.

According to Microsoft chief executive Steve Ballmer the new tablet is part of a "whole new family of devices" the company is developing.

NEXUS 7 - Rumoured specs:

* 7 inch screen

* 1GB of RAM

*8GB or 16GB of internal storage

*Priced between US$199 and US$249

*9 hours of battery life

By Hamish Fletcher | Email Hamish

Back It Up Today With Hard Drive In The Cloud: Review of Carbonite

Storage space. We always seem to want more of it. There is always a shortage of storage space, in our homes, offices, and on our computers. So we buy external hard drives and create a daily and weekly backup plan. Not. Confess in the comments if you start your new year with thoughts of backing up all your data, on a regular basis, and then don't do it. Even if you are not willing to confess, you will want to read this review about Carbonite and its online backup service. It may just save your small business from a big, big headache.

Carbonite is a remote, not on your premises, cloud-based hard drive. As you can see from the screenshot of their home page, they are laser-focused on making it easy to try it out. Pricing right on the splash page (home page) and two calls to action. That alone pushes it to the top of list, in my book. Make it easy, easy, easy on a small business owner and I'm seriously interested.

You can buy a large multi-terabyte external hard drive for around $120, give or take $20. It will be shiny and cool looking on your desk. But you will have to exercise serious discipline to back up your data each day or week. If you don't think you'll do it, spring for Carbonite and enable their automatic backup process. The “Home” option is for home offices and 1-2 person businesses, so if you fit that description, click “Try Home Free” first.

How it works:

When you sign up, you have to download a small application (8.7Mb) and install it. This small package enables the communication between your machine and Carbonite's servers. The download, install, setup process took less than two minutes. Then the service asks you a few questions and if you want an automatic full backup or an “advanced” backup which allows you to select which folders and files to backup. But, they even make that super easy and have a “default” option to include standard folders like Documents, Pictures, etc.  I chose full manual as I'm really only testing their 15-day free trial, but I will say it looks very, very user friendly and compelling as a time-saver. With plans starting at $59 for one year, it may be one of the handful of services that I choose to buy for my company after my review.

Then, it asks you to choose a continuous backup (meaning consistent and regular) or if you want to choose a schedule that fits you. That's the main thing to remember: Carbonite strives to really fit their service to your needs. That's not a comment to make for a nice review; they really have thought about you and me in the tedious process of backing up data. It is impressive. Normally, i have a what I liked section and what I'd like to see improved. I can't find anything to improve, except that it took me so long to test this service and alleviate my concerns about a failed future hard drive.

Now to the last point you might be thinking about - what do I do if I have to restore a file or folder or drive? You can look at the Carbonite drive as if it was a hard drive on your machine. You can choose to “restore” the drive, or just a folder, or even one file. You can restore that file in its original location or put it in a new folder on your desktop.

Learn more about Carbonite and how you can securely back up your small business computer hard drives.




Can Your Small Business Survive the Economy? Technology Can Help

Small business owners are working longer hours than ever as economic tough times force them to try to survive. Unfortunately, all too often this comes at the expense of a small business owner's personal well-being. According to a survey conducted by ERP firm Sage, small business workers are working 42% more hours each week than only five years ago, with at least 40% less vacation time. Most small business owners are giving up nights and weekends, as well, with 72% reporting that they work longer days and more weekends than five years ago.

Part of this has to be attributed to technology. Consider the fact that most small business owners reported using a phone or other mobile device to access work-related information when they weren't at the office. While most business owners reported that they believed technology has helped them be more productive, it also creates an “always on” business world where business owners eventually feel burned out.

If you're a small business owner, you likely know the importance of always being available. But at what expense? Your family demands your time, as well, and vacations and “fun time” can help give you the balance you need. But if your smartphone is constantly in front of your face, chances are you aren't enjoying that “time away” from work. Plus, your friends and family might actually want to have a conversation with you without having to wait for you to finish sending an e-mail.

Believe it or not, technology can help your small business survive without driving you and everyone you love crazy. Here are a few tips for using today's tools to survive tough economic times:

  • Delegate. If you're trying to do everything alone, you're hurting yourself and your business. If you've hired workers, use your electronic devices to pass some of that work on. Review all of your daily processes and determine which of those items could be handed off to someone else in your organization. If you're a one-man operation or your workers are too busy, check to see if moving to a Cloud-based automated solution might save your business money on such things as printing costs, reduction in fuel, and server storage.
  • Set limits. Many of us find ourselves compulsively checking our e-mail throughout the day. Make a deal with yourself that you'll only check it once an hour. This is especially important if you're on vacation or trying to spend time with your family on the weekend. If you need an extra dose of willpower, consider leaving your phone in a different room or in your car, only checking it occasionally. Even during the work week, you'll be much more productive if you can concentrate on the task at hand rather than constantly refreshing your inbox.
  • Use technology as a tool. Whether you're using your calendar reminders or downloading an app that can help you avoid traffic on your morning drive, your smartphone, tablet, or PC is a tool. If you can search for the best free or low-cost apps that improve your productivity, you'll reap the highest rewards from today's technology.

The results of Sage's survey are in the below infographic:



12 Surefire Strategies to Increase Customer Loyalty

What's your best tip for increasing customer loyalty?

From Small Business Trends

12 Surefire Strategies to Increase Customer Loyalty



F5 announces filtering tool for malicious IPs and partnership with Webroot

F5 has announced the launch of a cloud-based service that detects and restricts access from IP addresses which are associated with malicious activity.

According to the company, the IP Intelligence service can identify addresses and leverage intelligence from cloud-context security solutions and combines information on the latest threats with the unified policy enforcement capabilities of the BIG-IP application delivery platform.

Leveraging an updated list of threat sources and high-risk IP addresses, F5 said that the IP Intelligence service delivers contextual awareness and analysis of IP requests to identify threats from multiple sources across the internet.

The service draws on the expertise of a global threat-sensor network and IP address database to detect malicious activity, and can offer protection throughout the application delivery infrastructure with F5's unified BIG-IP architecture.

Mark Vondemkamp, senior director of product management, security at F5, said: “Organisations are looking for security solutions that can dynamically synthesise information from a variety of sources to give infrastructures the maximum level of protection against sophisticated cyber attacks.

“At the same time, enterprises must preserve the flexibility to customise their systems and add safeguards as network and access conditions change, and as new types of threats emerge. F5's IP Intelligence service enables customers to pool disparate threat detection capabilities, block malicious IP addresses and tailor performance to specific needs by leveraging our BIG-IP Application Security Manager and iRules technologies.”

F5 also announced a partnership with Webroot following the integration of Webroot's IP Reputation Services into F5's Traffic Management Operating System to provide enterprise users with the protection against rapidly evolving threats. This also enhances application performance and availability and develops stronger context-based security.

Vondemkamp said: “Applications running across networks encounter a wide range of security challenges and IT managers don't want the complexity of managing different single-purpose appliances.

“By integrating the industry's most comprehensive IP Reputation intelligence into our product platform, our customers can take advantage of added protection against malicious sites without any extra management burden.”

Craig Whetstone, senior director of strategic alliances at Webroot, said: “We are excited to join forces with F5 Networks, which shares Webroot's mission of making security management easier for today's busy IT professionals. Together with F5 and its community of developers, we can help their customers address the challenge of securely delivering critical business applications backed by up-to-the-minute protection against today's rapidly evolving Internet threats.”



Senior management \'Cannot Locate Our Users Data\'

Research has found that two-thirds of IT executives do not know where their data is, while three-quarters cannot track it.

The research by Varonis of 400 companies at EMC World found that 67 per cent of senior management respondents either don't know where all company data resides, or were not sure. It also found that 74 per cent of respondents did not have a process for tracking which files had been placed on third party cloud storage server.

Of those that allow cloud-based file synchronisation services, only nine per cent of respondents' companies have a process for authorising and reviewing access to cloud repositories in place. Under a quarter (23 per cent) were still developing their access policies.

David Gibson, vice president of strategy at Varonis, said: “The results clearly show a lack of control by those organisations that have adopted cloud file sync services. The most disturbing findings were the number of companies that report they have no way to track what data is being stored in the cloud or any process to manage access to that data (or plans to do so).

“This should act as a wakeup call for organisations to develop a conscious strategy to ensure secure collaboration as quickly as possible.”



Flame malware a lesson in nation-state hacking tactics, expert says

The Flame malware toolkit, used in a cyberespionage campaign, highlights stark differences between the approach western cyberintelligence operations have carried out versus those used by China, according to a prominent malware security expert.

They could reuse that code throughout and build complex systems for stealing data without actually having to know all the intricacies of programming or how Trojans work at a low level.

Joe Stewart, director of malware research, Dell Secureworks

Flame was designed as a monolithic framework to enable people to carry out attacks without having deep knowledge of software coding or the way malware works, said Joe Stewart, director of malware research at Dell Secureworks. Flame appears to have been designed to help agents in the field deploy it easily, using only the components necessary to gather the intelligence needed, Stewart said. 

“They get a lot more flexibility and a lot more uniformity,” Stewart said of the Flame malware toolkit. “They can take this framework and can train any number of people to use it in exactly the same way.”

Flame is believed to be part of a joint U.S.-Israeli operation, according to a report citing anonymous officials by the Washington Post. The targeted attack was detected by the Iranian Computer Emergency Response Team and made public in May by Kaspersky Lab. It infected less than 200 systems in Iran, and was detected on machines in other countries in the Middle East and North Africa. Sources cited by the Post said Flame was part of the intelligence-gathering operation that led up to the Stuxnet attack designed to disrupt the centrifuges used by Iran's uranium enrichment program.

China's use of malware to conduct cyberespionage in recent years has been completely different, said Stewart. Those involved with targeting and deploying malware mainly operate in isolation, using a vast array of malware to maintain persistence on a network.

“They don't really have a way to work as a team and share code that does a particular thing,” Stewart said. “Instead of a giant, monolithic framework, they tend to use a lot of small, different Trojans so that when they are detected eventually, it doesn't affect the rest of their operation.”

Stewart said both approaches have their benefits and drawbacks. Malware believed to be tied to China cyberespionage operations is detected often, but typically it doesn't matter because forensics teams know there is likely additional malware to enable the attacker to maintain their presence on the systems, he said. Meanwhile, an attack toolkit the size of Flame offers flexibility for agents in the field, but once it is detected its effectiveness is greatly diminished.

“If you have something like Flame, you've kind of put all your eggs in one basket,” Stewart said. “Now that people know what Flame is and every antivirus company on the planet can detect it, where do you go from here?”

In an interview with SearchSecurity.com, Stewart explained why the scope of the Flame project was impressive, and the benefits and drawbacks of the different approaches nation-states take in their attack methods. He also explored why botnet infections are a serious problem for enterprises and how botnet operators use social media and other tactics to avoid detection.

What is your analysis of the Flame malware toolkit, which is believed to be nation-state sponsored?
Stewart:
It was definitely interesting. The scope of the project was impressive. Much like any large software project, there are a lot of pieces to it. It incorporates a lot of different technologies. None of these technologies were created specifically for this purpose or are pioneering, but someone tried to develop a platform with a lot of flexibility and a lot of capability. This is pretty much what you would expect, if you try to imagine what kind of capabilities are available to nation-state actors or people who are involved in espionage at a high level. You could imagine that if they were hacking, they would have to have some sort of platform to maintain some kind of long-term persistence on a network. Each group that is involved in this kind of activity has to have a framework of some sort.

There's an interesting contrast between whoever is behind Flame and the way they chose to be involved with in, and other actors that have been involved with this for a long time. If you look to the activity coming out of China â€" what we've seen for several years â€" instead of a giant, monolithic framework, they tend to use a lot of small, different Trojans so that when they are detected eventually, it doesn't affect the rest of their operation; they can continue long term. They don't have a problem because you detected that one Trojan. They have 20 or 30 more they can continue using and can continue just fine and maintain their persistence.  If you have something like Flame, you've kind of put all your eggs in one basket. Now that people know what Flame is and every antivirus company on the planet can detect it, where do you go from here? Do you completely architect your entire framework so it's brand new and not detected? You can't really use too much of the old code. So there are different approaches that different nation-state actors from different areas have, but they're all working toward the same goal of having a framework within which to operate.

What is the advantage of taking the opposite approach to China's methods?
Stewart:
  The advantage is they get a lot more flexibility and a lot more uniformity. They can take this framework and can train any number of people to use it in exactly the same way. If you want a new module you can use this scripting language and make it do function x. They could reuse that code throughout and build complex systems for stealing data without actually having to know all the intricacies of programming or how Trojans work at a low level. You can hand this to less experienced people and have them accomplish their goal. You can get a lot of them working within the same framework and they are all trained the same way. As opposed to the Chinese approach where lots of people are doing their own thing, using the malware they are comfortable with, but they don't really have a way to work as a team and share code that does a particular thing.

When I think of botnets I think of spam, denial-of-service (DoS) attacks and click fraud. What are some of the other threats posed by botnets?
Stewart:
Botnets have their own particular purpose and ways of doing things depending on what the author has in mind. There are lots of botnets out there that are just designed to install other botnets. That's what they get paid to do. All they are is just another platform. Then there are botnets designed to steal data such as Zeus and SpyEye. It can be things that are designed just to steal passwords for Facebook or Twitter or to webmail to send spam.  It can be about stealing your gaming credentials so they can log into your online gaming account, stealing all your valuable items and auctioning those off somewhere else.  Some things will directly try to lock up your desktop so you can't use it or encrypt all your files so you can't access them and then find some way of making you spend a small amount of money to get that access back. The more threatening stuff is designed to completely steal any kind of intellectual property and they're highly focused on companies and governments.

Once you start amassing a large botnet, cybercriminals can rent out pieces of it as well, is that correct?
Stewart:
Sure. I think most business models we've seen about renting botnets are renting out the service that the botnet provides, which is most often distributed denial-of-service (DDoS). Theycan also be used for fraud. In some cases they don't rent the botnet itself, but they rent the product of the botnet. For instance, you might not to rent a botnet to steal credentials for particular bank, but you could get someone else that has a botnet that is stealing credentials and has a remote database somewhere. You could buy access to that database.

Fundamentally, you've said there hasn't been a whole lot of change in the makeup of botnets over the years. Are there some advancements in terms of communication or techniques for command and control?
Stewart:
There have been some techniques. We really have the rise of social media and it gives people a quick and easy way to post a small bit of content somewhere, as in a Twitter feed or a Facebook post. These have made ideal, covert communication channels for bots to look for and receive commands. Hardly any company is going to look twice at somebody within their organization visiting a Twitter account. They are just not going to think that there is anything necessarily bad about that. This may be a bots primary communications channel and it can fly right under the radar if they do it correctly.

There has been a lot of hype around mobile threats. There has been talk about botnet operators potentially harvesting the power of mobile devices as part of an attack. Is that possible?
Stewart:
I suppose it is possible, but you are not leveraging very much. The mobile networks don't have much bandwidth, so you're not gaining as much as you would if you took over a broadband connection. I think for that reason, mobile malware has been limited to a few specific categories. These are things that are sending out SMS messages for spam or for premium charges that go to the bot owner. Or it's just a case of getting on the mobile platform in order to use it as part of a multifactor authentication bypass to support standard malware on your computer trying to log into your bank account. I don't think you can say at this time that someone will get a whole lot of value out of a mobile botnet. There are certain categories where it is useful, but as a DDoS botnet it would probably be pretty abysmal.




13 Top SEO Tools For Startups

Which SEO tools have been most helpful to your business?

The following answers are provided by the Young Entrepreneur Council (YEC), an invite-only nonprofit organization comprised of the world's most promising young entrepreneurs. The YEC promotes entrepreneurship as a solution to unemployment and underemployment and provides entrepreneurs with access to tools, mentorship, and resources that support each stage of their business's development and growth.

1. SEOMoz for Everything

Bhavin Parikh

SEOMoz's suite of products has essentially provided us the value of our own personal SEO consultant. We use their tools track keyword rankings, rate on-page optimization, and track links to our site. They also regularly post great tips on their blog and have a Q and A section. By using their tools, we've increased our monthly search traffic 10x in the last year.

- Bhavin Parikh, Magoosh, Inc.

2. Raving About Raven Tools

Lawrence Watkins

I love Raven Tools. It is one of the key reasons why my company's website ranks either first or second for most keywords related to our niche. Their research analysis and link-building tools allow me to find untapped niches and capitalize on them through effective organization for outreach.

- Lawrence Watkins, Great Black Speakers

3. Install SEO for Chrome

Jun Loayza

SEO for Chrome is the go-to tool that I use. It allows me to easily see Page Rank, backlinks, estimated traffic, and even conduct keyword research for a website, all through my Chrome browser. It's very important to get backlinks for SEO; I use this Chrome app to determine where I will invest my time to develop links back to my site.

- Jun Loayza, Magoosh, Inc.

4. Scribe for Content

Laura Roeder

Scribe is a great tool for SEO-ifying content. We run all of our blog posts through it to make sure that they're not only educational, but will all be found in the search engines. Right now, we receive more than half of our traffic from relevant Google searches.

- Laura Roeder, LKR

5. Can't Go Wrong With Google

Warren Jolly

SEO is all about content and links, but equally important are the keywords you choose to target. Don't assume what your users are searching for. Instead, use Google's free Keyword Tool to determine monthly search volume for keywords in your industry. Once armed with this data, create content and obtain links targeting these keywords and watch your SEO traffic soar.

- Warren Jolly, Affiliate Media Inc.

6. Two Birds With One Stone

Angela Pan

YouTube has helped me rank high on certain Google keywords. Not only is it the second highest search engine ever, but it also helps my audience see me and my photography in a more personal setting.

- Angela Pan, Angela B. Pan Photography

7. Join the Fight With Market Samurai

Sean Ogle

Ever since I started doing SEO years ago, Market Samurai has been the backbone of my keyword research and analysis process. It is much easier to use than Google's Keyword Tool and less expensive than other products on the market.

- Sean Ogle, Location 180, LLC

8. Open Up Open Site Explorer

Lauren Fairbanks

Information is key in improving your SEO efforts; if you don't know where your inbound links are coming from and what keywords are providing the biggest boost to your search efforts, you can't work to improve them. Open Site Explorer lets us check which inbound links are giving us the best SEO benefits, perform competitive research, and check backlinks and anchor text almost effortlessly.

- Lauren Fairbanks, Stunt & Gimmick's

9. Go Real-Time on Rank Checker

Matthew Ackerson

I've been using Rank Checker, the simple browser plugin for over three years now and haven't had a need for much else. It's free and you can download and set it up in a few minutes. You can create multiple website profiles that you want to track keyword SERPs for. It's super simple and it gives you the most up-to-date results each time you run it. You can also schedule it to run automatically.

- Matthew Ackerson, PetoVera

10. Wordtracker Cuts Out Extra Work

Nathalie Lussier

When it comes to researching which keywords are the most searched for, and how much competition they have, Wordtracker is the way to go. You can find out how many clicks you'd likely get if you got to the front page of Google, and whether it's worth targeting this keyword or not.

- Nathalie Lussier, Nathalie Lussier Media

11. Add Platinum SEO to WordPress

Ben Lang

Many of my sites run on WordPress so I use WordPress plugins on them. The best one of these plugins for SEO is definitely Platinum SEO.

- Ben Lang, EpicLaunch

12. Site Strength Indicator Delivers Results

Nicolas Gremion

Site Strength Indicator from SearchEngineNews has been incredibly helpful, as it provides a very detailed breakdown of the most important SEO factors and how your site rates for them.

- Nicolas Gremion, Paradise Publishers

13. Forget SEO and Hit the Books

Eric Bahn

The best SEO tool I've ever encountered is The Purple Cow, a book by Seth Godin. This book makes the case that investing your resources into developing an amazing and viral product is better than any marketing or SEO campaigns. Instead of gaming SEO, focus on building a product that goes viral.

- Eric Bahn, Beat The GMAT



4 Ways To Fairly Use Other People\'s Content

Whether it's for our blog, newsletter, social media updates or something else, we're all a little obsessed with content right now. And who can blame us? The search engines have been clear that it's through our content that customers will find us, trust us, and buy from us.

caught stealing

So, just like that, we've all committed ourselves to producing pages and pages of content each week that we're using to attract customers and promote our range of services. But what if you could reap the benefits of content without doing all the legwork to create original content all by yourself?

Well, you can.

Below are four ways to make use of other people's already existing content. Things that add value to your user but that don't steal or diminish what someone else has already created. Because while we all want to get more bang from our buck, we don't want to steal other people's content either.

1. Simplify It

If Apple were to announce today that the new iPhone would only come in the color lime green, do you know what would happen? We'd be inundated with blog posts written by all the greatest tech pundits about what the announcement meant. There would be posts about why that color was chosen and its significance, what such a color means to smart phone manufacturing, the history of the iPhone, and whether or not it was just another ploy from Apple, etc.

Pretty soon TechMeme would be filled with 500 blog+ posts all adding their own commentary to the same three details released. It would be a mad house. We know this because it happens every week in the tech sphere.

And I bet it happens in your corner of the world, too. Maybe a new law has been enacted that will change how your industry operates. Or a competitor has been outed for some controversial practices. Instead of being another voice in a sea of confusion, do your audience a service by breaking down what's already out there, explaining what it means, and showing them how to find more information on the topic.

Help them understand what everyone else is saying in their posts and you'll make your blog the one they trust and refer to.

2. Offer Round Ups

Don't have time to whip out a blog post or a new article? Use content from the Web to offer a round up instead. Maybe it's a roundup of news related to your niche, maybe it's the ten best posts you've read about X or maybe it's a list of fun things you simply want to share with your audience.

Either way, it allows you to share content without the burden of having to write it from scratch. It also encourages you to step outside your site and recognize others who are doing and saying great things. This makes your site more interesting to your readers, while also helping you to establish relationships with related bloggers for use in the future.

3. Use it For Commentary

One of the most difficult aspects of keeping fresh content on your site is that it's pretty easy to run out of things to talk about. By aggregating content that others share on their blogs it provides new talking points on your own site. Maybe you agree with Joe X's opinion on how women are treated in your industry. Or maybe you disagree with Jane Y about a new way to market your business online.

By keeping up to date and sharing what others are saying, it creates a new platform for you to express yourself.

And don't go crazy thinking you need to write 400 words about a topic â€" you don't. Just share the link that caught your eye, summarize the person's point, and then agree or disagree with what they had to say. By sharing the content it gives you something easy to talk about and by adding your own insight to the mix you establish yourself as a thought leader in your industry.

Win-win.

4. Curate It

All content moves fast, but it moves even faster in social media. How many tweets go by about a certain topic on any given day? Dozens? Hundreds? Thousands? If you can find a way to curate that content for your audience and make it more accessible you're going to be providing them an enormous amount of value. And you're going to do with without ever having to write something yourself.

There are tools out there dedicated to helping you become known as a great resource by making it easy to curate and share the information passed through social media channels. For example, Storify lets you tell stories by aggregating content from sources like Twitter, Facebook, YouTube, etc, and put all of that related content into one stream, which can then be embedded onto your Web site.  Or you can use a site like Scoop.It to aggregate content from others in a magazine-type format and direct users there.

We're all on the hunt for fresh content on our sites, blogs and in our newsletters. But that doesn't mean we need to recreate the wheel each time we head to the keyboard. By finding ways to leverage and profit off content that others have already shared, it allows you to establish yourself as a resource, start new conversations, and act as a filter between your customer and the larger Web.


Caught Stealing Photo via Shutterstock




Unified Communication and You: How To Focus On The Right Phone System

Settling on your regular POTS (Plain Old Telephone System) for your business is probably a good choice, if you're really small. If it's just you and a couple of other individuals, the POTS system is simple, has the usual hold/call waiting/caller ID functionality, and is reliable.

But if you have several employees and/or an eye on a more mobile workplace with employees that travel, you might want to consider a UC (Unified Communication) system. UC can give you the advantage of having a single system that will manage multiple tools across the board, which can help a smaller company take advantage of features that make them appear larger and more competitive.

UC is the integration of real-time communication, such as instant messaging (chat), presence information, telephony (including IP), video conferencing, data sharing, call control, and speech recognition, as well as services such as integrated voicemail, e-mail, SMS, and fax. This choice can make your organization truly competitive and always connected.

With the help of Digium, we've put together a list of five things that you should consider when shopping for a system:

1. Select a phone system that lets you do more with less. The less you spend, the better, and there's plenty of good plans to check and compare.

2. Use mobility features. With UC, you can integrate mobile apps for the iPhone, Android, and/or Blackberry with your phone system. This includes calling from a mobile device as if it were your office phone and allowing access to company phone directories. This also lets you stay in touch with your staff out in the field through conferencing features, and it even allows you to monitor as well.

3. Finding the best savings. Be careful of fees, which can hide and come up if you use an ‘optional' feature. You should calculate not just what it will cost you now, but in the future, and consider your ROI as well; increased employee productivity can help make this pay for itself in the long run. Also consider maintenance costs, including renewals or upgrades.

4. Ultimately, it's about the customer. The savings are important, but you can't forget how this system will make things easier for your customers as well. Do you have call volumes so high that call queuing might be useful? What about using an IVR to help automate things?

5. Flexibility and functionality. Anticipate your business's growth to help choose; consider needs you may have coming up. Consider, too, how easily your system is upgradable and what business processes you might need.

There are a lot of factors involved, the main one of which is accessibility. Whether for your customer, for you, or for your staff, speed and ease of access are paramount to your business. As long as everything above fits into your access needs, it should be considered.



Operation High Roller targets businesses and consumers with ability bypass multi-layer authentication

A highly sophisticated fraud campaign that targets businesses and consumers has been detected.

According to McAfee and Guardian Analytics, ‘Operation High Roller' uses server-side components and heavy automation with an objective to siphon large amounts of money from high balance business and consumer accounts.

The report said that this operation combines an insider level of understanding of banking transaction systems and uses both custom and off-the-shelf malicious code. It found 60 servers processing thousands of attempted thefts from high-value commercial accounts and some high net worth individuals, with some transfers as high as £83,000.

It said that so far, it estimated that the criminals have attempted at least £47 million in fraudulent transfers from accounts at 60 or more financial institutions.

The first attack was in Italy against its consumer and business accounts. The research said that the attack used the SpyEye and Zeus malware to transfer funds to a personal mule account or pre-paid debit card. Instead of collecting the data and performing the transaction manually on another computer, this attack injected a hidden iFrame tag and took over the victim's account-initiating the transaction locally without an attacker's active participation.

The code then used by the malware, looked for the victim's highest value account and transferred either a fixed percentage (defined on a per campaign basis) or a relatively small, fixed amount to a prepaid debit card or bank account.

It said that this fraud showed one other important innovation: where transactions required physical authentication in the form of a smartcard reader in the past, the system was able to capture and process the necessary extra information, representing the first known case of fraud being able to bypass this form of two-factor authentication.

The High Roller scheme uses an extensive JavaScript injection to alter the login experience to collect all the information that the fraudsters need for both steps within the login. Since the physical authentication information is gleaned during the login, the victim is less likely to be suspicious, as they will just think the login experience has been upgraded.

Having collected all the information it requires for the entire transfer, the malware stalls the user and executes its transaction in the background using the legitimate digital token.

McAfee said that the defeat of two-factor authentication that uses physical devices is a significant breakthrough for the fraudsters, and encouraged financial institutions to take this innovation seriously, especially considering that the technique used can be expanded for other forms of physical security devices.

Further attacks have been reported in Germany, Holland and Colombia. McAfee said that the fraudulent transaction server controlling this campaign was hosted in Brea, California, although most of the attacks were automated by this server, there was evidence of the fraudster logging in from Moscow to manipulate some of the transactions.

McAfee said that as most Zeus/SpyEye attacks rely on manual components and active participation by the fraudster, including planting malware, most of the High Roller process is completely automated, allowing repeated thefts once the system has been launched at a given bank or for a given internet banking platform.

In terms of protection, McAfee said that this attack should not be successful where companies have layered controls and detection software correctly. Since attacks such as Operation High Roller use multiple tactics and extensive automation, multiple diverse protections must be deployed to detect and disrupt the different aspects of each attack.



Research finds that RSA tokens can be broken in under 15 minutes

The fragility of authentication tokens against established attack vectors have been detailed.

According to a research paper authored by Romain Bardou, Riccardo Focardi, Yusuke Kawamoto, Lorenzo Simionato, Graham Steel and Joe-Kai Tsay, who call themselves ‘Team Prosecco', RSA authentication tokens can be cracked in 13 minutes.

The group are to present a paper on the subject at the Crypto 2012 conference in August in Santa Barbara, California. They also confirmed that the SecurID 800 and other tokens can be broken.

The paper details a demonstration on how to exploit the encrypted key import functions of a variety of different cryptographic devices to reveal the imported key. These attacks were padding oracle attacks, a side channel allowing the user to see whether a decryption has succeeded or not.

It said: “In the asymmetric encryption case, we modify and improve Bleichenbacher's attack on RSA PKCS#1v1.5 padding, giving new cryptanalysis that allows us to carry out the `million message attack'. For the symmetric case, we adapt Vaudenay's CBC attack, which is already highly efficient.”

The group said that the way the C UnwrapKey command from the PKCS#11 standard is implemented on many devices allows an ‘especially powerful error oracle' that further reduces the complexity of the Bleichenbacher attack.

“In the worst case, we found devices for which our algorithm requires a median of only 3,800 oracle calls to determine the value of the imported key. Vulnerable devices include eID cards, smartcards and USB tokens,” it said.

“While some theoreticians find the lack of a security proof sufficient grounds for rejecting a scheme, some practitioners find the absence of practical attacks sufficient grounds for continuing to use it. We hope that the new results with our modified algorithm will prompt editors to reconsider the inclusion of PKCS#1 v1.5 in contemporary standards such as PKCS#11.”

The group also looked at SafeNet's Aladdin eTokenPro and iKey 2032, the CyberFlex from Gemalto and Siemens' CardOS. The Siemens device took 22 minutes to crack, while the Gemalto device took 89 minutes.

These companies were notified of the research. SafeNet said it was planning to release a security bulletin confirming the vulnerability on eToken Pro, eToken Pro Smartcard, eToken NG-OTP, eToken NG-FLASH, iKey 2032 using Aladdin eToken PKI Client or SafeNet Authentication Client software. They suggested using SafeNet Authentication Client 8.0 or later to enable PKCS#1 v2.1 padding for RSA and to avoid wrapping symmetric keys using other symmetric keys as a workaround.

RSA recognised that an attacker can obtain the corresponding plaintext through a padding Oracle attack against RSA SecureID faster than would be possible with a standard Bleichenbacher attack.

Siemens has also recognised the flaws and it said that it has fixed the verification of the padding and added a check of the obtained plaintext with respect to the given key template in the most recent version.

The group also found that the attacks were effective against the Estonian electronic identification cards and that it plans to test Hardware Security Modules (HSMs) soon.



MI5 director says that London business has lost £800 million to a cyber attack

MI5 has acknowledged the threat of cyber crime to the UK.

Speaking last night at the Lord Mayor's Annual Defence and Security Lecture, the director general of the Security Service, Jonathan Evans, said that ‘malicious activity in cyber space' has become more prominent in the last few years, saying that the frontline in cyber security is ‘as much in business as it is in government'.

He said: “Britain's National Security Strategy makes it clear that cyber security ranks alongside terrorism as one of the four key security challenges facing the UK. Vulnerabilities in the internet are being exploited aggressively not just by criminals but also by states and the extent of what is going on is astonishing â€" with industrial-scale processes involving many thousands of people lying behind both state-sponsored cyber espionage and organised cyber crime.”

He described this as a threat to ‘the integrity, confidentiality and availability of government information' and also to business and to academic institutions, with not only government secrets at risk, but also the safety and security of the UK infrastructure ‘and the intellectual property that underpins our future prosperity and the commercially sensitive information that is the life-blood of our companies and corporations'.

Evans also admitted that one major London-listed company had incurred revenue losses of some £800 million as a result of a hostile state cyber attack, not just through intellectual property loss but also from commercial disadvantage in contractual negotiations. “They will not be the only corporate victim of these problems,” he said.

He also said that the Security Service is working with ‘many others' that are of high economic value and that are potential future targets of hostile state cyber activity.

Evans praised the work of the Centre for the Protection of National Infrastructure, GCHQ, the Department of Business Innovation and Skills, the Department for Energy and Climate Change and law enforcement, saying that the work that is being done has allowed it to investigate cyber compromises in over a dozen companies.

“We are contributing to the international process of ensuring that the appropriate IT security management standards are in place to manage some of these new risks. So far, established terrorist groups have not posed a significant threat in this medium, but they are aware of the potential to use cyber vulnerabilities to attack critical infrastructure and I would expect them to gain more capability to do so in future,” he said.

He concluded his section on cyber security by encouraging the boards of all companies to consider the vulnerability of their own company to these risks as part of their normal corporate governance, and require their key advisors and suppliers to do the same.

On issues of justice and national security, Evans said that the proposed legislation to ensure that communications data continues to be available to the police and security agencies in the future, as it has in the past, was a ‘necessary and proportionate measure to ensure that crimes, including terrorist crimes, can be prevented, detected and punished'.

He said: “It would be extraordinary and self-defeating if terrorists and criminals were able to adopt new technologies in order to facilitate their activities while the law enforcement and security agencies were not permitted to keep pace with those same technological changes.”



Yammer Buy Confirmed as Online community Becomes Integral Company Tool

Rumored buy of Yammer by Ms was confirmed Monday within an official announcements through both companies. The particular acquisition is another verification of the significance of social networking technologies to businesses of sizes, however, many believe the trend is already under method.


The best Statement


Let me see the cash . If you wish to understand how important online online community has become in order to business, you don't need to to appear any further compared to $1. two billion sale for Yammer to software program giant Microsoft. The particular acquisition continues to be rumored for a while, unfortunately he first confirmed through both companies on Mon. Microsoft Information Middle


Your workplace requirement < /a>. In the company's blog Mon, Yammer CEO Jesse Sacks announced his firm would be folded in to Microsoft's Office Division following the agreed upon buy of the firm. It seems a definite indication that each organizations are placement Yammer's secure private online community solution like a critical business device on a par along with other office items. Yammer Your blog


What it takes


Much more yammering regarding Yammer . Yammer phone calls itself “the enterprise social networking. ” Several source provides described Yammer like a Facebook for company. Microsoft describes the new acquisition as technologies that business both enjoys and needs. The particular purchase seems a verification of the significance of social networking towards the business local community, something analysts state Microsoft has been slower to provi de. DealBook


The gated local community . Certainly companies are already using social media marketing ranging from Fb to LinkedIn for from marketing to network, and in reality, sometimes like a bit of each. Yammer introduces a far more gated local community, but the issue is whether businesses will discover the added associated with private online network when so many other available choices already can be found. CNNMoney


Time Is Almost everything


Driving the influx . Yammer was developed four in years past when social media marketing was just children's stuff, said firm CEO David Sacks within the official announcement credit reporting Microsoft's acquisition of their compan y. The master plan was to produce a networking option for business, the wave that Sacks thinks the company remains riding these days. The purchase is visible being an increased concentrate on cloud-based services along with roots in popular customer products. Technology Crisis


Past due to the celebration . Yammer's buy allows Microsoft, and maybe business networking generally, to meet up with consumer social media marketing solutions like Twitter. Ms tools like SharePoint possess lagged far behind with regards to ownership, and it's believed by some pundits that this new deal in between Yammer and Microsoft can help online business network cope up. BetaNews


Items in the dilemna . Business clients are likely to find Yammer incorporated in to Microsoft's Office 365 included in the software program company's overall products. The product can become part of a proposal that includes progressively more equipment including Skype ip telefoni, SharePoint, and also Dynamics, all contributing to the types of business services the business will offer. Gigaom


Various other Social Media Developments


Marketing and advertising mavens . Whilst business networking is getting up to its customer counterpart, social media marketing sites which range from Facebook to Youtube . com have become the domain name of marketing, a lot more than networking it appears. Normal dispatches on social internet marketing tips have grown to be commonplace and provide hints on exactly where this side from the social networking trend is going. Venture Defeat


Apple company provides a Yelp . A favourite are social evaluation and check-in sites nowadays, that Apple company has decided to function this one in the latest iPhone Roadmaps App. With the amount of iPhone customers accessing these social media marketing tools, from the foregone conclusion which businesses those users trust will be having social tools much more critically. Bloomberg


Creating the time for interpersonal . While a lot of money is spent in the upper end from the social networking meals chain, time may be the critical investment regarding entrepreneurs interested in utilizing free consumer social media marketing options to advertise and network for his or her businesses. A current survey suggests twenty-four p ercent of small businesses proprietors say they will not have the period for social media marketing, indicating there are a competitive advantage for individuals who perform. Street Battle