Password database inventory required following LinkedIn breach

Many organizations have collected applications and systems that store passwords in various ways, making password protection a serious problem for both employee and customer passwords, said Johannes Ullrich, chief research officer at the SANS Institute.

The thing about passwords is the application never needs to know the password, so that allows for hashing and other encryption methods.

Johannes Ullrich, chief research officer, the SANS Institute

Social networks and other organizations should appropriately protect user passwords or face serious issues when an attacker breaks in to pilfer data, Ullrich said. Attackers have proven account credentials are highly coveted, he said, because they provide the easiest way to get in as an authenticated user on the system. The LinkedIn password breach, one in a string of account credential breaches in recent years, is another example of password security missteps.

In an interview with SearchSecurity.com, Ullrich talked about the importance of taking an inventory of the various password databases on the network, deploying appropriate protection and migrating away from legacy applications that store passwords and other personal information in clear text. Enterprises can deploy single sign-on, he said.

It's difficult to apply similar protections to email addresses, Ullrich said. Applications often need to see the email address in clear text and businesses need the email address available to message customers. Applying encryption to email would likely result in key management issues, he said.

Experts tell me the LinkedIn breach highlighted the need for database security. If you were a CISO at an enterprise, how would you approach the news of this breach?
Ullrich: I think the first thing to do is take an inventory of all of the password databases that you have in the network. The difficult part about this is usually you have more than one. You have them spread all around because there are likely different applications that you have acquired over the years. Trying to get a good inventory and figuring out how they are protected is a first step. Then of course there are applications that are not compliant and still deployed on many networks. They either store the data in clear text or are insufficiently hashed. Try to come up with a transition plan for that, which is questionable, so you would have to come up with some other mitigating controls there.

Why do organizations have password databases that they may not know about?
Ullrich: It is because of the way most networks grow over time. You find the organization may purchase applications that you are not aware of how they store passwords. An enterprise has dozens of applications and they all have their own password store. Ideally you would have some sort of single sign-on implemented. That would be the ultimate goal I would aim for as a CISO, but then again, implementing a single sign-on with all those legacy applications is usually a huge challenge. It's not something you do overnight.

Are email addresses stored alongside passwords? Should they be protected as strongly as passwords?
Ullrich: Email addresses and usernames, which are often the first part of an email address, tend to be stored next to each other. I don't think there is much you can do to protect the email address because you need that in clear text in order to send emails to the user. The thing about passwords is the application never needs to know the password, so that allows for hashing and other encryption methods. You don't really have that option for email addresses. You could encrypt email addresses, but then you would have to do something with the keys because the application would need to decrypt it. So you would have key management issues.

A lot of the data breaches we've seen over the last several years have had some sort of social engineering component. Other than training, is there anything you can do to protect end users against social engineering tactics?
Ullrich: You can still do access control. One of the problems of course is that social engineering can convince an insider to leak all the passwords. It doesn't need to be a malicious attack. An attacker can convince an insider to leak them without social engineering. I think to address social engineering you need internal controls as well as external. What you do against a malicious insider also works well against social engineering attacks.

There's been a push with “big data” for the addition of network traffic monitoring systems deployed in the enterprise. Are those systems only being deployed at large enterprises?
Ullrich: I think you would need too much manpower for small or mid-sized businesses to deploy and maintain these types of systems. You need a fairly specialized skill to actually be able to operate them. I think smaller businesses will be stuck with outsourced monitoring or monitoring by a part-time system administrator or something like that. I don't think those systems would help very much because they tend to collect data and don't get monitored correctly. I think smaller businesses should choose network controls that would have the biggest impact in the end.




People Spend Money In Every Economy: They Should Be Spending It With You

Strong economy, bad economy, we spend money in every economy. We have to eat, run our offices, manage our teams and that takes money. The question is, are we spending it with you or some other company that's more attentive?

computer shopping

It's clear to me that how you talk makes the difference and how you listen can make or break the sale.

How do you talk to your guests?

While browsing in a local computer store, I noticed the difference between two salesmen. One was attentive without overcrowding. He took my questions seriously and you could tell that he was excited about and deeply familiar with the product. This made him a pleasure to talk to.

When I shop local, I shop with him and I refer others to him. But when he's not there I encounter another man who likes to tell you what canNOT be done-and it's not often true.  He doesn't seem to know the product intimately.  On top of that, there's a quiet but clear pressure to buy right now or leave. However, large purchases don't happen that quickly for me and when it is time to buy, my team - family, clients, friends in business - tend to follow suite.

Here's the problem: that kind of atmosphere makes me look for a new place to shop. It causes me to reevaluate my own sales processes. Can people browse as long as they want and ask the questions they need without feeling like a nuisance? Am I a barrier to the purchase? Is your sales team a help or a hiccup?

At the end of a day, your guest (potential customer) wants the chance to see if your product has the answer to their problem. That tends to include browsing and questions. Are you and your sales team prepared for both?

Quick Tip: Use your website to create a great space for browsing. With a smart site that tells:

  1. who you are
  2. what you have
  3. why it matters
  4. how to get it

Your visitors can take their time as they move through your information and images.  A smart website is good for business.

Do you listen to your shoppers? 

I'm upgrading my accounting system (because it needs to be more fun and still accurate and effective). In the process I'm testing and contacting a lot of companies and interacting with multiple sales teams. I ran across an attentive agent at Shoeboxed.com who answered a series of questions through their instant messaging system.

She made me feel as if she came to work just to help me find my answers. Don't get me wrong, she wasn't my best friend or anything like that, she just took the questions seriously and provided the kind of answers that assured me that she knew her stuff. Which was a far cry from the sales team that tried to close me while I still had questions on the table.

In this friendship economy where we probably share too much about ourselves with strangers, the truth is most of these connections are temporary and a means to an end. What lasts is real answers to real problems delivered as graciously and simply as possible.

Quick Tip: Your shoppers want you to be attentive to them and not your list and agenda.  And in order to do that, you have to listen to those questions and provide real answers.

Shopping Photo via Shutterstock




Tech Thursday (6/28): Introducing VerticalResponse Social, Network-Attached Scanning Solutions from Plustek, Lenovo No-Contract Mobile Broadband for ThinkPad Users, American Express Open Enhances Plum Card

Introducing VerticalResponse Social, A One-Stop Social Media Marketing Solution For Small Businesses

 

Plustek Unveils New Network-Attached Scanning Solutions at Info360 Show

 

Lenovo Connects ThinkPad Users with No-Contract Mobile Broadband Service

 

American Express OPEN Enhances the Plum Card for Small Businesses

 

 

Introducing VerticalResponse Social, A One-Stop Social Media Marketing Solution For Small Businesses

Newly integrated platform takes the guesswork out of social media

 

SAN FRANCISCO â€"For small businesses, social media can be a daunting, time-guzzling task to add to their never-ending “to do” list. Coming to their rescue is VerticalResponse Social, the new self-service marketing solution from VerticalResponse that helps take the guesswork out of social media and extend the reach of their online marketing campaigns.

VerticalResponse Social is the latest addition to the VerticalResponse portfolio of award-winning email marketing, event marketing, online surveys and postcard marketing solutions. With VerticalResponse, businesses can create, manage and measure all of their marketing efforts â€" now including social media marketing â€" from the same account and user interface, saving them time and money.

“VerticalResponse Social makes it easier than ever for small businesses to share content across email and social media and also engage with their customers, because now they can do it all from one integrated dashboard,” said VerticalResponse CEO Janine Popick. “They can choose curated content from our automatic feeds or their own content, then create and schedule a campaign that's spread through both email and social media to amplify their message. They also can manage social conversations and deepen their engagement with their customers. Because it's all managed from the VerticalResponse dashboard, the time savings alone are enormous.”

A VerticalResponse user data analysis conducted in March 2012 confirmed businesses that use both email marketing and social media achieve 28 percent higher email open rates, signifying the growing importance of integrating these efforts.

VerticalResponse Social offers several benefits for the time-strapped small business or non-profit organization:

  • Social media marketing in minutes. Users can create, schedule and publish content to their Facebook, Twitter and LinkedIn profiles from one place in minutes, up to 30 days in advance. From a single post to a multi-week campaign, businesses can do it all with just a few clicks. For campaigns, VerticalResponse Social even provides recommendations on the ideal number of links, questions, quotes or status updates to publish over the campaign duration.
  • Ability to extend content and marketing campaigns across channels. With VerticalResponse Social, users can easily share their content across channels from one platform. For example, a restaurant owner who is planning a limited-time-only menu can schedule and launch both an email campaign and a series of social media posts and tweets promoting the menu all from one integrated dashboard, with full reporting.
  • Content fed directly to the VerticalResponse Social dashboard. Users get relevant, up-to-the-minute content based on industry and special interests, from quotes to blog posts to news, so that they don't have to waste time looking for content. Simply select and share. A custom content calendar makes it easy to manage and track communications.
  • Easy engagement with fans and followers. Users can view, respond to and track comments and replies â€" whether they're from Facebook, Twitter or LinkedIn â€" all within the VerticalResponse dashboard.

VerticalResponse Social â€" Pricing

Businesses can try out the new VerticalResponse Social platform free for 30 days. After that, it costs $18 per month. Special pricing discounts are available for existing VerticalResponse customers and non-profit organizations.

 

Plustek Unveils New Network-Attached Scanning Solutions at Info360 Show

 

NEW YORK CITYâ€" Plustek Technology Inc., a manufacturer of consumer, prosumer and professional imaging devices, will introduce several products at the Info360 show, including three new network-attached scanning devices: SmartOffice PN2040, SmartOffice SN8016U, SmartOffice EZScan 400, and the MobileOffice AD460 desktop scanner.

Plustek will highlight its new SmartOffice PN2040 with new user interface software. Designed with the image quality, speed, reliability and flexibility demanded by business users, the Plustek SmartOffice PN2040 network attached document scanner can be easily shared with any number of PCs on office or home networks, and can also be connected to a computer via USB. The 20-page-per-minute SmartOffice PN2040 features both a 50-page Automatic Document Feeder (ADF) and a flatbed to enable scanning of a wide range of materials from multi page documents, to small or fragile items such as receipts, historical documents or photos.

Plustek's SmartOffice SN8016U is an 80-page-per-minute departmental class A3 size ADF scanner with network and USB connections. The dual interfaces coupled with industry standard TWAIN and ISIS drivers and DocAction single touch scanning enable this scanner to be used for almost any document imaging application or scanning environment that requires high speed scanning of documents up to A3 in size.

Plustek's SmartOffice EZScan 400 has an integrated touch screen and PC, designed to plug into networks and scan directly to a destination. It is a 40-page-per-minute, duplex, standalone network attached document scanner. The EZScan 400 does not need any PCs or server to function on a network. The integrated touch screen display enables users to simply touch and scan to: email, network attached storage, shared folder, flash drive or USB hard drive, printer, cloud storage and more.

Plustek's MobileOffice AD460 is a 20-page-per-minute desktop document scanner with a small footprint. The MobileOffice AD460 is a color, duplex, document and card scanner with an automatic document feeder. Document management, imaging and optical character recognition software bundled makes scanning, retrieving and managing documents a simple task.

Plustek will also exhibit its full line of MobileOffice USB powered document and card scanners, its full line of SmartOffice document scanners and feature a EZBook Scan Station book scanning kiosk. For product details, please visit www.plustek.com/usa.

All Plustek SmartOffice and MobileOffice scanners include a suite of document management applications, TWAIN drivers, single touch button scanning, and scan to PDF.  In addition, APIs are available to authorized system integrators.

Lenovo Connects ThinkPad Users with No-Contract Mobile Broadband Service


 Cloud-Based Solution Simplifies Access and Reduces Cost for Individuals and Corporate Customers

 

RESEARCH TRIANGLE PARK, NC- Lenovo today introduced Lenovo Mobile Access, a flexible, no-contract mobile broadband service that gives consumers and business users greater choice and flexibility when connecting to valued online services. Lenovo Mobile Access provides pre-connected, always-on, customizable connectivity to the Internet and corporate networks, making it an ideal solution for users who need access to online content, applications and services away from their home, office or public Wi-Fi hotspots. Powered by a scalable cloud-based platform from Macheen Inc., the service is now embedded across select models of the ThinkPad product line and available immediately in the United States and nine European countries. 

“We live in world where it's not only undesirable to be without online access, it's often disruptive to businesses. For that reason we wanted to create a flexible mobile broadband solution that would be unparalleled in its ability to help business users stay connected and working,” said Dilip Bhatia, vice president and general manager, ThinkPad Business Unit, Lenovo. “Fundamentally, Lenovo Mobile Access gives individual and corporate customers options to determine how, when and where they want to connect with online applications and services, all at a price that fits their budget.” 

Designed to fit the needs of both individual and “prosumer” customers, Lenovo Mobile Access delivers broadband connectivity that's available anytime, anywhere yet users pay only for the access they need. Flexible, no-contract payment options let casual users buy a “Time Pass” for as little as USD 1.95 for 30 minutes or USD 8.95 for one day1-perfect to quickly sync email or ensure online access during travel. Users with more frequent connectivity requirements, or who work with large media files can purchase monthly plans with 2GB or 6GB of data access, along with the option for automatic monthly renewal. Businesses can leverage the same pay-as-you-go options, helping them reduce the cost of mobile broadband connectivity with right-sized access that can be extended to large numbers of individual employees.

Business customers can also take advantage of intelligent features designed to streamline device management, increase security and productivity for mobile employees, and reduce operational expenses. All ThinkPad laptops with embedded mobile broadband connectivity ship with Lenovo Mobile Access pre-activated as the default configuration. A single SIM is used for global access, enabling mass roll-out capabilities over a secure connection. Web-based policy management tools let IT administrators customize permissions and access options by services or application, for the whole company, specific workgroups, or individual users. Simple payment options allow centralized, single-payer end-of-month billing for corporate arrangements.

 

American Express OPEN Enhances the Plum Card for Small Businesses

Refreshed Benefits Platform Helps Entrepreneurs Harness Power of Trade Terms in the Simplicity of a Card

 

NEW YORKâ€"(BUSINESS WIRE)â€"American Express OPEN today announced enhancements to the Plum Card to help small business owners better manage cash flow and free up working capital by taking advantage of the card's built-in trade terms.

“The current enhancement to the product is addressing the need for greater payment flexibility while still providing unique trade terms on a payment solution.”

Trade terms are an agreement between a company and its supplier for the timing and amount of payments. Typically terms include extra days to pay â€" 30 days on average - and less frequently, early pay discounts. Small businesses may not have sufficient leverage to negotiate trade terms on all major purchases.

The Plum Card is the combination of these two coveted benefits â€" and Cardmembers now have access to both:

  • Early Pay Discount â€" When Cardmembers pay at least 10% of their balance within 10 days of the statement closing date, they will earn a 1.5% discount on the portion they elect to pay. Previously, Cardmembers were required to pay the balance in full to enjoy this benefit.
  • Extra Days to Pay â€" When Cardmembers pay at least 10% of the balance, they can take up to 60 days from the statement closing date to pay the remaining balance without penalties or interest charges.

Both options are designed to help Cardmembers better manage cash flow. The payment flexibility allows Cardmembers to adjust to changing business needs and also have the option to choose the most convenient time for the billing cycle to close - either at the beginning, middle or end of the month.

According to the Spring 2012 American Express OPEN Small Business Monitor, a semi-annual survey, cash flow is a paramount issue for entrepreneur. In fact, half (50%) of small business owners are concerned with having cash available to pay bills.

Plum Cardmembers can take advantage of other perks, such as a no pre-set spending limit to allow them to evolve with their business expenses and access to the OPEN Savings® program, which offers discounts to a number of products and services from American Express partners. Partners include FedEx, Hertz and Office Max, among others.

“Our focus is to keep empowering small businesses with the right tools to allow them do more business and that includes helping them understand and manage cash flow. Plum Cardmembers have earned and reinvested hundreds of millions of dollars in their businesses,” said Federico Acuna, vice president of Charge Cards, American Express OPEN. “The current enhancement to the product is addressing the need for greater payment flexibility while still providing unique trade terms on a payment solution.”

 

 

 

 



6 Signs It\'s Time To Change Habits

“We are what we repeatedly do. Excellence then, is not an act, but a habit.” - Aristotle

time for change

Habits can be our greatest asset and can become our worst curse. We know in order to grow and maintain our personal and professional lives, we need to develop and establish effective, solid and sensible habits. We also need to keep them fun, fresh and motivating.

From Psychology Today, the topic of habit formation is hot in the news these days, especially with the success of Charles Duhigg's best-selling new book The Power of Habit (which looks fascinating). Even New York Times columnist David Brooks is singing the praises of habit formation as the answer to everything from weight loss to addiction.

The premise is this: Why struggle to do something when you can simply make it automatic?

So, when we  look back on different cycle in our lives, we can see that the signs to change were there all along, but we choose to ignore them. Why do we wait until it's too late and then are forced to make a move? We don't have to.

Change is the most natural thing that we actually do. There is an organic change process we all live through in our  life cycles, career cycles, personal cycles. Birth, death, divorce, moving, accidents, health, nature and choice all impact our need to change.

It's not always about dramatic change, in fact more often it's about small things that can make a big difference.  Here are 6 signs it's time to change habits:

1.) Complacency
There's a feeling of contentment, or self-satisfaction, we get from accomplishment or finishing something that can lead to a letting up or backing off of  the urgency, or actions that are key to maintaining.  Continue to keep habits steady and consistent.

2.) Boredom
Continuing habits in exactly the same way can lead to boredom. Chang up your routine, take a different approach,  try new things that lead to staying fresh, recharged and enthusiastic. Try a different time of day, new route to someplace, a new look or hairstyle.

3.) Lack of energy
Do you notice your energy level is lower? Is your endurance while doing your job, tasks, work not as high? This could certainly be a medical issue, which you want to have checked out, but when we are not happy or fulfilled it saps our energy. Make sure you are eating properly, get your exercise, sleeping and drink lots of water.  Here's a great article on Sleep Cycles and Rebooting Your Brain.

4.) Procrastination
The dreaded, ‘I have to do it' attitude will sabotage you every time. Putting things off that are not our favorite things to do, that we have to do is human, but this can put us seriously behind and impact success. Take this free 20 question test on procrastination, know where you stand, then learn how to eliminate your procrastination hot spots.

5.) Distraction
There are more things today that are challenging our attention then ever before. Tweets, texts, posts, emails, videos, advertisements, mobile phones all challenge our focus. We are being easily distracted by bright and shiny objects, and studies are proving the undisciplined and addiction with social media. Check out this comprehensive, Study on Distraction, by Larry Rosen PHD, which reveals ”students were only able to focus and stay on task for an average of three minutes at a time and nearly all of their distractions came from technology.”

6.) Negativity
90% of high performers possess  high EQ! Are you a glass half empty or half full person? Do you see the optimism and hope in things or is it always gloom and doom? “We become what we think about all day long.” (Ralph Waldo Emerson). Here are 5 Keys To Enhancing Your Emotional Intelligence.

I'm a fan of  Leo Babauta's Zenhabits.net. He makes it easier to embrace changing habits, consciousness and taking action. Check out The Essential Zen Habits of 2011.

Are you seeing the signs that it's time to change up your habits?  Be proactive and make a list of 5 habits that are working against you right now that you can and will change up and change them. One at a time!

Our personal brand and professional advancement depends on creating great working habits, embracing change and developing high EQ!


Time for Change Photo via Shutterstock




Staples Advantage Launches Managed Print Services And Proves They Are So Much More Than Just A Office Supply Retailer

We all know Staples as one of the leading office supply retail stores.  Perhaps what we don't all know is that over the last few years they have added many additional services that help small businesses manage day to day functions, such as IT installation, repair and back up services.  Recently, Staples also launched Managed Print Services as a comprehensive solution that will help businesses control their print network, achieve up to 15 and 30 percent cost savings and improve IT staff productivity.

“We've found that the majority of businesses don't know how much they spend on office printing each year,” said Ed Ludwigson, Vice President and General Manager for Staples Technology Solutions. “Our MPS experts work with customers to understand their printing costs and needs in order to create more efficient, customized and sustainable printing networks. Staples experts can implement an MPS solution that effectively manages print devices, enabling IT teams to focus on more strategic IT initiatives.”

According to Water Group, LLC, the average total cost of ownership related to printing, copying, faxing and scanning per employee is roughly $740/year  which means a company with 1,000 employees spends about $740,000 on these in-house capabilities annually.  By implementing a program like MPS, this same company has the potential to save approximately $222,000.  How is that possible?   Through a comprehensive assessment process, organizations can get a realistic view of current printer assets, printing habits, energy use and cost throughout the entire organization and compare it directly to the MPS recommendations unique to their operations.  That insight will reveal the complete value proposition, including the positive impact on staff, improvements to the workflow, and even meeting sustainability goals.

MPS uses special software programs to collect data on what types of documents employees print, where they print, and how much they print.  Software can capture actual volume output for each printer, the employee-to-printer ratio, and actual end-user printing habits, such as single vs. double-sided printing, color vs. black and white printing, or printing in draft or economy mode to save on ink and toner.  Based on the outcome of the data, MPS devises a program to improve efficiency and cut costs on thing like:

  • Hardware (printers)
  • Supplies (ink and toner)
  • Maintenance
  • Service and support
  • Energy use
  • Purchasing costs (stocking and logistics)
  • IT operations
  • Paper

In addition to the cost savings, customers also experience the following benefits:

  • A brand-neutral solution that works with a company's existing fleet
  • Assistance reaching sustainability goals through office printing guidelines
  • Reduced time spent on print fleet maintenance and support
  • Automated supply replenishment
  • A single, predictable monthly bill
  • Ongoing account management of a company's print strategy

Printing costs and the cost of IT and supplies for printing machines is certainly an area that most small businesses fail to accurately track actual costs.  Now, thanks to Staples and the Managed Print Service program, they will do that for you and you can sit back and just count the savings!



Daily Deals That Won\'t Break The Bank: Check Out Signpost

Groupon and LivingSocial have motivated many small businesses into offering daily deals, but the 50 percent commission is often a daily deal breaker. Signpost is a new venture-backed daily deal service that that lets small and medium sized businesses set up their own daily deal campaigns and online marketing offers on a DIY (do it yourself) basis. It operates on a lower commission structure with a flat monthly fee, to boot.

How it works:

1.  Signpost gathers info about your business and creates a campaign. You share details about how your business operates and works, of course.

2.  They match your campaign with the right online channels. This is one of the cool things about Signpost - they have loads of content partners that show your “campaign ad” on their blog or website. From their website:

We use our network of 1200+ national and local partners like Google, AOL, and Yellow Pages to access over 35 million local customers. Our extensive reach allows us to match your campaign to customers that count.

3.  Customers buy a voucher online to redeem at your store by clicking on that daily deal ad and pre-paying for the offer. You pay a commission to the content partner that is displaying your ad (via the Signpost system, of course) and they promise it is never more than 15 percent.

Within your account, like any web service, you have a real-time dashboard that shows your offers, redemptions, and other campaigns you are running. For example, you can set up a Facebook campaign or run an email newsletter through the service.

What I liked about the service

  • Signpost creates the campaign for you. As I pointed out above, they then distribute that offer for you. They have over 60 cities in the system so far, but I presume that if you're not in one of those you can still create an offer of some type.
  • I like that 15 percent commission versus the 50 percent that other daily deal companies require.

What I would like to see improve

As most of my readers know, I don't like it when you can't get access to a site without leaving all your contact details. Signpost requires your email and phone and after you click “sign up” it says they will contact you shortly. So, I tried to sign up and now I'm waiting for a sales rep to call me. Not a big deal, but that wasn't my expectation. As noted above, they are transparent with their pricing and how it works. Ideally, they would allow you to start filling in some details or checking out the dashboards or more than “hey, we'll call you.”

Pricing is a flat $99 per month and a 15 percent (maximum) commission to sites that generate the click-through. If you've wanted to provide a daily or weekly coupon to your local customers and prospects, Signpost might be worth a closer look.

Learn more about Signpost.




Vendio Provides Central Management For All Your eCommerce Activities

For many small businesses, having a solid online presence is often the most daunting task of getting online because aside from needing a decent site, there is also the burden of merchant processing, security, inventory control, and of course processing all the information. Although over the years DIY eCommerce has declined in price and increased in quality and reliability, for many businesses turn-key solutions occasionally are a viable solution depending on what the business owner is looking for.

Although there are many platforms on the market, one platform which adds an interesting dimension to eCommerce software is Vendio, because it lets customers not just sell products through their own online store, but also Amazon, eBay, and even Facebook â€" all through a central control panel. By packaging analytics, hosting, search engine optimization (SEO), and various marketing tools into one bundle, vendors only need to focus on adding their inventory to get up and running. Another key feature of Vendio is their image hosting which is included with all their packages. For vendors who often sell items on eBay and Amazon, this feature is vital because it allows them to add additional images to their listings without having to pay for additional hosting on eBay's or Amazon's servers.

When it comes to designing a Vendio based store, users have the option of selecting a template from a wide selection of themes or having a developer create a design. Overall the template customization process is a fairly straightforward interface which allows users to customize their site through a point and click system rather than having to worry about code. While the process is a bit limited (since users are no given full customization  abilities), for a business just looking to get started on the web the template route is a solid choice.

For customers who desire more than just a standard template, Vendio also allows users to tweak the code to fit their needs. Although having access to the code is helpful, Vendio like many turnkey platforms suffers from the fact that they are built on fairly proprietary (custom) systems. This aspect means that when it comes to finding a web developer to assist you, the talent pool will be significantly smaller and development costs will likely be higher due to the complexity.

In terms of pricing, Vendio is relatively reasonable with their packages which provide hosting, unlimited bandwidth, and reasonable amounts of storage. The base plan starts at $99.95/month and allows for up to  200 items and provides 2GB of storage. For companies with more inventory or greater storage needs, the middle and top plans support up to 2,500 and 5,000 items for $149.95/month and $249.95/month respectively. The plans also include support for additional Amazon and eBay handles plus extra storage.

Overall for a business starting out or looking to enhance their online presence Vendio provides a solid foundation for businesses with simple eCommerce needs â€" especially vendors who often list items on Amazon and eBay â€" the price is very reasonable considering Vendio centralizes all marketplace activity in a simple to use interface. On the other hand, for more established businesses who prefer full control over the design and architecture or who specialized inventory control, a standard eCommerce platform is likely a better option.



Ronaldo is the most dangerous footballer in cyber space

As Euro 2012 reaches its climax, Portuguese captain Cristiano Ronaldo has been revealed to be the most dangerous player in cyber space.

According to research by McAfee, cyber criminals are exploiting the names of popular sports stars and celebrities to attract people to sites that actually conceal malicious software.

Analysis of the most popular players and teams, by McAfee SiteAdvisor, to find out who are the most hazardous on the web identified Cristiano Ronaldo as the most ‘dangerous', with France and Portugal tied at the most dangerous national team.

It said that fans on the internet looking for 'Cristiano Ronaldo', 'Cristiano Ronaldo and download', 'Cristiano Ronaldo and photos' or 'Cristiano Ronaldo and videos' may run into online threats that could steal their personal information. Clicking on these dangerous sites to download files such as photos, videos or screensavers may expose surfers to viruses and malware.

Ronaldo gained the highest percentage of overall risk of 6.2 per cent, according to SiteAdvisor. He was followed by Swedish striker Zlatan Ibrahimovic with five per cent and England captain Steven Gerrard with 4.5 per cent.

Italian players dominated the rankings, with Buffon (3.8 per cent), Giorgio Chiellini (3.7 per cent), Balotelli (3.4 per cent), Pirlo (3.3 per cent), Di Natale (3.3 per cent), Cassano (3.1 per cent) and De Rossi (1.8 per cent) making up the top ten.

The study also revealed that national flags to adorn your windows are the safest items to search for online, but searching for shirts can also be hazardous.



Cyber Security Challenge candidates fail to utilise free training

Cyber Security Challenge candidates are failing to take up an option on free training.

Terry Neal, CEO of Infosec Skills, said it is offering training and education modules to those who enter the Cyber Security Challenge but only 20 per cent took up the option in the first year.

Speaking to SC Magazine, Neal said that of the 60 who signed up, very few had completed the modules despite it being free and the candidate receiving a certificate at the end of the process.

He said: “We are making free training available, but they have not taken them up and completed the two stages of the two modules. They are open to anyone who submits an attempt to the Cyber Security Challenge, their score is irrelevant.”

Neal said that one module is offered in information security management and another in information security architecture, and that rather than being technical they are a foundation block that candidates can "take as it will contribute to their career".

Neal said: “We are sponsors of the Cyber Security Challenge as we believe in what they are doing, and we offer training that candidates can use to understand the principles of information security. By taking the modules, they can shout about it, as it will be a differentiator for them.”

He said that of the 53 people that were given access to the modules, only three had completed the two stages so far and completed the final survey. Candidates are given four months of free access to complete the modules and 15-20 had done the first two of the two modules.

“If you started it, make sure you finish it, as it will support the rest of your career,” he said.



Alaska Department of Health and Social Services facing $1.7 million HIPAA fine for 2009 breach

The Alaska Department of Health and Social Services (DHSS) will shell out $1.7 million (£1.1 million) to settle violations of the HIPAA Security Rule.

The breach occurred in October 2009 when thieves stole a portable USB stick containing the personal information of 501 state Medicaid beneficiaries.

As covered healthcare entities must report any breach of protected health information (PHI) affecting 500 or more people to the U.S. Department of Health and Human Services' Office for Civil Rights (OCR), this department has been hit with a hefty fine.

In this case, the settlement was based not on the number of victims, but by the Alaska agency's apparently shoddy information security practices it had in place.

Healthcare security regulators said that based on an investigation, which included an onsite visit, it found that DHSS failed to conduct a risk analysis, deploy adequate risk management practices, complete security awareness training of its employees or implement measures to control and secure its devices.

This marked OCR's first HIPAA enforcement action against a state agency. Rachel Seeger, an OCR spokeswoman, told SC Magazine US: “The enforcement action does not specifically focus on the stolen portable electronic device, but rather the findings of the investigation.”

The OCR launched a breach notification website in February 2010 as a requirement of the Health Information Technology for Economic and Clinical Health (HITECH) Act, a bill that promotes the use of health information technology. HITECH, passed as part of the 2009 economic stimulus bill, is intended to strengthen the protection of identifiable health information by expanding the scope of HIPAA, the Health Insurance Portability and Accountability Act.

Seeger said HITECH instituted a formalised, tiered system for penalties, with investigated entities facing up to $50,000 per violation.

Chester Wisniewski, senior security advisor at Sophos Canada, said: “Unfortunately this goes to show that our governments are similarly inept at data protection as the private sector. The good news is no fraud has been reported related to the loss of this hard drive and this was an opportunity for the department to discover the lack of compliance before another incident occurs.”



Secunia adds simplified solutions to new version of Personal Software Inspector

Secunia has announced the launch of the next version of its Personal Software Inspector (PSI).

The PSI is a free computer security scanner for private PC users, covering applications from more than 3,000 vendors. Secunia said it now offers automatic security patch updates for all supported software application vendors, a simplified user interface and intuitive preferences to help non-technical as well as very technical users.

According to the company, Secunia PSI 3.0 gives users a “hands off” approach when it comes to software application security updates, making it easier and more effective for users to maintain secure software applications and data housed on personal computers. Whether the software vendor provides automatic security updates or not, Secunia PSI 3.0 users will now receive the automatic security patch updates from Secunia as part of the new version.

Among the additions are a checkmark indicator for when the user's computer is up-to-date, with a full list of all the programs added to the full release to allow the user to access additional information, such as history reports, or to set up individual application preferences for auto updates. Users can also ignore updates to a particular program by creating 'ignore rules'.

Morten Stengaard, director of product management and quality assurance at Secunia, said: "We are on a mission to secure PCs worldwide and in our continued efforts to do this we are unveiling a new Secunia PSI that is simple and useful for the non-technical user, as well as the very technically minded user, and one that will help private PC users worldwide stay secure against the ever-increasing vulnerability threats.

”We want the new Secunia PSI 3.0 to be trusted not by just a few million users, but by everyone that has a private PC, and to do that it was absolutely critical that it be re-designed with the broader target group in mind.”

”Since the introduction of the first beta version in February, our development team has worked hard on adding additional functionality, keeping a high focus on simplicity and usability with the objective of providing a user experience that is truly second-to-none. We have come a long way and are confident that the new Secunia PSI will be incredibly effective for helping users around the world stay secure with an accuracy that only Secunia can deliver.”



ACTA Vote Coming but Anti-Piracy Could Have Consequences for Business

If your business relies on intellectual property, you may sympathize with efforts to pass a multinational Anti-Counterfeiting Trade Agreement as a way to protect your valuable business information, especially on the Internet. As a vote draws near on the controversial agreement in Europe, however, critics also fear ACTA could restrict the free exchange of information and make Website and other online service operators responsible for policing and even violating the privacy of their users and customers. Here is where things stand with the controversial treaty today.

Where We Stand

He won't take no for an answer. Resistance to the ACTA treaty in the EU in particular is strong, but that's not going to deter the commissioner in charge of pushing ACTA through the European Parliament, Karel De Gucht. Despite De Gucht's certainty that support of ACTA is the right decision, opponents worry the treaty's vagueness could open the door for curtailing the free flow of information on the Internet, which is so important to economic growth. TechDirt

Right or wrong. Although De Gucht may insist the passage of ACTA is the right choice, the apparent disregard supporters have for widespread opposition to the agreement may say something about how the eventual rules would be applied. European Commission

The Anti-Trade Trade Agreement

ACTA: Bad for trade. You would think that if the proposed ACTA treaty is really good for global business, it could at least gain support from an organization like the International Trade Committee. Not so, as it turns out. The committee has already rejected the treaty 19 to 12. The Verge

Let freedom ring. Freedom on the Internet is critical for many businesses, which is why so many Web workers and entrepreneurs get so burned up over ACTA and the US Cyber Intelligence Sharing and Protection Act. Vigilance is needed if business on the Internet is to remain free, says blogger Zac Walton. More proposals are doubtless coming, whether ACTA is approved or not. WebProNews

Protection vs. Freedom

A better mousetrap. Ofcom, a UK regulatory agency for TV, radio, fixed line telecoms, mobile devices, and postal services, may have a better idea for combating intellectual property theft and protecting users' privacy: Establish an appeal process for alleged violators. TechCrunch

Copyright and business. The new proposition from the UK regulatory agency incorporates many of the concerns registered over an earlier proposal. The question with all intellectual property rules is how they achieve a balance without destroying the ability to exchange information freely. One concern from a business perspective is whether misuse of infringement claims restrict this exchange. Ofcom

Achieving Balance

Protecting your creativity. No matter what the reaction to ACTA, this post makes an excellent point about the need to do something to help protect businesses whose product or service is their intellectual property. These businesses loose big time when Internet pirates steal their property and profit from their innovation. This Is Cornwall

Unintentional consequences. Dutch economic affairs minister Maxime Verhagen and junior justice minister Fred Teeven best explained the concerns many have over ACTA. The Dutch cabinet, they said, would not sign or ratify the controversial anti-piracy agreement because it is too open to “unintentioned interpretations with negative consequences.” Dutch News

A Brand New Threat

Regulating the Internet. Some critics say another potential threat is brewing. A UN attempt to severely reduce the Internet's role in economic growth and restrict the free flow of information is in the works. This all sounds sufficiently menacing to concern those whose businesses are dependent upon the Web. Fox News

Raising a red flag. A recently leaked document from the UN's International Telecommunications Union indicates some member states hope to “use international agreements to regulate the Internet by crowding out bottom-up institutions, imposing charges for international communication, and controlling the content that consumers can access online.” Worried? You should be! The Wall Street Journal



Subscribe to: Posts (Atom)