Endorse Provides Targeting and Analytics for Coupon Users

Consumers have been using coupons for years, but with all of today's online and mobile technology, there has to be an easier way for consumers to get discounts. And for brands, there has to be a better way to target discounts and offers to their best customers.

Endorse is an online and mobile couponing service that offers consumers between 10 and 100% off their favorite products and brands. For businesses, this service can provide detailed information about the consumers that select and use discounts when buying their products, so that they can better tailor future offers to their target market.

Traditionally, consumers have always had to go through newspapers or ads and clip coupons, which they then hand to a cashier who puts them in their cash drawer. This process does not give the company any information about the consumers who use their coupons other than how many. With Endorse, brands can view detailed data about where the purchases were made and aggregate demographics data about its users.

The app actually works a little bit different than coupons. When consumers go to a store, they can open up the mobile app and view discounts on various items. Then they make their purchases and take a photo of the receipt. Endorse tracks the items that should be discounted and then credits the consumer's account with the appropriate amount of funds. Endorse reimburses consumers for their discounts once their account reaches $25.

In addition, Endorse connects with Facebook, so brands can use those targeting tools to better reach their target market while also learning about their customers.

So for brands that want to entice consumers with discounts, but don't have the funds to send out mailers or purchase ads in newspapers, Endorse allows you to not only target the consumers who are more likely to buy your products and use your discounts, but to save money and continue to learn more about your consumers and which promotions can make your company the most money.




Five Ways to Sabotage Your Liability Protection After Incorporation

Many new business owners understand that incorporating or forming a Limited Liability Company (LLC) helps shield a business owner against being held personally responsible for their company's liabilities and debts. This is known as the corporate shield or corporate veil as it separates your personal assets from those of the business.

sabotage

However, did you know that even after incorporating or forming an LLC, you can still be personally liable?

Liability protection is not absolute and there are several instances where a business owner can be personally liable in business despite the fact he or she created a business entity.

Here are five of the most common ways this can happen:

1. Negligence and Personal Liability

In many situations, the limited liability protection from an LLC or corporation will not shield you from being liable for your own personal negligence. A person is typically liable for his or her own personal conduct when that conduct injures someone else. For example, if an electrician installs some wiring in a customer's home and forgets to cap a live wire, the electrician can be personally liable if someone gets electrocuted. Likewise, if you're driving to a client meeting in a company car and are negligent and hit someone, you can be personally liable for any injuries and damages.

2. Fraud

If you make untrue claims about a product or service, this is considered fraud. For example, if you're marketing a milkshake supplement and guarantee that customers will shed 20 pounds per month just by drinking it, this could be a clear case of misrepresentation or fraud. If you claim that your glass container is BPA-free (when actually it does contain BPA), this also is fraud. In such cases, both the manufacturer as well as the company selling the product may be liable.

3. Personal Guarantee on Business Loans

When you first start your business, many third parties and creditors won't be willing to do business with your LLC or Corp, as the entity is brand new and probably does not have a lot of assets or hasn't built its own credit history yet. As a result, a bank or landlord may require the business owner or LLC member to “personally guarantee” a loan or lease. If you sign such an agreement, then you will be personally liable for those specific obligations.

4. “Piercing the Corporate Veil”

Many new business owners form an LLC or Corporation and then continue to operate their business as if that business entity didn't exist. It's very important that you follow through with all corporate formalities required for your LLC or corporation. For example:

  • Pay your business' state and federal taxes
  • Don't commingle your personal and business finances
  • File your annual report (if required by the state)
  • Keep up to date with your corporate minutes and resolutions (if necessary)
  • Record any changes with ‘Articles of Amendment' (if necessary)
  • Have a board of directors and hold annual meetings of shareholders (if necessary)

You've got to make sure that your corporation or LLC remains in good standing. Why? Because if your business happens to be sued and the plaintiff shows you haven't maintained your LLC/Inc to the letter of the law, your corporate veil is pierced and you can be personally liable again.

5. Conducting Business Out of State 

If you'll be conducting business in a state other than the state where you formed your corporation or LLC, you will need to obtain authority to do so. In most cases, this entails qualifying as a Foreign Corporation or LLC within the state that you will be doing business. Specific licenses and permits may also be required for certain types of businesses as well.

For example, let's say you run a small software development company based in Nevada and your company serves clients located outside Nevada. At this point your company is most likely not considered to be operating out of state. However, once you open a small development office with a few employees in California, your business will probably be considered to be doing business in California and you will have to file a Statement and Designation by Foreign Corporation form with California.

As a small business owner, your schedule is invariably busy. However, being mindful of this list can help you keep your LLC or corporation's limited liability protection intact. Stay informed about your state's ongoing compliance requirements and get your paperwork in on time. Don't engage in any fraud and consult a lawyer if you have any specific questions or concerns.

A little proactive maintenance will help ensure your LLC or corporation remains in good standing and continues to shield your personal assets for years to come.

Sabotage Photo via Shutterstock




Tech Thursday (8/16): American Express Videos About Twitter; CRM Idol 2012 Announces 14 Semi-Finalists from the Americas

 

American Express Videos about Twitter

 

CRM Idol 2012 Announces 14 Semi-Finalists from the Americas

 

 

 

American Express Videos about Twitter

 

 

American Express has launched the newest installment of its “Social Media Show + Tell” series, adding tutorial videos explaining how small businesses can leverage Twitter to extend their brand influence. Powered by American Express, the enhanced LinkedIn® user group for small business professionals, Business Knowledge Share, features Melissa Barnes, Head of Agency and Brand Advocacy at Twitter, who demystifies how Twitter can be a strong and powerful tool when it comes to reaching and building relationships with current and potential customers. The videos offer a step-by-step tutorial for group members that include insight into the value of increasing followers, the purpose of hashtags and how to successfully share a message in 140 characters or less.

“Twitter continues to be an important tool for businesses that communicate with consumers through social media,” said Ed Jay, Senior Vice President of U.S. Small Merchants at American Express. “It is important for Business Knowledge Share group members to learn how the platform can enhance their businesses. Through Social Media Show + Tell, Business Knowledge Share encourages small business owners to be innovative in their business strategy and empowers them to confidently embrace social media.”

The Social Media Show + Tell video series strives to provide simple and easy commentary from leading experts behind each of the social platforms. The Twitter video includes how to tweet, retweet, connect with your audience and maximize your presence. Group members also have the opportunity to ask the expert questions directly and collaborate with fellow group members for ideas and additional insight on how to best utilize Twitter for their business.

Some of the videos include:

Membership in the Business Knowledge Share LinkedIn® user group stands at over 5,700 members, and has more than doubled since the launch of the Show + Tell video series earlier this year. Group members include small business owners, entrepreneurs and social media experts. The group offers members practical advice and tips about how to grow their businesses, while providing a community of like-minded peers to exchange news, ideas and support.

Calling All Small-Business Professionals

Social Media Show + Tell on Business Knowledge Share is open to all small-business professionals regardless of their affiliation with American Express. To join the Business Knowledge Share community, prospective members must first join LinkedIn® and then request membership for the group at: www.businessknowledgeshare.com.

 

CRM Idol 2012 Announces 14 Semi-Finalists from the Americas

Emerging companies make it to the next round in the second annual competition that recognizes innovation in CRM and related industries. 

 

 
Manassas, VA - Paul Greenberg, founder of CRM Idol, announces today the companies from the Americas that have made it through first round judging to become semi-finalists for this years' competition.

Semi-finalists from EMEA, Asia, and Australia will be announced in the coming week. All of the contestants in the competition went through vigorous evaluations with a judging panel comprised of the top influencers in the CRM industry.

“CRM Idol has provided a platform for the industry's foremost innovators to showcase their latest thinking about new and effective business processes and practices. The semi-finalists all demonstrate new thinking about how we will perform front office business in the future,” said Denis Pombriant, Managing principal of Beagle Research and CRM Idol judge. “These processes are largely more customer centric and at the same time more effective, efficient and sustainable.”

Here's the full list of CRM Idol semi-finalists from the Americas: http://www.crmidol.com/news/14/08/2012/crm-idol-2012-semi-finalists-americas-have-been-announced-heres-list

The next steps for the remaining Companies will be enter a second round of judging that will drill down deeper into the business processes these companies promote. The winner will be announced on December 5th of this year. This announcement comes the same week as this years' CRM Evolution Conference in NY, which is being chaired by CRM Idol founder Paul Greenberg. CRM Evolution is known to bring the best minds in the business together and inspire entrepreneurship in this industry. It's the perfect week to kick off the next round of judging for the CRM Idol contestants.

More information about 2012 CRM Idol and the 12-member judging panel, go to www.crmidol.com.

 

 



Oracle releases Java SE 7 Update 6, will support Java for Mac OS X

Oracle announced it is now providing Java SE 7 Update 6 for Mac OS X. Java Runtime Environment (JRE) will be available for download on Java.com and auto-updates for OS X will be provided by Oracle at the same time they come out on Windows.

In addition, Java Platform, JavaFX 2.2 and JavaFX Scene Builder are now available, the company said in an announcement on Wednesday.

“Oracle continues to expand our support for the Java platform and now, for the first time, consumers and developers have access to the latest Java SE features and security updates across all major operating systems: Windows, Linux, Solaris and Mac OS X,” said Hasan Rizvi, senior vice president of Oracle Fusion Middleware and Java Products, Oracle.

HTML and Java have seen increasingly targeted by attackers. Experts point out that much of the increase can be attributed to the Black Hole exploit kit, an automated attack toolkit that receives consistent updates with new exploits. While those toolkits attack primarily Windows machines, researchers have been documenting new Mac malware in the wake of the platform's market share increase. Experts say concern about slow and inconsistent updates to Java on Mac OS X has been driven by the detection of the Flashback malware, which targeted vulnerable Java installations and ended up infecting hundreds of thousands of Mac systems.

The Oracle announcement brings the Java and Oracle relationship full circle, said Paul Ducklin, head of technology, Asia Pacific at Sophos Ltd. 

Initially, Mac OS X 10.6 came with Java, Ducklin wrote in a blog post. This meant that Java updates were released with other Apple updates, lagging behind Oracle's release, and sometimes significantly so.  When Mac OS X 10.7 came out, Java was missing from the default operating system distribution and had to be installed individually by users. Now, Oracle will publish Java for OS X.

“I suggest you update as soon as practicable,” Ducklin advised Mac users.

With Java SE 7 Update 6 comes a Java Development Kit (JDK) for Linux on ARM v6 and v7. This JDK will address general purpose ARM systems. JavaFX 2.2 introduces complete Linux support for x86 and x64 systems. JavaFX Scene Builder is a visual layout tool for designing user interface screens. Users can create screens by dragging and positioning components from a palette onto a scene.




Google Pwnium hacking contest backed with $2 million in rewards

Google is sponsoring a second Pwnium contest to reward bug hunters for hacking into systems and up to $2 million in rewards are available to those who can demonstrate a working exploit.

We're happy to make the web safer by any means -- even rewarding vulnerabilities outside of our immediate control.

Chris Evans, software engineer, Google Inc.

Pwnium 2 competition will be held in October at the Hack In The Box security conference in Malaysia. The search engine giant will put the latest stable version of its Chrome browser in front of hackers. The underlying operating system and drivers will be fully patched and running on an Acer Aspire V5-571-6869 laptop, Google said in a blog entry announcing the Pwnium 2 contest details.

"We're happy to make the web safer by any means -- even rewarding vulnerabilities outside of our immediate control," wrote Chris Evans, a Google software engineer in the Chromium blog.

Google will reward $60,000 for a full Chrome exploit using only bugs in Chrome itself; and $50,000 for a partial Chrome exploit using Chrome itself and other browser or Windows vulnerabilities such as Webkit or kernel-level flaws. A $40,000 prize would be rewarded for a non-Chrome exploit for a bug in Flash, Windows or a driver. In addition incomplete or unreliable exploits may also receive a prize, Google said. "Our rewards panel will judge any such works as generously as we can," wrote Evans.  

Google extended its Chromium Security Rewards Program in February with the introduction of the Pwnium hacking competition at the CanSecWest 2012 conference in Vancouver BC. Pwnium ran alongside the HP-TippingPoint Pwn2Own contest and rewarded researchers with $1 million worth of rewards. The company is one of several companies, including Mozilla and Facebook, which offer bug bounty programs. Microsoft remains opposed to a vulnerability rewards program.

At CanSecWest, Vupen Securitytook down Chrome in the first five minutes of the competition, enabling the researchers to use the attack to bypass the sandbox as well as DEP and ASLR restrictions in Windows. A flaw in Google Chrome was also successfully during Pwn2Own, enabling a researcher to bypass the browser sandbox and gain access to the system.

"We received two submissions of such complexity and quality that both of them won Pwnie Awards at this year's Black Hat industry event," Evans wrote of the first Pwnium competition. "Most importantly, we were able to make Chromium significantly stronger based on what we learned."  




Fusing Video With Email Marketing

We've already published a story about how video might be the new direction for businesses. The problem with video, though, is that you can't just start publishing videos without marketing them. One of the toughest things to do is to actually call people to action within a video in a way that they don't have to type long URLs or emails.

Solutions for this are very limited, and most businesses rely on video channel subscriptions to get ahead. But where are the sales? Promoting a product won't necessarily entice someone to buy it if they don't know how to do it or are annoyed by the extra bother of having to type things. YouTube is very limited in this aspect, and doesn't allow for many marketing efforts to successfully achieve a call to action. It generally isn't the best marketing platform.

But what if you could put your YouTube video into a shell â€" a custom video player â€" that echoes your video with calls to action around and within it? What if I told you that there are solutions for that? You can use something like Viewbix  for this, which allows you to also incorporate an email marketing app inside its interface, thanks to AWeber.

Basically, it incorporates your video into a little box that has a button on it that's clear and non-invasive to customers, which gives them a call to action that's clear and decisive. You can put anything, like “Buy It Now” or “Join Us.” Smaller lines appear to the side to show your customers some small “tool tips” with whatever you want to put into them. Have a look:

Here is how it looks when the little sidebar expands as someone hovers his/her mouse over it:

The ability to expand to full-screen view, play, pause, regulate volume, and share are all there. YouTube might let you put little squares randomly on the screen that constantly pop up during the video, but this might drive some viewers away. Having a less invasive method always makes sure your message is clear and doesn't look like e-begging!



Managing Employees and Co-Workers in Cyberspace

Managing your employees can be difficult enough when they're right in your office and you've all got constant access to each other. You can meet face to face and connect with your workers right then and there, and you have a better grasp on the “people” side of your business.

virtual employees

Startups that have a physical location enjoy this personal aspect, too-you may be doing business internationally, but if your entire team is a paper ball toss away from each other, you'll definitely feel more secure in your management needs.

If your company is online, your employees are scattered across the country, or you're starting up and can't secure a physical space for your business, employee management is even harder-that personal element can completely disappear when you aren't actually in the same place at the same time.

Thankfully, the Internet has enabled these kinds of location-less businesses to not only start up, but thrive and succeed without additional physical overhead.  Managing your employees through virtual-only interaction can be tough to wrap your head around at first, but it can be done, and it can be done very well.

Here are some examples I've learned from years of experience using freelancers-as-employees to get my business off the ground.

Traditional Management Methods Still Work

You can set up training videos, corporate seminars, workbooks and manuals for your virtual business just as easily, if not more easily than you can in physical space. If you've spent a lot of time iterating and improving your training resources, they'll effectively bring new hires and shifting employees into the fold quickly and easily.

Virtual training materials also drastically decrease production costs since everything is digital, so you can spend more time creating highly-valuable training material and pay for it with the savings you're earning from not printing and publishing it all.

Communication is Key: Be Forward and Be Open

In a virtual work environment, your employees won't have your constant supervision-no eyes peeking over their shoulders, no popping into a cubicle to see how things are going. You can still keep tabs on where your employees are in their workday, though, by adapting those supervision checks to your virtual space.

Use your communication outlets effectively and often, and message or email your employees regularly for a “mutual update,” where you're not only checking in on what they're up to, but you're initiating an opportunity for them to get your attention and bring you up to speed on their own thoughts and concerns.

Communication is a two-way street, so keep your communication lines open.

Inspiring Trust Through Assignments and Mini-Deadlines

Happy employees are employees that feel like their responsibilities matter, and you can make every assignment count by simply trusting them with it rather than beating them over the head with constant checks and updates. You might be surprised at how differently your employees will interpret your assignments when you say “do this” as opposed to “I need this from you.”

Simple commands via text or email can make employees think you're upset with them. Identifying your needs and implicitly trusting them to meet them makes your employees feel like they have your complete trust. That sense of trust is improved if you give a realistic, tangible deadline to the assignment to boot.

Setting your goalpost or deadline 24 or 48 hours in advance gives your employees the freedom to get it done on their own terms, whether it's at 2pm or 2am.

Learn Your Employees' Weaknesses, Help Them Turn Those Into Strengths

If you have a relatively small but growing base of employees, you can encourage personal growth as a part of growing your business by helping them learn how to do new things and reach outside their comfort zones. Give your employees an opportunity to identify their weaknesses and strengths, then let them build experience in those weak areas through their work for you.

Don't just take advantage of what they're already good at: give them an opportunity to impress you, and themselves as well. This is another great trust-building exercise that creates a sense of co-ownership of new achievements and successes between you and your employees. This is hard to scale to a large number of employees, but if you're only dealing with a few individuals, you can create a tight-knit community within your virtual workplace this way.

Ultimately, your goals for building trust in a virtual workplace shouldn't be to simply emulate physical workplace procedures and techniques. You should identify the strengths and weaknesses within your company at the individual and the team level.

Find interesting, unorthodox ways to address those with the online services and products you use for your everyday operations. Don't ever hesitate to make your virtual workspace a personal space: instead of being stuffy and overly professional, be casual, easy to talk to, and understanding of others.

The Internet is a wild place, especially if it's where you work. Don't be afraid to embrace that: be unique, try new things, and let yourself and your employees enjoy the freedoms of working in a digital environment.

Team Management Photo via Shutterstock




\'Too secure\' Chrome sees Google engineers increase bug rewards

Google has said that bug reports in its Chrome browser have reduced so significantly that it has had to add financial bonuses for the discovery of flaws.

According to Google software engineer Chris Evans, it has seen a significant drop-off in externally reported Chromium security issues. “This signals to us that bugs are becoming harder to find, as the efforts of the wider community have made Chromium significantly stronger,” he said.

It has added two $1,000 (£637) bonuses on top of the base reward for serious bugs that impact a significantly wider range of products than just Chromium. These include a $1,000 bonus (or more) for ‘particularly exploitable' issues and a bonus of $1,000 (or more) on top of the base reward for bugs in stable areas of the code base, where the defect rate appears to be low and Google determines that it is harder to find a security bug in the area.

Evans said that it had retroactively applied the bonuses to some older, memorable bugs as an example of how the new reward bonuses will work, for example, Atte Kettunen of OUSPG was given $1,000 for bug 104529, as it believes that the PDF component is one of the more secure (C++) implementations of PDF.

Jüri Aedla was given an extra $1,000 for bug 107128 because this bug affects many projects via core libxml parsing, and an extra $2,000 (£1,274) bonus was added for exploitability, as this is a heap-based buffer overflow involving user-controlled data with a user-controlled length. 

Evans said that at times, rewards have reached the $10,000 (£6,371) level for particularly significant contributions. “The Chromium Vulnerability Rewards Program was created to help reward the contributions of security researchers who invest their time and effort in helping us make Chromium more secure. We've been very pleased with the response: Google's various vulnerability reward programs have kept our users protected and netted more than $1 million of total rewards for security researchers.”

The program rewards vulnerabilities in Adobe Flash as well as other software such as the Linux kernel, various open-source libraries and daemons and the base reward is $2,000 for well-reported UXSS bugs, covering both the Chromium browser and also Adobe Flash. With the new reward bonus for exploitability, UXSS rewards will likely become $4,000.

A bonus of $500 (£318) to $1,000 was already offered when the reporter became a more involved Chromium community member and provided a peer-reviewed patch.



Gauss: The latest example of malware using identity-based encryption?

Gauss has been described as the latest type of malware to use host identity-based encryption (IBE) that binds the malicious payload to a specific computer by using a unique identifier.

According to Check Point's security evangelist Tomer Teller, this is the latest sign of a growing trend to ensure the malware is precision-targeted, as well as making analysis by anti-virus researchers much more difficult. Following on from the Flashback botnet, which Teller said was the first example of this technique to compromise more than 500,000 Mac OS X computers in April 2012, this was the first piece of malware to implement this technique in the wild.

He said: “When a computer got infected with Flashback (via a Java vulnerability exploit), the payload was not the actual malware, but was instead a small payload that gathered a unique identifier from the compromised machine.  This unique identifier travelled back to the Flashback controller and was used to encrypt, compress and obscure the full version that later infected the computer.

“Gauss will only decrypt and run its payload on a computer with a specific universally unique identifier (UUID) in its hardware. The UUID is, in effect, part of the encryption key. Without knowing what the intended target's file system and system configuration looks like, anti-virus researchers' efforts to analyse and understand Gauss' payload will be frustrated.”

Teller believes the use of host IBE is an evolution in the techniques used by malware authors, making it harder for security companies to analyse and develop countermeasures for malware.

A map from Symantec confirmed the Kaspersky Lab research that revealed that the majority of infections were in Lebanon, with infections also noted in Israel, the Palestinian territory and Turkey. It also reported that 147 infections had been detected in the United States.

Kaspersky Lab has invited cryptographers to contribute to an attempt in breaking the encrypted payload ‘Godel' within Gauss. It said that the encrypted malicious payload is located in Gauss's USB data-stealing modules and tries to decrypt using several strings from the system and executes it once successful.

Aleks Gostev, chief security expert at Kaspersky Lab, said: “The purpose and functions of the encrypted payload currently remain a mystery. The use of cryptography and the precautions the authors have used to hide this payload indicate its targets are high profile.

“The size of the payload is also a concern. It's big enough to contain coding that could be used for cyber sabotage, similar to Stuxnet's SCADA code. Decrypting the payload will provide a better understanding of its overall objective and the nature of this threat.”

Attempting to break the encryption, Kaspersky Lab said it had tried millions of combinations of known names in %PROGRAMFILES% and Path, without success and said that it is not feasible to break the encryption with a simple brute force attack, so asked anyone interested in breaking the code and figuring out the mysterious payload to contact it via email: theflame@kaspersky.com.



Third parties should face the fine when responsible for data losses

Third parties whose actions lead to data breaches should bear the brunt of ICO fines.

Speaking to SC Magazine, Jonathan Armstrong, lawyer at Duane Morris LLP, said that the impact of monetary fines from the Information Commissioner's Office (ICO) should be passed on to those directly responsible for the breaches.

He said: “There ought to be more of a debate on fines to NHS trusts, as a lot comes out of patient care and the fine is against those managers and the fines should be passed on to the guilty parties.

“In some of the NHS fines, some trusts say that they can get the money back from the contractor, but this comes down to contract management. Principle seven of the Data Protection Act says that ‘appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data', but this applies to everyone.

“If a third party loses my data then they should suffer the consequences as well.”

In recent news, St George's Healthcare NHS Trust in London was fined £60,000 after sensitive medical details were sent to the wrong address by a member of staff; Central London Community Healthcare NHS Trust was fined £90,000 after patient lists were faxed to the wrong recipient; while the largest monetary penalty to date of £325,000 was issued to Brighton and Sussex University Hospitals NHS Trust after hard drives containing sensitive patient information were sold by a third party.

An ICO spokesperson said: “The Data Protection Act confirms that it is the data controller that must ensure that any processing of personal data for which they are responsible complies with the act. Failure to do so risks enforcement action, even prosecution, and compensation claims from individuals.

“Data controllers remain responsible for ensuring their processing complies with the act, whether they use the data in-house or employ a separate contractor as a data processor.

“Making individuals or other contractors responsible for data breaches would require the law to be changed, which would be a matter for the government to consider.”

Responding to the news that the ICO had served 68 warning notices for data security lapses in the first half of 2012, in comparison with 46 at this point last year, Ross Brewer, vice president and managing director for international markets at LogRhythm, said that it was about time the ICO took a much tougher approach when dealing with data breaches, given the somewhat lacklustre approach of previous years.

He said: “In today's information age, nominal fines and letter-writing initiatives to warn about data handling simply do not cut it â€" hence the almost constant stream of data incidents still hitting headlines.

“The ICO seems to be taking data security more seriously and organisations will have no choice but to take heed if they wish to avoid the financial and reputational repercussions of a breach.

“With the growing number of fines that the ICO is dishing out, it will be much easier for the public to identify those organisations that are being irresponsible with their data â€" and as an additional incentive, the increased penalty per organisation ensures that the impact on the bottom line will certainly be felt.”



\'Too secure\' Chrome sees engineers increase bug rewards

Google has said that bug reports in its Chrome browser have reduced so significantly that it has had to add financial bonuses for the discovery of flaws.

According to Google software engineer Chris Evans, it has seen a significant drop-off in externally reported Chromium security issues. “This signals to us that bugs are becoming harder to find, as the efforts of the wider community have made Chromium significantly stronger,” he said.

It has added two $1,000 (£637) bonuses on top of the base reward for serious bugs that impact a significantly wider range of products than just Chromium. These include a $1,000 bonus (or more) for ‘particularly exploitable' issues and a bonus of $1,000 (or more) on top of the base reward for bugs in stable areas of the code base, where the defect rate appears to be low and Google determines that it is harder to find a security bug in the area.

Evans said that it had retroactively applied the bonuses to some older, memorable bugs as an example of how the new reward bonuses will work, for example, Atte Kettunen of OUSPG was given $1,000 for bug 104529, as it believes that the PDF component is one of the more secure (C++) implementations of PDF.

Jüri Aedla was given an extra $1,000 for bug 107128 because this bug affects many projects via core libxml parsing, and an extra $2,000 (£1,274) bonus was added for exploitability, as this is a heap-based buffer overflow involving user-controlled data with a user-controlled length. 

Evans said that at times, rewards have reached the $10,000 (£6,371) level for particularly significant contributions. “The Chromium Vulnerability Rewards Program was created to help reward the contributions of security researchers who invest their time and effort in helping us make Chromium more secure. We've been very pleased with the response: Google's various vulnerability reward programs have kept our users protected and netted more than $1 million of total rewards for security researchers.”

The program rewards vulnerabilities in Adobe Flash as well as other software such as the Linux kernel, various open-source libraries and daemons and the base reward is $2,000 for well-reported UXSS bugs, covering both the Chromium browser and also Adobe Flash. With the new reward bonus for exploitability, UXSS rewards will likely become $4,000.

A bonus of $500 (£318) to $1,000 was already offered when the reporter became a more involved Chromium community member and provided a peer-reviewed patch.



Reuters hacked for the third time this month

Reuters has reported a fresh hack, with a second false story posted.

In a statement, Reuters said that the blogging platform of the Reuters News website was hacked and a false report saying Saudi Arabia's foreign minister Prince Saud al-Faisal had died was illegally posted on a Reuters journalist's blog.

Barb Burg, director of global communications at Reuters News, said: “Reuters did not report the false story and the post was immediately deleted. We are working to address the problem.”

This is the third time the news agency has been hit this month. The first instance at the start of this month involved attackers publishing fake blog posts, including a purported interview with the leader of the Free Syrian Army. A few days later the Reuters technology Twitter account was suspended after it was renamed and used to send false tweets apparently designed to undermine the Syrian rebels.



How To Communicate With A Client After You\'ve Dropped The Ball

You have earned the client's business. You're working on their project. And then the bottom falls out: your computer crashes or your files get hacked, your key players leave the company or you just slipped up on the communication and now your client feels ignored and neglected.

businessman hiding

What do you? Cut your loses, but fix the problem so that it doesn't happen with the next client? Well, don't write the unhappy client off too quickly. There's a chance that you can salvage the situation.  Besides, the greatest measure of our character and tenacity is how we deal when things go wrong.

When Things Go Wrong

Our fight or flight instincts kick in. You get ready to escape, sometimes, by any means necessary. Have you seen these escape tactics before?

  • Placing blame so that you can save face.
  • Giving superficial solutions to buy you some extra time.
  • Ignoring it, because it will just go away (hmmm…does that work?…no).

You're the point and because of that, you don't get to hide. You don't get to wait for somebody else to figure it out - you fix it. But remember, you don't have to do everything, but you do have to set the strategy, and most importantly, set the standard. And that begins with communication.

It's Time For A Series Of Difficult Conversations

To be effective as you communicate with your disgruntled client, pay attention to 4 core steps:

1.) Accept the Mistake

Investigate the situation - immediately. Get clear about everything that happened, and then get organized. You want to know:

  • what was promised by your company
  • what was expected by your client and
  • what they actually received

Don't just guess at it; talk to every team member involved - as quickly as possible. Besides, you can only make the best decision once you understand the situation.  If you're a one man or one woman show, then you don't have to go far to get the details.

But before you react, put yourself in your client's shoes. You know what it feels like to be on the other side of the counter. But when you're the one providing the service or the product, make sure you understand and respect their concerns. This simple decision will temper your communication; it will help you to respond with their interest in mind - and not just to save face.

2.) Automate the Communication 

Keep the conversation flowing. This is not the time to hide. In fact, the decision to communicate consistently is the difference between creating a loyal customer or an angry, vocal, ex-shopper.  When you discover the mistake, be proactive:

  • Call to apologize with a remedy to alleviate the situation.
  • Let your client know how long it will take.
  • Give honest time frames and then keep your word. If you promise to follow up next week, follow up next week.
  • Update them consistently until the problem is resolved and be automatic about it - even though it may be painful to you.

After a service provider drops the ball with their client, the number one complaint I hear is that “they won't return my call.” Your client wants to hear from you. They want a realistic time frame for when the issue will be resolved. They want a concession for the mistake. They want to be heard. And yes, they may want their money back.

The sooner you address the issue by solving the problem or giving a concession that they can live with, the sooner you can move on.  We understand that businesses are run by people and sometimes people make mistakes. When your company make the mistake, don't hide - communicate.  Do you automatically dump every company that makes a mistake? If you don't, why not?

For most, the answer lies in how the company deals with them after the fact.

3.) Advise The Team On How To Handle Their Phone Calls

Your team needs to know how to handle that client's phone call.  Everybody can't and shouldn't know everything, but you can tell the receptionist to always forward Mr.X's phone call to the following people.

Remember, you don't want to leave that client hanging any more. So don't force them to re-explain their story over and over again. You inform your team on the situation and how to move. By having an informed team you can keep from adding insult to injury.

4.) Attack the Situation, Not The Person 

It's natural to want to protect yourself, but since you made the mistake, then you cannot honor your flight response by running away. Stand and deal directly.  You also have to address the fight response; instead of attacking the client - passive aggressively - attack the situation.

Take this position:

“I will get to the bottom of this and see what we can do to fix it as quickly as possible.”

Then do the work to keep your word. Even if you still loose the client's business, you have found a leak and fixed it so that you don't loose others.  With the right kind of communication you can salvage most business relationships. But it takes consistency and sincere concern to turn it around.

Businessman Hiding Photo via Shutterstock




Five Mobile Security Tips for the Frequent Traveler

If you are a frequent business traveler, then you've probably perfected the process of getting through the security lines at airports with as much ease and as little stress as possible.  However ‘perfect' your process may be, the fact remains that you will have to remove all your devices from your bag so they can be scanned; laptop, smartphone, tablet, etc.  Mix this with the general chaos of the security lines and trying to keep schedule and the possibility of losing one of these devices exists for all of us.

Losing a device can cause a total interruption in your ability to perform your job and will cause you to lose precious time, which we all know is money.  But more costly than that (and the cost to replace the item) is the value of company information that may exist on the device and is now in someone else's hands.

In a recent article, Security 101: Mobile Security Tips for the Frequent Traveler, our very own, Ramon Ray outlined five tips that will help you to keep your equipment more secure.  Here is a summary of those points:

  • Keep your hardware secure. One of the best ways to make sure your data remains secure is to always keep your devices in your sight. If you're staying at a hotel, go to the trouble of storing all of your devices in a safe.
  • Be careful what you store locally. VPN accounts are a secure way to reach important files without saving them on your device. Cloud-based networking can also be a great way to access your files without them being stored on your computer. Just make sure your system doesn't automatically pass anyone through who is able to get into your computer.
  • Use encryption. Encryption and login passwords are a must for any device that stores work-related materials. Be sure you use complex passwords, consisting of a combination of letters, numbers, and special characters.
  • Consider the consequences. If any sensitive customer information is compromised-social security numbers, credit card numbers, etc.-your business will be expected to send letters to all affected individuals notifying them of the breach. Some businesses have chosen to pay for a year of identity theft protection for all potentially affected individuals.
  • If a device is stolen, don't cover it up.  A business owner or CIO can and will be held responsible if customer information is compromised and the appropriate steps aren't taken. First, notify authorities and file a police report, especially if the device has been stolen. Second, contact others in your organization and change any passwords that might apply to the device.

There is no way we can ever fully safeguard ourselves from having a device stolen or ensure that we can overcome the chaos of life and never lose a device. By taking a few simple steps now, though, we can ensure that should we ever be in that situation, our information will remain safe and secure and we can avoid a lot of stress and embarrassment!



Business Blogger Test-Drives Nexus 7

The Nexus 7 creates a more mobile environment for small business. Working while on the go has tremendous value for entrepreneurs, obviously. The new device offers value in terms of time and productivity at a budget price not possible with other tools like the iPad. Here's what you should know about Google's Nexus 7 and mobile business technology today.

Nexus 7 Basics

Blog from anywhere. Imagine being able to blog from anywhere on a device smaller and more mobile than a laptop or notebook and less expensive than an iPad. One business blogger has been running some tests to see how effective the latest, least expensive tablet is for creating content while on the go. Jim Connolly Dot Com

Still not a smartphone. If you're one of those business owners trying to maximize the functions attainable with your mobile tablet, here's a look at how the Nexus 7 can even be used to place and receive phone calls, just like a mobile phone. The Droid Guy

The Nexus 7 revolution. Google's flagship mobile device may be the most revolutionary tablet released in recent months. But whether it's the game changer predicted by some, with unprecedented mobility and affordability, remains to be seen. Here are opinions from some experts. ZDNet

Other Options

Microsoft competition surfaces. Rumors claim the new Microsoft surface may come in at a price competitive with the already impressive Nexus 7. The rumored pricing, if true, will put even more affordable mobile devices in the hands of users, including small business owners. CNET

The iPad mini mystery. One wild card in the future of tablets and other mobile technology for business users is still the anticipated iPad Mini. Questions about the mobility, effectiveness, and price of the device persist. Here's some of the information collected thus far. 9 to 5 Mac

More Reviews

Not just another user experience. You'll want to read this detailed review of the Nexus 7 if you haven't tried one out already. Gerrit Vermeulen calls the Nexus 7 an “excellent tablet at an outrageously competitive price.” He advises getting your hands on one, if you have the chance. MyBroadBand

Everything's obsolete. Or at least Amazon's Kindle Fire and the Apple iPad could be soon. It looks like everybody's happy with the functionality, mobility, and price of the Nexus 7. The device has opened up a whole new market of users and surely entrepreneurs will be among them. WPTV.com



Subscribe to: Posts (Atom)