Emergency Adobe update APSB12-19 addresses more Flash Player flaws

Adobe Systems Inc. has released six security updates in Security bulletin APSB12-19, which addresses critical Flash Player vulnerabilities that could cause a crash and potentially allow an attacker to take control of an affected system.

The emergency Adobe updates come exactly one week after the San Jose, Calif.-based software vendor's regular security update that patched another critical vulnerability, CVE-2012-1535, which was being exploited in the wild.

Bulletin APSB12-19 addresses issues in Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux; Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x; and Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and 2.x.

According to one expert, the successive release of these security updates raises some questions.

"[T]he release will be a bit of a surprise for IT administrators, as we had a Flash Player release last week during the normal Patch Tuesday, together with the new versions of Acrobat/Reader and Shockwave player," said Wolfgang Kandek, chief technology officer at Redwood City, Calif.-based Qualys Inc. in a blog post. "We believe that last week's release was an out-of-band emergency fix to address a specific vulnerability under abuse in the wild and that could not be integrated with this bigger release."

The pervasiveness of client-side applications like Adobe Flash makes them a common target for cybercriminals, said Michael Cobb, CISSP-ISSAP, CLAS, and founder of U.K.-based security consultancy CobWeb Applications. Since Flash Player is often exploited with new attach techniques, it requires frequent patches released by Adobe that users must install manually. According to Cobb, many users do not act quickly enough once patches are available. For enterprises, updating users' desktops and laptops is not given the same amount of attention as keeping critical servers patched.

Adobe has given the current player update a priority rating of 1 on Windows, meaning users should install it as soon as possible, ideally within 72 hours. Windows and Mac users will need to update to version 11.4.402.265.

Individual users with the plug-in installed on their systems can visit the About Adobe Flash Player page to check what version they have and go to the download center to update their version of the player.




Square Levels the Playing Field for Small Businesses With New Pricing Structure

Small merchants often don't enjoy the same savings and options as larger businesses when it comes to credit card processing and other fees. But those small businesses received some potentially good news this week when mobile credit card processing company Square announced that users will now have the option to pay a flat monthly fee instead of paying a small fee for every transaction.

Square

Specifically, businesses can choose between paying $275 per month to use the service, or $2.75 per swipe. The monthly fee may not be the best option for small businesses that don't process very many payments, but it would lead to savings for businesses that process over $10,000 in credit card payments per month. Square will only allow businesses that process up to $250,000 per year to pay the flat monthly fee.

The Square team stated in a blog post that the fixed pricing option for merchants aims to “level the playing field” for small businesses and help relieve uncertainty about fees by ensuring that the amount processed from a customer is the same amount that is deposited in the business's account.

Square works with Visa, MasterCard, American Express, and Discover, and the credit card reader is free for all users. Square Register also gives small businesses the ability to track inventory, share information, and accept payments.

Of course, this pricing structure isn't the first big move for Square in the past few weeks. The new pricing model, along with Square's recent deal with Starbucks, is all part of a larger trend where more and more businesses and consumers are moving away from cash payments. There are many mobile payment competitors that have surfaced recently, but this new option from Square is something that hasn't been offered by other businesses, and it may entice even more merchants to jump on the mobile payments bandwagon.




A year of massive change as roll-out rolls on

High-speed broadband has caused some hiccups, but Chorus is learning lessons in communication and managing expectations along the way.

It's the biggest telecommunications infrastructure project since the 80s and for phone network company Chorus it's meant a year of frantic work and massive change.

More than 200 Chorus field crews are busy connecting New Zealanders to a brand new high-speed broadband network, while the company itself has broken away from its former owner.

Chorus is one of four private firms contracted by the Government to roll out the Ultra-Fast Broadband (UFB) network in urban areas.

When completed in 2020 the UFB, a key election promise during National's 2008 campaign, will connect 75 per cent of New Zealand homes, businesses, schools and hospitals to a fibre-optic network capable of speeds of 100 megabits a second - around 20 times faster than the average rate recorded by the Commerce Commission in 2010.

Formerly part of Telecom, participation in the UFB scheme required Chorus to split off from its parent and become a stand-alone public company late last year.

At the break-up Chorus took ownership of the network assets, including 130,000km of copper lines, more than 27,000km of fibre cables and 500 telephone exchanges, with Telecom becoming a stand-alone retail business that includes its mobile network.

Chorus is now also responsible for building the UFB network in Auckland, Rotorua, Nelson, Wellington and a large portion of the South Island, with Ultrafast Fibre, Northpower and Enable Networks building the balance of the high-speed broadband network.

The expected cost for Chorus' share of the build is likely to come in at between $1.4 billion and $1.6 billion.

The Government, through its UFB investment vehicle Crown Fibre Holdings, will fund $929 million of the build with Chorus tipping in an estimated $471 million to $671 million.

Chorus' general manager of network build Chris Dyhrberg says having signed up to some big targets for the first year, the work programme started off at a huge pace.

Between August last year and the end of June it has taken the fibre network to 42,000 premises. Next year it is aiming for a milestone of a further 149,000 premises able to connect to fibre.

But it hasn't been all plain sailing. Looking back, Chorus chewed off more than it appreciated and could have done a better job of managing expectations, Dyhrberg says.

Chorus has chosen to run the majority of its network underground, digging up roadside berms and footpaths; work Dyhrberg admits has left some communities looking like war zones.

"The sort of disruption you inevitably cause a community when you're deploying the infrastructure there, that's something I think, on reflection, we could have done a much better job in preparing people, by letting them know what it is going to be like and the sort of timelines we are talking about."

Chorus is in regular contact with companies rolling out fibre networks in other countries and Dyhrberg says its experience is not unique.

In the first year big goals and publicly quoted targets are often missed, so the second year is about getting the quality, costs or resources under control, he says.

The Australian equivalent to UFB, the National Broadband Network, recently announced it had fallen well short of its anticipated connection targets and cost an extra $1.4 billion, 3.9 per cent more than originally forecast.

The delays have been blamed on the longer-than-expected time taken to nail a deal with Australian incumbent Telstra over access to existing network assets.

For Chorus, working with its service company and technology partners has seen significant improvements in design, plus reductions in cost and deployment time.

It is also boosting its communication efforts with affected communities.

"That ongoing innovation in process and approach is continuing and that's why we feel confident we'll get to the point where it's just basically a fibre factory that just keeps rolling on without a hitch."

Running alongside the UFB scheme is the Rural Broadband Initiative (RBI), aimed at connecting rural schools and hospitals to fibre, boosting mobile coverage and delivering high speed broadband to 252,000 rural customers.

A partnership between Chorus and Vodafone will build 154 new cellphone towers, upgrade 387 cellphone towers and extend Chorus' existing fibre network by about 3100km in rural areas.

Close to $300 million of funding for the RBI will come from an industry levy, with Chorus and Vodafone adding more than $100 million.

Senior telecommunications analyst Glen Saunders of IDC says he is waiting for Chorus' results announcement at the end of the month for a clearer picture of the company's progress.

"I think [Chorus] can be very proud that a lot has been achieved... all in all it's going pretty well, but it's pretty early and they'll certainly be worried about the cost of roll-out in the longer term," says Saunders.

Switching customers from the older copper-based network to the new fibre network will be an industry challenge, says Dyhrberg.

Chorus investors and shareholders are aware fibre networks have lower operating costs and higher capability than legacy copper networks so they're looking to the company to migrate from copper to fibre as cost effectively as possible and reduce operating costs by only having one network, he says.

By 2020 around 25 per cent of the network will still be connected to copper and it is unlikely 100 per cent of those who can connect to fibre will take up the offer, so Chorus will be charged with maintaining the copper-network capability for those customers until fibre-based services are ubiquitous.

The priority for the UFB network is schools, hospitals and business users but homeowners in some areas will be starting to see action at street level, including retail service providers like Telecom, Orcon, Vodafone and CallPlus marketing deals for services over fibre.

This financial year Chorus will start building the fibre network in Invercargill, Nelson, Oamaru, Queenstown, Timaru and Whakatane.

It has already begun the roll-out of the new network in Auckland, Ashburton, Blenheim, Dunedin, Napier-Hastings, Palmerston North, Rotorua, Taupo and the Greater Wellington region (including Masterton).

"We're really looking forward to having a successful year this year. We've got another big target and the aim is to deploy past 149,000 premises in the coming year," says Dyhrberg.

"The number of customers who will be able to connect to the network will be significantly higher again - it's usually in the order of about a third more customers than premises - so this year is going to be a good year.

"Our service companies are feeling like they've got their head around things a lot more; we're able to spend a lot more time optimising things and just providing high levels of confidence about deployment schedules and cost to deploy."

By Helen Twose | Email Helen

Government backing needed to avoid \'world\'s fastest intranet\'

The Government needs to step in fast to revive a scheme to build a high-speed telecommunications link out of New Zealand or we risk only ever having a single connection, says an industry commentator.

Competition on New Zealand's international broadband link was dealt a blow earlier this month with news the high-profile backers of a second submarine internet cable were pulling the pin. The Pacific Fibre project had planned to build a 13,000km cable between Auckland, Sydney and Los Angeles at a cost of around $400 million.

Big business names behind the project included Facebook billionaire Peter Thiel, Trade Me founder Sam Morgan, Xero's Rod Drury and the Warehouse founder Sir Stephen Tindall.

Announcing the cancellation, Pacific Fibre chairman Sam Morgan said it had spent millions of shareholder funds and despite getting some good investor support had not been able to find the level of investment required in New Zealand and offshore.

"The global investment market is undoubtedly difficult at the moment but we knew this was always going to be hard, regardless of our timing."

Investor Rod Drury told the New Zealand Herald earlier this month there had also been political concerns over the potential of Chinese involvement in the project.

Currently New Zealand's only broadband cable link is provided by the Southern Cross Cable Network, a venture in which Telecom has a 50 per cent shareholding. IDC senior analyst Glen Saunders says Southern Cross extending the estimated lifespan of the cable to 2025 and earlier this year slashing prices by 44 per cent on new customer contracts has perhaps put off "a desperate need" for an additional link.

He says a business case for a future venture might come down to how quickly uptake of the Government-backed fibre network happens.

"If we're using a lot more fibre and bandwidth then ultimately Southern Cross might not be able to cope."

He says the "killer app" that drives a thirst for fibre connections could be five years away.

Telecommunications Users Association chief executive Paul Brislen says his fear is other submarine cable players will be turned off for a long time by the failure of the Pacific Fibre project.

He says the Pacific Fibre business case was predicated on hooking up the Australian market, but with extra capacity being added directly between Australia and North America by other players, the investment rationale gets tougher.

"Without the Australians needing to sign up to a fibre that comes through New Zealand there is very little chance of getting a fibre off the ground that just connects New Zealand to the US because the costs just aren't balanced by the income you would receive from the customer base," Brislen says.

He would like to see the Government back an alternate link, either directly or by committing to purchasing capacity.

"It's a lot of money to be investing in this part of the world, so without a government backing it I think we'd be stuffed."

With the added links out of Australia firing up, the Government needs to move fast as the window for a viable business case closes, Brislen says.

"It would be a crying shame to build this UFB (Ultra-Fast Broadband) and RBI (Rural Broadband Initiative) project and have the world's fastest intranet."

By Helen Twose | Email Helen

Is Your Small Business Marketing to Hispanic Consumers?

Did you know that:

  • If the U.S. Hispanic market were its own country, its buying power would make it one of the world's top 20 economies?
  • Recession or no recession, U.S. Latino households earning $50,000 or more annually, are growing at a faster rate than total households?
  • The U.S. Hispanic market is projected to account for $1.5 trillion in purchasing power by 2015?

hispanic family

The stats above are from a recent Nielsen report on Hispanic households in America. And I sure hope they whet your appetite to cater to this important and growing consumer group.

There are more than 52 million U.S. Hispanics, Nielsen says, and they are the fastest- growing ethnic group in the country. By 2050, the Hispanic population in the U.S. will grow by 167 percent, compared to just 42 percent for the overall population.

One thing that makes Latinos a particularly profitable market for small businesses is their youth. While the U.S. as a whole is graying, the median age of Hispanics in the U.S. is just 28 (almost 10 years younger than the overall median age of 37). More than half the U.S. Latino population is under 35 years old.

That means Hispanics are in the market for:

  • New homes and everything that goes with them (appliances, furniture, décor, home services).
  • Weddings and everything that goes with them (flowers, catering, honeymoons and travel).
  • Children and everything that goes with them (clothing, accessories, toys, education and tutoring, extracurricular activities).

MediaPost reports that research firm IBISWorld has identified seven industries that will benefit most from the growing Hispanic population:

  1. Residential buying, food (grocery and restaurants)
  2. Retail (especially clothing and electronics)
  3. Education (higher education and technical schools)
  4. Financial services
  5. Transportation (automotive and airline)
  6. Entertainment
  7. Media

If you're in one of these areas and want to reach Hispanic consumers, you'd best get active on social media. MediaPost says Hispanics are avid social media users and that trend is likely to grow.

As of February 2012, Hispanic Internet users' visits to social networking sites rose 14 percent year-over-year. Hispanics are the fastest-growing U.S. ethnic group on Facebook and WordPress, and Hispanics over age 18 are 25 percent more likely to fan or follow brands on social media than the general population.

Are you targeting Hispanic customers in your marketing tactics and how is it working for your business?

Hispanic Family Photo via Shutterstock




Tablet use set to triple in New Zealand

Computer tablet ownership in New Zealand is expected to triple in the next six months - meaning 20 per cent of the population will soon be using online devices such as the iPad, new research from Ericsson shows.

The Ericsson survey also indicates the proportion of Kiwis using smartphones will increase from 30 per cent to 50 per cent over the next six months.

Ericsson's strategic marketing general manager, Kursten Leins, said he expected this to increase to 95 per cent within the next couple of years.

"We haven't even reached the half point yet," he said.

More New Zealanders are choosing smartphones to access emails or use applications, he said.

Nearly half of New Zealanders are using applications on a daily basis, with the most popular choices being videos, communication and games.

Currently 7 per cent of New Zealanders own a tablet, this was expected to reach 20 per cent over the next six months.

New Zealanders were slow to purchase tablets, and the increase will bring New Zealand in line with the global average, Leins said.

He said the next step for smartphones was moving from the current 3G networks to 4G, which was equivalent to broadband speed.

Five hundred New Zealanders completed the online survey by Ericsson's research division ConsumerLab. The Swedish company is no longer a maker of phones and handsets but is involved in the rollout and build of the national Ultra Fast Broadband network.

Telecommunication Users Association of New Zealand chief executive, Paul Brislen, said if New Zealand was behind the global trend for tablets then this was most likely due to the production cycle, where tablets were available in America and Europe before New Zealand.

By Siobhan Leathley

Do You Participate In the Insurance Buying Process?

This probably sounds like a silly question, right?  Of course you participate in buying your insurance.  You're the one that did the Google search for insurance quotes.  You're the one that clicked all the little buttons to get a quote.  You're the one that hit the “buy now” button to purchase the policy.  And you're the one that printed out the auto ID cards and stuffed them in the glove compartment of your car.

insurance

If that's not participating in the insurance buying process then what is?

A Little Truth

Not to be rude, but with minimal training, a primate could have purchased that auto insurance policy and a well trained squirrel could have put the auto ID cards in your glove box.  You may have bought insurance but you didn't participate in the insurance buying process.

It's likely that you didn't take the time to review your own insurance needs.  It's very likely that you didn't take the time to research the coverage that allows you to address your needs.  Its very, very likely you didn't take the time to have a licensed professional review the insurance carriers within your geographical market that supply the insurance products to meet your needs.

I'm also pretty sure you didn't take the time to receive competitive quote offers from multiple insurance carriers.  And you most certainly didn't take the time to create a detailed personal insurance program adequate to fulfill your future insurance needs.

It's Your Life… Be an Active Participant

Unless you are offensively naive, I'm assuming you have at least some conceptual idea that bad things happen no matter how careful you are.  Insurance is designed to take the financial stress out of the terrible things that may happen to you.

This is really important stuff. This is your life.

Sticking your head in the sand and hoping bad things won't happen is no way to live.  Be a participant in your own life.

As apocalyptic as this may sound, participating includes purchasing insurance â€" auto, home, life, disability, etc.  It also includes planning for your retirement, shopping for better interest rates on car loans and personal debt and educating yourself.

The Rub

Doing something, just to get it done, never yields the most positive result.

This goes double for your business insurance, so general liability and workers compensation to name a few.  Before you just plow through your next insurance renewal take a deep breath and put some thought into what you are purchasing.

To be more specific, go online and search for or ask a friend for the name of local independent insurance agent.

An independent insurance agent is going to be able to walk you through the process of properly insuring your business step-by-step.  You will still make all the decisions but an experienced independent insurance agent will guide and educate you on where you might have gaps in coverage.

Simply clicking through some buttons and purchasing a policy may seem quick and easy… but when you have a claim, quick and easy is the last thing you're going to care about when it comes to coverage and getting your business running again.

Be present. Participate in the insurance buying process. I promise you'll be happier in the long run.

Insurance Photo via Shutterstock




7 Things You Should Look For In Document Management Systems

Paperwork is something messy that no one wants to hear about. With document management, this becomes a foreign concept, as your papers suddenly become digital fingerprints on your computer. Of course, with the convenience of such a system, you have certain disadvantages that different systems take an approach to mitigating. Some of them are more efficient, and others provide a very innovative way of resolving issues often seen with users of their software.

But which one are you going to pick? There are many out there and they're all hollering, saying that they have a one-stop solution for you.

Jim True, VP of Product Management at Cabinet, teaches us what to ask ourselves when looking for document management systems (DMS):

  • How much can it scan? Is it a system that can scan only 20-30 pages a day? Determine the volume of paperwork your business processes and choose accordingly. Higher volumes (over 50 pages a day) require automated systems.
  • Can you import your stuff quickly? If you're going to choose a DMS, you might already have something implemented that makes you at least partially paperless. Would the new DMS handle the volume of things you have to import into it? If you already have a DMS and have outgrown it, you certainly need to get one that can handle higher volumes of data.
  • How's the creation process? Can you create documents within the DMS, or do you have to move them manually from a storage device onto the platform? These are things to think about when you'll be using the system daily.
  • How does the DMS let you search documents? Searching for a document can be a nightmare or a cinch depending on the system's hierarchical structure. There are three ways systems provide search functionality: You can search by browsing an index, by inputting a title/keyword, or by inputting something that can be found within the document's body. It's important to have one or more of these methods, but it's most important to have the one that works best with your operations.
  • Does it have competent integrated security? There are a ton of regulations (PCI, HIPAA, SOX, ISO, etc.) that require you to maintain user information and documents in a highly secure environment. You no longer have physical filing cabinets that you can lock. Does the DMS have a way to protect the privacy of individuals that documents pertain to?
  • Does it work with what you have? If you have a CRM solution or some kind of payment processing application, you have to make sure that the DMS works with it if you don't want to spend all day transferring documents and inputting data. Check what DMS solution works with what you've got at this moment. It's really important for your convenience and for the sake of your business' efficiency.
  • Can it follow your protocols for document processing? If you must continually train employees on how to process documents, your DMS isn't doing all it could for you. Find a DMS that can automate all of this so that your employees make less mistakes and operate more efficiently.

In many cases, you can get a demo of a product you're looking for. Don't hesitate to accept this from any company you can. It will help you determine whether this will be the permanent solution for you. Remember that you don't want to have to purchase one solution. If you find out you don't like it, go ahead and purchase another!



Crisis Trojan can infect VMware machines, Windows Mobile devices

When it was first discovered last month, researchers indicated the Crisis Trojan was a unique piece of malware in the way it can infiltrate both Windows- and Mac-based systems. It turns out that was only the beginning.

Symantec Corp. researchers said they have now discovered the Windows version of the Crisis Trojan can spread to Windows Mobile devices and VMware virtual machines. It's believed to be the first such instance of malware that can spread to a virtual machine in this way, indicating a possible new advance for malware writers.

The

Crisis Trojan was first reported by Bellevue, Wash.-based Apple platform security vendor Intego Inc. in July. It targets Apple and Windows users and installs a backdoor to record Internet usage and snatch confidential data.

In a post this week on its Security Response blog, Cupertino, Calif.-based Symantec said the Windows version uses three methods to spread:

"One is to copy itself and an autorun.inf file to a removable disk drive, another is to sneak onto a VMware virtual machine, and the final method is to drop modules onto a Windows Mobile device."

The malware searches for a VMware virtual machine image on the compromised computer, mounts the image and copies itself onto the image using a VMware Player tool, wrote Takashi Katsuki, a software engineer at Symantec Security Response.

"It does not use a vulnerability in the VMware software itself," Katsuki wrote. "It takes advantage of an attribute of all virtualization software: namely that the virtual machine is simply a file or series of files on the disk of the host machine. These files can usually be directly manipulated or mounted, even when the virtual machine is not running, as is the case above.

"This may be the first malware that attempts to spread onto a virtual machine," Katsuki wrote. "Many threats will terminate themselves when they find a virtual machine monitoring application, such as VMware, to avoid being analyzed, so this may be the next leap forward for malware authors."




7 Steps To Get Media Attention The Right Way

Last week Problogger's Darren Rowse issued a well-deserved rant, attacking SEO Guest Post Pitches â€" The New Scurge of a Blogger's Existence. In his post over at Google+, Darren explains that over the past year he's seen a noticeable shift in the pitches that are hitting his inbox. Instead of hearing from well-intentioned bloggers looking to offer value, he's getting impersonal pitches from people with no understanding of his blog or what he writes about. Awesome!

Darren has had enough. And, really, who can blame him?

Pitching is par for the course in today's marketing world. We pitch guest posts to gain exposure and build authority, and we pitch reporters to help our businesses earn coveted media exposure. But there's a right way and a wrong way to pitch someone.

You've probably seen the wrong. The right way looks something like this:

1. Have something worth pitching: Sadly, this is where way too many business owners fail in the process. Yes, at step one.

Fueled with a sense of urgency to attract links and coverage, business owners pitch articles or news stories that simply aren't interesting or worth the initial email. Have something worthy to pitch OR hold that email until you do.

What's pitch worthy? Maybe you're a new startup that solves an old problem or you're a company using shock and awe tactics to surprise your customers and make their day. You need something that will make you stand out and make the recipient of your email want to learn more. If you don't have something worth sharing, you're not ready. Nothing slams doors harder than mediocrity.

2. Do your homework: Whether you're approaching someone like Darren Rowse for a guest posting opportunity or you're about to email a local reporter, be respectful of their time and do your homework beforehand. Study what their blog/site is about, learn which writers/reporters cover what topics, know the type of spin they use, what their hot buttons are, and who to contact for what kind of story. Once you have a specific writer in mind, find their personal email address. You'll get a much better response emailing someone directly than using a generic info@domain.com or sales@domain.com email.

3. Personalize your pitch: Because you've done your homework and you know the person you're reaching out to, you'll be able to better personalize your pitch. Talk about a recent post they've written or a stance you both share on a particular topic (but don't lie!). One pet peeve Darren mentioned in his rant post was how obvious it was that the people contacting him were simply copying and pasting their messages. There was no attempt to personalize the email. Even if you're pitching multiple people about the same story, do your due diligence and customize the pitch to that person. You may have 2-3 lines that are standard, but add personal elements to show there's a human on the other end of the email.

4. Tell a good story: In most cases, it's simply not enough that you have something cool to share (unless it's really cool). You have to make people care by telling a story that ties what you're pitching to what the recipient is selling. Anyone with a blog or a platform today is in the storytelling business. We tell stories about ourselves and our customers to get them to take a desired action and to make them feel something. Your pitch should lay out the benefit for the recipient and tell a story about how it will help their readers. Stories are what make people care about your business and your bottom line.

5. Get to the point: Respect your reader's time by telling them, immediately, who you are, what you do, and why you're contacting them. If they want to learn more about you, they'll respond to your email and ask. Be brief and resist the urge to tell your complete life story in your initial email. Learn to get your message and story across in just a few sentences.

6. Include all pertinent information: Somewhere in your pitch you want to provide all of the information this person will need to get in touch with you. If you're emailing them they already have your email address but include the URL for your site/blog, your Twitter handle, and any other pertinent information. Don't make them search for it to find you. Because they probably won't.

7. Be helpful: Regardless of whether or not your pitch is accepted on the first attempt, don't end the relationship after that interaction. Find ways to keep yourself and your company top of mind for that blog or site by lending a helpful hand whenever you can. Maybe that means connecting them to someone they should know, recommending a new source/contact, or pointing them toward a story that doesn't involve you but would be of interest their audience. By fostering that relationship and acting like a good Web citizen, your contact will be more likely to keep you in mind for future stories.

Whether it's for an interview, a blog post, or a story about our company, we all have to pitch sometimes. But by crafting a pitch that is relevant and respectful, you're much more likely to get a positive response. Because if Darren Rowse is going to mention your company, you want him to mention it for the right reasons, not the wrong ones.

Image credit: iqoncept / 123RF Stock Photo




Worry Free IT Management for Small Businesses

Managing corporate networks from a central location with ease used to only be feasible for larger companies able to license expensive management software (such as Microsoft System Center). However, times are changing and there now are a wide array of options geared towards small and midsized companies.

One such solution, which fits the needs of small businesses while providing a solid set of services, is GFI Cloud. GFI Cloud is a service developed by GFI, which allows IT administrators and business owners to view the status of workstations and servers within their networks all from a centralized location.The application works as a simple installer which can be deployed across your workplace network. GFI Cloud simplifies IT management in a matter of only five steps. After a simple install process, the computers on the network will appear within the GFI web console. By using a “cloud” approach, GFI allows administrators to access their workspaces from any internet connected computer right out of the box.  Within the console, administrators simply enable the services they want on specific systems with the click of a mouse.

GFI offers a couple of key services within its cloud suite which are crucial for virtually every business. The first service is allowing administrators to view the complete status of all connected computers via a central control panel. From ensuring security tools are running (i.e. anti-virus, anti-spyware, firewalls); administrating patches, updates and system services; and also viewing a full inventory of the hardware within the systems (which is vital for asset tracking purposes), GFI Cloud provides enterprise grade monitoring at a price palatable for small businesses. Within the monitoring, administrators are able to receive alerts for systems which are not updated or which have critical services disabled, and they are able to make any necessary changes remotely. Most notably, GFI Cloud can also be installed on corporate servers, allowing companies to further simplify their overall IT overhead costs.

Another key service of GFI is that it provides anti-virus within the cloud interface. This differs from your typical locally installed suites because updates are administered in real-time which helps prevent infections from new threats, and it also allows for simplified management regardless of the computers location.

GFI Cloud is priced at only $12/year per system making it an affordable option for many small businesses. One caveat however is that the package has a 10 system minimum and that all subscriptions purchased must expire at the same time. Regardless, GFI Cloud is priced at a reasonable level considering the benefits it provides, especially for small business where having a full-time IT staff is not feasible.

For companies with less than ten computers, another solution similar to GFI Cloud is Soluto. Soluto is similar to GFI in that it allows designated users to:  remove applications from startup to speed up bootups, troubleshoot applications which are triggering system crashes, install crucial applications to help enhance productivity, spot when hardware repairs are needed, and also upgrade applications without interfering on the end users workflow.

Soluto is free for up to five computers and is well suited for very small businesses and even non-commercial users.



Adobe releases second patch in a week for Flash

Adobe has released its second critical patch in a week for Flash to cover six vulnerabilities.

Updates are available for the Windows, Mac, Linux and Android platforms. Adobe has also released patches for three flaws in the Air product. Windows and Mac users will need to update to v. 11.4.402.265, while the Flash Player installed with Google Chrome should automatically be updated to the latest Chrome version, which will include Adobe Flash Player v. 11.3.31.230 for Windows and Linux and Flash Player v. 11.4.402.265 for Mac.

Windows and Mac users will be able to update to Adobe Air 3.4.0.2540.

Wolfgang Kandek, CTO of Qualys, said that five of the flaws are categorised as ‘critical' and can lead to remote code execution on the attacked machine.

“We recommend installing the update as quickly as possible, at least on the Windows platform where it carries the highest priority rating of ‘one', with an associated recommended patch turnaround time of 72 hours,” he said.

“Overall the release will be a bit of a surprise for IT administrators, as we had a Flash Player release last week during the normal Patch Tuesday, together with the new versions of Acrobat/Reader and Shockwave Player. We believe that last week's release was an out-of-band emergency fix to address a specific vulnerability under abuse in the wild and that could not be integrated with this bigger release.”



Webroot confirms end for email service in November

Webroot has confirmed that it is to terminate support for its corporate email system in less than three months.

As revealed by CloudPro, Webroot is to terminate support for its corporate email system on 30th November 2012, one year earlier than previously advertised. Mike Malloy, executive vice president of products and strategy for Webroot, said in a statement that after it announced its intent to discontinue providing the Email Security Service in December of 2011, it transitioned more than 80 per cent of the customers using the service and fewer than four per cent of customers had contracts expiring past 2012.

“Thus we concluded that discontinuing sooner was possible. We will work with those remaining customers to transition to another provider before the end of their contracts so that we can terminate the service. No customer will suffer commercial disruption as a result of this process,” he said.

The decision comes five months after Software-as-a-Service (SaaS) vendor The Email Laundry confirmed the appointment of former Webroot channel manager Colin Ball, whose specific focus was to migrate former Webroot resellers to The Email Laundry via its new swap out service.

The Email Laundry also said that it had moved a large number of Webroot customers over to its services "since they were left high and dry by their provider".

In response, Webroot said: “While product transitions are part of business for any SaaS organisation, we recognise these transitions can present challenges for a company, as well as its customers and partners.

“Webroot is working with all parties to facilitate as smooth a transition as possible and addressing challenges as they arise. Our decision to move away from archiving doesn't reflect a reduced commitment to our partners; rather, it reflects where we see the internet security industry shifting.

It also confirmed that with a rapid evolution toward web-based attacks, a transition widely reported as far back as five years ago, it believes that the future of internet security is in endpoint, web and mobile protection.

The news of the end of support for its email service has been met with fresh opportunities for existing customers. Cloud-based email, web and archiving vendor iCritical said it is offering its hassle-free switching service to Webroot customers and is doing what it can to provide customers with a straightforward migration path and restore faith in security vendors.

Chris Gee, managing director of iCritical, said: “We've had fantastic feedback from a large number of ex-Webroot customers who've successfully transitioned to our services since the first announcement. We understand the frustration that Webroot customers must be feeling but believe that our product portfolio and effortless transition process will provide reassurance that there is a credible, focused alternative available.”

Another cloud-based email and web security vendor, Spamina, announced a new line-up of buy-out options for all Webroot resellers to help with all their migration plans. It also announced a new partner program to give incentives to help them capitalise on the growing demand for cloud-based security solutions and offer value added services to clients.

Jim Tyer, international sales director at Spamina, said: “We are working with resellers to fill the gap this bold move has created in the channel, by offering aggressive buyout options to Webroot resellers with sales support and technically help migrate customers.

“Our email security solutions such as Cloud Email Firewall work great for current Webroot customers, since it allows for an immediate and easy migration thanks to our UK cloud-based architecture. Cloud Email Firewall includes modules such as Cloud Email Continuity and 28 days of Cloud Email Backup at no extra cost, which is something current Webroot customers highly appreciate and has helped us win over new resellers.”



No need for crisis despite detection of virtual machine Trojan

A piece of malware that is able to spread onto virtual machines from the host operating system, record user actions and steal data has been detected.

Known as Crisis, the Trojan was first detected in July by security firm Intego and affects Mac OS X systems. Researchers from Symantec have also said they have discovered a worm-like version of Crisis that targets Windows.

Like the Mac version, this strain is installed onto victims' machines if they visit a compromised website that pushes a malicious JAR file. Crisis then will search its target system for a virtual machine component and upon finding one, it has the ability to make a copy of itself so it can ‘mount' the virtual image.

Vikram Thakur, a principal security response manager for Symantec, told SC Magazine US that it contained features that he has never seen before.

He said: “Whenever the virtual machine is actually turned on, the Crisis copy would also load at that point. A virtual machine on anybody's computer...is essentially one large file that can be loaded with, for example, VMware Player.

“What Crisis is doing is it gets on the host computer and looks around and says, ‘is there a VM file sitting around here somewhere?' If it finds it, it uses the same tools [such as VMware Player] to mount [the virtual machine].”

Thakur said that malware usually avoids running in virtual environments because its authors fear it is being studied and virtual machines are a common place for researchers to conduct malware analysis, but average users rarely run them.

“Most Trojans bail when they detect a virtual machine, it's the other way around in this case. It has the capability and it wants to get on virtual machines,” he said.

However he claimed that detections are in the low twenties and said that the threat of Crisis is "extremely low".

Researchers at Intego first got their hands on the malicious code when a victim uploaded it to scanning portal VirusTotal.



ForeScout adds mobile security module to NAC platform

ForeScout has added a mobile security module to its hosted network access control (NAC) platform, CounterAct, for managed service providers (MSPs).

ForeScout said that this was introduced to allow MSPs to offer a flexible and integrated approach for 'bring your own device' (BYOD) services.

According to the company, the Mobile Security Module provides extensive information about the device, its user, its configuration, its apps and its security posture for iOS and Android platforms and combines network with device-level security via a ForeScout Mobile app that offers policy-based controls.

It said that the module allows organisations to leverage their existing mobile device management solution and consolidate information about all endpoints on the network, including unmanaged mobile devices and those managed by their MDM system.

Gord Boyce, CEO of ForeScout, said: “IT departments don't have a complete view of exactly what's on their network at any given time, which affects operations and compliance. Enabling BYOD initiatives, while increasing end-user connectivity and productivity, introduces access and data leakage risks.

“ForeScout delivers MSP's a smart, flexible and integrated approach to address demand for BYOD and mobile security, while at the same time offers a compelling suite of access and endpoint compliance services.”

Earlier this year ForeScout announced modules to enable management of Android and iOS devices and a plug-in module for mobile device management integration. ForeScout also merged its technologies with Fiberlink to produce a combined mobile device management and NAC offering.



Apple Stock Soars While Facebook Tanks

What makes some businesses successful while others see success for a time and then decline? No one is sounding Facebook's death knell just yet, but the company's stock has struggled since the network's IPO earlier this year. Meanwhile, Apple's stock has hit an all-time high. Whether your business is large or small, it's important to consider what adds value to a company. Here are some thoughts.

Highs and Lows

Up, up and away. This week Apple became the most valuable stock ever traded, closing at a $665.15 high on Monday. The company set a record by surpassing a level last hit by Microsoft back on Dec. 30, 1999. The company shows no signs of slowing down, with products still wildly popular among their core fans and customer base. Yahoo! Finance

The meaning of success. The key to Apple's success is its hardcore customer base of obsessive fans who generally end up buying not just one, but many of the company's products. Peek into the Apple ecosystem with this guest post from a fan who shows us why the company dominates its market like no other. LockerGnome

Down in the valley. While Apple soars, Facebook tanks. Some of the social media giant's early investors have sold out and more investors may be planning to do the same. The company's stock value is now at about half of what it was at its original offering. Other social media companies have had similar experiences, but some analysts say the setbacks are temporary. USA Today

Creating Value

The A-team. The first step in creating an incredible company is assembling an incredible team. Building an a-team is harder than it may look. Begin by looking at the people you already have, and don't be afraid of making organizational changes if necessary. Here's how to create an unbeatable team that can build value for your business. Merchantos

Innovate or die. Innovation is a critical part of creating value in your company. However sometimes, as Anita Campbell observes, you need look no further to find the person responsible for holding your business back than the nearest mirror. Here are some tips to help you get out of your business's way and move your company to the next level. Open Forum

Bring your passion. Passion for your product or business is a huge step toward creating value in your company. Here we see how a passionate blog becomes a business. Consider the product or company you most want to build. Creating a company you feel passionate about will also instill value for your customers and fans. Tweak Your Biz

Repeating yourself. A huge part of determining whether you are creating value your customers can recognize is figuring out whether they regularly come back for more. Susan Oakes has some suggestions for determining whether your customers are new or repeat. Figuring this out will give you an idea of how others see what you do. M4B Marketing