Java sandboxing could thwart attacks, but design may be impossible

Cybercriminals, buoyed by automated attack toolkits, are increasingly taking advantage of Java, targeting known Java vulnerabilities and discovering zero-day exploits. Experts say the onslaught will continue until more Java protections can be deployed by Oracle, but adding them around the programming language's engine is no easy matter.

Adding a second sandbox around the permissions system called the Java sandbox will surely make Java safer; it's just that it is hard or even impossible to do so.

Michael Schierl, software developer, Java expert

Developers at Sun Microsystems Inc. sought to put Java security measures in place to protect the Java virtual machine (JVM), the main engine that runs Java applets, long before attacks became commonplace. Sun, which was acquired by Oracle Corp. in 2010, created Java sandboxing restrictions to protect Java applets in 1995, isolating them from accessing critical processes in the browser or the file system.

Unlike Adobe Systems and the browser makers, which are building sandboxing protections around applets that run inside the browser, Oracle promotes the use of Java for building full-fledged desktop applications, which can write to arbitrary directories, said Michael Schierl, a software developer and Java expert based in Germany. This, he said, makes the process of adding defensive mechanisms for today's attacks much more complicated.

"Adding a second sandbox around the permissions system called the Java sandbox will surely make Java safer," Schierl said, it's just that it is hard or even impossible to do so."

Java has a vast trusted code base, Schierl said, referring to the amount of code that is inherently trusted by a client machine running a Java program. This enables a program to read configuration files and the registry, store data to cache directories and other functions.  To prevent the original sandbox from terminating normal Java applets, Schierl added, these "safe" functions would have to be whitelisted in a second sandbox.

Automated toolkits are fueling most of the attacks that exploit Java flaws. BlackHole and other toolkits make the process easy and systems without the latest patches installed face the most risk, experts say. But even fully deployed systems can be targeted.

Just this week, researchers discovered two Java zero-day vulnerabilities in the latest version of the programming language. Exploit code targeting the vulnerabilities, which is rated extremely critical by Danish vulnerability clearinghouse Secunia, is publicly available. Attackers can use the flaws to bypass restrictions, install a dropper and remotely control data stealing malware using a variant of the PoisonIvy Trojan.

Software security expert Gary McGraw, CTO of Dulles, Va.-based Cigital Inc., said the impetus should be on Oracle engineers to do a better job finding and correcting flaws in the Java virtual machine.  Today the Java is maintained by Oracle; the Redwood Shores, Calif.-based vendor has not responded to an interview request. The company also has not yet acknowledged the latest zero-day flaws or the publicly available attack code.

"It would be better for everybody if the Java virtual machine sandbox was just repaired," McGraw said. "The security mechanisms designed into Java are not so terrible; they are complicated and they have to be implemented exactly right. And exactly right turns out to be real hard."

Hundreds of millions of lines of code in Oracle's codebase are written in Java, noted Eric Maurice, director of software security assurance at Oracle in a blog entry on Java security in February.  Maurice said Oracle had added development staff dedicated to Java security, and that additional code-scanning tools were adopted to detect and address vulnerabilities.

"With these new resources available to them as a result of the Oracle acquisition, the Java development team is weeding out security bugs in Java, and is looking at ways to further improve the security posture provided by Java to its users," Maurice wrote.

Java's age, complexity and install base make it a very attractive target for attackers, said Wolfgang Kandek, CTO of Redwood City, Calif.-based vulnerability management vendor Qualys Inc.  Kandek said Oracle could restrict the resources the JVM uses or request permissions, but additional restrictions would likely not be very practical.

"Oracle acquired a huge code base; a very successful code base and they have to work through the problems that come with it," Kandek said.  

According to Kandek the most practical solution for enterprises is to control where Java is running and only run it when necessary. Enterprises IT teams can use registry zones to implement tighter restrictions, he said.




Boom times for local software design industry

Computer systems design jobs have surged by nearly 80 per cent since 2000, now making the industry one of the country's standout performers, according to new figures.

Statistics New Zealand has released data showing the number of jobs in the computer systems design (CSD) industry grew by 78 per cent between 2000 and 2010.

That equated to 28,200 workers, contributing about 1.3 per cent to New Zealand's gross domestic product by 2010.

While the CSD industry was high-tech, it was still very reliant on labour, said Zoran Salcic, an University of Auckland professor of Computer Systems Engineering.

"People must be involved to make these systems and and they are usually very customised," he said.

"And computer systems are always prone to errors and bugs. So, you need people to fix those problems."

The number of self-employed workers in the CSD industry grew by 3,100 in the decade leading up to 2010.

That was a huge proportion of the 3,700 new self-employed people in the national workforce in that same period.

Salcic did not expect to see the industry flattening out any time soon.

"I believe it will go along a similar path in the next decade," he said.

"There will be changes because of technology but there will still be a lot of manual work."

According to Statistics NZ, the industry could also boast to being one of the most prolific product innovators in New Zealand last year.

"The high-tech nature of the computer systems designed allows the industry to innovate at a high rate," said the report.

More than half the country's CSD businesses introduced new or significantly improved goods or services into the market in the two years to August 2011. This compared with one in five across the whole economy.

Statistics also showed most CSD companies were exporting their goods and services in 2011, compared with 18 per cent of all businesses in New Zealand.

Salcic said even if you export software, you still have to customise that software for the end user. That again illustrated why demand remained high for people to do that work.

He pointed to a company like Orion Health which exported its e-health software products in a customised package for individual clients.

Statistics NZ reported CSD business as saying the key barriers to generating overseas income were having limited access to finance, and their physical distance from overseas markets.

The industry's workforce was concentrated in major cities, was well educated and young, and with above-average pay.

About 76 per cent of workers were based in the Auckland and Wellington regions, compared to 45 per cent of New Zealand's total workforce in those areas.

The average CSD industry worker in Wellington earned $80,400 in 2010, which was 63 per cent more than the average Wellington worker. Auckland CSD workers earned $70,500 on average.

Data for the report was sourced from a range of Statistics NZ surveys, including the Business Operations Survey, Household Labour Force Survey, and Linked Employer-Employee Database.

By Ben Chapman-Smith | Email Ben

Projectbook Update: Manage Different Types of Data in One App

Since so many business professionals use iPads and other mobile devices to accomplish work-related tasks, productivity apps can be essential for saving and sharing information on-the-go. However, with all the different formats that data can be viewed and saved, simple note taking apps may not be quite as useful anymore.

Projectbook

Theory.io has released the first update for its iPad productivity app, Projectbook. The app allows users to keep a notebook that uses and saves different fonts, sketches, documents and more.

Users can also record audio, take photos, make outlines and import information from email, attachments, and websites. All of this information, even in different formats, can be kept on the same notebook pages and organized so that information can be easily found later.

The update includes more than a dozen new features and enhancement based on user requests from the initial release. Among those features is the ability to print notes on any AirPrint enabled printer. Those notes can even include sketches, images, and text in different fonts. The update also includes integration with Dropbox, faster tasks, and bug fixes.

In addition, the app lets users manage their to-do lists in the same space where they keep the information needed to accomplish their tasks. To-dos can even be turned into projects with sub-lists, so that large jobs can be broken down into small, manageable tasks.

Productivity apps aren't exactly rare for mobile devices, but the user interface and unique format of Projectbook makes it distinctive from the competition. The ways in which a user's notebook can be customized, along with all the different formats that can be saved, makes the app a helpful tool for small business owners and anyone with multiple projects to manage.

Projectbook has extended its introductory price, 70% off the regular price, through September 7, 2012 and the new update is free for existing users.




2012 Public Affairs Pulse Survey Shows Favorable Opinion of Small Business

It's election time and that means opinion polls aplenty-most of them focusing on the negative. But one recent poll found something to smile about in America's opinion of business in general, and small business in particular.

voting

A whopping 88 percent of Americans in the latest 2012 Public Affairs Pulse Survey (PDF) have a favorable opinion of small business.

That far outpaces the two-thirds (67 percent) who have a positive view of big companies-and it's more than double the 41 percent Read More

From Small Business Trends

2012 Public Affairs Pulse Survey Shows Favorable Opinion of Small Business



No Luck Advertising On Facebook? Try These Facebook Ad Practices That Actually Work

Facebook advertising is something small and large businesses can't really figure out, particularly because of all the variables in people's behavior and Facebook's own proprietary pricing system. They often complain that Facebook advertising really doesn't work and it's a waste of their money.

But wait a second. Why aren't these businesses having success?  Let's take a look and see if we can figure it out and tell them how to make it work!

Well, first of all, they're probably not looking at the various factors that might affect the price of having their ads displayed and the amount of people who would actually be interested in clicking into their pages. The average business, according to Webtrends, spends one dollar for every fan they acquire. Obviously, when you look at that data, it may seem inefficient to use Facebook advertising. Many startups and small businesses are discouraged to use such a platform that requires so much money for one single click.

But there are three pieces of advice based on Webtrends' case studies that every business should follow if they want to reduce their costs on Facebook ads:

  • Tighten your ad targeting. Your ads are not meant for everyone. If you own a business in Miami, FL, then you should target people living there even if you process online orders. Target people of the age group and gender your product markets to the most. The more targeted your ad, the cheaper it gets to advertise, since the ads appear to a smaller group of people. Clicks are also more frequent.
  • Keep ads within Facebook. Don't create ads that lead to external links. Those cost more and have a slightly high bounce rate. Bounced ads cost just as much as ads that lead to an action. Getting more fans on Facebook pays off anyway, so why not do it?
  • Change the ad once in a while. Change the image and text of your ad once every 4 days. This keeps it fresh since ads tend to peak after 72 hours.

Using these methods, you'll be able to reduce your cost per click, and increase your click-through rate (CTR) â€" two things you certainly need in order to have a successful ad campaign.  So, if you've tried Facebook ad's before and didn't have much luck, or if you are thinking about giving it a try, employ these tips and hopefully you'll see a lot of new followers and fans trying your product or service!



Three ISPs improve browsing speed

Orcon, Slingshot and Snap all improved their web-browsing speeds in July while Vodafone and Telecom slowed down, according to broadband testing service TrueNet.

Despite its slipping performance Vodafone regained the lead in the copper-line market from Telecom, downloading a test web-page in under half a second.

Telecom fell to third place in the tests during July, and is now behind TelstraClear's copper-line service.

Orcon and Snap improved in the latest rounds of TrueNet results, downloading the test page in an average of just under 1.5 seconds.

Slingshot also improved during July and took a little over a second on average to download the page.

TrueNet's John Butt said these three internet providers all showed "significant" - and unexplained - gains in performance after July 11.

But Butt called on internet companies to do more. "Most [testing] probes still can't match the expected time of 0.4 seconds.

"ISPs have more to do to improve the performance of a very large numbers of customers," he said in commentary to the results.

While Vodafone led the copper-line market, TelstraClear's coaxial cable network - available only in Wellington, Kapiti and Christchurch - still offers the fastest service.

TrueNet's measurements are drawn from over 300 test sites around New Zealand, which probe the speed and performance of nine internet companies every hour.

By Hamish Fletcher | Email Hamish

Business Networking with Biznik

Social networking is frequently touted as one of the greatest ways to drive new business. Just keep writing, blogging, podcasting, tweeting, or pinning and the sales will eventually follow. That may be true, for some. But for most of us, sales and marketing is still a 1:1 process. Meeting people in person makes the difference.

If you've wondered how to make online social networks turn into profitable business networking, then this review of Biznik is for you. Biznik is an online networking community for independent business people.

I have been using Biznik since 2008 and it has opened up a number of sales for my company. It is similar to other social networks in terms of creating a profile about yourself and your company, but at its core it has created a space for independent business owners to send to and receive referrals from one another as well as establish their expertise in the articles section.

Being a member of Biznik means that you take the business you own seriously, and want to network with other business owners who feel the same way. Last summer, I created a marketing event with Infusionsoft small business expert, Tyler Garns, and we successfully pulled in 55 attendees mostly via Biznik. It was a seriously engaged group â€" we had a ton of discussion and creative brainstorming among the group.

They offer free and premium memberships. I have toggled between pro levels and free level depending on business events I'm planning. Basic paid level membership starts at $79/year.

What I really like:

  • Online to real world. There's a strong sense of “let's meet in person” at Biznik.
  • A profile that is optimized for search. I have heard many members say their Biznik profile shows up on page one for a keyword that is relevant to their business.
  • A real hands-on approach when you start: You get a personal message from the directory of community who offers to help you get going.
  • Their old tagline: Business networking that doesn't suck.
  • Event management tool so that you can register and communicate with attendees. Biznik manages payment processing at no additional cost for ProVIP membership level.

What I'd like to see:

  • There used to be a referral tool, and it was a great idea, but they disabled it. I'd like to see a way to track or manage or engage with the referral itself.
  • A way to filter your network by category/location/relationship.

Overall, I love Biznik as a social network. It is a wonderful collection of committed business owners who understand that business happens when you truly connect, in person and online. It takes both.

If you're looking for a more local and regional way to find other independent business professionals, who might be allies or potential customers, Biznik is worth a look.




Pagemodo Updates its Tools to Optimize Facebook\'s Timeline Feature

As Ramon Ray, Editor of Smallbiztechnology.com and Technology Evangelist, prepares for the release of his latest book, The Facebook Guide to Small Business Marketing, Pagemodo is rolling out an update that addresses Facebook's Timeline feature for Pages. Since the change has impacted users of Facebook Pages, which includes many small businesses, it's essential to give them to the tools to help them set up their page so they can utilize the new features and make a positive impression to visitors that helps them stand out and gain more followers.

Pagemodo is a free service that helps users set up professional-looking Facebook Pages without any technical knowledge required. But Pagemodo goes beyond page design, providing tools for adding slideshows, videos, and even coupons and “like” gates. Pagemodo boasts 400,000 pages developed using its service since 2010.

But Facebook's shift to Timeline has altered the look of many Facebook Pages, leaving small businesses with a need for an updated look. As Pagemodo's Mokhtarzada points out, the changes are geared toward helping users utilize the Timeline layout while still projecting a professional image.

“Facebook's move to the Timeline format has created new and valuable space that businesses can use to create custom apps that provide value to customers and fans,” Mokhtarzada said. “By taking advantage of this very important real estate, which is located above the fold, small businesses can showcase content, offers, or more in-depth information about a company. Most important, users can continue to drive traffic to the different apps in creative ways like email campaigns or via the Facebook news stream.”

Among the features highlighted in the update are:

  • Cover photo designer. Businesses can upload pictures and alter fonts to create a design that matches their business's theme. Since the cover photo is such an eye-catching part of the Facebook Page, this customization can allow a business to get a visual message across, as well as setting a tone for the page.
  • Image customization. Business can customize the images associated with their Facebook Page apps, creating a unique look that matches their overall theme. By catching the eye of visitors, Page owners can realize a higher rate of click-through on those items. This also can help Page owners highlight special features like limited time offers or e-mail sign-up sheets.
  • Additional features. If customers upgrade to the paid version, additional features can help them further customize their page. These include the ability to add tabs, analytics, professional templates, and a “Like Gate.” It also removes the Pagemodo footer from the page. A more upgraded version takes away the “Powered by” wording on the page. These upgraded plans are available starting at $6.25 a month.

For businesses that use the free version, it's important to note that there is no limit to the amount of time you can use the free version. Pagemodo allows paid subscribers to choose between a monthly subscription or annual fee.

Businesses are welcome to set up a Facebook page on their own, but Pagemodo's templates can take some of the work out of the process. Pagemodo helps businesses create a professional, clean-looking design for Facebook Pages that will keep people visiting for months and years to come.



Document Management Is Only Half The Battle: 3 Collaboration Utilities That Make Businesses More Productive

Digital document management systems have helped businesses make great strides in de-cluttering their paperwork. But in the digital scene, this is only half of what you can do to make your environment more productive.

When multiple people create documents on-site, they send email attachments to one another, making the whole process a total mess. While waiting for entire documents to upload and download, then going through an extra process of having to click through and open programs to read those documents, you're at the mercy of the Internet connection's speed and the computer's own capability to process the document. Very large documents aren't the only cause of this problem. Having to open many small documents also makes the process just drag on. While one person's waiting for another to finish, he or she is forced to sit down and wait.

Collaboration software completely eliminates this problem, allowing people with the proper permissions to edit any part of a document and update it in a live data stream. There are a number of applications a business can adopt to do this, but only a few of them are actually flexible enough to be a feasible solution for your business. Here are three of them:

  • Knowledge Tree â€" This company fuses document management with collaboration. The software lets you create new documents in-house and import hard copies through the DMS. You can import documents practically anywhere, even on your mobile device, and even reward collaborators for creating good content. If you prefer Microsoft Office, you can use it to create and edit documents via Knowledge Tree's proprietary service. You must contact them to get a quote.
  • Google Docs (soon to be named Google Drive) - If you haven't tried it yet, you should definitely give Google Docs a shot. From literally anywhere, you can create and edit documents in a collaborative manner, allowing people to edit live. As they edit, you will see the changes appear on your screen almost immediately. Importing documents is a cinch as well. All you have to do is click the “Upload” button right next to “Create,” and you're done. Google Docs also lets you work with presentations, spreadsheets, forms, drawings, and tables. And best of all, it's free!
  • TeamWox - This software combines many applications that companies use on-site and in the SaaS scene. It combines human resources management, email, task management, CRM, message boards, a search engine, a reporting system, online assistance via chat, a service desk system, accounting, electronic banking, and private branch exchange (PBX) telecommunications into one enormous collaborative package. This is the ultimate solution for small and medium businesses who want to operate more efficiently and really see an uptick in ROI. For smaller enterprises, they have a free solution that includes all the collaboration features without all the hubbub that you won't use. SaaS capabilities are available only through the paid SaaS plan, which costs $375 per month.

Online collaboration has a more positive effect on business operations than you might think. It doesn't hurt to give it a try. After all, two of the solutions mentioned here are free to use. You will finally be able to eliminate clutter and avoid dealing with several different versions and copies of one document.

 



Java exploit impacts two vulnerabilities, as reports claim it is included in the Blackhole exploit kit

The reported zero-day exploit in Java impacts two unpatched vulnerabilities in Java 7 and has been added to the Blackhole exploit kit.

Research by penetration testing company Immunity said that the exploits are taking advantage of two unpatched vulnerabilities in Java 7. Developer Esteban Guillardoy said that one is used to obtain a reference to the ‘sun.awt.SunToolkit' class and the other is used to invoke the public ‘getField' method on that class.

Guillardoy said: “The beauty of this bug class is that it provides 100 per cent reliability and is multiplatform. Hence this will shortly become the penetration test Swiss knife for the next couple of years.

“The exploit is making use of the java.beans.Expression, which is a java.beans.Statement subclass. There are two Expression instances that are used to trigger these two different bugs.”

Initially reported yesterday, researchers are tracking a zero-day Java exploit that affects most versions of Java Runtime Environment, including the most recent iteration.

According to media reports, the exploit has been added to both the Metasploit tool and Blackhole. Security blogger Brian Krebs said that the curator of Blackhole ‘Paunch' confirmed that the now-public exploit code worked nicely, and said that he planned to incorporate it into Blackhole as early as today. Paunch confirmed that if it were sold privately, the price of such an exploit would be about $100,000.

One of the first reports on the exploit was from FireEye. Atif Mushtaq of the FireEye Malware Intelligence Lab, said that it had seen the "first indication of a large scale attack", with it observing over a dozen domains actively attacking systems with this exploit so far, which is increasing rapidly.

He said: “After seeing the reliability of this attack, I have no doubt in my mind that within hours the casualties will be in the thousands. Almost all of the domains are hosting multiple exploits. If nothing else works, the new Java zero-day kicks in and all of a sudden the machine is compromised.”

Java parent Oracle is not due to release its next batch of patches until the 16th October, despite every major browser being susceptible to the attack. An Oracle spokesman did not immediately respond to a request for comment.

Nearly all security experts recommend that users disable or uninstall Java in the browser to protect themselves. An unofficial patch is available upon request from DeepEnd Research.

Mushtaq said: “It's very disappointing that Oracle hasn't come forward and announced a date for an emergency update patch. Once again I strongly recommend if it is not critical, uninstall the JRE plug-in from your browser.

“Users of Mac and Linux might choose OpenJDK, an open source implementation of the JRE provided by Oracle. If uninstallation is not an option, then in order to avoid accidental visits to attacker websites, a user might choose to use iOS devices that are not affected by this exploit.”

Krebs said: “Note that regressing to the latest version of Java 6 (Java/JRE 6 Update 34) is certainly an option, but not a very good one either. If you do not need Java, get rid of it, and if you do need it for specific applications or sites, limit your use of Java to those sites and applications, using a secondary browser for that purpose.”



ROI Filled Ways to Improve Your Site Using Content

You want to improve your Web site and increase ROI. What's the first area on your site you tackle?

If you're like most SMBs, you look to spruce up your content first. And with good reason! Improving the content assets on your Web site can lead directly to higher sales, customer loyalty, and increased brand awareness. It's often also the “cheapest” site change to make when you're on a tight budget. But where should you start?

Below are a few content areas to improve upon to increase ROI and site conversions:

Information-Rich Product Pages

This is big, especially for a small business Web site where trust and point of difference are so vital.

It's safe to assume that a consumer who lands on a product/service page is in the process of making a decision. They're asking themselves:

  • Will this product help me and serve my need?
  • How is this product different from others on this site and on competitor sites?
  • Should I buy this, right now?
  • Can I trust this company? Do they seem knowledgeable?

When you have a consumer reading over your product pages, this is a sensitive time in the conversion funnel. To get them to click that “buy” button or fill out your contact form, those pages need to be as informative and standout as possible. They need to convince a potential buyer that purchasing this product is the right decision. To do that, write your product pages to be as detailed and user-focused as possible. They should also be written to sound like your customer.

If you're Woot your product pages will be written to inspire a giggle and in the voice of Web geeks. If you're Apple, you'll focus on the shininess of new features. Know your customer and then write your product pages to be as informative and wooing as possible.

Blog

Last year we told you that more businesses were blogging than not blogging. And according to new data from Blogging.org, this still holds true. Adding a blog to your business remains one of the most effective (and cost-effective) marketing strategies available to you, especially as a small business owner or consultant.

Your blog gives you a forum that you own and which you can use to create linkable assets (naturally increasing your SEO), establish your brand and authority, and makes you a friend of the search engines. Duct Tape Marketing's John Jantsch believes blogging is even more critical in the age of social media, and I agree.

If you're not blogging and you want a way to increase site ROI, this is it. Start a blog.

Email Newsletters

Another ROI-filled content asset to add to your Web site is email newsletters. Email newsletters give you a chance to maintain a relationship with your customer long after their purchase. It takes you from vendor to friend and strengthens the connection that a consumer has with your brand. They may have visited your Web site to fill a specific need, but now you can build upon on that.

You can keep customers informed about what your company is up to, you can tell stories, you can let them know what's fresh on your Web site, you can be an information source for what's happening in your industry, etc. You go from the person who sold them that lamp to the friend they have over every Wednesday for coffee. You become someone they recognize.

If you're intimidated by email newsletters because you're not sure what you'd include, don't be. Shape your newsletter as an informal “letter to your customers”, to republish articles you've written elsewhere, or simply to highlight what's new on your site.

Higher-Quality Photography & Video

Just because they don't use words doesn't mean the photography and video aren't important site content elements to consider. When it comes to photography, get away from using stock photos. Instead, use high-quality photos to represent your products, your staff, your office building, and anything else you choose to visualize on your Web site.

Not only will this set you apart from other sites on the Web, but it will help customers to get to know you. We want to see what your real staff looks like, not the same stock female face we recognize from every other site on the Web.

When it comes to video â€" use it. Neil Patel recently shared some explainer video best practices to help everyone get the most from their video content. This is advice Neil has used to drive an extra $21,000 month in new income. I'd take it.

Product Guides & Comparisons

As consumers we can be a pretty insecure bunch. We want to make sure that we're buying the right product and the best one for our needs. We want to know why Product A is different from Product B, and if Product C can do that thing Product D also does. Consider offering product comparisons to help your customers answer these natural questions and make them more confident in their buying decisions. Maybe it means creating comparison charts or maybe it's a downloadable fact sheet. The more content you can create and the more you can use it to tell a story, the more customers will appreciate it.

Site Q&As

If you're like most businesses, you receive questions from your customers every day, most of which you've answered before. Instead of emailing customers individually about the same thing each day, start saving those questions and answering them in a site Q&A section. Create a resource that you can build links to and that customers, new and old, can take advantage of. Anything you can put on your site that is intended to ease customer fears is going to be good for your business and work toward increasing ROI.

Above are just a few content-based site improvements you can make to increase the value of your Web site to your customers. What others have you added along the way?

Image credit: fotografiedk / 123RF Stock Photo




WordPress adds Vasco one-time password technology

Vasco has announced that its Mydigipass authentication system has been incorporated into the WordPress platform.

Launched earlier this year, Mydigipass is a token that allows a user to login to multiple web applications via one single sign-in, with the user logging into the web portal either directly on the Mydigipass website, or via a button on an approved website via the Mydigipass button, entering a user name, password and one-time password (OTP) generated by the token.

The addition of the service by WordPress will enable bloggers to benefit from the added security the authentication service offers and also protect access to their sites and identify visitors, Vasco said.

Jan Valcke, president and COO of Vasco, said: “We are very proud to present WordPress as one of the latest integrators of Mydigipass. WordPress gives its users the ability to secure their blogs with strong authentication.”



Splunk offers cloud-based system with \'Storm\'

Splunk has launched a cloud-based version of its real-time operational intelligence platform.

Named Splunk Storm, it is a cloud service based on the Splunk software and has been created for organisations that develop and run applications in the public cloud, using services such as Amazon Web Services, Google App Engine, Rackspace and others.

According to the company, Splunk Storm allows users to diagnose and troubleshoot application problems immediately, gain rapid visibility and insight into cloud-based applications and monitor critical business metrics.

Key features include the ability to index and store machine data in real-time from any source, format, platform or cloud provider without needing custom parsers or connectors and use the Splunk engine to search in real-time and map historical machine data, filter events, correlate information across various data types, link transactions across multiple application components and trend critical operational parameters, Splunk said.

Godfrey Sullivan, chairman and CEO of Splunk, said: “As more organisations and developers move their projects to the cloud, we want to be there with them. Customers run Splunk Enterprise on premises and in clouds and now, Splunk Storm provides developers with an easy-to-use, subscription version of our software.”

Terry Wise, director of business development at Amazon Web Services, said: “Building Splunk Storm on the Amazon Web Services platform enables Splunk and its customers to benefit from the unique attributes of the cloud, including on-demand access, instant elasticity and the ability to pay only for what you use.”



Another former LulzSec member charged with Sony Pictures attack

An Arizona man, alleged to have been part of the hacktivist group LulzSec, has been charged with conspiracy and unauthorised impairment of a protected computer in the US.

Raynaldo Rivera, 20, of Tempe, Arizona, surrendered himself to US authorities in Phoenix, six days after a federal grand jury in Los Angeles returned an indictment accusing him and co-conspirators of stealing information from the Sony Pictures computer systems last year and helping to post the confidential information onto LulzSec's website and announcing the intrusion via its Twitter account.

According to the Telegraph, while Rivera was the only person named in the indictment, the FBI said his co-conspirators included fellow Arizona man Cody Kretsinger, who pleaded guilty in April to federal charges stemming from his role in the Sony attack.

Both men have been charged with conspiracy and the unauthorised impairment of a protected computer using an SQL injection attack against the site. Both face a maximum sentence of 15 years in prison if convicted, with Kretsinger, who pleaded guilty to the same two charges now facing Rivera, expected to be sentenced on 25th October.

The attack on Sony Pictures in June 2011 saw more than one million users' personal information compromised, including passwords, email addresses, home addresses, dates of birth and all Sony opt-in data associated with their accounts.

It also claimed to have compromised all admin details of Sony Pictures (including passwords), along with 75,000 ‘music codes' and 3.5 million ‘music coupons'. The LulzSec statement said that it was able to access everything from a single SQL injection and that "every bit of data we took wasn't encrypted", as Sony stored over 1,000,000 passwords of its customers in plain text.

It was announced last week that former LulzSec leader Hector Xavier Monsegur, also known as ‘Sabu', had been given a six-month reprieve from sentencing due to his continued cooperation with law enforcement.

Monsegur pleaded guilty on 15th  August 2011 in a US District Court to 12 counts of computer hacking conspiracies and other crimes, including the hacking of Fox Broadcasting Company, Sony Pictures Entertainment and the Public Broadcasting Service (PBS). Charges have also been made over the attacks on Fine Gael, a political party in Ireland, and on security firms HBGary and its affiliate HBGary Federal, and Stratfor.

A report by Fox News claimed that the arrests were largely made based on evidence gathered by Monsegur, with sources saying he has been secretly working for the US government for months as a cooperating witness.



Small Business Owners Get Starring Role At Republican Convention

To a degree that surprised us, small business owners were front and center at the Republican National Convention in Tampa, Fla. Tuesday night.

As we reported last week, the phrase “yes we did build it” has become a small-business rallying cry.  Some business owners have been waging protests following President Barack Obama's comments last month on the campaign trail suggesting that the government, not entrepreneurs, had built their businesses.  The President quickly jumped in to do damage control by claiming his remarks were taken out of context, but by then the phrase had taken on a life of its own.

The convention built on the business owners' sentiment with the theme “We Built It.”

We Built It! - Small business owner

Here are some of the “small business” highlights:

  • South Carolina Gov. Nikki Haley, whose parents were Indian immigrants, said “My parents started a business out of the living room of their home, and 30+ years later it was a multimillion dollar company.  But there wasn't a single day it was easy. ***  Don't tell me that my parents didn't build their business.”
  • Denny Sollmann, owner of Sollmann Electric Company, an Ohio small business said in a taped presentation “… you have no idea how we here in Midwestern Ohio have to try to run a small business from daylight 'til night.”
  • “People, not government, create jobs,” said Gov. Scott Walker of Wisconsin, who claimed his state's reforms have already gone a long way to helping small businesses thrive, improving employment and the general economic climate.

Interestingly, taxation wasn't the main issue brought up by the business owners.  Instead, regulatory burdens, fiscal responsibility, governmental obstacles and the struggles of starting a business were more often mentioned.

  • Senator Kelly Ayotte of New Hampshire, who spoke about the red tape and regulations that small businesses face, is a small business owner along with her husband.  Together they started a landscaping and snowplowing business.  “We are no different from most families who take risks starting their own business. *** We had to make it work.”
  • She introduced Jack Gilchrist (pictured above) of New Hampshire, a small business owner who employs 40 people.  The business was built by his father about whom she said “and yes, he did build it.”  Gilchrist addressed the floor in person, saying “small business needs a leader.”
  • Said the owner of Sakata Farms in Colorado in a video presentation: “The statement… that we as a small business did not make it on our own .. is completely nonsense.  My name is Bob Sakata and my family and my employees built this.”

There were a few lighter moments, too. While a news commentator was speaking from the convention floor, a woman business owner behind him held up a small whiteboard on which she had written an impromptu ad for her business: “PatrioticJewelry.com I built this, Mr. Pres!”

The coverage of the major television networks and cable news channels tended to underplay the small-business focus.  They often cut to commercials or commentators when business owners spoke.  C-SPAN has comprehensive video coverage, in case you want to catch more of the small business sentiment.