Oracle issues Java security update fixing dangerous zero-day vulnerabilities

Oracle has issued a critical security update to Java, repairing two widely exploited zero-day vulnerabilities.

Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.

Oracle Corp.

The latest version of Java comes a week after exploit code surfaced exploiting the vulnerabilities. In a security advisory issued Thursday, Oracle urged customers to apply the update.

"Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 'in the wild,' Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible," the company said."Successful exploits can impact the availability, integrity, and confidentiality of the user's system."

Tod Beardsley, Metasploit engineering manager at Boston-based Rapid7, said the patch appears to be effective at fixing the errors. Researchers reverse engineering the update say there may be additional fixes not outlined in the patch, he said.

"Going from public disclosure at the beginning of the week to having a patch from Oracle on Thursday is lightening quick," Beardsley said. "This may indicate a change from Oracle in that they may be more flexible at releases or it may indicate that their QA process is more mature."

In comparison, last year when Metasploit developers add “Rhino exploit” module it took Oracle six or more weeks before patch was released, Beardsley said.

Security researchers at Miami-based Immunity Inc. said the Oracle update may have patched as many as four Java vulnerabilities

"The update also patched at least two other vulnerabilities that were basically the same but related to constructors and fields and allowed an attacker to get any public constructor or any public field via reflection bypassing security checks," according to Immunity. "These two 'new' vulnerabilities patched combined with the MethodFinder weakness could allow you to bypass the Sandbox and obtain full execution on Linux, Windows and MacOSX."

A module targeting the Java flaws was also added to the Metasploit penetration testing tool earlier this week, making the code more publicly available. The cybercriminals behind the Black Hole exploit kit have also reportedly added the Java zero-days to the attack toolkit's arsenal. Security researchers at San Diego-based Websense confirmed the addition to Black Hole, releasing details in a blog entry on Wednesday.

Oracle remained tight-lipped throughout the week and did not publicly acknowledge the zero-day vulnerabilities. The Redwood Shores, Calif.-based security vendor did not respond to a request for an interview.

The attacks targeting the flaws have prompted experts to call on enterprise IT teams to restrict use of Java on endpoint desktops. Symantec on Thursday announced that its research team has detected the use of the Java zero-day exploits by the gang behind the Nitro Attacks targeting chemical companies.

"We can confirm that some of the attackers behind this round of attacks are actually the Nitro gang," Symantec said in its blog post outlining its findings.

Rather than an email attachment, the attackers are hosting the exploits on websites, luring victims into clicking a link to the malicious Web page.

"It is likely that the attackers are sending targeted users emails containing a link to the malicious jar file," Symantec said. "The Nitro attackers appear to be continuing with their previous campaign."




Entrepreneurs, Got An Idea? iStart Connects You To Investors, Mentors, More

When starting a business, a great idea is a terrific start, but it's just the beginning.  To turn it into a business and get it to market, more is needed. A great idea can easily fail without the right mentoring, investment, partners, technology or execution. But now, a new online resource has surfaced that aims to make it easier for entrepreneurs to connect with potential partners, receive feedback, and build a network of professionals who can share advice and support.

iStart, a program of the Kauffman Foundation, is an online resource for new business ideas.  It features business plan competitions and has now added business profiles to its site so that entrepreneurs can add information about their projects and connect with an entire community of those who are involved in startups.  Using the new website, entrepreneurs can share their ideas and let others know what they need to start or further their business venture, such as partners, analysis, legal assistance, mentoring, information technology, consulting or marketing - as this screenshot shows:

iStart community of entrepreneur ideasInvestor, mentors, More

Other entrepreneurs, prospective mentors, business founders, investors, and corporate venture directors can use the site to browse entrepreneurs and their ideas, view their business profiles, and then contact entrepreneurs through the website if they'd like to get involved.

iStart also gives entrepreneurs a venue to test their ideas through business plan competitions. These competitions allow prospective entrepreneurs to groom their ideas before a full launch while receiving advice from others in the business community.

To date, entrepreneurs have shared more than 8,000 ideas and more than 650 connections have been made between those entrepreneurs and others interested in getting involved. iStart has also hosted more than 130 business competitions.

There are other online communities that allow entrepreneurs and business professionals to share ideas and help one another build businesses.  Idea communities powered by IdeaScale come to mind.  But a successful and vibrant “idea community” is more than mere technology - you need commitment and active engagement by entrepreneurs and  supporters alike.

One of the advantages of iStart is that it has active involvement by entrepreneurs and many of the ideas shared seem to be serious thoughtful concepts.  Those attirbutes can sometimes be hard to come by on other idea sites, which may end up abandoned or get taken over by spam.  Due to the business-plan competition connection, iStart appears to be heavily student-oriented, and focused on nascent ideas in the pure “concept” stage.




14 Ways to Incorporate Social Good Into Your Startup Culture

Gen Y employees don't necessarily distinguish between personal and professional anymore. They choose companies with perks over paychecks, form strong bonds with their coworkers, take advantage of that corporate gym membership and answer work emails at dinnertime without complaint. It's not only part of the job, but it's part of the modern work-life balance that this generation craves.

volunteer

One core value of Gen Y is social good, and more and more employees are looking to make a positive difference with their profession. While not all millennials are looking for employment with social entrepreneurs, they are considering opportunities with companies with an office culture that prioritizes this value in some way.

We asked members of the Young Entrepreneur Council (YEC), an invitation only nonprofit organization comprised of the country's most promising young entrepreneurs, the following question to find out their advice for giving back as a startup team:

“Do you integrate social good into your company culture? Name one easy way that teams and small businesses can give back.”

Here's what YEC community members had to say:

1. Do What You Do Best for Free

“Our company's goal is to become an information dissemninator who delivers powerful messages to the masses. We do this well through the speeches that we book for different organizations. One way that we implement social good is to use our influence with famous people to do events for non-profits, free of charge or at a much reduced costs. We stay within our core qualifications while helping others.” ~ Lawrence Watkins, Great Black Speakers

2. Let Your People Volunteer

“Don't make your employees take vacation days if they want to help build a house. Letting people volunteer “on the clock” is good for morale and your brand. Whether they're giving blood, mentoring a child, or stock a food bank, allow time off for these good deeds. They'll return to work refreshed and thankful.”
~ Sam Davidson, Cool People Care, Inc.

3. Build Products That Do Good

“Volunteer work is great, but if you want to build a culture around doing good, it must be the core of your business. Companies like REI and TOMS are so successful because their culture is built right into their products. At LabDoor, our core product makes people safer and healthier - for free. There's no better way to unify a team around social good.” ~ Neil Thanedar, LabDoor

4. Select ‘Social Good' Vendors

“We recently changed our new customer welcome gift in order to use a company that sells Fair Trade, organic, carbon-free coffee. Plus, they also help community-based programs in coffee-growing countries. Therefore, by using only ‘social good' vendors, we're indirectly giving back to the community.” ~ Phil Frost, Main Street ROI

5. Establish a Company Foundation

“We've been really focused on ways to give back lately. We're integrating part of our new platform with Donor's Choose, which allows them to give back to their local communities. We've also recently started The WorkoutBOX Foundation, which allows us to take a portion of our profits and build free outdoor weather-proof gyms in urban, low-income communities to help get kids and their parents active.” ~ Travis Steffen, WorkoutBOX

6. Give Back Through Your Mission

“There are so many opportunities for a company to give back to the community, but your efforts should match your mission as a company. We are a gaming company, so we decided to give back in a playful way. During the holiday season, we collected board games and donated them to a local children's hospital. In the end, we donated over 40 games to kids who weren't able to spend the holidays at home.” ~ Justin Beck, PerBlue

7. Create Deep Partnerships With Non-Profits

“Many companies will create 10 percent give-backs to charity, but when we partner with a non-profit, we commit holistically. First, we provide all of the proceeds from a sale to that organization. Second, we try to build awareness for their cause through our blogging and social media outlets. To make a true social impact, sending a small amount of cash is not enough.” ~ Aaron Schwartz, Modify Watches

8. Make It Part of the Business Model

“One easy way to give back is by making corporate social responsibility an important part of the business model. We've created two projects fostering social good: OUR Schools program to teach energy conservation education free in public schools and our Agents of Change have been heading up the Cleats for Bare Feet initiative that collects second-hand cleats and sends them to youth across the world.” ~ Jason Jannati, greeNEWit

9. Business As Usual, Sans the Fee

“Use the resources you already have. Businesses are designed to trade value for money. Figure out a way that your product or service can benefit a particular group of people in need. Then, give that value to them for free whenever possible.” ~ Nick Friedman, College Hunks Hauling Junk

10. Startups Helping Startups

“I think the best way for small businesses to give back is to utilize their greatest strength - extensive knowledge of what it takes to start a business and make it profitable. There's a fantastic community to build around a passion for entrepreneurship and we serve as a pro-bono advising team to local startups and university programs like 10-xelerator and Columbus Startup Weekend.” ~ Eric Corl, Fundable LLC

11. Give a Personal Touch

“Charity goes beyond giving money, props, or even time. Give your very self, and make it a personal encounter, one person at a time. Start close. Invite your UPS driver to a company party. Write a Mother's Day card to one of your vendors. In short, take an interest in other peoples' lives, and share your own with them. Little things done quietly - with love, and without publicity.” ~ Luke Burgis, ActivPrayer

12. Pay Attention to Your Community

“Altruism is one of our core values. We pay attention to the community and frequently discuss ways to help. Sometimes, it's via individual efforts, while at other times, everyone participates. One way small businesses can help is by volunteering at a local food bank - they always need help, and people always need to eat.” ~ Brent Beshore, AdVentures

13. Give Offenders a Chance

“This is a work-in-progress for us, and it's one of my main goals for 2012. We hire a lot of ex-convicts and help them become productive members of society. Somewhere around 90 percent of offenders will reoffend if they don't have jobs, so we like to help them get back on their feet for the good of everyone.” ~ Jordan Guernsey, Molding Box

14. Start the Positivity Internally

“The most important contribution that a business owner can make to social good can be answered by one simple question: “How was your day at work today?” When each of your employees finishes their workday, they go out into the world and share their happiness or discontent with others. Do whatever you can to make sure that the portion of their lives spent on your watch is positive.” ~ Christopher Kelly, NYC Conference Centers

Volunteer Photo via Shutterstock




You Have A Channel, But Do You Have The Right Tools To Make A Video?

Online video is like one of those street corners people only venture around at night if they really need to get something. Otherwise, they're just not going there. Many businesses still hold that attitude without realizing that it's already kind of necessary. The tarditive reaction, however, presents a ton of opportunity for you if you slip into it.

Everyone and his mother's on YouTube and Vimeo. It's not a question of how you're going to enter the scene. It's now a matter of when you're going to start gathering film equipment, shooting your films, and uploading them.

With all that said, there's little time left for you to still hop into the bandwagon and not be left behind while YouTubers are still subscribing everywhere left and right. Soon enough, users of the video service will start having what I call “subscription fatigue” and just stop at 30 subscriptions, or whatever it is they consider “enough.” By then, you'll have to have some damn good video up to convince them to subscribe to you. Of course, people will still view your content, but it's still not as fun as having a fan base already set up that can help your video go viral in minutes.

That's enough of me asking you to seize the moment. There's already an article here to convince you to get into video. It's time for me to show you what tools you can use to make great films without having to tear the bank in half:

  • Adobe Premiere Elements - Adobe, the company that makes the ever-famous Photoshop application, also makes a video editing software known as Adobe Premiere. This is a very heavy-weight application, especially for novices who are starting out, so I would rather recommend Adobe Premiere Elements. The Elements version is more compact and doesn't contain all of the calamity that the standard version has. It sells for just under a hundred dollars.
  • TrakAxPC - This is, honestly, a more intuitive application for use with beginners who want to make something professional, presentable, and noteworthy. Besides being a company that offers advice to aspiring video producers, TrakAx also offers this piece of software for those who have constrained budgets and just want to get a video out there that looks highly presentable. The learning curve is, in almost every aspect, more simple than that of Adobe's mammoth software, and has everything you need from a beat synchronizer, automatic crossfading, and picture-in-picture capabilities.

Get into video. You seriously won't regret it. Also, have a look at some of TrakAx's advice. It might make you a little less timid about getting out there and publishing.



Brian Littleton On The State Of Affiliate Marketing #AMDays

Editor's Note: Last year we provided coverage of the Affiliate Management Days conference (a conference for businesses that offer affiliate programs) and this year we will be doing the same. The interview below features Brian Littleton, Founder and CEO of ShareASale, one of the world's major affiliate networks, by conference founder Geno Prussakov.

Brian LittletonQuestion: What are the major challenges you see affiliate managers struggling with?

Brian: Generally speaking, it is the speed at which the industry evolves and develops. Affiliate marketers are quick and smart and those are really positive things â€" but there are negatives that go along with it.

An affiliate manager needs to be able to stay on top of the negative trends as well, in order to maintain positive momentum in the channel.

One of the best examples of this is the cloaking of search results (showing one result to the search engine, but a different one to a user). With any cursory glance at an affiliate engaged in cloaking it will appear just as a product link â€" but with further research and a knowledge of trends the affiliate manager can spot the issue quickly.

Question: What do you view as the main affiliate program growth opportunities?

Brian: While it may not represent the majority of the volume going through the affiliate channel now, I still believe that the longest term positive growth opportunity is in the acquisition of new customers that were previously untouched.

If affiliate managers and affiliates alike focused on this target, I believe the growth opportunity is significant. But it takes a combined effort starting with the affiliate manager.

Question: In April 2012, an Illinois Circuit Court Judge ruled the affiliate nexus tax unconstitutional. However, in September the law is set to be reinstated in two other states (Pennsylvania and California). Two questions: Is there a good solution to this snowballing affiliate nexus tax situation? How can affiliate networks help merchants to continue working in the states with the affiliate nexus tax legislation?

Brian: Yes, Senator Dick Durbin (IL) and others have proposed a Federal solution to the problem that would be fair and even for all States. This is the only way to accomplish their goal (allowing States to collect an already due tax) while preserving jobs in the affiliate industry.

To answer your second question, I don't believe that there are any legal ways to get around these laws. I have heard possible solutions floated around such as filtering out commissions based on the State of the customer, which came up long ago in the first passing of the law in New York.

I don't believe it to be a solution based on my reading of the laws. In my opinion, they just put the merchant in a worse legal position.

Question: What about the “Do Not Track” legislation? Is the affiliate marketing industry in danger here? And does ShareASale have relevant solutions?

Brian: Yes, the industry should be aware and have a lobby for the issue. This is something that is being accomplished through the Performance Marketing Association.

As for solutions, certainly we are looking at the issues closely but there isn't anything definitive that I would be able to share. I also think it is important to remember and respect the privacy of a user. Ultimately, if they ask that their information not be shared â€" it is important to respect that.

At the same time, we may not be able to provide to them some of the services that would be supported by the advertising dollars involved in tracking purchases… so it goes both ways.

The important step here is to make sure that the industry is well represented in our viewpoints which are critical to online commerce.

Question: In October of this year, you're speaking at Affiliate Management Days East 2012, participating on “The Role of the Network” keynote panel. What are the top 3 things that affiliate managers (and merchants) should be looking at while choosing an affiliate network?

Brian: A network is a partner. As I alluded to earlier, there is a lot of danger in putting too much trust into an affiliate. An affiliate manager needs a network that is going to help them understand the pluses and minuses of certain traffic techniques, that is step one.

Step 2 is all about technology and flexibility. An affiliate manager needs a network that can provide to them the tools that they need for organization, segmentation, attribution, contact, etc. The network needs to be flexible enough to adopt to trends and develop technology around them as well. Ask specific questions about exactly what you want to do.

For example, if you want to pay half of your affiliates only for transactions on certain products, and the other half in a different manner â€" make sure it is easily handled. Unless you ask specifically for what you are looking for, there is no way to tell how flexible the solution really is.

Step 3 is trust. There are quite a few affiliate networks who have been in the space 10-15+ years and have developed years worth of knowledge and trust of the community. I would not place my affiliate program in the hands of a brand new network without serious consideration.

Question: Over the next 4 years Forrester predicts a steady growth for affiliate marketing. What are the top 3 areas of opportunity for affiliates these days?

Brian: Opportunity exists, as I stated earlier in finding new customers for retailers. This, to me, is the long term value of the channel and what affiliates should be focused on.

In terms of top 3 areas I think “Local Search” is probably the most obvious â€" as users move more and more towards their mobile and tablet devices. Trailing that I would say both “Social Gaming” and “Consumer Review” are both really open for opportunity although both carry with them some caution.

Question: If you were to leave affiliate managers with just one bit of advice today, what would it be?

Brian: Use your instinct. When it comes to finding a really good affiliate, don't be fooled simply by statistics or language. Use your instinct and knowledge of your own product and website to help you.

Too many Affiliate Managers are forced into relationships either by lack of understanding or through automatic approval. Unfortunately, their programs can suffer due to it. If you are going to actively manage a program â€" make sure to use your #1 asset.

* * * * *

Affiliate Management Days takes place October 9-10, 2012. More information about Affiliate Management Days being held in Ft Lauderdale, can be found here. Or follow the hashtag #AMDays on Twitter. Register using code SBTAM150 to receive $150.00 off your pass. Check back here for more interviews with the speakers.




Boost Your Search Engine and Social Appeal With InboundWriter

Can't figure out SEO (Search Engine Optimization)? Don't worry… you're not alone. There are hundreds of thousands of people who can't do it, either. In fact, 95 percent of all blogs fail, as in they seriously crash and burn into the abyss of forgotten websites that never update anymore. You don't want to have one of those blogs or own a site that ends up like that.

What do the 5 percent know that the other 95 don't? Besides protesting as “the 95 percent,” there are ways to actually adopt measures to make your site better. Some people don't know, though, that they can do too much of a good thing. Let's take an example: John sells custom-made T-shirts for people. He's a great designer, has a ton of talent, and has the skills necessary to keep the business running. He decides to invest in a domain name, starts a website, and tries to sell his product outside his locale. He plasters “custom T-shirts” all over the site and even writes an article mentioning “custom T-shirts” or “T-shirts” in just about every sentence.

John now wonders why he has only 5 visitors a day who never buy anything. His website isn't doing anything for him. But he was told that working with keywords is going to get him somewhere. Somehow, his Google PageRank remains a 1/10 and the Facebook page isn't helping, either. He gives up shortly and decides to just sell locally.

Do you see his mistake? It's known as “keyword stuffing” and Google hates that. This, and many other things, could negatively affect your site's ability to be seen by people. Google, Facebook, and Twitter are all picky, but there's one application online that knows how to push you in the right direction.

Enter InboundWriter, an online piece of software that lets you create content that appeals to search engine and social media websites. This program uses complex algorithms and mines data from the Web to help you match your target audience by telling you how many keywords to include, how much to write, and whether or not you are in the “sweet spot” with keyword repetition. Too few keywords, and Google doesn't know what you're talking about. Too many, and it doesn't want to give you the light of day.

InboundWriter not only lets you create search engine-friendly content, but it also gives you insights into what people are saying about your niche in Twitter using a feature called “Topic Buzz.” This not only helps your website cater to the SE giants, but also guides you in creating social-friendly content to appeal to the crowd.

My experience with InboundWriter was a positive one, in a way. I gave it a try about two months ago and published an article on my own online publication regarding portable printing. The article didn't immediately get views, but they started creeping in once Google crawled the site. The day after, I started having about 10 views on the article. OK, so that's not much, but it's certainly better than some of my other articles, which were just forgotten pieces of content that had 20 views historically. Soon after, I was getting almost 600 page views on that article alone every month, according to my Google Analytics data.

The traffic increase wasn't immense, but it was somewhat enticing, making me want to use the software again. Imagine if I get that many visitors from 100 articles. That amounts to 60,000 visitors a month, or about 2,000 visitors per day. You might get more, depending on how useful the information is and how many people link to your site. At that time, I had a Google PageRank of 2. Now, my PageRank is higher and my site has more authority. It's more SEO-friendly, and some of my articles have gone viral on social venues.

All in all, I'd give InboundWriter an 8 out of 10. The reason it doesn't get a full 10 is because it is not the completely intuitive system it advertises to be. You have to know a bit about what keywords to use, among other things.



SumAll: Financial Analysis by Tracking Your Website Traffic

Google Analytics is free. We all know that, but we also know that it isn't always easy to use. Small business websites are not cheap to build or manage (not usually) and then we expect those sites to deliver magnificent results. In reality, few of us are watching the analytics meter because it is not user-friendly, but that changes when you flip the switch on business reporting tool SumAll.

SumAll

To be fair, Google Analytics cannot do what SumAll does, but it pulls data from it and displays it well. It also pulls data from your ecommerce store. Current integrations include Shopify, BigCommerce, eBay, PayPal, and Magento.

What This Means

Having your analytics tied to both website traffic and ecommerce sales, you can quickly see what your top selling products are, which days are busiest for which of your products, and how much revenue your top products are generating. Website traffic analytics can help you in your marketing, but having financial details tied into those reports make them much more useful.

What I Really Like:

  • I get a detailed email as often as I specify and my basic report looks like the image below. Google only sends me attachments that I have to open. Petty perhaps, but I live in my inbox a good portion of the day.
  • It shows regular Web traffic, but also pulls in product sales data and compares traffic to sales.
  • SumAll does math. You can select five different data lines and turn it into one summed line. Sales, discounts, or units sold, any data of the same kind can be added.
  • They have a super fast signup process. First name, last name, email, password, then the submit button says “Discover Your Potential.” Well said.

What I'd Like to See:

  • Some pricing details. SumAll is completely free right now. They promise that basic features will remain free, but I'd like to know if it is going to be $10/month or $100/month before I synchronize all my data.

Frankly, SumAll is an amazing service for small business owners who struggle with keeping up with the information firehose.

The team at SumAll has created an elegant way for you to see your mission-critical data in ways that make sense and help you run your business. The basic service alone is worth the effort.  I'm expecting that the premium levels will be affordable for most of us.




\'Undetected\' virus was able to destroy PC data

A piece of malware called 'Wiper' hit targets in Western Asia earlier this year.

Analysis by Kaspersky Lab found that this had a highly effective method of destroying computer systems, including a unique data wiping pattern. It said that when it was searching for Wiper it came across Flame, although Wiper has not been 'discovered', as the malware was so well written that once it was activated, no data survived.

The report on Wiper said: “Although we've seen traces of the infection, the malware is still unknown because we have not seen any additional wiping incidents that followed the same pattern as Wiper, and no detections of the malware have appeared in the proactive detection components of our security solutions.”

It also said that it may be possible that Wiper will never be discovered, but based on Kaspersky Lab's research and experience, it was reasonably sure that it existed and that it was not related to Flame.

Forensic analysis of the hard disk images that had been wiped found that the malicious program wiped the hard disks of the targeted systems and destroyed all data that could be used to identify the malware. Also, the file system corrupted by Wiper prevented computers from rebooting and caused improper general functioning, meaning that nothing was left after the activation of Wiper on any machine that was analysed and there was little chance of recovering or restoring any data.

The hard disk image analysis also revealed a specific data wiping pattern together with a certain malware component name, which started with ~D. It said that these findings were reminiscent of Duqu and Stuxnet, which also used filenames beginning with ~D, and were both built on the same attack platform, known as Tilded.

The unique wiping pattern was designed to quickly destroy as many files as effectively as possible, including multiple gigabytes at a time, with 75 per cent of targeted machines having their data wiped completely.

Alexander Gostev, chief security expert at Kaspersky Lab, said: “Based on our analysis of the patterns Wiper left on examined hard disk images, there is no doubt that the malware existed and was used to attack computer systems in Western Asia in April of 2012, and probably even earlier - in December of 2011.”



FOIA request finds that data breach problem has got a lot worse over the last five years

The amount of data breaches in the UK has increased by more than 1,000 per cent in the past five years.

According to a Freedom of Information Act request from the Information Commissioner's Office (ICO), there has been a major increase in the number of self-reported data breaches occurring each year since 2007.

The biggest culprit is local government, where data breaches have increased by 1,609 per cent, with the next largest increases coming from other public sector organisations (1,380 per cent) and the private sector (1,159 per cent). NHS data breaches have increased by 935 per cent, and central government breaches are up by 13 per cent.

From November 2007 to November 2008, local governments reported just 11 data breaches, but by 2012 this figure had grown to 188. In total, data breaches reported in 2007/8 amounted to 79, while in 2011/12 it was 821.

Nick Banks, head of EMEA and APAC at Imation's mobile security business, who requested the Freedom of Information Act data, said that the massive increase in just five years was "fairly startling".

“The figures seem to show that increasing financial penalties have had little effect on the amount of data breaches each year. Undoubtedly there are some mitigating circumstances that have contributed to the rise in annual data breach numbers, such as the introduction of mandatory reporting in certain sectors, plus the increasing amounts of data being stored and accessed, but none of these factors obscures the clear trend of constant increases,” he said.

“The latest full-year figures show that there were 821 data breaches in the UK in 2011/2012, which is deeply worrying. Organisations must take responsibility for preventing breaches, and with so much available technology there really is no excuse for failing to adequately protect data.”

Read the Imation whitepaper on 'Coping with a data loss' and data tiering here.



Addition of Java zero-day to Blackhole increases its infection success by 25 per cent

The addition of the Java zero-day exploit to the Blackhole exploit kit has more than doubled the crimeware toolkit's potency, according to researchers who are tracking the threat.

According to a blog post by Seculert, it didn't take more than a day for the Blackhole malware author to add this exploit to the Blackhole arsenal. This has subsequently led to an increase in the numbers of infections, due to the new Blackhole version that now includes the new Java zero-day, with the successful infection rate increasing from ten per cent to 25 per cent.

It also cited statistics that show that Java exploits in Blackhole servers are 75 to 99 per cent successful, while tens of thousands of new infected machines have been due to the Java zero-day, particularly since the exploit was added to the Blackhole exploit kit.

Speaking to security blogger Brian Krebs, Blackhole author Paunch said he intended to (and did) fold the exploit into his kit, but said he was surprised that someone would just leak such a reliable exploit, which he said would fetch at least $100,000 if sold privately in the criminal underground.

Experts have recommend users disable Java in the browser until Oracle, which maintains the software platform, releases a patch. Oracle has not said whether that will be before the company is next scheduled to patch Java, on 16th October. A report by PC World suggested the database giant may have known about the bugs since last spring.



Good Technology adds new capabilities to enterprise app

Good Technology has added the ability to take and securely share photos and make one-touch conference calls to its Good for Enterprise collaboration app.

As well as an enhanced interface, Good Technology said that the improved app provides users with the ability to snap and securely share photos via email from whiteboard sessions or job sites without worrying about the image ending up in a cloud repository such as iCloud or Dropbox. Employees can organise and track tasks with real-time synchronisation of Microsoft Outlook tasks or Lotus Notes To Do's.

Use of the Good for Enterprise application requires a Good for Enterprise server and client access license. Versions of Good for Enterprise are available for both iOS and Android.

Laura Fay, vice president of product management at Good Technology, said: “With today's always-on work environment, employees need mobile business apps designed to make getting work done easier.

“With this release of Good for Enterprise, our customers can now offer their employees an elegant, powerful and secure collaboration app that supports the way employees want to work using the devices they prefer. Whether it's joining conference calls with one-click, preparing for meetings on-the-go or securely snapping and sharing photos, Good for Enterprise enables employees to get work done â€" quickly and effectively.”



Secunia integrates vulnerability scanning and patch deployment with new version of Corporate Software Inspector

Secunia has launched the next version of its Corporate Software Inspector (CSI) 6.0 to combine vulnerability intelligence and scanning, and patch creation with patch deployment.

According to the company, the vulnerability and patch management solution allows users to understand and evaluate their entire threat landscape, identify exactly where application vulnerabilities exist and how best to prioritise and implement remediation efforts.

Also added are custom scan rules and the ability to create and configure smart groups and integration with Microsoft Windows Server Update Services (WSUS), Microsoft System Center Configuration Manager (SCCM) Altiris Deployment Solution and any other third-party configuration management tools.

Morten Stengaard, director of product management and quality assurance at Secunia, said: “Simply put, we have designed the new Secunia CSI to help our customers realise a better return on those investments, while at the same time improving their security level.

“The overall mission of the Secunia CSI 6.0 has been to empower our customers and their current infrastructure, while providing them with the best of breed vulnerability intelligence, scanning and pre-created patch packages. We have therefore focused on developing the Secunia CSI's integration capabilities, making the Secunia CSI 6.0 a much more useful and extensive vulnerability and patch management tool.”



Microsoft Changes Logo for First Time in 25 Years

A company's logo and brand make a difference. Though they won't convince anyone to buy or consume a substandard product or service, they can tell a business's story, set it apart from competitors by communicating it's unique value, and create an important association for customers between a company's message and what it creates.

Whole New Look

A sea change. The new Microsoft logo is a major shift for the company, its first significant change since 1987. Combining the multicolored symbol found on Windows products with Microsoft's traditional wordmark, the logo is intended to combine tradition with company heritage. The Verge

Running the risk. Changing your logo can be riskier and a bigger deal than many might think. Marketing expert Barbara Kahn, professor of marketing at The Wharton School of the University of Pennsylvania, said a logo must be “distinctive, clearly identified with the brand, and consistently used over time.” The Seattle Times

Better Branding

Colorful communication. There is a reason why humans associate red with hunger, green and blue with calm, and very specific colors with specific brands. Color communicates psychologically with customers on a primal level, but consistent use of colors with a logo or brand also makes a powerful impact on them. Effective use of colors is not just a matter of first impressions. UPrinting

Signs and symbols. The degree to which branding is effective may depend not upon the amount of money your company has to invest in marketing, but upon the consistency you use in applying graphics, suggests graphic design expert Emily Brackett. In this post, Brackett looks at how an idea as simple as a bike rider logo painted on the road can communicate quite a bit. VisibleLogic

What Works

Mobile motivation. With the increased popularity of the smartphone, brands must increasingly integrate with the mobile world. However, marketing consultant Gary Bembridge believes it unlikely brand specific apps will be the way to go. On the other hand, failing to integrate a brand into the world of apps used by potential customers may isolate a business from its market long term. Marketing Mix Man

Brand building basics. There are many things that go into a brand besides simply a snappy looking logo. From high quality products to positioning and even re-positioning, there are many ingredients that go into the mix. Other elements include good communication and being the first-mover in the marketplace before competitors arrive on the scene. Expert Business Advice

In Retrospect

Maybe they should have hired this guy. Even if Microsoft never took graphic designer Andrew Kim up on his idea for a new logo, this post should give any thoughtful entrepreneur insight into the logo creation process. Brands that tell a company's story and support its products and services generate loyalty from existing customers and win over new ones. Minimally Minimal



Subscribe to: Posts (Atom)