RSA key length change should be priority in September 2012 Patch Tuesday

Microsoft will be restricting Windows certificate acceptance rules next month and security experts indicate that since September has few software updates, security teams should prepare for the changes.

The patch will change the Windows certificate system, and it will stop accepting certificates that are using RSA keys with fewer than 1024 bits.

Wofgang Kandek, CTO, Qualys Inc. 

Microsoft addressed flaws in the Visual Studio Team Foundation Server and the System Center Configuration Manager in its September 2012 Patch Tuesday. The software giant issued two bulletins, both rated important and with no restart required. There were no critical bulletins this month.

Wolfgang Kandek, chief technology officer at Redwood City, Calif.-based Qualys Inc., said that the software addressed in this month's update is not wildly installed on many computers. Kandek said that the key length change should be the area of focus this month.

"The patch will change the Windows certificate system, and it will stop accepting certificates that are using RSA keys with fewer than 1024 bits because those keys are considered forgeable," Kandek said in the company's Laws of Vulnerabilities blog.

In the October 2012 round of updates, Security Advisory 2661254 will become mandatory and RSA keys smaller than 1024 bits will no longer work with Microsoft products. Microsoft made the move to address weaknesses that were exposed by the Flame malware toolkit. It exploited the weak encryption algorithm to create fraudulent Microsoft certificates to spoof the Windows Update mechanism on Windows systems. Researchers have been dissecting Flame and its various components since it was detected on Windows systems in Iran and other countries in the Middle East and North Africa.

Users are encouraged to download the patch now to test it on their systems, wrote Angela Gunn, senior marketing communications manager for Microsoft Trustworthy Computing.

If communication breaks in an email or on a webpage after the patch is installed, it can be uninstalled while users address the issues and update the faulty certificates, said Paul Henry, forensics and security expert at Scottsdale, Ariz.-based Lumension Security, Inc. Once the bit requirement changes in October, this will not be possible, so it is important to fix any possible issues now, Henry said.

Microsoft said the two September bulletins address issues that can be exploited by attackers by convincing users to take click on a malicious link or visit a website hosting attack code.

Bulletin MS12-061 resolves an issue in the Visual Studio Team Foundation Server. It could allow elevation of privilege if a user visits a webpage or clicks on a link in an email message from an attacker. Bulletin MS12-062 addresses a vulnerability in the System Center Configuration Manager. It could allow elevation of privilege if a user visits an affected website through a malicious URL.

Attackers usually entice users with links in email messages or Instant Messenger messages that take them to the intended webpage. Both bulletins patch cross-site scripting vulnerabilities. Neither issue has been discovered in the wild.

Software affected by the patches include Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1, Microsoft Systems Management Server 2003 Service Pack 3 and Microsoft System Center Configuration Manager 2007 Service Pack 2.




Businesses Using Microsoft Products: Be Aware of New Policy

MicrosoftMicrosoft has updated its services agreement, which may not seem like a huge issue for users of the company's many products, but it could be worth a second look to users concerned with cloud security and privacy.

The update changes the way that Microsoft can share user data between its different cloud based services. Basically, the company has adopted a policy of sharing data between its many different services such as Outlook, SkyDrive, and Office accounts.

Microsoft says that the change is supposed to make the user experience better for those who use multiple Microsoft products, since they won't ever have to look around for their data that may be stored in one of several different cloud storage services.

These products are used by businesses, and since many are concerned with cloud security, it is important for business owners to understand how their data is being used in the cloud.

The content you upload to the service is still owned by you and remains your responsibility. Users also still have control over who can access their account data. Just because data is stored on the cloud, doesn't necessarily mean that it is secure.

The company does, however, reserve the right to review content uploaded to its services to make sure it complies with Microsoft's Code of Conduct and Anti-Spam Policy. Content that doesn't comply can be removed by Microsoft.

The user agreement states that anyone who uses its services is agreeing to its terms. Users will be required to have a Microsoft account, formerly known as a Windows Live ID, in order to access portions of these services. The changes will become effective September 27, 2012.

Realistically, most users of these products probably won't even notice a difference, but the new policy still has an impact on privacy rights and your company's data.




Employee Engagement: Impact of Learning and Development

An engaged workforce who possess the necessary skills, knowledge and expertise is crucial for any organization who wants to achieve high levels of business success. In our current challenging and competitive business environment, learning and development has never been more important as a means to keep employees engaged and maintain that competitive advantage.

training

Good employee engagement training focuses on teaching the skills which are needed to do this effectively.

During an economic downturn, it is tempting to slash or even remove training budgets. However, this is a short term view which will inevitably produce dire long term consequences. Thriving organizations rely on their people to perform consistently well.  This can only be achieved if they are feeling engaged and motivated.

Nuture Talent, Help People Learn And Improve

The right training and development can greatly enhance employee engagement by nurturing talent and helping people to learn new things and improve their performance. Most people want to feel that they are doing a good job and that they are valued by their organization for the part they play.

In addition, few people like to remain static in a work environment and prefer to have variety in their work and see development potential in their role.

Learning and development provides a way to address all of these human needs and greatly improves employee engagement. Companies who invest in their people through training and development are also viewed more favourably by employees than those in organizations who don't.

However, if training and development is to make a significant impact on  employee engagement, employees must see the benefits to themselves of undertaking training activities. This is where many good intentions fall short.

Show The Benefits

Organizations who are keen to demonstrate their commitment to their people can sometimes get carried away with the “sheep dip” approach to training â€" leaving some people confused about the rationale behind attending it.

In order to harness the positive effects of training, employees have to see the link between where they are now and where they want to get to and how training is going to bridge this gap.

It sounds obvious but without this being made explicit, organizations run the risk of training and development being viewed as a chore instead of a reward.

The answer is to link training and development to specific objectives and the only way to make this work effectively is for managers to have one-on-one conversations with their people about the purpose of training and what's in it for them. Asking people what they think they need and setting specific learning objectives is crucial at this stage.

Done efficiently, learning and development will then provide the means to motivate and engage employees like never before.  People will feel valued for their contribution and they will understand that the organisation supports them to be the best that they can be.

Developing people really is key to having an engaged workforce and achieving business success.

Training Photo via Shutterstock




Online Printing: The Express Train To Increased Productivity

For the last several decades, businesses have all had one thing in common: paperwork. Documents always need to be printed and sometimes you're not near a printer. Do you simply just shrug your shoulders and call it a day until you find yourself near one of those cute devices, or do you find a way around this? Let me introduce you to Online Printing!

Of course, if you've never heard of online printing, you'd be in the “shoulder shrugging” department. If you don't know the benefits of online printing, it's about time you learn what it can do for you.

First of all, what does online printing mean? I guess a better way to call it is “remote printing”: printing from a printer that's not attached to your computer.

If you don't get up from your chair to print something, it saves you a small bit of time. But here's the real deal-maker: What if there was a way to print documents from really long distances? That's where all the money is!

So, what kinds of printers can let you print from such distances? There are printers out there that react to received emails. They have their own email addresses and print whatever email is sent to them. In a recent article, Ramon Ray, editor of Smallbiztechnology.com and technology evangelist, covered three companies that offer online printing services worth taking a look at: HP ePrint,  Epson Connect and PrinterOn.

But that's not all you can use to print information on the fly. Further in his article, Ramon mentions cloud-based services that allow you to rely on them to print documents and mail them to an address. This is good for documents you have to mail to people anyway and saves you on some grunt work.

No matter what industry you're in, if you don't adopt online printing, you're missing out on a lot and possibly harming your productivity. Think about what we've discussed and the solutions available for you. Find out what's most affordable, packs the most punch to the penny, and works best for your small business.Optimized with InboundWriter



Criminals target social media

Cybercrime is becoming common, leaving Kiwis vulnerable

The face of cybercrime is changing as criminals target social networking sites and mobile devices, and a new report says New Zealanders are vulnerable.

Two-thirds of online adults have fallen victim to cybercrime, a number that will only increase unless people become more aware of their vulnerabilities, internet security experts say.

Norton's Asia-Pacific and Japan vice-president, David Freer, said people knew about the dangers embedded in emails, such as the infamous Nigerian scams, but those hazards were now five years old.

"But the problem is all the threats have moved on from that," Mr Freer said. "Many of the threats are in the social networks, which are the new email ... and social networks have the advantage of working in a trusted environment so people believe links their friends send them."

Sixteen per cent of social network users in New Zealand have been victims of social cybercrime and 13 per cent reported someone had hacked into their profile and pretended to be them. The two main forms of the online scams are either for monetary gain or to collect personal details to "create mischief".

Norton's annual cybercrime report estimated more than 900,000 New Zealanders fell victim to online criminal activity in the past 12 months, totalling more than $462 million in direct financial losses.

The worldwide survey interviewed a representational group of 500 New Zealanders about their cybercrime experiences and multiplied it to match the population.

Year on year they had seen a doubling in the number of threats.

Mr Freer said people needed to be aware of the fact that cybercrime had moved to social networks and mobile devices.

New Zealanders also needed to be more vigilant with changing their passwords and choosing secure combinations. In the past year, 34 per cent have been notified to change their password because it or their privacy had been breached.

NetSafe's chief executive Martin Cocker said the most secure passwords included a combination of letters, numbers and symbols.

Not stranded, just hacked

An anonymous overseas hacker broke into Reuben Simpson's email and PayPal accounts, sending hundreds of messages to all of his contacts.

They were told to send money because Mr Simpson was stranded in England and needed to get home.

"At first I had no idea what was going on," he said.

The 19-year-old, from Beach Haven, had the bright idea to search his email account on Google and found it posted, along with his password, on a foreign website.

Mr Simpson, a university student and jazz singer, was one of thousands who had their privacy breached by Google in 2009, the time of his cyber attack.

Once he worked out what had happened, he quickly contacted Google so he could regain access to his gmail account and called PayPal. He didn't lose any money and none of his con-tacts believed he was stuck in England.

NZ Cybercrime
* 900,000 victims a year
* 2465 victims a day
* 1.7 victims a minute
* 6 out of 10 online adults have been victims of cybercrime
* $462.9m lost in cybercrimes/year.

On cellphones
19% of mobile users received a text from someone they didn't know requesting they click on an embedded link or dial an unknown number to retrieve a "voicemail".

On social networks
* 39% have fallen victim to cybercrime on a social media platform.
* 10% have fallen victim to a scam or fake link on a social media platform.
* 13% have had someone pretend to be them on their online profile.

How we respond
* 91% delete suspicious emails from people they don't know.
* 82% have at least a basic antivirus programme.
77% don't open attachments or links in unsolicited emails or texts.

Email habits
* 44% don't use complex passwords or change them regularly.
* 45% send personal photographs via email.
* 19% send bank statements.
* 36% send work-related documents and correspondence.
* 13% send passwords for other online accounts.

By Amelia Wade | Email Amelia

Sophos launches its first hosted solution with \'Mobile Control as a Service\'

Sophos has launched a hosted version of its mobile device management (MDM) software.

Based on its Mobile Control 2.5, the company said that Sophos Mobile Control as a Service allows businesses to quickly and easily deploy an MDM solution without any changes to their existing IT infrastructures.

The web console, self-service portal and mobile client are available for on-premise installation or as Software-as-a-Service (SaaS) under a subscription license.

The on-premise version is also included in the Sophos Complete Security Suite, which combines endpoint, data, email, web, server and mobile protection. In addition to Sophos Mobile Control as a Service, the company is planning to introduce a full range of hosted security applications.

Matthias Pankert, vice president of product management at Sophos, said: “The launch of Sophos Mobile Control as our first hosted service represents a significant milestone in our product strategy.

“Security applications are rapidly moving toward the cloud to provide flexibility and scalability, which today's businesses demand. With limited resources and a multitude of security solutions to manage, mobile devices in particular are often left uncontrolled. Our SaaS-based solution ensures that these devices are controlled and managed, even for small groups of users within a company.”



Need To Confirm Information On A Sales Lead? One Of These Information Databases Can Help You

Your business relies on sales leads, but if you are unable to confirm those leads, your marketing effort to convert the lead into a customer or client is for nothing.  You can certainly spend countless hours on the internet validating the information and searching for additional leads, but that's not really cost effective, or doable, given most time constraints.

Ramon Ray, editor of Smallbiztechnology.com, recently published an article for Dun & Bradstreet, that explores information databases, straight from some small business owners who use them.  Here is a quick look at the four most notable information databases he speaks of:

ZoomInfo®

Obility Consulting's Nick Herinckx swears by ZoomInfo®, a contact database that allows you to search leads by industry terms, job titles, and more. ZoomInfo provides targeted lists that help sales staff to channel marketing efforts. ZoomInfo® has won several awards, including the 2010 Best Sales Productivity Tool from the American Association of Inside Sales Professionals.

Jigsaw.com

MSP marketing and business consultant Stuart Crawford of Ulistic, a firm that specializes in I.T. marketing and business development, recommends Jigsaw.com, a directory that provides both phone and e-mail contact information for businesses. Jigsaw boasts a database of more than 30 million business contacts, with 40,000 added daily. Jigsaw's user base reviews each entry for authenticity, comparing its service to Wikipedia, where content is created and maintained by users. Because Jigsaw's database is refined by users, the site has a community-like feel, where members help each other.

Follower Wonk

For your social media marketing growth, Amsterdam Printing's Slavik Volinsky recommends Follower Wonk, a site that allows you to find and organize Twitter followers. Follower Wonk allows you to obtain information on a contact's followers and the people they follow, along with the user's real name, location, and level of activity. The level of activity is graded by a “Wonk score,” which credits a user for how active they are on the site.

Data.com

For users of Salesforce, this is the obvious choice, but it's interesting that none of our entrepreneurs mentioned it. Salesforce's Data.com prides itself on its accuracy, with all information verified by other users.

“Companies today work in an environment where there is more information available than ever before,” Salesforce.com writes. “Businesses struggle to identify the right information from the right source in a timely fashion, and to efficiently bring this data together with their business processes. Data.com is showing customers a better way: with clean and accurate business data, customers can grow their business more efficiently by allocating resources effectively, improving campaign ROI, and increasing productivity.”

Click here to read the full article from Ramon and check out some of these other great articles on Dun & Bradstreet:

How To Ensure Your Small  Business Is Approved For A Loan

5 Mistakes To Avoid When Applying For Company Credit

 

 

 



For Target, retailor\'s risk management program hinged on executive buy-in

PHILADELPHIA â€" As one of the 10 largest retail chains in the world, Target Corp. knows a thing or two about making a successful sale. According to its risk management strategist, a key factor in the success of Target's risk management architecture has also hinged on sales, namely selling risk management methodology to internal stakeholders.

If you don't tell the stakeholders what success means, the risk management program will probably fail, or take a long time.

Michael D. Kelly, Target Corp.

In a session at the 2012 (ISC)2 Security Congress this week, Target Senior Architecture Consultant Michael D. Kelly discussed the information security risk management architecture implementation and maturity process at the Minneapolis-based retail chain. Kelly, a 25-year IT veteran who has been working on Target's risk management program for two and a half years, said one of his first steps, setting expectations, arguably proved most important.

"First of all, you have to define what success is. In my experience building programs like this, most of the work is up front, setting expectations." Kelly said. "If you don't tell the stakeholders what success means, the risk management program will probably fail, or take a long time."

Kelly said it's critical not to over-promise and under-deliver. For example, he said it doesn't make sense to promise executives that organizational risk will decline during a certain period of time, as such a calculation is based on too many factors that lie outside the information security team's control. Instead, he said, it's better to guarantee that the organization will be able to define and assess risk, and take action to reduce that risk when deemed necessary.

Kelly advocated the need for stakeholder and executive buy-in, which includes identifying the business decision makers who will make decisions based on the information the risk management program provides. Stakeholders should know that the goal of the program isn't to eliminate risk, but to manage it, he said.

"All we should really be talking about is managing risk," Kelly said. "That means understanding it, reacting to it consistently, and having consistent processes to treat risk all throughout the life cycle."

However, simply getting management's attention can be a challenge. Attendee Ron Trunk, senior consultant with Chesapeake Netcraftsmen in Arnold, Md., said communicating IT risk management concepts to business leaders can be a challenge.

Trunk said the first obstacle is simply getting management's attention. From there, the communication can be difficult because business leaders don't understand the technology side of risk.

"A lot don't understand the technology or how it's being used and so they can't assess the risk," Trunk said. "So it's left to the technology side, but they don't know the business."

Kelly acknowledged the challenges of bridging the gap between IT security teams and business managers, noting that at Target he was fortunate because he was able to piggyback off of its internal governance team, which was conducting similar work and had already established key relationships with executives.

What can help, Kelly said, is making the program as simple and easy to understand as possible. He emphasized the need for terminology that is precisely defined and used by everyone involved with the program, as well as a consistent focus on defining and measuring success.

"You have to show it to people," Kelly said. "Show them a chart, a table; that will help get buy-in from your stakeholders."

Getting there though can be hard work. Kelly said Target built a 30-page taxonomy of FAQs, terms and processes within its architecture. That has helped technologists, C-level executives and everyone in between speak the same language on risk management.

"That way, your stakeholders understand and they say the same things you say without being prompted," Kelly said. "If you can go to your boss's boss's bosses, and they say the same things you've been saying, that's what I call a measure of success."

However, risk management programs are far from easy. For instance, Kelly said one of the many challenges he has encountered is classifying threats and vulnerabilities as they are discovered. At first, he said, there was some confusion over regarding what was or wasn't a threat, but finally the organization converged on a combination of CVE and SCAP that works well.

Today, Kelly said on a scale of 1-5, the maturity of Target's risk management architecture program is about a 2.5.

"We've got a long ways to go, and it probably won't ever end, but that's a good thing because the maturity will continue to grow as technology changes, and the industry changes these programs will continue to grow."




GoDaddy back online, affirms no data comprised

Web hosting provider GoDaddy has brought its website and services back online, restoring service to millions of customers following a lengthy outage on Monday.

"We're working out the last few kinks for our site & control centers," the company told customers via Facebook. "No customer data was compromised."

Scottsdale, Ariz.-based Go Daddy Group, Inc. released no further information about the outage. Wired reported that the company apparently moved its DNS servers to rival VeriSign to speed up the process of restoring its website and hosting services.  

It's unclear if the outage was caused by a technical problem in GoDaddy's massive data centers or if the company was the victim of a cyberattack. A person, identifying themselves as a member of Anonymous, claimed responsibility for the outage via Twitter on Monday. The person did not provide any proof of their role in an attack.  

Founded in 1997, Go Daddy Group is the largest global domain registrar accredited by ICANN. It has more than 50 million domain names under management.

GoDaddy has had service disruptions in the past. In 2007 some GoDaddy websites were disrupted by a distributed denial-of-service attack (DDoS).  The company's IT security team had to filter out malicious traffic during a five hour period.




Census Nonemployer Data Corrections: Wide Changes

The Census Bureau has finally released the nonemployer data for 2010 and this year's update of the nation's nonemployer population was accompanied by about as much drama as you'll ever get with data wonks.

Nonemployer businesses, to jog your memory, are defined as firms with no paid employees other than the business owner or owners. Population gyrations in the nonemployer universe are worth watching because these tiny firms often serve as economic “canaries in the coal mine.”

Census

In addition, some economists view the surge in nonemployer numbers that has occurred since the turn of the century as an intriguing labor market trend.

The nonemployer update release date was originally slated for July but the Bureau discovered a problem with the 2009 data that had to be corrected, necessitating a re-release of the 2009 data and pushing back the 2010 release.

What Was The Problem?

Apparently, the folks who were supplying the data for these calculations underreported the numbers by a pretty significant amount, particularly in the real estate and mining sectors.

I'm just going to plow through this. Try not to let your eyes cross.

The resulting corrections show, in terms of the big picture, that nonemployer numbers actually grew (instead of declining) from 2008 to 2009. There were 21.7 million nonemployers in 2009 â€" 382,504 more than there were in 2008 rather than 222,563 fewer. That translates into an increase of 1.8% rather than a decline of 1%.

Receipts were still down in 2009 but not by anywhere near as much as originally reported. Overall nonemployer receipts in 2009 fell by 0.8% to $923 billion instead of falling by the far more drastic 9.9% to $838 billion.

Similarly, average annual receipts dropped from $43,646 in 2008 to $42,544 in 2009, meaning that the average nonemployer business took a 2.5% cut in earnings. Not the sort of thing to make any business owner happen but much better than the 9% hit calculated from the original data.

If You're Keeping Track

This means a few changes to the overall business population numbers for 2009, too. Total U.S. firms in 2009 numbered 27.2 million, and nonemployers accounted for 79.6% of them, rather than 26.9 million firms with 78.5% of them being nonemployers. Microbusinesses with fewer than 5 employees made up 92.7% of all U.S. firms and non-micro small businesses (5 to 499 employees) comprised 8% of the business population.

Having corrected the 2009 numbers, Census and its data providers took good care to make sure that something similar didn't happen with the 2010 data.

The nonemployer population experienced another increase in 2010, up by 1.9% to 22.1 million strong. Total receipts for the nation's nonemployer businesses that year grew to $951 billion, up an encouraging 3%, while the average nonemployer business owner got a $459 raise (a 1% increase) from $42,544 to $43,003 in average annual receipts.

Unfortunately, it wasn't all good news.  Nonemployer numbers declined in utilities, construction, retail, finance and real estate. Construction, utilities and finance also saw earnings declines for the year.

For All Other Sectors, The News Was Better

The five largest increases in population occurred in other services (6.6%), accommodation and food services (4.7%), mining (4.3%), administrative, support, waste management and remedial services (3.9%), while health care and social assistance tied with forestry, fishing & hunting and agricultural support services for fifth place (3.5%).

The forestry/ag sector and the mining sector also saw pretty spectular spikes in earnings between 2009 and 2010, with 12% and 13% increases in overall receipts, respectively. Receipts in transportation and warehousing also experienced a double-digit increase, at 11.5%.

The 80/20 rule still applies to microbusinesses. About eight out of ten of them earn less than $50,000 in average annual receipts, while the remaining 20% make more than $50,000. Among the lower earning firms, almost 25% make less than $5,000 annually and are probably scorned as hobbyists by many economists and policy makers.

At the other end of the spectrum, almost 1% of nonemployers earn an average of half a million per year or more and, among them, one in ten earns in excess of $1 million per year.

The Bottom Line

Nonemployer firms were recovering in advance of the rest of the economy in 2009 and 2010. While employer firms were still declining in number, those sturdy nonemployers were fighting their way back.

In fact, it is quite possible that some of the increase in nonemployer population in 2009 was a result of smaller employer firms dropping back to nonemployer status as tough times forced them to let their employees go in order to stay afloat.

It will be interesting to see whether the rest of the 2010 firm size class data reflects a recovering economy and, further, whether economic reverses in 2011 and 2012 will cause these data to grow unusually volatile over the next few years.

Census Photo via Shutterstock




LinkedIn Adds Notification, Updated Company Pages

You're probably still under-utilizing LinkedIn. I know, the truth is, most of us are. Even though we've heard all the benefits of using LinkedIn for business, the site declared the professional playground for professional connections, many of us still aren't using it to the degree that we should be. But LinkedIn would like for that to change. And to make the site even more attractive to business owners, they've added two new features designed to increase engagement and make it easier for everyone to stay LinkedIn-connected.

The new features include:

Activity Notifications

The first announcement LinkedIn made last week debuted its new notifications feature designed to keep business owners informed any time someone likes content they've shared, views their profile, accepts an invitation, sends them a message, etc. Basically, if it's happening on LinkedIn, this is where you'll find out about it.

To view your notifications, simply click on the flag in your LinkedIn top navigation bar. When you have one, the flag will be red.

The feature very much works and resembles similar ones created by Facebook and Google+, and will hopefully encourage business owners to engage with people using LinkedIn to learn more about them and their business. If you see someone has shared your content on LinkedIn, you can comment on their post and thank them, or offer yourself up to answer questions or walk them through a new service you've just created.

I think one of the many reasons so many of us forget about LinkedIn is because it's been difficult to track the activity and find opportunities to engage. This will hopefully serve to make the site more open for two-way conversation, instead of just using LinkedIn as a one-way posting board.

If the feature hasn't shown up for you yet â€" it's coming. LinkedIn shared that though the feature has started rolling out, it may take a couple of weeks for everyone to see it. In the meantime, why not work on getting yourself in the habit of using the site and build a rockin LinkedIn presence?

LinkedIn notifications on your Android, iPhone and iPad are also on their way.

New Look For Company Pages

A new notifications feature wasn't all LinkedIn had up its sleeve last week. The business networking site also announced a new design for company pages. According to LinkedIn, the updated company profile pages mean easier access to the information members want about the companies they care about it, as well as a more powerful way for businesses to build relationships with their target audience.

Dell was one of the few companies granted early access to the new profile design and you can see that the pages have changed quite substantially and are now (in my opinion) far more attractive and usable.

LinkedIn broke out some additional new benefits for members and companies:

For members:

  • The new streamlined design makes it easier for you to find exactly what you are looking for, whether it's company news and information, career opportunities, products and services, or insights.
  • Company updates are front and center, enabling you to quickly comment, like, or share relevant company updates with your professional network.
  • Company Pages is now available on our iPhone, Android and iPad apps, so you can stay connected to companies you care about, wherever you are.
  • All of this means it's now easier for you to find, follow and engage with companies you're interested in.

For companies:

  • We know a picture is worth a thousand words, so we've provided companies with the ability to easily add an image that best represents their company and brand. Like the photo on a member's profile, this image helps companies establish their identity on LinkedIn.
  • We've made the update stream more relevant for members, which means companies are able to share status updates and job opportunities with the right members on LinkedIn.
  • With a more prominent navigation experience, companies can now easily showcase their company's products, services and career opportunities to members visiting their Company Page.
  • For select companies, such as American Express, Unilever, Expedia, we've also started to offer a more compelling and visual way for them to showcase their employer brand through the Career Pages section of Company Pages. We believe this new look and feel makes it easier for companies to tell their employer story and make the job hunt process more personalized for job seekers.

As with the real-time notifications, not everyone will see these additions immediately, but they'll continue to be rolled out to all members over the next few weeks.

What do you think? Will the new updates get you to pay more attention to LinkedIn and add it to your arsenal of business social networking tools? I know I'm watching more closely.




App of the Week: Kicksend Makes Sending Multiple Photos Easy

Every day in this country, thousands of photos and videos are tossed around in cyberspace, many sent via smartphone. As use of mobile devices begin to overtake laptops and desktops in popularity, now more than ever users are clamoring for a way to send large numbers of photos without being denied.

Kicksend allows users to send large numbers of photos at a time without worrying about exceeding mailbox limits. Services like Dropbox require the user on the receiving end to have an account but Kicksend has no such requirement. You send, they receive via a secure transfer that keeps your sensitive data safe.

One of the best things about Kicksend is its ability to send multiple photos from your smartphone. Did you know the iPhone only allows you to send up to five photos at a time…and only if those photos are compressed into a very low quality? Kicksend lets your photos keep their quality, helping you share photos from events with friends and family without having to burn them to disc or use a file-sharing app.

Need paper prints? Kicksend can handle that, too. No matter where you are, you can send your photos to a nearby Walgreens for processing. You can even send your photo orders from your iPhone, enabling you to receive quality prints quickly while on vacation or visiting friends and family. While there are several apps that can provide similar functionalityâ€"Walgreens Mobile Pharmacy, for oneâ€"Kicksend's sharing make this app more desirable.

“For us to be able to tap into the creativity and innovation that is happening (on mobile platforms) was an opportunity that we couldn't pass by,” Abhi Dhar, chief technology officer of Walgreens' e-commerce division, told the Chicago Tribune. “When we saw the amount of interest that consumers have in using their smartphones as photo-taking devices, it was natural to take where consumer demand was and link it with what we saw to be a strong part of our offering.”

As Kicksend puts it, where sites like Dropbox are storage services, Kicksend is a delivery service. On the app's website, it urges you to think of Kicksend as “the express postal service.” The app isn't limited to sending photos, either. Using Kicksend, you can share videos of any size to your friends or family.

You, the sender, will have a Kicksend account. Whether you choose to use the mobile app, the desktop app, or your web browser, the recipient will receive a web link that will take them to a website where your photos or videos are waiting. If you prefer an additional layer of security, you can set it to require they log in before viewing your photos, but this isn't required. In fact, one of the best things about Kicksend is that the user on the other end doesn't have to log in.

As smartphones and tablets become photo-taking devices of choice, small businesses are increasingly looking for economical ways to share information. With Kicksend, you'll be able to easily share information with clients, friends, and family.



ICO fines council £250,000 after paper records dumped in recycling

Scottish Borders Council has been fined £250,000 by the Information Commissioner's Office (ICO) after former employee details were found in a paper recycle bank.

The records included former employees' pension details and salary and bank account data. A third party was contracted to digitise the records but failed to seek appropriate guarantees on how the personal data would be kept secure.

The files were spotted by a member of the public who called police, prompting the recovery of 676 files. A further 172 files deposited on the same day, but at a different paper recycling bank, are thought to have been destroyed in the recycling process.

Ken Macdonald, ICO assistant commissioner for Scotland and Northern Ireland, said: “This is a classic case of an organisation taking its eye off the ball when it came to outsourcing. When the council decided to contract out the digitising of these records, they handed large volumes of confidential information to an outside company without performing sufficient checks on how securely the information would be kept, and without even putting a contract in place.

“It is only good fortune that these records were found by someone sensible enough to call the police. It is easy to imagine other circumstances where this information could have exposed people to identity fraud and possible financial loss through no fault of their own.

“If one positive can come out of this, it is that other organisations realise the importance of properly managing third parties who process personal data. The Data Protection Act is very clear where the responsibility for the security of that information remains, and what penalties await those who do not comply with the law.”

The ICO pointed out that the Data Protection Act states that if you choose to use a third party to process personal data for you, you remain legally responsible for the security of the data and for protecting the rights of the individuals whose data is being processed. Scottish Borders Council had no contract in place with the third party processor, sought no guarantees on the technical and organisational security protecting the records and did not make sufficient attempts to monitor how the data was being handled.

Speaking recently to SC Magazine, Jonathan Armstrong, lawyer at Duane Morris LLP said that the impact of monetary fines from the ICO should be passed on to those directly responsible for the breaches and that they "should suffer the consequences as well".



Sophos launches first hosted solution with \'Mobile Control as a Service\'

Sophos has launched a hosted version of its mobile device management (MDM) software.

Based on its Mobile Control 2.5, the company said that Sophos Mobile Control as a Service allows businesses to quickly and easily deploy an MDM solution without any changes to their existing IT infrastructures.

The web console, self-service portal and mobile client are available for on-premise installation or as Software-as-a-Service (SaaS) under a subscription license.

The on-premise version is also included in the Sophos Complete Security Suite, which combines endpoint, data, email, web, server and mobile protection. In addition to Sophos Mobile Control as a Service, the company is planning to introduce a full range of hosted security applications.

Matthias Pankert, vice president of product management at Sophos, said: “The launch of Sophos Mobile Control as our first hosted service represents a significant milestone in our product strategy.

“Security applications are rapidly moving toward the cloud to provide flexibility and scalability, which today's businesses demand. With limited resources and a multitude of security solutions to manage, mobile devices in particular are often left uncontrolled. Our SaaS-based solution ensures that these devices are controlled and managed, even for small groups of users within a company.”



GoDaddy suffers four-hour outage following take down by Anonymous member

Anonymous has claimed responsibility for a hack on hosting provider and registrar GoDaddy that caused it to have major service issues last night.

A member of Anonymous who tweets at ‘AnonymoisOwn3r' said that he was taking GoDaddy down because he would "like to test how the cyber security is safe and for more reasons that I can not talk now". He later confirmed that it was "not so complex" to take down the servers.

The account's biography lists the person as the ‘security leader' of Anonymous and an ‘official member', but clarified that this was not an act by the Anonymous ‘collective', but by a single person.

GoDaddy said in a statement on its website that it and associated customer services began experiencing intermittent outages yesterday and that services began to be restored for the bulk of affected customers yesterday evening UK time.

It said: “At no time was any sensitive customer information, such as credit card data, passwords or names and addresses, compromised. We will provide an additional update within the next 24 hours. We want to thank our customers for their patience and support.”

According to the Associated Press, possibly millions of sites were affected. Anonymous in the past has voiced its displeasure with GoDaddy's temporary support for the now-shelved Stop Online Piracy Act (SOPA).

Rob Cotton, CEO at NCC Group, said: “This is a damning indictment of the current state of cyber defences â€" standards are simply not high enough. It's a sad state of affairs when the internet's largest domain registrar isn't adequately prepared for a cyber attack. This is simple digital vandalism â€" yet the measures GoDaddy had in place clearly couldn't handle it.

“The incident also highlights the potential dangers of the supply chain. GoDaddy had poor cyber defences in place, so in turn its customers did too. If organisations don't audit their suppliers' security, then they're leaving themselves wide open.”



Breach of Florida app publisher was cause of Apple UDID release, not FBI

Last week's breach of Apple Unique Device Identifiers (UDIDs) was down to a Florida-based publisher rather than an FBI laptop.

A report by NBC News, stated that the Florida publishing company Blue Toad said that the million-record database of UDIDs were stolen from its servers two weeks ago, contradicting hacker claims that they were stolen from an FBI agent's laptop in March.

Blue Toad CEO Paul DeHart said that technicians at his firm downloaded the data released by Anonymous and compared it to the company's own database and found a 98 per cent correlation between the two datasets and took responsibility for the breach.

DeHart said an outside researcher contacted Blue Toad and suggested the data might have come from there. He said he was "pretty apologetic to the people who relied on us to keep this information secure".

He could not rule out the possibility that the data stolen from his company's servers was shared with others, and eventually made its way onto an FBI computer. He also said that he does not know who took the data and could not comment, citing an ongoing investigation. The hacking group Antisec had claimed responsibility in a lengthy statement.

David Schuetz, a security consultant at the Intrepidus Group, was the outside researcher who contacted Blue Toad, and detailed his research of the data. He said that after hearing the news, he surmised that comparing apps against multiple devices might help narrow down the source.

Following work comparing the data, it was suggested to him that there might be multiple apps' data, meaning it could be a game or advertising company, and shortly after he found what seemed to be the source of the breach.

“I had decided to look more closely at the most frequently repeated device IDs, on the theory that perhaps that would belong to a developer. They'd naturally test multiple apps for their company, each of which should have a different device token,” he said.

After further research, he found Blue Toad and contacted them about the breach and said that he had found some interesting data that suggested they might be involved.

He said: “By the time I went to bed, I had identified 19 different devices, each tied to Blue Toad in some way. One, appearing four times, is twice named ‘Hutch' (their CIO), and twice named 'Paul's gift to Brad' (Paul being the first name of the CEO, and Brad being their chief creative officer). I found iPhones and iPads belonging to their CEO, CIO, CCO, a customer service rep, the director of digital services, the lead system admin, and a senior developer.

“This felt really significant. But as I started writing up my notes, doubt crept in. What are some other explanations? Perhaps everyone at the company uses a common suite of applications, [such as] the same timesheet app, for example. Then of course they'd all appear in the data. But even still, I couldn't shake the feeling that I'm onto something.

“I'm still not completely clear on all the technical details. Was Blue Toad really the source of the breach? How did the data get to the FBI (if it really did at all)? Or is it possible this is just a secondary breach, not even related to the UDID leak, and it was just a coincidence that I noticed? Finally, why haven't I noticed any of their applications in the (very few) lists of apps I've received?”

An FBI statement, released after the post of the data, said: "The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

Apple also publicly denied giving the information to the FBI and said that it began rejecting apps that access UDIDs earlier this year after phasing them out with the introduction of iOS 5.

Apple spokesperson Natalie Kerris told All Things D that: “The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organisation.

“Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of UDID and will soon be banning the use of UDID.”



GoDaddy Disruption Hurts Small Business Sites

An outage resulting from a deliberate hacker attack on GoDaddy, the world's largest domain registrar, took down or affected millions of Websites and e-mail accounts hosted through GoDaddy as well as domains registered with the company Monday. Many of those, including Small Business Trends and its related sites, belonged to small businesses, and most were not too happy to say the least. Here is basically what happened:

Downtime

From the front lines. GoDaddy spokeswoman Elizabeth Driscoll reported the outage began around 1:25 p.m. EDT, and by 5:43 p.m. the majority of service to the company's customers including an estimated 5 million Websites, had been restored. Though one Twitter feed belonging to a hacker group called “Anonymous” took credit for the outage, another seemed to distance the group from the attack. Associated Press

Tango down. A Twitter user with the handle “Anonymous Own3r” claimed credit for the outage using the hashtag #tangodown, apparently to indicate having taken the company offline. One tipster told a journalist the failure was caused by inaccessibility to GoDaddy's DNS servers. Failure may have included GoDaddy phone service and anything else requiring access to those servers. TechCrunch

Reaction

Hopping mad. Some online business owners and operators didn't bother to hide their fury. Editor Mike Daly not only vented his own frustration over the unnamed hacker who claimed responsibility for the attack, but shared the reactions of other angry business owners and managers. No matter what the motives, they made it clear that small businesses had been hurt in the process. Adotas

Puppet show. On the other hand, some businesses responded to the situation by thinking creatively. One even created a puppet show, complete with musical performance, to share more about the plight of small businesses affected by the outage. Here is a list of how other small business owners reacted with great creativity to help customers adapt. Vocus

Alternatives emerge. Of course, another reaction came from GoDaddy competitor HostGator. It's important to remember in small business that problems experienced by competitors and their customers can also be opportunities. In this case HostGator offered huge discounts on its services for customers using the coupon code “Godaddyisdown.” Shout Me Loud

Aftermath

Lessons learned. For all the headaches Monday's outage brought, online marketing consultant Brian Saemann argues it is also a great reminder of how vulnerable your online business assets can be without the proper precautions. Of course, the GoDaddy outage could have happened to anyone, but there may be steps you can take to make your online presence more secure. Go Beyond SEO

Back to normal. As Monday's GoDaddy drama subsided, some additional details about the extent and nature of the problems that may have affected an untold number of sites, many run by small businesses, emerged. GoDaddy says no sensitive information was compromised during the “attack”, but details about how it happened are sketchy and business owners remain concerned. PC World