Microsoft plans to release fix for IE zero-day vulnerability

Microsoft said Tuesday that it plans to release a fix for the recently discovered IE zero-day vulnerability.

The fix will be released in the next few days, according to a blog post by Yunsun Wee, director of Trustworthy Computing at Microsoft.

"While we have only seen a few attempts to exploit this issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online," he wrote.

The zero-day flaw affects Internet Explorer 6, 7, 8 and 9, according to a security advisory 2757760 issued by Microsoft late Monday.

Security researcher Eric Romang discovered the vulnerability over the weekend. According to researchers at Boston-based Rapid7, users' computers can become infected by visiting a malicious website. They advised users switch browsers until a security fix is available.

The fix Microsoft will release will be easy to use and will provide "full protection against this issue until an update is available," Wee wrote. Until the fix is available, users should follow the mitigations listed in Monday's advisory, he added.

 

 




ioSafe Gives Businesses Control of Their Data

With so many concerns about the security of information stored in the cloud, it could be beneficial for small businesses to look into alternative types of storage. But since so many business professionals use a variety of different devices to access work data, traditional storage methods may be far less convenient for everyday use.

Enter ioSafe, which has just introduced a new private cloud storage solution that aims to allow companies to access their data on a cloud-like network, while maintaining complete ownership and control over everything stored on the network.

The ioSafe N2 is said to be a disaster-proof network attached storage (NAS) that allows users to access their data from almost any internet connected device. The ioSafe offers a different pricing structure, starting at $599.99, and some different options that may be beneficial for certain types of businesses, depending on their needs.

Says ioSafe CEO, Robb Moore:

“Running some tasks for a small business on the public cloud can make total sense. For instance, outsourcing your Exchange Server to the cloud in the form of SAAS is well worth the $5 or $10 per month per user for any business under 50 users. Online storage is a different animal. For 20-30 GB in a small company, it can make sense. As the data scales to terabytes and beyond, costs and problems grow quickly.”

The new ioSafe N2 will be partially funded via a campaign on Indiegogo starting September 18, 2012.  The company plans to start shipping the new product in January. Founded in 2005, ioSafe is a small, 25 person company that also offers a number of other hardware devices for individuals and businesses.

Overall, this type of product can allow business owners to take complete control over their data. Even for those who use the public cloud to store and share data with their employees, a backup system that protects from both physical damage and cyber attacks could mean more secure data for your company.

Moore says:

“How much time or energy do you think a billion dollar company will spend on getting your data back if you're a $20 per month account?  They probably care more about the $20 per month and the threat of a bad review than about your actual data. Do they feel your pain when you lose your photo album or business â€" no. Keep at least one copy of your data local and don't rely on anyone else but yourself to protect it.”




App of the Week: KitApps – The App Creation Tool For Conferences and Events

One of the biggest hurdles in putting together a conference or event of any size â€" and it's a hurdle that gets bigger with the more attendees you have â€" is communicating the details to your audience. Maps, speakers, tracks, exhibitors, sponsors â€" it all needs to be put out there for use, and usually this ends up being a highly colorful handout pack that is also highly expensive to produce.

An interesting alternative is to create an app for the event that the attendee can simply download and then view on their mobile device. A company called KitApps has done exactly this, and has done it with the attendee's convenience in mind. Now on their mobile device, an attendee can do any of the following:

  • Get Maps. Maybe one of the most important functions to come from this; anyone can bring up Google Maps but not everyone will have an ‘in' on where to go or what to do during the conference's off hours. As the host, you can add hotels, local attractions, restaurants, and other areas of interest for all out-of-town attendees.
  • Get Schedules. You can provide a full schedule for your attendees to view, which is great in and of itself, but for even more convenience the attendees can personalize and access any time they want. No more brochures hiding at the bottom of backpacks.
  • View Speakers. Speaker information, including bios, photos, and contact information can be included for the attendee's convenience.
  • Sponsors. Your sponsors are of course important to your conference, and this app can give them more exposure by having them featured.

The interesting part of this is that you can go in, register for free, and build your app in the company's website…for free. This gives you a chance to try it out, upload images for the app's splash screen and app icon (and view these in a simulated screen as a preview), and add all the information and categories you'd like to. Once you've added it all, which will take about 30 minutes (not counting, of course, the images and information you need to gather beforehand), you can purchase it for $249.

A demo of the process to show how easy it is can be found here.

When you consider the costs involved of printing, $249 will save a lot of grief down the road â€" as well as impress your attendees and make things easier for them to find.



Big Bank Lending Drops While Small Bank Lending Increases

Small companies pursuing capital during the month of August found mixed results from lenders. In a month where the overall volume of loan applications increased by 4.3%, my company's Biz2Credit Small Business Lending Index, a monthly analysis of 1,000 loan applications, revealed that approval rates increased at small banks and alternative lenders, but big banks and credit union approvals dropped in August 2012.

lending down up

Big banks ($10B+ in assets) granted 10.9% of funding requests last month - a drop from 11.3% in July. This is a setback, as big banks had experienced an upswing in approvals during both June and July.

The issue with big banks is a combination of global credit issues and regulatory pressure to keep their underwriting standards tight so that they can meet their underlying capital ratios. It's no wonder why small business owners are frustrated.

In fact, according to a recent Wall Street Journal story, ”Footnote to Financial Crisis: More People Shun the Bank” by Gary Fields and Maya Jackson-Randall, middle class Americans are avoiding banks in the aftermath of the financial crisis.

However, small bank lending approvals jumped to 47.8% in August, up from 47.4% in July. The figure represents the highest approval rating percentage for small banks since we began the Index in 2011. The SBA lending program being pushed by small banks has increased their approval rates.

The loan approvals by credit unions dipped for a third consecutive month in August to 52.9%, the lowest percentage since June 2011. The slowdown in loan approval is partially caused by the 12.25% MBL ceiling, as well as sluggishness in credit unions' willingness to book new business.

Meanwhile, alternative lenders â€" accounts receivable financers, merchant cash advance lenders, Community Development Financial Institutions (CDFI), micro lenders, and others â€" rose. In August 2012, alternative lenders approved 64.5% of loan requests, up from 64.1% in July and 6.5% higher than August 2011 approvals.

Alternative lenders recorded their highest approval rates since we began measuring the category. They are offering new products at cheaper pricing, which has helped to increase lending.

Month            Big Bank %      Small Bank %      Credit Union %        Alternative Lender %

Aug. 2011:         9.4%                43.8%                  54.2%                           58.0%
Sept. 2011         9.2%                45.1%                  55.5%                           61.5%
Oct. 2011:          9.3%                46.3%                  56.6%                           61.8%
Nov. 2011:        10.0%               47.0%                  57.0%                           62.0%
Dec. 2011:         9.7%                47.1%                  57.4%                           62.2%

Jan. 2012:         11.7%               47.5%                  57.6%                           62.4%
Feb. 2012:         11.7%               47.6%                  57.8%                          62.5%
Mar. 2012:        10.9%                47.6%                  57.9%                          63.0%
Apr. 2012:         10.6%               45.9%                  57.4%                           63.0%
May 2012:         10.2%               45.5%                  57.6%                           63.2%
Jun. 2012:         11.1%               47.5%                  55.8%                           62.9%
Jul. 2012:          11.3%               47.4%                  54.6%                           64.1%
Aug. 2012:         10.9%               47.8%                  52.9%                           64.5%

* Banks with more than $10 billion in assets are classified as “big banks.”
* Banks with less than $10 billion in assets are classified as “small banks.”
* Credit Unions are considered a category in the Biz2Credit Small Biz Lending Index.
* “Alternative lenders” include accounts receivable financers, merchant cash advance lenders, Community Development Financial Institutions (CDFI), micro lenders, and others.

As the Presidential election draws near, both parties will be looking at unemployment figures and small business growth as key issues. Mitt Romney and President Obama both want to be seen as the best person to help small businesses expand.

Many businesses have begun seeking short-term working capital to prepare for the upcoming holiday season. Of late, the best places to get it were small banks and alternative lenders.

Down Up Photo via Shutterstock




Survey Says…Do Not Ignore The Power of Social Media!

According to a new survey by Vocus and Duct Tape Marketing, if you're not spending anything on social media then you could definitely be missing out!

About a third of your peers are spending $845 a month on software tools to help them manage their social media exposure. This might not sound like a lot, but consider that another third of your peers are spending more than $1,000 on it. Of the remaining percentage, a large portion of them use consultants to aid in their efforts or simply make it the mission of their marketing employees to handle.

One of the biggest perceptions that the survey recognized needs to be overcome is in the fact that social media is “free.” It is, of course, nothing of the kind. Even time spent by current employees or owners of a small business adds up to an extent, regardless of whether or not you actually buy software to help you measure your impact. I've reported on several possibilities before, many of which are free to start with, that can help you keep this cost at a reasonable level.

Another interesting point of this survey is that Facebook should not be the only social media considered for investment. While certainly Facebook has arguably the lion's share of this market, Google+ is not far behind; 44% of your peers currently use it and more intend to use it in the near future.

John Jantsch of Duct Tape Marketing stated he has been “noticing more and more [that] there's finally this acceptance that social media not only isn't going away, it's an essential element of the marketing mix and the real challenge now is to figure out how to integrate it.”

Indeed, the survey found that only 10% of those surveyed found that their social media efforts had no effect, so most small businesses are not only embracing it but finding it effective; 87% reported that it has been ‘somewhat helpful' or has ‘helped a great deal.' And as I've always said in my social media articles, even a little is better than nothing.

Ignoring the efforts of your competitors in this realm is something to be done at your risk. 77% of surveyed small businesses said that social media makes up 25% or more of their marketing efforts, 73% have already added social media to the duties of their marketing personnel, and 84% intend to increase their usage of it in the future.

Check out the entire survey below:

 

Instead of a bandwagon fad, social media's promotion of business has been proven to not just be effective, but more importantly, your peers think it is. I'm not arguing that you should do what everyone else does just because they're doing it â€" you should do it so you don't get left behind and lose out to a competitor who has already opened up to it.



Good for Enterprise

Mobile device security vendor Good Technology, which Gartner Research placed in the 'leaders quadrant' in its annual MDM Magic Quadrant report this year, enables consumers and enterprise users to say good riddance to the security problems surrounding today's multitude of mobile devices - a problem that only seems to be growing as more and more end-users bring iPhones, Andriod devices, iPads and countless other handhelds into the workplace.

The company takes a multi-pronged approach to handling the security problem introduced by the typical mobile device. It has developed a browser-accessible management platform that integrates several must-have capabilities into a unified solution.

We were able to test the aptly named Good for Enterprise with several mobile devices, including an iPad, a Windows phone and an Android smartphone. The product is based on a browser console that offers a single-pane-of-glass view of its capabilities.

From the outset, we liked the simplicity of the management console, which starts by offering a home screen with tabs to access devices, policies, reports and so on. The easy-to-navigate console offers a view that quickly gives counts on the types of devices, the OS in use and, most importantly, a problem count, which at a glance, gives a good indication of anything that needs immediate attention.

However, if you like fancy graphs, alerts and a more visual approach to relaying information, you may find its mobile control console a bit of a throwback to pre-Web 2.0 times. The product uses a client/server approach - in that the mobile device acts like a client that accesses or creates data, with Good for Enterprise working as the server, controlling policies, access and roles.

That brings up an important point - how Good for Enterprise actually works. The product installs a small piece of client software on the mobile device, which gives management capabilities to the administrator. The client application can be pushed down to the device in a number of ways, dependent on the platform - where an iOS device would use Apple's App Store for installation, a Windows 7.5 mobile device could download the app via an email. It all comes down to the device being used.

We were impressed with its level of control and management options, which can do almost anything with a member mobile device. Those functions include the ability to encrypt data, validate applications, track device use, require extensive authentication and remotely lock/wipe a device.

However, the best part about Good for Enterprise is how easy it makes all of these functions, while still offering auditable controls that can meet compliance and data governance needs. It all comes down to being able to control mobile devices, who uses them and what data can be accessed by them. With that level of control, deployment of a BYOD policy and mobile applications can become a reality.

Good for Enterprise is priced at c£957 for a one-time server access licence and c£101 per device for a one-time client access licence. Basic support costs c£12 per device per year plus c£287 per server per year. Advanced 24/7 support is c£16 per device per year plus c£287 per server per year. We think this is good value.

Peter Stephenson



Protect On Q v2.7

Protect On Q (POQ) v2.7 from Quarri Technologies is a security software solution that empowers organisations to protect browser-delivered content from compromise on the endpoint.

POQ enables IT professionals to deliver and enforce secure web sessions on-demand that prevent the unauthorised use and replication of confidential data while it is in transport and use. The solution works by protecting web sessions from pre-authentication to logout, with minimal installation requirements and without leaving installed software behind on the accessing device.

The POQ-hardened browser shields sensitive data from keyloggers, frame grabbers, session hijackers, cache miners and other malware, while blocking inbound attacks as well. POQ also enables organisations to enforce security policies that prevent end-users from copying, saving, printing or screen-capturing browser-delivered data, including from browser-launched processes such as Adobe Reader, Microsoft Office and ZIP files.

POQ is delivered on-the-fly when end-users log in, ensuring privacy by encrypting session data, including cached files, cookies, password store and history. All session data is overwritten and deleted at the end of the session. What's more, POQ also protects against session hijacking by controlling all browser networking.

Before installation of the POQ application, Java and Apache Tomcat (or another Java servlet container) must be installed and operating. The manager installs into Tomcat 6+ or other servlet engines with Java 6+. The server also installs into Tomcat 6+ or other servlet engines with Java 6+. After Java and Tomcat are installed, the POQ server and manager installation is fairly straightforward. One downloads and copies the WAR files into the Tomcat web apps directory, restarts and then accesses the console via a browser through the local host address.

The first thing one sees in the console is the policy screen. Administrators use the policy manager to create policies and set the default protections through the security settings that control how POQ will handle - and prevent - malware.

POQ enables organisations to define security policies that deliver application-specific settings that are packaged with the binary Enforcer components. The provisioning server can be the web application server or a remote standalone server.

POQ enforces security only in the protected session. No other browser instances or applications are affected. POQ integrates directly with web servers or with popular web gateway frontends.

The product can be configured to either be optional (the end-user clicks a link on a web page to start the protected session) or required (the end-user must be running a POQ browser in order to access the web resources).

Documentation is good and helped us through the install and configuration activities.

Peter Stephenson



Enterprise Security for Endpoints

Trend Micro's Enterprise Security for Endpoints is a centrally managed security suite for desktops, laptops and mobile devices.

We were provided with a download for OfficeScan 10.6, Control Manager 6 and some plug-in licences for intrusion defence firewall and integrated DLP. Trend Micro Control Manager 6 provides central threat and DLP policy management across layers of the IT infrastructure. Trend Micro OfficeScan protects enterprise networks from malware, network viruses, web-based threats, spyware and mixed threat attacks. An integrated solution, OfficeScan consists of a client program that resides at the endpoint and a server program that manages all clients. The client guards the endpoint and reports its security status to the server. The server, through the web-based management console, makes it easy to set coordinated security policies and deploy updates to every client.

The requirements for the OfficeScan Server are Windows 2003 SP2 or later. However, there are a few caveats. OfficeScan requires IIS or Apache web server, and Control Manager used our MS SQL instance to install its database. We had some issues getting OfficeScan and Control Manager running on the same server (Trend Micro does not recommend installing Control Manager and OfficeScan 10.6 on the same box. Instead, it was highly recommended to install them on separate machines). After several attempts, we did get both packages to load. We launched the OfficeScan web portal. Once in, we downloaded and installed the two plug-ins mentioned above.

Enterprise Security for Endpoints includes multiple, purpose-built components. OfficeScan provides real-time protection against the latest viruses and Trojans and web-based threats. It uses cloud-based threat intelligence and integrated optional DLP. Intrusion Defense Firewall, a plug-in for OfficeScan, provides network-level, strong endpoint protection by supplementing highly effective OfficeScan client-level security with proactive virtual patching.

The data protection module provides digital asset control and expands the range of devices monitored by device control. The DLP plug-in for OfficeScan includes predefined policy templates, multi-channel content filtering and granular device control. All of these solutions can be integrated through the OfficeScan Manager framework, which uses a plug-in architecture to permit easy integration of components to tailor the protection capabilities to the customer's needs.

The user interface was intuitive and we had no problem adding modules, setting policies and reviewing results. Customers can find endpoints through a scan tool. Reporting was good and offered numerous standard accounts. There was a high-level dashboard summary of key client information and threats.

Standard one-year support is the usual eight-hours-a-day/five-days-a-week package. Ongoing renewal is usually 40 per cent of the first year's price and 30 per cent thereafter. Support is available 24/7 for an extra c£5-c£7 per user.

Documentation was complete and we did need to use it to deploy and configure the software.

The price for Enterprise Security for Endpoints varies depending on the number of users, but is around c£25 per user for 251 users, including that one year of standard support.

Peter Stephenson



Bit9 Parity Suite v6.0.2

Bit9 Parity is a policy-driven whitelisting solution for managing the applications and devices that can run on Windows computers.

Parity provides the ability to track the propagation of software in an environment, generate audit trails of portable storage activity and control the software and devices used on computers, including blocking modern malware, targeted attacks, installation of unauthorised software and execution of files from unauthorised devices.

Parity Server Software installs on Windows Server 2003 Standard or later. Administrators need to have Internet Information Services and .NET installed on the server and have SQL Server on the server or remote prior to loading the application. SQL Server 2005/2005 Express and SQL Server 2005/2008 are supported. The install was wizard-driven and straightforward. Once installed, the server console is accessed via any web browser.

Parity uses an agent-based approach for client management. Client stations download the agent from the server. Computers are not imported, they are discovered once the client is loaded. Although computers are not discovered via Active Directory (AD), they can be mapped to Parity policies via AD policies. Once installed, administrators can gather a file inventory from the endpoints.

Bit9 Parity provides an in-the-cloud, software-reputation service that assigns a trust rating to all software to identify computers at risk with embedded malware. It also provides policy-based controls that ensure only trusted software, portable storage devices and configuration changes are made to the endpoint.

The package includes application control and whitelisting, device control, file integrity monitoring, registry protection, memory protection, operating system integrity protection, trust-based software reputation and cloud-based policies. Administrators approve new applications or patches using the methods that best suit them.

Parity features several automatic approval methods (trusted directories, approved publishers, trusted users and enabled updaters) that make it simple to approve new software without having to do it file by file.

The user interface is easy to navigate. The home page is dashboard-driven and users have a lot of flexibility to customise portlets. Administrators can display any of the Parity summary information or even link a portlet to an outside URL for additional data. Reporting was light, but again, clients can add what they want. There was one feature that we found particularly useful: a baseline drift report.

Standard support is available at 20 per cent of the purchase price, while 24/7 support costs 25 per cent of the purchase price. The documentation is well done and easy to follow.

Peter Stephenson



Company Use of Twitter Is Significantly Increasing

When you launch a business, you invest in a branding package â€" the logo, website, cards, marketing materials, create a sales strategy and a marketing plan.  In addition, it's really smart and important to join some local and national professional organizations and blend your online and in person worlds.

Twitter

Your personal and business brand represents who you are, what you do and whom you serve. Your branding is everything you do to get yourself out there. So are you taking Twitter seriously as an integral part of your social media mix?

Reports Marketing Charts:

“Twitter is an important social media business tool. Not only do 84% of respondents say their company's use of Twitter will increase, 46% say it will do so by a significant margin.”

Social Media Examiner, reports 88% of marketers believe their social media efforts have generated more exposure for their businesses, and Twitter is leading this charge:

 ”140 characters and 2.7 seconds” to get attention have forced us all to be really focused on a clear, concise, succinct message.”

Twitter is about attracting the right followers.  Followers who have a commonality, mutuality and are active with each other. Smaller more homogeneous, engaged tribes are more effective with Twitter.

The amazing thing about Twitter is it has become the go to, immediate, real time source of news, information and announcements for just about anything you can image from storms, deaths, politics and disasters that most of the major media sources get their information from.

Considering how many social networking and marketing choices have emerged and died off the past five years, Twitter is still serious, strong, vibrant and relevant.

The Pew Report on Marketing Charts reports:

  • The percentage using the site on a typical day doubled according to the May 2012 report.
  • African-Americans, youth over-index in usage.
  • Youth show most rapid growth demonstrated by 18-24 year-olds.
  • Smartphone users are more likely to tweet.

So, how do we convert the “I just don't get Twitter” and “I don't have time for it” folks into to users and believers? 

Here are 8 great ways to use Twitter to build brand, reach and  engagement:

1)       Link to great information that aligns you with the industry you represent.

2)      Promote your blog posts, video, podcasts, email marketing.

3)      Meet key people in your industry and connect them to others in your tribe.

4)      Promote key people in your networks.

5)      Retweet information that shows your support of others and that gets you noticed.

6)      Use Twitter #Hashtags to niche specific target topics, people, industries and conversations.

7)      Use Twitter to show your fun side and personality.

8)      Use Twitter to create immediacy and urgency.

Check out 100 ways to use Twitter for job search and 16 creative ways to use Twitter for business.  If you are already using Twitter and need a boost, consider a Twitter facelift or learn from others with 137 Twitter tips for small business (PDF) and 7 terrific twitter tips to use today.

Nike has it right when they say “Just do it” and Harley Davidson too, when it says, “Screw it, let's ride.”

Twitter Photo via Shutterstock




3D Printing: Just a Hobby or Real Value For Your Small Business

If you've seen any demonstrations of 3D printing, you've probably noticed that there are some small fluctuations in the final material that might not make these printers a plausible solution for making parts for products. Most printers on the market are for hobbyists who want to make quick fixes for broken pieces or creative and artistic products.

For enterprises, printers that can print detailed accurate models with moving parts are still inaccessible for the lowest rungs on the ladder. But that's not a reason to feel discouraged. These printers will eventually become more affordable as time goes by, such as the ZPrinter 250. This printer, for example, has a price tag of around 25 thousand dollars, and similar printers are expected to be cheaper as competitive offers arise. For nearly 10 thousand dollars less, you can get the monochrome ZPrinter 150.

Here's a good scenario to describe the importance of 3D printers in the small business scheme: Let's say you rely on a third party to provide you with some of your own custom products that you came up with ideas for. This kind of reliance can be a wonderful relationship, but it's not doing much for you if you have to keep paying extra for what went into the actual production phase. A 3D printer can help you mitigate this and create your own products out of powder and binding agents. What comes out is a very solid and sturdy object that looks exactly like your product. Some professional printers even create gaps to account for moving parts. ZPrinters recycle any powder that you never used, adding to the savings you make out of printing such objects.

Right now, 3D printing â€" even on professional printers, is very slow and expensive. But the industry has been making clear strides forward in these departments. Soon enough, we'll see printers that can make entire sets of solid plastic cups within a half hour that cost under $10,000. Printers like the ZPrinter are just the first step. These 3D printers are the pioneers in an era of new solutions that will help small businesses get ahead when they can't afford their own factories. Just imagine having something that can print anything, even prosthetic limbs!Optimized with InboundWriter



Small Businesses Get Nearly Half of Traffic from Social Media

A study conducted by Northwestern professor Rich Gordon and Syndio Social CEO Zachary Johnson sought out to understand how sites, large and small, are connected on the Web. To get their answer they examined links between more than 300 Chicago based news sites and looked at analytics data and referral sources for 100 of them.

The findings were recently published [PDF] and, while meaty at times, it provides a great read. There are a number of important takeaways here for small business owners and some big lessons about why social media may be critical to the success of your SMB site.

social networking

Some of the highlights from the study:

1. Smaller Sites Rely on Traffic From the Local Ecosystem More Than Larger Sites

Part of what the study sought to accomplish was to understand how sites fit into the larger local ecosystem of the Web. For example, do sites owned and operated by the same organization tend to link to one another more than they do outsider sites? If yes, what percentage of their traffic do those links make up?

Perhaps not surprisingly, the data shows that the share of traffic that smaller sites receive from other ecosystem sites (related niche sites) is more than 11 times as great as that of larger sites. Obviously this is partly due to larger sites seeing a greater number of traffic overall, but it also stresses how important it is for SMBs to become part of their local community. If you want to grow an audience in your town, you need to become part of that town's online ecosystem and to contribute.

For small business owners, this means partnering with other local companies when you can to form those relationships, looking for opportunities to get involved in your community, and forming links (relationship links, not Web links) between you and the organizations around you. Host events together, throw a block party â€" just let people know you exist and your part of the community.

2. Social Media Sites, Especially Facebook, are Critical for Driving Traffic

Here's a data point to take to your boss: According to the study, Facebook and Twitter drive more than half of all referred visits for small business sites, three times the percentage of larger sites. Facebook, specifically, was shown to be extremely important to smaller sites.

If you're a small business owner still weighing whether or not you should get involved in social media, that's huge. Again, it's also a testament to the power of getting involved in your local community, online and off. If you're taking the time to engage people on Facebook and to create content that is valuable and relevant to their needs, you have a great opportunity to significantly increase the traffic to your Web site, even more than a site much larger than you.

As a SMB, if you've ever taken a look at your Web analytics, you've probably already noticed that social sites like Facebook, Twitter and Yelp are your top referrers. That's not an accident.

3. To Get Links and Traffic, You Have to Drive Links and Traffic

Link out! Send traffic to other websites. Don't try and trap everyone on your own site, in fear they may not come back to visit you again. Those of us who spend time in the SEO world, have long known this to be true, but it's something small business owners still struggle with. However, the data shows, the more you link to other sites, the more they're inclined to link to you. It all goes back to building those all-important relationships. You have to give it to get it. And the smaller and niche you, the more this applies.

The takeaways here for small business owners are clear:

  • Share local content.
  • Emphasis social media.
  • Send traffic and links to others in your online community.

No business is an island. To be successful you need to be social and support those around you.

If you have time, I recommend reading the complete Linking Audiences to News II [PDF] survey. It's one of the most interesting reads I've caught in helping us all understand the different roles we all play in the Web ecosystem.

Social Network Photo via Shutterstock




Zero-day in Internet Explorer causes Microsoft to issue advisory

Warnings have been made about a zero-day vulnerability in Internet Explorer.

It was discovered by security researcher Eric Romang when he found a '/public/help' folder on one of the Nitro servers where four files were hosted and in tests they dropped files including an executable, SWF file and two HTML files.

Romang said that 'exploit.html' is recognised as a HTML file, while 'Moh2010.swf' is recognised as a Macromedia Flash Player movie, and neither are detected as malicious by any anti-virus software.

Romang said: “The guys who developed this new zero-day were not happy to have been [caught], they just removed all the files from the source server two days after my discovery. But also more interesting they also removed a Java zero-day variant from other folders.”

Symantec's Lionel Payet said: “We have confirmed this vulnerability affects versions 9, 8, and 7 of the Internet Explorer browser. Microsoft has not yet confirmed and released an official statement about this vulnerability.”

Wolfgang Kandek, CTO of Qualys, said: “Analysis of the exploit file shows that it uses Adobe Flash to set up the necessary environment. A Metasploit module for the exploit was released today, allowing one to test the exploit. We expect the exploit to be integrated in all major attack frameworks soon.”

Metasploit project owner Rapid7 said that Microsoft has not yet released a patch for this vulnerability and advised internet users to switch to other browsers until a security update becomes available.

Rapid8 researcher 'sinn3r' wrote on the firm's blog: “The exploit had already been used by malicious attackers in the wild before it was published in Metasploit. The associated vulnerability puts about 41 per cent of internet users in North America and 32 per cent worldwide at risk. We have added the zero-day exploit module to Metasploit to give the security community a way to test if their systems are vulnerable and to develop countermeasures.”

Yunsun Wee, director of the Microsoft Trustworthy Computing Group, said that the company was releasing Security Advisory 2757760 to address the issue, but also pointed out that Internet Explorer 10 is not affected.

“We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue,” Wee said.

Microsoft recommends deploying the Enhanced Mitigation Experience Toolkit (EMET) to help prevent exploitation by providing mitigations to help protect against this issue, to set internet and local intranet security zone settings to 'high' to block ActiveX Controls and Active Scripting in these zones and configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the internet and local intranet security zones.

Wee said: “Deploying EMET will help to prevent a malicious website from successfully exploiting the issue described in Security Advisory 2757760. EMET in action is unobtrusive and should not affect customers' web browsing experience.”



Flame-related malware is still in the wild

One of three newly detected strains of malware, linked to the authors of Flame, is already operating in the wild, according to new research on the cyber espionage campaign.

Recent findings also date the development of Flame's command-and-control platform as far back as December 2006.

Flame, which targeted victims primarily in Iran, is thought to be created by a nation-state, due to the resources needed for the large-scale, sophisticated attacks. Reports by researchers at Kaspersky Lab and Symantec found that one Flame server that was set up in March had collected nearly 6GB from infected computers in a week's time.

Kaspersky Lab found that there were files stolen from more than 5,000 machines, bringing the estimated count of Flame victims to more than 10,000. Researchers were able to measure the amount of stolen files due to a mistake by the attackers, in which they left behind files that would have normally been deleted.

“On one of the servers, the attackers forgot to delete the HTTP logs. This allowed us to get an idea of how many victims connected to the server,” it said.

The information gathered during the week between 25th March and 2nd April showed that of the 5,377 unique IPs that connected to the server, around 4,000 infected machines were in Iran, while 1,280 were in Sudan.

“Our previous statistics did not show a large number of infections in Sudan, so this must have been a dedicated campaign targeting systems in Iran and Sudan,” Kaspersky researchers said.

The owners also developed a web application, called 'Newsforyou', that was disguised to be undetected and to communicate with the infected machines.

Symantec's analysis said: “The application is designed to resemble a simple news [or] blog. This approach may serve to disguise the true nature of the application from any automation or casual inspection.”

The three strains of malware were named, 'IP', 'SP' and 'SPE', with the latter being the name of the Flame-related malware currently in the wild. Researchers have yet to discover what the malware is capable of doing to infected machines.

Kaspersky Lab said: “Based on the code from the server, we know Flame was a project from a list of at least four.” The purpose and nature of the other three malicious programs remain unknown.

Alexander Gostev, chief security expert at Kaspersky Lab, said: “It was problematic for us to estimate the amount of data stolen by Flame, even after the analysis of its command and control (C&C) servers. Flame's creators are good at covering their tracks. This is certainly an example of cyber espionage conducted on a massive scale.” 



Application security causes breaches and internal arguments

Web application security breaches often cause internal strife between security and development teams.

According to a report by Coverity and Forrester, the security department blames the developers team for lacking expertise, while the developers complain that the security staff expect too much from them. The study found that web application security incidents have become increasingly common and expensive, with 51 per cent of the 240 respondents experiencing at least one breach in the last 18 months.

At the same time, the study found that the majority of companies have yet to implement secure development practices, most often citing time-to-market pressures, funding and the lack of appropriate technologies suitable for use during development as their primary roadblocks.

Of the respondents, 71 per cent said that they lack the right security technologies suitable for development, or that security processes cannot scale with the volume of code they produce (79 per cent). Almost threequarters (71 per cent) said that they lack the funding to invest in security.

The study also found that 42 per cent of respondents follow secure coding guidelines, 17 per cent test during the development cycle and more than half do not audit their code before integration testing.

Jennifer Johnson, VP of marketing at Coverity, said: “It's clear that security practitioners and developers aren't speaking the same language when it comes to application security, and this is leading to very costly consequences for companies.

“Application security begins and ends with development. Developers need to be part of the solution but the industry won't solve the problem until security is incorporated into the development process with technologies and processes that developers can understand and adopt. Force-feeding development with legacy tools built for security teams just isn't working.”



Google Purchase Competes with Instagram

Here's another snapshot of the ongoing rivalry between Google and social media giant Facebook. Picture this: As we reported earlier, Facebook purchased Instagram, the photo sharing social app. Not to be outdone, Google has snapped up Nik Software, maker of photo editing and sharing app Snapseed. Businesses of all kinds must do the same. Embrace innovation to keep up with your competitors. In a race to compete for customers, don't let the result be a photo finish.

You're on Candid Camera

Picturing the future. Google's acquisition of Nik Software says it all. A week after Facebook's purchase of Instagram was finalized, Google announced bringing the San Diego-based Nik Software into the fold. The company's app lets users edit photos, add filters, and share the finished product on Facebook, Flickr, Twitter, and through e-mail. Sound familiar? PC Mag

Innovation at the Speed of Awesome

Bringing it all back home. From its inception, Google has used acquisitions of smaller tech startups and even larger established companies like Motorola to fuel its vision. Whatever the company cannot find within itself, it looks elsewhere to acquire. Sometimes innovation is simply a matter of finding new partners. The Verge

Fighting for independence. Amazon is innovating in a very different way, trying to develop its own online maps independent of Google. This isn't the first time the online retailing giant has gone head to head with other tech companies. Its series of e-readers represents an entrance into the tablet market, showing the effort to compete through innovation is live and well. Engadget

It's Your Turn, Small Business

Looking for approval. Over the last few weeks, Jakarta-based entrepreneur Ivan Widjaya has been rethinking his flagship site, founded back in 2008. Among other problems Widjaya recognized is that his contributors, while numerous and diverse, have not always been of the quality and credentials he might have hoped. Changing this will take his business to the next level. Noobpreneur

Counting up the calories. Fast food giant McDonald's may not be a small business, but the thousands of franchise owners who operate McDonald's restaurants across the U.S. sure are. Franchise expert Joel Libava reports that soon these restaurant owners will display calorie information on all restaurant and drive-thru menus nationwide in response to a more health conscious market. The Franchise King

Moving on to mobile. Online businesses that once worried about traditional search engine optimization have been hit with what may be the greatest shift since online marketing, the mobile revolution. But how different is creating a smartphone-optimized Website, and what changes do you need to be sure your Website is ready? Marketing consultant Jacob Dawson takes you through the steps to better mobile SEO. iBlogZone

Building up your sales team. If you're worried your sales team isn't up to the challenge of a changing business to business marketplace, you may be correct. It turns out many of the old sales techniques won't work in an era where smoothing out the buying process is the priority. It's time for successful sales people to focus on a new approach. ASG Group



Subscribe to: Posts (Atom)