US-CERT warns of Adobe Shockwave Player threat

A poorly implemented feature in Adobe Shockwave Player could potentially let attackers upload vulnerable files into the browser plugin, exposing users to drive-by attacks and other problems, according to a warning issued by the US-CERT.

We are not aware of any active exploits or attacks in the wild using this particular technique.

Adobe Systems Inc.

The US-CERT said the weakness are contained in file packages commonly used to extend the functionality of the Shockwave Player called Xtras. The files are stored in the Shockwave movie itself, enabling an attacker to host old, vulnerable Xtras that can be installed and exploited automatically when a Shockwave movie is played, according to the advisory issued on Monday.

"If the Xtra is signed by Adobe or Macromedia, it will be installed automatically without any user interaction," The US-CERT warned.

The longstanding issue was brought to Adobe's attention in 2010, according to the advisory. It impacts users of the "Slim" version of Shockwave Player running on Mozilla Firefox and Internet Explorer.

The attack is fairly simple to carry out, though there have been no reports of it being actively used by cybercriminals. An attacker could convince a user to view malicious Shockwave content and then execute malicious code with the privileges of the user.  

Adobe acknowledged the issue and said its engineering team plans to release an update in February fixing the problem.

"Adobe is working on addressing this issue in the next major release of Adobe Shockwave Player," the company said. "We are not aware of any active exploits or attacks in the wild using this particular technique."

The US-CERT said until an update is issued there is no practical solution available.

It said individuals and organizations can take steps to mitigate the threat by restricting the handling of untrusted Director content may help mitigate the flaw. Other workarounds include using browser plugins, such as NoScript and whitelisting only trusted websites that run Shockwave Player in Mozilla browsers. Enterprises can also disable Shockwave Player ActiveX control in Internet Explorer to mitigate the threat, though it could cause some problems in Web pages.  

Windows users can add further protections by enabling data execution prevention (DEP), which can restrict the execution of code, making it harder for cybercriminals to target the flaw.




Make a Stand With Your Brand for 2013

Here we are in the most fun, festive and social time of the year with the perfect setting to take yourself out there and show yourself off more.  It's time to make a stand with your brand and put your stake in the space to build out your tribe and community.

We've worked diligently to differentiate ourselves, establish our credibility, then build community through face to face networking and online marketing communications.

It takes a relentless commitment, as well as diligence and it's always a work in progress.

We've reviewed and asked ourselves:

  • Is my brand clear, current and fresh about who I am and what I do?
  • Am I active in the industries I want to be known for?
  • How can I market myself and my business better?
  • How can I retain my current customers and find new ones?

Take yourself out there and show yourself off more now and in 2013:

Make a stand with your brand
and put your stake in the space,
to build out your tribe and community.

Take it, coast to coast and host to host,
Face to face, and in the online space.

You blog it and podcast, we link up, then shrink it.
We slideshare and Tweet up, I host it, you post it.

You ping me and pin me, we Flickr and digg it,
We circle and email, and post it with widgets.

We'll meet up at meet-ups and conferences too,
I'll go face to face and in person with you.

Post a cool avatar and like what I say,
Hangout with a Flash Mob on #followfriday.

Dm me, IM me, chat with me on Skype.
Whatever it takes, to go viral and get hype.

Instagram your photos,
Reviews on Yelp,
#Hashtag your comments,
Go to Wiki for Help.

Make a stand with your brand,
and put your stake in the space,
to build out your tribe and community.

Make a stand with your brand,
for everyone to see,
and please don't forget to G
oogle Me!

Wasn't that fun?

Don't get overwhelmed trying to use all of these nifty tools all at the same time. Use the ones that are best for you and your business, and have fun doing it. Here's a glossary of 120 social media terms to help you in the 21st century.

How will you make a stand with your brand in 2013?




Ready To Rent All Your Software, Including Your Windows Desktop?

Online applications are not new â€" you probably use Google Apps, Office 365 and a host of other online services. What about Windows, Microsoft Office and other software.

In a new stab at an old industry (hosted desktop virtualization), Nivio recently launched to provide an all in one suite of software services to small businesses.

For $35 per year you get online storage (no need for Dropbox), Microsoft Office (no need to install it on each computer) and more.

Nivio has only been around since 2012 and I'm not a fan of you putting your entire infrastructure with a brand new company â€" but hey â€" maybe this is for you â€" especially if you're tired of maintaining your security, online and installed software.

Here's some Nivio features:

  • Create virtual Windows desktops on-demand as businesses add users.
  • Windows with Microsoft Office, Word, Excel, PowerPoint and more on nearly any device via a downloaded application (for iOS, Android, PCs, and Mac), or via the Nivio HTML 5 web interface.
  • Rent software, including Microsoft Office, for low monthly fees. Rent it by the month only when it is needed. All software provisioned within Nivio is fully licensed with all updates and maintenance managed are covered.
  • Manage accounts with the administrative control panel interface. Create new desktops, provision software, manage storage and permissions, monitor usage, and run reports.
  • Built-in networked storage via the company share virtual file server. Store and share files, set access permissions, and add storage as your business grows.
  • Share files via nDrive, our built-in file sharing and storage functionality which synchronizes files across devices, and makes sharing and collaborating easy.
  • Nivio customer support is available around the clock to all customers at no added cost.
  • Data, files, and activities are protected against viruses, malware and security breaches, so staff can access data anywhere with confidence.


Four Tips For Retailers On Credit Card Security: A Reminder

Retailers who accept credit cards, but retailers and small retailers, have a huge risk of accepting stolen credit cards and not being paid for the goods they sell. It's a tough business.

Don't let thieves use your retail establishment as the center of their operations. Here's four quick tips from Sage Payment Solutions to give you some guidance from Rob Bertke, senior vice president of research & development

If the Whos Had Been PCI Compliant, The Grinch Wouldn't Have Stolen Anything â€" It's vital as well as required that any business accepting credit or debit cards is Payment Card Industry (PCI) compliant. A very easy way to lose customers is to allow their payment information to be pilfered when shopping at your store or your online website. Maintaining PCI compliance helps plug security holes, plus serves to significantly dampen the effects of a breach.

Your Holiday Cards Don't Need Encryption, But Your Payment Information Does- Whether your organization is PCI-compliant or not â€" and hopefully it is - fully encrypting all points of payment is paramount to keeping vital company and customer information from being hacked. End-to-end encryption is the technical term for this practice, and it essentially boils down to scrambling the data sent from one device to another. A company's mobile payment devices, credit card terminals, software applications, and online payment portals need built-in encryption functionality when transmitting customer information.

You Should Take In All the Holidays Have to Offer - Scammers frequently attempt to tamper with an organization's credit card terminals in an effort to steal credit card information, often with a small piece of hardware attached to the actual terminal. Alert your employees to this possibility, and remind them to conduct regular visual assessments of all payment processing equipment. While these information-stealing devices can be concealed to look like a piece of the credit card terminal, attentive employees should be able to easily identify extraneous equipment.

Santa Isn't the Only One Checking a List - Unfortunately, even with the best payment processing security, a breach can still happen. So, you should keep meticulous credit card sales records. If an issue does arise, it's essential you have a means of retracing your steps in order to determine where the breach occurred, as well as to prevent any further theft. Not only will the ability to work backwards to determine the source of the breach allow your organization to plug any security holes and abate the possibility of additional customer information becoming exposed, but it can also often lead straight to the credit card fraudster.



Secure mobile solution launched by Anvil Mobile for iOS and Android

Anvil Mobile has launched a hybrid service that aims to encrypt mobile voice calls and protect incoming calls from local interception.

Its Secure Mobile service ensures call privacy and security across any mobile or wireless network when made to another mobile or landline number, it said. It runs on any smartphone with Android 2.3 or later, and on iOS 4, 5 or 6 and communications are protected with advanced 256-bit AES encryption.

Ian Philip, CEO at Anvil Mobile, said that to make a secure call, the user selects the icon from the phone screen or it can be set as the default so that all calls are made securely. “Whether it is to compromise intellectual property, overhear details of mergers and acquisitions or listen into the private conversations of celebrities, politicians or business leaders, it is simple and inexpensive to set up a rogue base station to intercept and record calls,” he said.

“The only sure way to avoid the risk of being listened to is by encrypting the calls; but until now that has meant both parties needed to have special software on matching secure mobile phones. Secure Mobile overcomes this limitation with any call to and from any number being locally secure. Voice interception is not an ‘if', it is a ‘when, where and by who'."



CNS rebrands and announces integration of new services

IT security and networking consultancy CNS has reorganised its business to include information assurance and security and infrastructure solutions and services.

Now named CNS Group, it includes expertise from its CNS Hut3 and CNS Mosaic divisions. According to the company, together they will offer a focused, dedicated and responsive service to their clients.

Group chairman Kevin Dowd said: “The security and networking sector has changed in the 12 years we've been in business in the UK and our offering has grown in response to that; reflecting the dramatic changes in the threat landscape, the increasing need for advanced connectivity, the rise of advanced persistent threats and the impact of tighter governance.”

Jason Moody, CNS Group CEO, said: “CNS has some of the sharpest minds in the industry working together. Whether they are consultants, architects, engineers, managers or our dedicated back office staff, they all bring excellence and expertise to the table.

“The new structure means our clients can benefit from our experience and full range of specialist products and services, they can be sure their business data is protected and secure, leaving them to focus on other business priorities. The group's clear mission statement is to save our client's time, worry and expense by remaining at their side; helping them to build, manage and continually improve their IT business systems with confidence.”



Blue Coat to acquire Crossbeam Systems

Blue Coat is set to acquire network security vendor Crossbeam Systems.

Combining cloud-based web security with scalable network security, Blue Coat said that the acquisition will lay the foundations for a broader strategy to transform the way businesses secure and optimise their networks.

The deal is expected to close on 31st December 2012, and will see Blue Coat, who were purchased by investment firm Thoma Bravo 12 months ago, combine the Crossbeam X-Series portfolio with its Unified Security solution.

Greg Clark, chief executive officer at Blue Coat, said: “Our service provider and enterprise customers are excited we are bringing together two complementary technologies. With Crossbeam, Blue Coat gains a best-in-class support infrastructure and a high performing platform that scales to meet the needs of even the most complex enterprise IT environments.”

Christian Christiansen, IDC's program vice president of security products and services, said: “Blue Coat and Crossbeam have a history of embracing emerging security ecosystems, and this acquisition potentially enables customers to further tap into even more synergistic security and networking solutions.”



Google Increases Transparency Around Click Fraud

For a small business owner, displaying targeted Google ads on their website has become a powerful way to earn additional revenue. However, AdSense can go from best friend to complicated enemy pretty quick when SMBs start receiving notification their account has been suspended or banned due to reported click fraud. For those new to the AdSense world and who don't understand what click fraud is or how to correct it, these reports are incredibly frustrated and frightening.

But relief is coming.

First, if you're not familiar, the term click fraud refers manufactured clicks designed to inflate an advertiser's cost or a publisher's earning. For example, if a publisher recruits his friends and family to repeatedly click on your ad on his site not because of interest, but to raise your costs, that would be deemed an example click fraud. There are many, many other ways click fraud can take place like the creation of click farms, automated tools, and other deceptive practices. This is the war Google is currently fighting.

However, even Google realizes that sometimes click fraud isn't intentional. And as such, they're announcing new ways of handling reports of click fraud to make the ecosystem more transparent and friendlier for us nice guys.

The new policy was announced in a post on the Google AdSense blog. In the post Google acknowledged that sometimes well-intentioned business owners find their accounts suspended and/or disabled for “invalid activity” without a clear understanding of why or how to fix it.

Google said:

While the vast majority of publishers who sign up for AdSense do so in good faith, unfortunately there are some bad actors out there. As you can imagine, we can't reveal all the tools we use to keep bad sites and bad traffic out of our network. But sometimes these tools result in good publishers who become a source of invalid activity having their accounts disabled without much recourse.

To help good publishers, Google is announcing several changes.

First, Google will now consider tenure more actively when responding to detected invalid activity so that “trusted” publishers will see suspensions, instead of terminated accounts. There is also a new form to submit more informative appeals.

Google is also vowing to provide more details on invalid activity's causes. When invalid clicks are detected, Google will send out emails and notifications with more information and instructions to help publishers understand what is happening.

Lastly, publishers can also take advantage of the expanded AdSense Academy, as well as a new video series that explains why policies exist and how publishers can make sure they're working inside of them. The first looks specifically at invalid traffic.

For small business owners, the changes are designed to help you be a more informed AdSense customer and empower you to understand what is happening on your site or with your ads.

Below are some additional AdSense best practices to keep in mind:

Do: Use One Click Optimizer

One Click Optimizer is a great resource from Google designed to help you choose AdSense ad locations and formats for your website. If you're just getting started, this is a great way to learn how the pros do it and what's most successful.

Do NOT: Have Too Many Ads

The maximum number of AdSense ads you can have on your website is three banner ads, three link ads, and two search box ads. Any more ads and Google will end up banning your account. And while you'd think it'd be hard to fit that many ads on your site to begin with, well, people try.

When thinking about the number of ads on your site, realize that more ads isn't only a turn off for Google, it's a turn off for users, as well. No one wants to land on a website and see it covered in ads. Find a balance that helps you earn additional revenue, without sacrificing the authority and professionalism of your site.

Do: Match Ad Colors To Your Website

Ads customized to the look and feel of your site will perform better than ads that do not look integrated. To integrate your ads, make the background and borders of your ads the same color as the background of your page where the ad will be placed.

Three techniques to consider:

  • Blending: Make the background and borders of your ads the same color as the background of your page where the ad is placed.
  • Complementing Colors: Use colors that already exist on your site, but don't match the background and borders exactly where the ads are placed.
  • Using Contrast: Choose colors that stand out against the background of your site.

Do NOT: Promote Prohibited Content

Do not include or link to the following content:

  • Adult content
  • Copyrighted material
  • Drug, alcohol, and tobacco-related content
  • Gambling content
  • Violent content
  • Weapon-related content
  • Content that advocates against an individual, group, or organization
  • Hacking and cracking content
  • Sensitive content
  • Sites that offer compensation programs
  • Sites that use Google Brand features

Above are just a few tips to help SMBs get more from their AdSense activity. Are you currently using AdSense




Hot Social Media Tools For 2013

Pinterest emerged as the social media darling of 2012. According to this Nielsen report, Pinterest had the largest year-over-year increase in audience and time spent of any social network, across PC, mobile web and apps. As if that wasn't enough to prove the social network has staying power, Pinterest surpassed Yahoo in organic traffic, making it the 4th largest traffic driver worldwide.

While Facebook, Twitter, and LinkedIn remain the top 3 heavy hitters in the social media marketplace, Pinterest can now be included in the top 4.  As you plan next year's social media strategy, make sure you're considering ways to reach and engage a broader audience using Pinterest.

Business Pages for Pinterest were just introduced, so it's a great time to join. Already have an account? Convert your existing Pinterest page to a Business page with just 1 click.

In 2013, you can expect to see a plethora of tools built around Pinterest, optimizing your experience, like the following:

Quozio

This fun tool, which comes with a bookmarklet option, allows you to create an image out of text on the Web, making the text or quote perfectly pin-able for Pinterest. Quozio also takes a cue from Instagram by allowing different “filters” once you've selected your quote.

social media tools

Pinfluencer

Pinfluencer is a marketing and analytics platform for Pinterest. It helps you measure the ROI of your Pinterest activity. It tracks pins from your website, pins from your boards, followers, and other engagement. Pinfluencer helps your brand identify brand advocates and prospective customers, ensuring you use Pinterest to its full potential.

You have to contact them for pricing, but Pinfluencer is offering a 14-day trial and a free demo.

Instagram

Instagram is a social network that made a big impact in 2012, and is often overlooked. Instagram grew enough to catch the attention of the one and only Mark Zuckerberg, who quickly made the decision to buy the social photo sharing app for the price of $1 Billion.

And with Instagram having experienced growth of more than 1,100% since being acquired by Facebook, it is still a network to be watched. Regardless of the recent Instagram-Twitter fight, photo sharing is important to users and any new tools that spring up are either going to look to Instagram for inspiration or serve as an add-on to the platform.

Instagram Extension for Google Chrome

This extension brings Instagram right to your browser. As businesses continue to use the mobile platform for various contest and promotions, access from a browser comes in handy. You no longer have to be on your phone to manage Instagram activity, and instead you can conveniently access everything you need to right from Chrome. And they've made the interface as similar to Instagram as possible, making for quick and easy adoption.

Mobile Apps

According to Nielsen, consumers are spending more than a third of social networking time on mobile apps. We're going to see mobile apps springing up for use during TV watching, to manage a contest, to share music; anything that falls under the category, “Social Experience.”

Facebook Pages Manager

Look for more apps like the Facebook Pages Manager, which was only released this year, and is geared toward social media professionals. Now, we can manage our brand's Facebook Page without interfering with our personal accounts.

social media tools

In 2012, Pinterest showed us that Facebook, Linkedin, and Twitter will not be guaranteed the top spots forever. All social networks will have to keep innovating in order to keep our attention. It's clear, however, that social media should no longer be considered some separate entity when it comes to your marketing strategy.

Social can now be integrated into every marketing activity you do, and definitely deserves a place in your plan for 2013.

I think we can all expect to see social media tools, analytics, and apps, that will allow for us to better maximize, optimize, and report on our social media activity and spend.




Need To Verify ID? Can\'t Check Identification In Person? MII Card Is Here To Help.

When meeting with someone face to face you can ask to see their ID â€" driver's license, passport or otherwise.

However, when you're not near them, what are you to do ? Ask them to hold their ID up to their web cam? There is a better way.

MII ID  verifies the identify of someone FOR YOU and provides an, authenticated ID.

Now the next time you are hiring that remote employee or working with a contractor whose ID you need to manage you have some level of security knowing that at least you've checked their ID.

Here's how it works, according to their press release:

miiCard DirectID Check is a cloud based verification service that can be deployed by Independent Financial Advisors (IFAs), law firms, real estate agents, family physicians, job recruiters, and other small businesses that do not have their own website or with limited technology resources.
To use DirectID Check a business simply signs-in to a custom identity management portal to request that a customer verify their identity using miiCard. For customers, miiCard works as a Bring Your Own Identity (BYOID) service, allowing them to prove their identity to the level of an offline photo identity check in minutes and completely online. There is no technology integration required.
miiCard DirectID Check is designed for low-volume businesses with a small number of daily identity checks. Business owners enjoy pre-defined reporting functionality, and benefit from an immediate compliance with Anti-Money Laundering and Know-Your-Customer standards. Using the authority and security inherent in a user's online financial accounts to validate identity, miiCard's LOA3 service is able to verify approximately 300 million users across nine countries and five continents today.
miiCard offers verified identity solutions for both consumer and business applications. miiCard launched the open API for its Identity as a Service (IDaaS) platform earlier this year for large and enterprise clients. miiCard DirectID expands miiCard's identity verification service to businesses of any size and within any industry.


J.C. Penney Struggles Through Sales Difficulties

We've reported before about J.C. Penney's revenue problems since instituting sweeping changes in some of its stores. Businesses take many approaches to improve their performance. In our roundup today, we'll look at the many paths your business can take toward improving profitability. Be sure to suggest any strategies that have worked for your business in the comment section below.

Course Corrections

Survival mode. Dramatic changes at J.C. Penney under the direction of CEO Ron Johnson have not brought the results for which some had hoped. Here investment expert Jeff Macke and market commentator and entrepreneur Jon Najarian talk about strategies J.C. Penney could employ at this point to right the ship. Your business may not be a retail giant with 1,100 locations, but there are strategies any business owner can use either to change course in troubled times or to grow a company to the next level. Yahoo! Finance

Mistakes and missteps. Mistakes in your business may not always be obvious, even to you. Locating and correcting these problems can make your company more profitable and less stressful to operate. Take your Website, for example. If your online presence is the main revenue generator for your business, simple mistakes could spell big trouble. Here are some of the fatal errors you could be making right now, says blogger Adam Gottlieb. The Frugal Entrepreneur

Big Changes

So much to choose from. It is easy in a digital media age to focus on the hottest channels when marketing your business, but be aware of the many options available for getting your message across. One not often considered is postcard marketing, says small business expert Daniel Kehrer. In this post, he shares 10 tips that can make this old-school marketing approach shine like new. Be creative when marketing your business. Think about those you want to reach with your brand and then figure out the best channel for doing so. BizBest

A glimpse into the future. If you knew what the most profitable products and services for your business were likely to be in the future, you could shift the course of your business accordingly. The most important lesson small businesses should learn is never to assume, says Diana Pohly. Your best selling product today won't necessarily be your best selling product tomorrow. It's a good idea to watch trends to figure out where future revenue will come from and have a plan for change. Step by Step Marketing

Growth Potential

The search for customers. The search for more prospects and customers is an inherent part of growing your business, particularly when going through major transitions. Fortunately, there are plenty of creative ways to build your audience and, by extension, your potential customer base. Here Ileane Smith shows us a few simple approaches for building an e-mail list using nothing but a YouTube account. Consider this approach as one technique for gathering prospects your business could convert into new customers. Miss Ileane Speaks

A look at the books. At the end of the year, keeping a closer eye on finances is a great way of saving some funds to grow your business. It can also be an effective method of recouping losses after a rough financial quarter. Start by doing some serious year-end financial planning for your business, says Tom Holmes, the managing director of Ballymount Accounting. No matter where in the world your company is located, planning can help you find unanticipated savings and obtain the funds you need to take your business in new directions. Tweak Your Biz

Don't be a middle man. Blogger Jenny Bhatt starts her post with some words of wisdom from marketing guru Seth Godin. “Developing expertise or assets that are not easily copied is essential; otherwise you're just a middleman.” If you want your business to survive changes in the market and in your customer base, be sure you aren't simply passing on someone else's product or service. Jenny provides us with some tips for how to create the “expertise” and “assets” your competitors will have a hard time duplicating. Free Agent Economics