Blogworld Buys Ramon\'s Small Business Summit and Small Business Technology Tour

New Medix Expo BlogWorld has purchased the Small Business Summit and SmallBizTechnology.com‘s Small Business Technology Tour .

The Small Business Summit , annual New York event with over 400 attendees (in it's 8th year being produced in 2013) is produced by Ramon Ray, editor and technology evangelist, Smallbiztechnology.com and Regional Development Director of Infusionsoft and Marian Banker, business growth consultant at Prime Strategies.

The Small Business Technology Tour (6 city national tour, in it's 4th year of being produced) is produced by Ramon Ray.

 

Why did NMX make this purchase?
Why did Ramon and Marian sell the Summit?
What is the Small Business Summit and Small Business Technology Tour?
What are 8 lessons small business owners & entrepreneurs can learn from this purchase and sale?

Why did New Media Expo (NMX) BlogWorld make this purchase?

NMX is the leading event producer for all things digital content and social media. NMX  growth continues beyond digital media professionals to business professionals, small business owners and entrepreneurs, overall.  This announcement clearly showcases BlogWorld's desire to lay the foundation of this growth.

In specific regard to the Small Business Summit and the Small Business Technology Tour, BlogWorld has watched what Ramon has built over the years and observed how he has been able, with few resources to build a powerful ecosystem of events (and content) in the small business space, largely focused on technology. With the purchases announced today, BlogWorld is buying two great events, and is able to partner with Ramon to leverage his experience in producing events and content for small businesses. BlogWorld looks forward to taking what Ramon has done and growing it event more. Ramon looks forward to learning from the BlogWorld team and working with them to reach more small businesses.

Why did Ramon and Marian sell the Summit?

Ramon Ray & Marian Banker

In 2005, Ramon Ray, editor and technology evangelist, Smallbiztechnology.com and Marian Banker, business growth consultant at Prime Strategies met each other at a business event and did the usual “business card exchange” and introduced themselves to each other.

During the conversation both expressed a desire to produce an event bringing together the small business community. In 2006 they produced the first Small Business Summit.

They knew an event like this takes a lot of time, energy, a team to help execute the event, and money. The money for an event like this comes from attendees (ticket sales) who see value in attending the event and sponsors who see value in sponsoring the event to generate sales or increase brand awareness for their product or service.

Little did Ramon and Marian know that the Summit would be strong and profitable for 8 years as of 2013.

So, why sell the Summit?

Marian's focus has shifted to develop a community for active seniors. Ramon felt it was the right time to work with a partner who could take the Summit and grow it even more.

In regard to the Small Business Technology Tour, Ramon felt that it was time for the Tour to GROW. He knows that with BlogWorld's larger resources, the Tour will reach more small businesses than ever before.

What is the Small Business Summit and Small Business Technology Tour

Started in 2006 with about 300 attendees, the Summit now attracts over 400 attendees and is one of the leading events focused on small businesses in the NY area and possibly the nation. The Summit is an all day event whose speakers have included Seth Godin, Chris McCann (President, 1800 Flowers) and many others. In addition to key note speakers, the Summit has included powerful panels of insight for small business owners and entrepreneurs.

Grant Wickes, Wasp Barcode (and closet tech gadget guru) presenting at Small Business Summit 2012

Created in 2010, the Small Business Technology Tour educates small business owners in how to leverage technology as a tool to grow their businesses. Cities have included Miami, San Francisco, Mountain View, Boston, Phoenix, Salt Lake City and Washington DC. At each city stop, this all day tour brings great speakers and discussion to local small business owners. The speakers include national and local speakers.

BlogWorld will grow the Small Business Summit and Small Business Technology Tour even larger and better, in all aspects.

What are 8 lessons we can learn from the growth of these events, especially the Small Business Summit?

1. Small business is big business
2. Small businesses can do big things
3. Personal branding matters
4. Finding the right partner is critical
5. A good team can do anything
6. Be willing to take smart risks and learn
7. Be a giver
8. Have fun

Small business is indeed big business

Today's purchase announcement shows that the small business space (be it events, content, media) is a very hot market.

Sponsors â€" Large companies such as Dell, Google, Intuit, Microsoft, Verizon Wireless, Bank of America and Salesforce (all sponsors of small business focused events and a sample of companies sponsoring the Small Business Summit) are keen to connect with small business owners and entrepreneurs.

Event producers â€" BlogWorld's purchase of these two events (Small Business Summit and Small Business Technology Tour) indicate that the market for producing events, geared toward small businesses is only going to get more competitive.

Attendees â€" The longevity and continued attendance of these events clearly shows that small business owners are HUNGRY to continuously learn how to grow their business and network with each other.

Small businesses can do big things

Ramon has produced a number of successful events, including the Small Business Influencer Awards (co-produced with Anita Campbell of Small Business Trends), Small Business Summit and Small Business Technology Tour. These events are all produced on a scrappy budget with a small team of other small businesses. Overall, it's very small businesses, doing big things, by working together, innovating and being strategic.

In producing events, Ramon says that virtual worker management services such as Elance are invaluable for finding expert assistance. Online collaboration and communication tools such as Google Apps or Microsoft Office365 or other similar tools are absolutely essential in bringing together remote professionals who need to operate as one.

Personal branding matters

Rick Calvert, co-founder of BlogWorld said, “Ramon we're buying the events you've produced, but more importantly we're buying and betting on you”. Over the years, Ramon has been able to build and leverage his personal brand. This purchase, by BlogWorld is clear proof that for very small businesses, focusing on a logo is not most important. What's most important is being “out there”, getting press, being online, and more. Check out Ramon's slide on personal branding here.

Finding the right partner is critical

Building a thriving business alone is hard work. Finding the right partner who can complement and not detract is not easy.

Marian Banker is a methodical, detailed planing, MBA, business strategist.

Ramon Ray is a quick reacting, creative, technology guru with a fast laugh.

Together, this diverse team, built a thriving business, the Small Business Summit. Never an argument, profitable from day one, informing (and entertaining) thousands of business professionals, building relationships with dozens of awesome sponsors and more. This was an amazing partnership with perfectly complimentary skill sets.

A good team can do anything

Ramon and Marian led the Small Business Summit but the Summit would not have been the success it has been to date, nor been an asset valuable enough to be purchased by BlogWorld, were it not for the incredible team that help produce the Small Business Summit. This team includes:

Laura Leites, L2 Event Production (Event manager)

Andy Schulkind, Andigo New Media (Web site development)

Jeffrey Siegel, EZ Data Solutions (who worked on the first Summit registration system)

Beth Silver, Doubet Consulting (Marketing and branding)

Jeffrey Holmes (Jeffrey Holmes Photography)

Sarah Sawya, Sassafras Design Services

Many of these team members have known each other for years and network together in local professional organizations such as Manhattan Chamber of Commerce, Adrian's List and others.

Ramon expresses thanks to Asish, Jibin and John for their help as the first Summit production logistics team.

Be willing to take smart risks and learn

Ramon can remember when he was on the call with Intuit, discussing their sponsorship in the first Small Business Summit in 2006.

Two of the questions he clearly remembers: “Can you guarantee 300 people will attend”. “Have you done this kind of event before”. Ramon's answer to both questions was a slow and painful “No”.

A few weeks later Intuit, joining Intel, become one of the founding sponsors of the Small Business Summit.

Intuit took a strategic and calculated risk to sponsor the Summit, just like Ramon and Marian took many risks to produce the first Summit.

Without a full deck of sponsors and having never before produced an event like this, Ramon and Marian took all their credit cards and put thousands of dollars on the line as security deposit for hotels and other things.

Sometimes people are afraid to take risks. This fear keeps them from realizing their full potential.

Be a giver

One of the successful strategies of the Small Business Summit (and the Small Business Technology Tour) was giving back to the community. Marian and Ramon made a concentrated effort to always include, at low cost or for free, organizations in the local NY area that support small businesses. They in turn were quite willing to support the Summit â€" helping to bring in hundreds of business professionals each year. Ramon is a giver in his personal life as well â€" giving hundreds of hours of time advising business professionals in how to grow their own businesses.

Have fun

One of the traits of the Small Business Summit is that it's a high energy, fast paced day filled with action and fun. If you take yourself too seriously you won't be able to ENJOY what you're doing. But if you ensure there is some element of fun in everything you do, you'll do it well. While everyone might not have a big budget to do a lot of fancy things, in regard to event production, everyone can have fun.

Blogworld Buys Ramon\'s Small Business Summit and Small Business Technology Tour

New Medix Expo BlogWorld has purchased the Small Business Summit and SmallBizTechnology.com‘s Small Business Technology Tour .

The Small Business Summit , annual New York event with over 400 attendees (in it's 8th year being produced in 2013) is produced by Ramon Ray, editor and technology evangelist, Smallbiztechnology.com and Regional Development Director of Infusionsoft and Marian Banker, business growth consultant at Prime Strategies.

The Small Business Technology Tour (6 city national tour, in it's 4th year of being produced) is produced by Ramon Ray.

 

Why did NMX make this purchase?
Why did Ramon and Marian sell the Summit?
What is the Small Business Summit and Small Business Technology Tour?
What are 8 lessons small business owners & entrepreneurs can learn from this purchase and sale?

Why did New Media Expo (NMX) BlogWorld make this purchase?

NMX is the leading event producer for all things digital content and social media. NMX  growth continues beyond digital media professionals to business professionals, small business owners and entrepreneurs, overall.  This announcement clearly showcases BlogWorld's desire to lay the foundation of this growth.

In specific regard to the Small Business Summit and the Small Business Technology Tour, BlogWorld has watched what Ramon has built over the years and observed how he has been able, with few resources to build a powerful ecosystem of events (and content) in the small business space, largely focused on technology. With the purchases announced today, BlogWorld is buying two great events, and is able to partner with Ramon to leverage his experience in producing events and content for small businesses. BlogWorld looks forward to taking what Ramon has done and growing it event more. Ramon looks forward to learning from the BlogWorld team and working with them to reach more small businesses.

Why did Ramon and Marian sell the Summit?

Ramon Ray & Marian Banker

In 2005, Ramon Ray, editor and technology evangelist, Smallbiztechnology.com and Marian Banker, business growth consultant at Prime Strategies met each other at a business event and did the usual “business card exchange” and introduced themselves to each other.

During the conversation both expressed a desire to produce an event bringing together the small business community. In 2006 they produced the first Small Business Summit.

They knew an event like this takes a lot of time, energy, a team to help execute the event, and money. The money for an event like this comes from attendees (ticket sales) who see value in attending the event and sponsors who see value in sponsoring the event to generate sales or increase brand awareness for their product or service.

Little did Ramon and Marian know that the Summit would be strong and profitable for 8 years as of 2013.

So, why sell the Summit?

Marian's focus has shifted to develop a community for active seniors. Ramon felt it was the right time to work with a partner who could take the Summit and grow it even more.

In regard to the Small Business Technology Tour, Ramon felt that it was time for the Tour to GROW. He knows that with BlogWorld's larger resources, the Tour will reach more small businesses than ever before.

What is the Small Business Summit and Small Business Technology Tour

Started in 2006 with about 300 attendees, the Summit now attracts over 400 attendees and is one of the leading events focused on small businesses in the NY area and possibly the nation. The Summit is an all day event whose speakers have included Seth Godin, Chris McCann (President, 1800 Flowers) and many others. In addition to key note speakers, the Summit has included powerful panels of insight for small business owners and entrepreneurs.

Grant Wickes, Wasp Barcode (and closet tech gadget guru) presenting at Small Business Summit 2012

Created in 2010, the Small Business Technology Tour educates small business owners in how to leverage technology as a tool to grow their businesses. Cities have included Miami, San Francisco, Mountain View, Boston, Phoenix, Salt Lake City and Washington DC. At each city stop, this all day tour brings great speakers and discussion to local small business owners. The speakers include national and local speakers.

BlogWorld will grow the Small Business Summit and Small Business Technology Tour even larger and better, in all aspects.

What are 8 lessons we can learn from the growth of these events, especially the Small Business Summit?

1. Small business is big business
2. Small businesses can do big things
3. Personal branding matters
4. Finding the right partner is critical
5. A good team can do anything
6. Be willing to take smart risks and learn
7. Be a giver
8. Have fun

Small business is indeed big business

Today's purchase announcement shows that the small business space (be it events, content, media) is a very hot market.

Sponsors â€" Large companies such as Dell, Google, Intuit, Microsoft, Verizon Wireless, Bank of America and Salesforce (all sponsors of small business focused events and a sample of companies sponsoring the Small Business Summit) are keen to connect with small business owners and entrepreneurs.

Event producers â€" BlogWorld's purchase of these two events (Small Business Summit and Small Business Technology Tour) indicate that the market for producing events, geared toward small businesses is only going to get more competitive.

Attendees â€" The longevity and continued attendance of these events clearly shows that small business owners are HUNGRY to continuously learn how to grow their business and network with each other.

Small businesses can do big things

Ramon has produced a number of successful events, including the Small Business Influencer Awards (co-produced with Anita Campbell of Small Business Trends), Small Business Summit and Small Business Technology Tour. These events are all produced on a scrappy budget with a small team of other small businesses. Overall, it's very small businesses, doing big things, by working together, innovating and being strategic.

In producing events, Ramon says that virtual worker management services such as Elance are invaluable for finding expert assistance. Online collaboration and communication tools such as Google Apps or Microsoft Office365 or other similar tools are absolutely essential in bringing together remote professionals who need to operate as one.

Personal branding matters

Rick Calvert, co-founder of BlogWorld said, “Ramon we're buying the events you've produced, but more importantly we're buying and betting on you”. Over the years, Ramon has been able to build and leverage his personal brand. This purchase, by BlogWorld is clear proof that for very small businesses, focusing on a logo is not most important. What's most important is being “out there”, getting press, being online, and more. Check out Ramon's slide on personal branding here.

Finding the right partner is critical

Building a thriving business alone is hard work. Finding the right partner who can complement and not detract is not easy.

Marian Banker is a methodical, detailed planing, MBA, business strategist.

Ramon Ray is a quick reacting, creative, technology guru with a fast laugh.

Together, this diverse team, built a thriving business, the Small Business Summit. Never an argument, profitable from day one, informing (and entertaining) thousands of business professionals, building relationships with dozens of awesome sponsors and more. This was an amazing partnership with perfectly complimentary skill sets.

A good team can do anything

Ramon and Marian led the Small Business Summit but the Summit would not have been the success it has been to date, nor been an asset valuable enough to be purchased by BlogWorld, were it not for the incredible team that help produce the Small Business Summit. This team includes:

Laura Leites, L2 Event Production (Event manager)

Andy Schulkind, Andigo New Media (Web site development)

Jeffrey Siegel, EZ Data Solutions (who worked on the first Summit registration system)

Beth Silver, Doubet Consulting (Marketing and branding)

Jeffrey Holmes (Jeffrey Holmes Photography)

Sarah Sawya, Sassafras Design Services

Many of these team members have known each other for years and network together in local professional organizations such as Manhattan Chamber of Commerce, Adrian's List and others.

Ramon expresses thanks to Asish, Jibin and John for their help as the first Summit production logistics team.

Be willing to take smart risks and learn

Ramon can remember when he was on the call with Intuit, discussing their sponsorship in the first Small Business Summit in 2006.

Two of the questions he clearly remembers: “Can you guarantee 300 people will attend”. “Have you done this kind of event before”. Ramon's answer to both questions was a slow and painful “No”.

A few weeks later Intuit, joining Intel, become one of the founding sponsors of the Small Business Summit.

Intuit took a strategic and calculated risk to sponsor the Summit, just like Ramon and Marian took many risks to produce the first Summit.

Without a full deck of sponsors and having never before produced an event like this, Ramon and Marian took all their credit cards and put thousands of dollars on the line as security deposit for hotels and other things.

Sometimes people are afraid to take risks. This fear keeps them from realizing their full potential.

Be a giver

One of the successful strategies of the Small Business Summit (and the Small Business Technology Tour) was giving back to the community. Marian and Ramon made a concentrated effort to always include, at low cost or for free, organizations in the local NY area that support small businesses. They in turn were quite willing to support the Summit â€" helping to bring in hundreds of business professionals each year. Ramon is a giver in his personal life as well â€" giving hundreds of hours of time advising business professionals in how to grow their own businesses.

Have fun

One of the traits of the Small Business Summit is that it's a high energy, fast paced day filled with action and fun. If you take yourself too seriously you won't be able to ENJOY what you're doing. But if you ensure there is some element of fun in everything you do, you'll do it well. While everyone might not have a big budget to do a lot of fancy things, in regard to event production, everyone can have fun.

Finding the Right Sustainability Initiatives for Your Business

It's easy to feel intimidated with sustainability. Once you address the basics-installing energy-efficient light bulbs and stationing recycle bins around the office-you may not know how to proceed.

How do you determine which sustainability measures will ultimately pay for themselves and be the best investment for your business?

It doesn't have to be such as monstrous, stressful endeavor. In fact, it can be a very rewarding journey that ultimately pays back in multiple ways by lowering your environmental footprint, improving your bottom line and bolstering customer and employee loyalty.

So, where do you start?

Here are four steps to finding sustainability initiatives that make sense for your business:

1. Identify Measures That Aligned With Your Business

Often the most powerful sustainability measures are those that align closely with what a business does or sells. Think about the grocery store that donates excess inventory to a local food bank, an accountant that sends tax documents electronically or helps businesses assess the paybacks of sustainability initiatives, or apparel makers that focus on using sustainable, non-toxic fabrics and dyes.

These initiatives are so closely tied to what they do that it's easy to feel passionate about them and discuss them with customers.

2. Take a Customer Perspective

Put yourself in your customers' shoes. What would help them reduce their footprint when using your products? An olive oil and balsamic vinaigrette store near where I live gives customers a discount for returning and refilling their used bottles. They decorate their recycled paper bags as gift bags when people ask, so customers don't need to re-wrap it themselves.

Considering what happens to your products once they leave your business can help you figure out how to reduce your total footprint even more.

3. Form a “Green Team”

Have employees? Get them involved in helping identify sustainability initiatives for the business. Chances are, your employees most passionate about the environment will volunteer to serve on a green team. (Learn steps for starting a green team.)

And they will eventually become ambassadors, helping other employees reduce their environmental footprint while at work.

4. Relax, Take it Slowly

Becoming a “green business” isn't an overnight process. Yes, certain measures require some research and analyses. But start with the low-hanging fruit-the things that you know will help the environment and save you money. Take advantage of services available to your business, like free or low-cost energy audits from your utility companies. Write a basic sustainability plan with goals that are achievable.

Consider joining a local business sustainability group, so you can network with other business owners striving to be greener and share ideas.

Once you start realizing how these initiatives lower your footprint, you'll likely want to keep doing more.

Olive Oil Gift Photo via Shutterstock

New Coalition Encourages Businesses to Go Paperless

Workplace technology is constantly evolving. With new devices, cloud storage, and other collaboration options popping up daily, it seems that fewer and fewer businesses are using more tangible methods like printing documents and other papers.

For this reason “going paperless” has become a popular term for businesses looking to save money on office supplies.

Now, online faxing service HelloFax has teamed up with Google Drive, online bill management company Manilla, electronic signature service Hellosign, online accounting service Xero, scanning company Fujitsu ScanSnap, and online expense report tool Expensify to form the new “Paperless Coalition,” which aims to encourage businesses to use less paper in the workplace.

If you go to the coalition's website, you can take a pledge to go paperless with your business in 2013. The photo above shows the homepage where businesses can sign up with their email address and take the paperless pledge. This also signs you up for the coalition's monthly newsletter, which contains articles and tips about running a paperless business.

It's likely these newsletters will mainly contain promotions from the partners and sponsors of the coalition, telling pledgers how Google Drive and other products and services can help companies cut back on paper usage.

But promotional or not, if one of your company's goals for the new year is to save money on office supplies or cut back on paper usage, learning about different companies and tools on a monthly basis could still prove to be valuable.

And with so many different new technology options available, cutting back on paper usage should be a fairly simple goal for 2013, if your business hasn't taken the leap already.

Though paper usage in office settings has certainly declined in the last several years, the Environmental Protection Agency still says that the average U.S. office worker uses about 10,000 sheets of copy paper per year, according to Paperless 2013's about page.

Why Small Businesses Should Stop Being Geeks (Buying Phone Systems, Building Web Sites, etc)

I used to spend hours doing all sorts of “busy work”.

Be it editing videos, from video interviews I've done, or trying to fix something on my web site. While I love learning and figuring things out, I've found that the BEST use of my time has been to HIRE others to do these things while I focus on the overall management and growth of my company. Much of this help I get on Elance â€" from time to time, I'll ask my children to help (and I do pay them).

The New York Times wrote how a small business owner went looking for a four line telephone system to upgrade their business from the virtual telephone system they were using.

As many of the comments in the article said, the business owner should have solicited the help of an expert to help guide them on what phone system to use and how to install it for their business.

LESSONS LEARNED: While it's GREAT to explore and learn, I advocate this in my six Rules of Technology Success http://www.sixtechrules.com - to educate yourself, you don't want to get in the WEEDS of your business or you can't lead it and grow it.

 

Why Small Businesses Should Stop Being Geeks (Buying Phone Systems, Building Web Sites, etc)

I used to spend hours doing all sorts of “busy work”.

Be it editing videos, from video interviews I've done, or trying to fix something on my web site. While I love learning and figuring things out, I've found that the BEST use of my time has been to HIRE others to do these things while I focus on the overall management and growth of my company. Much of this help I get on Elance â€" from time to time, I'll ask my children to help (and I do pay them).

The New York Times wrote how a small business owner went looking for a four line telephone system to upgrade their business from the virtual telephone system they were using.

As many of the comments in the article said, the business owner should have solicited the help of an expert to help guide them on what phone system to use and how to install it for their business.

LESSONS LEARNED: While it's GREAT to explore and learn, I advocate this in my six Rules of Technology Success http://www.sixtechrules.com - to educate yourself, you don't want to get in the WEEDS of your business or you can't lead it and grow it.

 

Ways to Hire Smarter in 2013

Is hiring more employees one of your New Year's resolutions?

While hiring ultimately relieves your headaches in the long run by helping you and your team with workload, in the short run most entrepreneurs dread hiring because of the time and effort involved.

Fortunately, there are ways to ensure you recruit more of the right candidates and waste less time with people who don't suit your needs.

1. Target Your Advertising

If you've ever posted a job listing on a big general-interest job search site, you know what a deluge of resumes you get hit with-and how few of them are even relevant to the job you're hoping to fill.

Instead of using this scattershot technique, hone in on the job search sites that are most relevant for you. That could be sites specific to your industry or to the type of position you're trying to fill (such as marketing director).

2. Get Social

Social media has emerged as a great way to find job candidates. LinkedIn's focus on business networking makes it the first place you should think of when looking for qualified employees. You can post an official job listing, or just put the word out to your network on LinkedIn.

If you're willing to put in some extra legwork, you can also check out any LinkedIn groups you belong to for people who may not be actively searching for a job, but could have the skills you need, then get in touch with them. Or ask your networks to do the same in their LinkedIn Groups.

Of course, LinkedIn isn't your only option for seeking candidates on social media. Depending on what platform makes sense for you, you may want to tweet news of your job opening or post it on your Facebook site. Along the same lines, consider if there's anyone among your business's Facebook or Twitter connections who might be interested in the job.

3. Use Your Website

All of your social media efforts regarding the job posting should link back to your business website. Use your website as a tool for recruiting by creating a meaty “About” section where you explain your business's purpose and history and introduce your team.

Depending on your needs, you might even want to create a tab called “Job Opportunities at [Your Business]” or “Working at [Your Business]” that talks about your company culture, lists available job openings, and includes contact information for interested candidates to reach you.

This used to be something only big companies did, but I'm seeing more small businesses start to incorporate it.

4. Enlist Your Employees

If your employees are reliable, hard-working and good people, chances are their friends are, too. That's why when you're seeking to fill a job your existing employees should be among the first people you tell. Ask them to spread the word about the job opening to family and friends.

Sweeten the pot by offering a finder's fee if someone recommends a job candidate who gets hired and completes their 90-day probation period.

Using the four methods above will lead to fewer, but more qualified, job candidates than the typical want ad posting. You'll get candidates who are connected to your industry, your business and the people you know.

This will make it easier to weed out the poor candidates and hone in on the ones who might fit into your business.

Choosing the talent person Photo via Shutterstock

Three Types of CRM Vendors? Which One Is Best For Your Business?

Three Types of CRM Vendors

Today Infusionsoft (my employer) announced a $54 Million investment led by Goldman Sachs.

This investment reminds me of the three types of CRM vendors on the market. Some are really good engineers (speeds and feeds), others want their software to look pretty.

But what's hard is to make it LOOK good, have a great back end and feature set and also build a company whose culture is focused on, understands and appreciates small business owners and a company that is built to last.

Here's a short video of some thoughts I have on this. Watch it below or here - http://www.youtube.com/watch?v=JZHDAjCyUuE

It\'s Time Your Small Business Grows Up. Goldman Sachs Thinks Email Marketing and Social Media Are Not Enough.

Early today I reported that Goldman Sachs has led a $54 Million investment in Infusionsoft. As I look deeper into this announcement I think it's a wake up call to small businesses and here's why.

While social media and overall online content are quite “sexy” â€" they mean absolutely nothing if small businesses are not GENERATING sales from this activity.

The ONLY way small businesses can really generate a return on their investment in not only social media, but all forms of marketing and sales is through ensuring that all the leads and clicks and interest you get from your activity is driven through a systematic and strategic sales funnel, that you have a complete view of your customer and prospective customer. Infusionsoft calls this process Lifecycle marketing, which includes:

1. attract traffic
2. capture leads
3. nurture prospects
4. convert to sales
5. deliver and satisfy
6. upsell
7. ask for a referral

Ann Handley spoke about this in her BlogWorld interview about how to turn social into sales. Watch the video here or below.

While social media has received a lot of the BUZZ with everyone told to create a blog, Tweet, develop a Facebook page and etc (all of this is good) â€" it's not going to generate the return that people want if the resulting activity is not corralled into a marketing system.

Why do you think Constant Contact (email marketing king) bought Bantam Live in 2011. Constant Contact knows email marketing alone is not enough. Their process is called engagement marketing. Those vendors who are just offering email marketing (Mailchimp, iContact, Emma) are filling a much needed service. All small businesses need email marketing. However, Godlman Sachs investment in Infusionsoft should be a wakeup call that it's simply not enough. Campaigner recently developed Campaigner CRM as well and Vertical Response has a social media marketing service â€" so both of these large email marketing players are also going beyond “just email marketing”.

I briefly reviewed a number of CRM tools in this post and outlined some of the differences.

Whether small businesses use Infusionsoft or some other tool (Salesforce, Nimble, Insightly, BatchBook, Zoho CRM, Maximizer, SugarCRM, Highrise HQ, SageCRM) it's time for growing small businesses to consider going beyond just email marketing and even just social media engagement.

 

Trend Micro InterScan Messaging Security

On paper, InterScan Messaging Security from Trend Micro is a wonderful product. Combining on-premise software with an optional cloud-based pre-filter, the tool provides a flexible approach to email security. If we would have been able to get it working, we would probably be impressed.

The software shipped to us was a VMware open virtualisation format template, but after deployment we still had to run through the OS installation. A strange extra step, but it did function, and in short order we were able to log into the web administration tool. We were then presented with a configuration wizard, which attempted to guide us through mail server, notification, update sources and lightweight directory access protocol settings.

Worth noting is that the documentation is misleading in places. We were not able to properly configure in- and outbound simple mail transfer protocol (SMTP) relaying without a call to support. Also, activating the encryption features was complicated. The administrator is expected to fill out a form in the web administration tool that triggers a series of back-and-forth emails, ultimately resulting in the return of a key file that is uploaded to the product. Any interruptions in that process can cause lengthy delays.

In our case, Trend Micro had blocked the IP address of the SC Labs' mail server, preventing us from replying to the confirmation email. Despite working with product support, we were not able to get the encryption working.

Content filtering was actually very simple. Users of Microsoft Outlook will find the policy creation process especially easy, as it is reminiscent of that product's rule creation process. Messages that trigger policies can be rerouted, modified and apparently encrypted (though we were not able to actually test that feature).

The PDF documentation is well constructed with bookmarks, hotlinks and screenshots. We had issues with the content, however. While each feature is highlighted, in many cases it is given only sparse coverage. We were not even able to get SMTP to function properly, and the configuration to which the support engineer guided us ran counter to the PDF.

Support is provided on an eight-hours-a-day/five-days-a-week basis. Additional options are available, including 24/7 support and access to advanced engineers, priority support, remote installation and threat alerts.

Trend Micro charges c£9.45 per user for the InterScan Messaging Security appliance, based on a 5,000-user licence pack. This includes one year of eight-hours-a-day/five-days-a-week maintenance, but data leak prevention and encryption are an extra c£6.30 per user. Maintenance charges for subsequent years are c£3.80 per user for the base product, with an extra c£2.50 for email encryption and DLP features.

Peter Stephenson

SecureSphere Business Security Suite

With large enterprise networks under constant attack from malicious entities, administrators need powerful defences. Imperva makes its appearance in this field to help hold attackers at bay. Just prepare your chequebook - this product doesn't come cheap.

While Imperva supports running the SecureSphere software in a multitude of configurations, both virtual and physical, the product was delivered to us as a pair of appliances: a dedicated management server as well as a gateway device.

The setup process was not insurmountably complex. However, we did need to contact support in order to acquire the administrator's guide before we could make much progress. The appliances used a 38,400 baud rate on its serial ports as opposed to the somewhat-standard 9,600 baud rate we find on most networking gear, so we had to check the administration guide for those settings.

The product's configuration was split between the command line interface (CLI) and the web interface on the management device, with all networking configuration being done via the CLI, as well as linking the gateway to the management device. There was a decent menu-driven system, so we didn't find ourselves typing out long commands. All other functionality was set up via the management server's web interface, so after the initial setup we didn't need to go back to the CLI again.

SecureSphere has far more functionality than we could possibly cover here in the space allotted. Functioning primarily as an application and database firewall with IDS/IPS features, the solution is deployable in a number of different configurations, with support for deployment as an inline gateway, reverse proxy or network sniffer. It supports SSL offloading and decryption of SSL traffic, input validation, application user tracking, session/cookie protection and more. Attack signatures are automatically updated from the Imperva website, and the product supports user-created signatures as well, using a proprietary language resembling that used by Snort. In addition to the standard attack signature detection methodology, subscribers to Imperva's ThreatRadar service get the added benefit of reputation-based IP blocking.

On the database side, the product supports activity auditing, continuously monitoring target databases and maintaining an audit trail. It also can alert on and/or block unauthorised access attempts, as well as perform user rights analysis.

The documentation is stellar. The administrator's guide covers everything from deployment planning to product configuration, with network diagrams and screenshots where appropriate. The user's guide covers day-to-day tasks, including reporting, detection signature writing, user tracking and more. Both manuals come as well-formatted PDF files.

Imperva offers three tiers of support. Standard includes help from Monday through to Friday and costs start at c£4,820, while the enhanced tier extends that support to 24/7. The premium support package includes advanced hardware replacement.

At a base price of c£32,160, buying into the SecureSphere platform isn't cheap, but it perhaps offers excellent value for large enterprises.

Peter Stephenson

ForeScout CounterAct v7.0

ForeScout CounterAct offers enterprise-class NAC, assuring network access based on real-time endpoint classification configuration assessment, user and endpoint compliance policy and automated response. The system provides a multifactored approach to identify and classifies all devices, systems, applications and users, assesses adherence to configuration and security policy, and determines if access to resources should be allowed, denied or limited.

The integrated 802.1x and agentless approach delivers complete access and guest management, mobile security and endpoint compliance and remediation capabilities in a centrally managed, highly scalable physical or virtual appliance.

Where ForeScout excels is its approach to slow asymmetric threat identification and response. CounterAct's ability to track and respond to slow attacks, such as an attempt to find a single sensitive data item, is impressive. This makes it a strong addition to a layered approach, so as to deal with advanced persistent threats.

Evaluation of the product was performed using the ForeScout virtual appliance hosted on VMware. The front-end application was hosted on a Microsoft 2008 R2 application server. It became clear that use of the product centred on the excellent set of policies. The pre-defined policies and options made the task of getting data flowing in the system very easy. Regarding performance, the system took everything we could throw at it, and the various pages and reports were easy to follow.

From beginning to end, the installation and configuration took a little over four hours. First steps were to use the USB devices supplied by ForeScout to create the virtual CounterAct appliance within VMware. The network infrastructure had to be modified to allow the necessary VLAN tagging across multiple network segments. CounterAct was installed with span ports to a core switch having domain access to endpoints via directory services.

Installation documentation, as well as that to help operate and maintain the system, is very good. And the system was so simple to manage that the on-screen instructions alone made it easy to get the product running.

ForeScout offers two levels of support: basic (free) and ActiveCare (c£2,000).

Pricing starts at c£9,895 per virtual appliance, providing a great value for an excellent product.

Peter Stephenson

It\'s Time Your Small Business Grows Up. Goldman Sachs Thinks Email Marketing and Social Media Are Not Enough.

Early today I reported that Goldman Sachs has led a $54 Million investment in Infusionsoft. As I look deeper into this announcement I think it's a wake up call to small businesses and here's why.

While social media and overall online content are quite “sexy” â€" they mean absolutely nothing if small businesses are not GENERATING sales from this activity.

The ONLY way small businesses can really generate a return on their investment in not only social media, but all forms of marketing and sales is through ensuring that all the leads and clicks and interest you get from your activity is driven through a systematic and strategic sales funnel, that you have a complete view of your customer and prospective customer. Infusionsoft calls this process Lifecycle marketing, which includes:

1. attract traffic
2. capture leads
3. nurture prospects
4. convert to sales
5. deliver and satisfy
6. upsell
7. ask for a referral

Ann Handley spoke about this in her BlogWorld interview about how to turn social into sales. Watch the video here or below.

While social media has received a lot of the BUZZ with everyone told to create a blog, Tweet, develop a Facebook page and etc (all of this is good) â€" it's not going to generate the return that people want if the resulting activity is not corralled into a marketing system.

Why do you think Constant Contact (email marketing king) bought Bantam Live in 2011. Constant Contact knows email marketing alone is not enough. Their process is called engagement marketing. Those vendors who are just offering email marketing (Mailchimp, iContact, Emma) are filling a much needed service. All small businesses need email marketing. However, Godlman Sachs investment in Infusionsoft should be a wakeup call that it's simply not enough. Campaigner recently developed Campaigner CRM as well and Vertical Response has a social media marketing service â€" so both of these large email marketing players are also going beyond “just email marketing”.

I briefly reviewed a number of CRM tools in this post and outlined some of the differences.

Whether small businesses use Infusionsoft or some other tool (Salesforce, Nimble, Insightly, BatchBook, Zoho CRM, Maximizer, SugarCRM, Highrise HQ, SageCRM) it's time for growing small businesses to consider going beyond just email marketing and even just social media engagement.

 

Three Types of CRM Vendors? Which One Is Best For Your Business?

Three Types of CRM Vendors

Today Infusionsoft (my employer) announced a $54 Million investment led by Goldman Sachs.

This investment reminds me of the three types of CRM vendors on the market. Some are really good engineers (speeds and feeds), others want their software to look pretty.

But what's hard is to make it LOOK good, have a great back end and feature set and also build a company whose culture is focused on, understands and appreciates small business owners and a company that is built to last.

Here's a short video of some thoughts I have on this. Watch it below or here - http://www.youtube.com/watch?v=JZHDAjCyUuE

U.S. Self-Employment Rate Predicted to Decline

In 2020, a smaller fraction of Americans will be in business for themselves than currently, a new report released by the Bureau of Labor Statistics (BLS) shows. Between 2010 and 2010, the BLS predicts that the self-employed fraction of the labor force will shrink from 6.3 to 5.9 percent.

This decline is part of a long term downward trend in self-employment. Back in 1948, 12.8 percent of the non-agricultural labor force was engaged in unincorporated self-employment, Steve Hipple, a BLS economist has shown.

As I have said elsewhere, declining self-employment is a natural trend as economies develop. It occurs in part because of something I call the “Walmart effect.” Because of the efficiencies of scale, Walmart replaces a lot of small, independent businesses. The end result is fewer people running their own businesses and more working for someone else.

The declining rate of self-employment will occur because the number of self-employed people will increase less rapidly than the number of wage employed. Between 2010 and 2020, BLS economists predict that the economy will add about 20.5 million workers, 19.7 million of whom will work for someone else and 800,000 of whom will be self-employed. That works out to a 1.4 percent annual increase in wage workers and only a 0.8 percent annual increase in the self-employed.

The pattern contrasts with the 2000 to 2010 period where the economy lost 3.2 million workers, 400,000 of whom were self-employed. During that period the patterns were more similar for those employed by others and those self-employed, causing the fraction of self-employed to shrink only from 6.4 percent to 6.3 percent.

Secondary self-employment (self-employment by people whose primary job is working for a wage or salary) is expected to increase more slowly than primary self-employment, with BLS economists forecasting a 0.5 percent annual increase from 2010 to 2010.

That's also very different than what happened from 2000 to 2010 when over 500,000 secondary self-employed left the labor market, resulting a 3 percent annual rate of decline.

Big-IP Application Security Manager

Although primarily known for top-shelf networking products, F5 Networks' offering in the application security space is no afterthought. Available as a standalone appliance or module for one of its network products, the BIG-IP Application Security Manager (ASM) functions as a firewall, protecting web applications and services with a powerful policy engine.

The initial setup was reasonably straightforward. The product we received for review was bundled with the BIG-IP Local Traffic Manager, which complicated the network setup only slightly.

After defining our interfaces and assigning IP address and VLANs, we were ready to define our first policy. Policy creation was deceptively simple. The ASM offers a wizard for creating polices and came packaged with a number of predefined templates for several of the more popular web application packages, including Microsoft Outlook Web Access, SAP NetWeaver, PeopleSoft and others. We needed only to specify the public and private IPs of the application, enable the appropriate template and apply the policy.

The core of the ASM is the application firewall. Providing extremely granular rule options, the tool allows administrators to control HTTP responses at a parameter level - each parameter can be checked for length, attack signatures and more. It offers a good bit of data leak protection, too, as it can scan HTTP responses for defined bits of data, blocking or masking that data as appropriate. The product also provides protection against denial-of-service attacks.

The ASM's Policy Builder option is a strong feature. Designed to run on live production traffic, this system listens to normal traffic and builds a custom policy around what it sees, applying the appropriate signatures automatically.

Customers of WhiteHat Sentinel or Cenzic can take advantage of the ASM's virtual patching feature, which allows them to import their vulnerability assessment reports and have mitigation rules automatically created.

If power and flexibility are the ASM's strengths, documentation is its weakness. While we can't disparage the accuracy and volume of the documentation, our issue is with its presentation. The vast majority of the documentation is on F5's website as HTML or PDF documents. However, the sheer volume can make it challenging to find the document with the information for which one is looking, especially considering how fragmented it is. It has clearly been organised with a bend toward answering specific questions instead of offering general help. This is great for existing users, but makes getting started a little more difficult than it should be. We would have preferred a solid start-to-finish blocking guide. Unfortunately, we were forced to pick our way through a number of different PDFs and HTML documents, slowly assembling our own installation manual.

However, we couldn't come up with any question that F5 didn't have a documented answer for, either in its manuals or the AskF5 knowledgebase, so it is nothing if not thorough and we certainly appreciated that.

The base cost of the ASM hardware and licensing is c£9,454. Support costs start at 12 per cent of the retail price of the product, and all F5 solutions come with a one-year hardware warranty.

We were impressed with this product and would recommend it.

Peter Stephenson

Symantec quells fears of PGP vulnerability

Symantec has quenched fears about a vulnerability in its PGP technology.

According to a Pastebin statement, the pgpwded.sys kernel driver distributed with Symantec PGP Desktop contains an arbitrary memory overwrite vulnerability in the handling of IOCTL 0x80022058.

While the statement admitted that an attacker would need local access to a vulnerable computer to exploit this vulnerability, successful exploitation of this issue would allow an attacker to execute arbitrary code.

The statement also said that this vulnerability (METHO_BUFFERED with output_size == 0) exploit works only on Windows XP/2003.

A Symantec blog acknowledged the discovery and reality of the vulnerability. Kelvin Kwan, product marketing manager at Symantec, said: “There is a potential issue, but it cannot easily be exploited.”

Kwan said that the exploit would be very difficult to trigger as it relies on the system entering an error condition first and once in this error condition, the exploit could allow an attacker with lower privileges to run some arbitrary code with higher privileges.

This vulnerability is limited to systems running Windows XP and Windows 2003 and is not present in later versions of Windows.  

Kwan said: “The plan is to have a fix in an upcoming maintenance pack. The expected availability of the maintenance pack is early February.”

Gang behind Elderwood Project exploiting Internet Explorer zero-day

Symantec has linked exploits that leverage the zero-day vulnerability in Internet Explorer to the group responsible for a spate of recent espionage attacks.

Dubbed the ‘Elderwood Project' by Symantec, it said that the gang's work is responsible for at least four remote code execution vulnerabilities that were discovered in 2012 and used to spread malware to visitors of websites such as Amnesty International Hong Kong.

The gang was also responsible for attacks in January 2010 on several targets, including on Google, which later became known as operation Aurora.

While the attackers used spear phishing emails in the past, researchers are now seeing the emergence of ‘watering hole' tactics being used â€" where they compromise websites that are frequented by employees working at targeted companies, or even lower-tier organisations, such as manufacturers in the defence supply chain.

The latest zero-day was used as part of a so-called ‘watering hole' attack against the website for the policy think-tank Council on Foreign Relations, the influential membership group that helps shape US foreign policy.

Symantec said: “It has become clear that the group behind the Elderwood Project continues to produce new zero-day vulnerabilities for use in watering hole attacks and we expect them to continue to do so in the New Year.”

Goldman Sachs Leads $54 Million Investment In Infusionsoft

I'm excited to report that today, Infusionsoft (my employer) announced a $54 Million investment from Goldman Sachs.

(Coming up at 12pm EST â€" 11 CRM Executives that matter to growing businesses…)

This is a clear indication that the world of small business and small business marketing & sales software, in particular, has just gotten much hotter.

The small business CRM (sales and marketing software) space is filled with many viable products, but there are not many (I'm tempted to say no one) who offers free technical support (phone, chat or email), and marketing campaigns as part of their offerings â€" besides Infusionsoft.

Many CRM vendors offer contact management, many offer auto responders, many offer email marketing, but few offer all of this and more, in one integrated package.

According to Infusionsoft's press release: Of the 27 million small businesses in the U.S., five million fit into Infusionsoft's target market of small businesses with two to 25 employees. These businesses are owner-operated, lack IT support, follow their buyers online and desperately need effective sales and marketing tools to succeed. Mid-market software and IT support is too expensive and complicated for small businesses, but simple sales and marketing tools can't effectively manage their growing businesses.

This market, these five million small businesses, sometimes called “true small businesses” are the most vibrant segment of the small business market. For example, stats state that half of small businesses do not have web sites. However, the other “half” of small businesses that do have web sites are growing faster and are often more mature and forward thinking than those who do not. This market is hungry for solutions to help them grow.

More on the investment from the press release:

“We believe Infusionsoft is the market leader in delivering an all-in-one sales and marketing software solution for true small businesses,” says Raheel Zia, managing director for Goldman Sachs Group. “Infusionsoft is a proven partner in working with small businesses and Goldman Sachs is pleased to be an investor in this highly innovative and unique company in the software as a service industry.”

The $54 million investment from Goldman Sachs, with participation from Arthur Ventures, will help fund Infusionsoft's future growth plans. To date, Infusionsoft has received a total of $71 million in funding. Goldman Sachs joins Mohr Davidow Ventures and Signal Peak as investors in Infusionsoft.

Goldman Sachs Leads $54 Million Investment In Infusionsoft

I'm excited to report that today, Infusionsoft (my employer) announced a $54 Million investment from Goldman Sachs.

(Coming up at 12pm EST â€" 11 CRM Executives that matter to growing businesses…)

This is a clear indication that the world of small business and small business marketing & sales software, in particular, has just gotten much hotter.

The small business CRM (sales and marketing software) space is filled with many viable products, but there are not many (I'm tempted to say no one) who offers free technical support (phone, chat or email), and marketing campaigns as part of their offerings â€" besides Infusionsoft.

Many CRM vendors offer contact management, many offer auto responders, many offer email marketing, but few offer all of this and more, in one integrated package.

According to Infusionsoft's press release: Of the 27 million small businesses in the U.S., five million fit into Infusionsoft's target market of small businesses with two to 25 employees. These businesses are owner-operated, lack IT support, follow their buyers online and desperately need effective sales and marketing tools to succeed. Mid-market software and IT support is too expensive and complicated for small businesses, but simple sales and marketing tools can't effectively manage their growing businesses.

This market, these five million small businesses, sometimes called “true small businesses” are the most vibrant segment of the small business market. For example, stats state that half of small businesses do not have web sites. However, the other “half” of small businesses that do have web sites are growing faster and are often more mature and forward thinking than those who do not. This market is hungry for solutions to help them grow.

More on the investment from the press release:

“We believe Infusionsoft is the market leader in delivering an all-in-one sales and marketing software solution for true small businesses,” says Raheel Zia, managing director for Goldman Sachs Group. “Infusionsoft is a proven partner in working with small businesses and Goldman Sachs is pleased to be an investor in this highly innovative and unique company in the software as a service industry.”

The $54 million investment from Goldman Sachs, with participation from Arthur Ventures, will help fund Infusionsoft's future growth plans. To date, Infusionsoft has received a total of $71 million in funding. Goldman Sachs joins Mohr Davidow Ventures and Signal Peak as investors in Infusionsoft.

Dish Network Named Worst Company to Work for in U.S.

What your employees think about you and your company is important. If you don't think so, just read the story that follows. Your employees serve as brand emissaries, communicating the values of your company to your customers, and that message can affect the way your brand is perceived. If customers don't believe in you or your company, it will show, one way or the other. What your employees feel about your company is on you, too, so be sure to take responsibility for the value you create for them.

Worst Practices

Dish it out. This is the kind of brand recognition your company doesn't want. The method that the website 24/7 Wall St.com used to  pick the worst company to work for in America isn't very scientific, but as the stories of employees and former employees show, there is more than enough evidence of discontent. The complaints of the disgruntled may not mean much to some, but don't ignore the possibility that these underlying attitudes are affecting service and quality. Bloomberg Businessweek

Don't go to the dark side. We've all been tempted to point fingers when mistakes happen, but business coach Bernd Geropp warns against creating a culture of fear where employees are more likely to hide mistakes than share them with you. If this is the environment you have created, you should understand it will hurt much more than just morale. Also, if mistakes persist, you must consider your own leadership to determine whether your decisions are part of the problem. More Leadership, Less Management

Hire Right

In a fog about hiring. When hiring employees for your business, don't use the mirror test. Entrepreneur and blogger Tom Watson describes this as the approach of sticking a mirror under an applicant's nose to find out if they are still breathing. If they fog up the mirror, hire them quickly, before someone else snatches them away from you. Unfortunately, this approach will only lead to trouble down the road. Focus instead on hiring the right people for your company, and save yourself management headaches in the future. Cleaning 4 Profit

Be an interviewing super star. To hire the right people, you must realize that the interviewing process is much more than a chore to squeeze in between other important tasks in your day. Interviewing will allow you to hire the perfect employee for your company, adding value to your business while relieving you or another employee of tasks that are keeping you from growing. Karen Axelton has some suggestions to help you hire the best. Grow Smart Biz

The wonders of management. Hiring a great manager is critical, especially for a small startup business, so understandably you don't want to go through the whole process only to discover you've hired someone like Michael Scott from the popular TV show, The Office. Fortunately, there are some simple things to look for in a good manager, especially if you have the opportunity to observe their work habits ahead of time. Here are some qualities to consider in your search from startup adviser Martin Zwilling.  Startup Professionals Musings

Watch the Subtleties

Time for new talent. There comes a time in every business when new talent is needed. You should recognize this transition can be difficult for staff members and managers who may have played a much broader role when getting your company started. You will need these employees to help and support your new talent while adjusting to new or redefined roles. And you must avoid making them feel as if they are being replaced in the process. Business adviser Ian Smith has some suggestions to ease the transition. The Smith Report

Talkin' 'bout your generation. It's difficult enough to communicate with employees, but communicating to a multi-generational group is even more challenging. Often how those employees react to you depends upon their experiences and the generation to which they belong. It's important to consider some of the differences between your employees based on age and experience. Make sure you are making your true meaning known. Moats Kennedy Inc.

Fraudulent certificates from CA TurkTrust leads to browsers revoking trust

The fraudulent issuing of certificates from a Turkish certificate authority (CA) has led to major web browsers revoking trust.

According to Dustin Childs, group manager of response communications at Microsoft Trustworthy Computing, an advisory was issued after it became aware of "active attacks using a fraudulent digital certificate issued by TurkTrust". This has led to Google, Microsoft and Mozilla revoking trust in the certificates causing this problem.

It was initially detected on Christmas Eve by Google software engineer Adam Langley, who said that its Chrome browser detected and blocked an unauthorised digital certificate for the ‘google.com' domain and after investigating, it found that the certificate was issued by a CA linking back to Turkish TurkTrust.

Langley said that it alerted TurkTrust who discovered in August 2011 it had mistakenly issued two intermediate certificates to organisations that should have instead received regular SSL certificates.

He said: “Our actions addressed the immediate problem for our users. Given the severity of the situation, we will update Chrome again in January to no longer indicate extended validation status for certificates issued by TurkTrust, though connections to TurkTrust-validated HTTPS servers may continue to be allowed.”

Microsoft's advisory said that TurkTrust incorrectly created two subsidiary CAs - ego.gov.tr and e-islem.kktcmerkezbankasi.org and the first was then used to issue a fraudulent digital certificate to google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties.

Michael Coates, director of security assurance at Mozilla, said that while this was not a Firefox-specific issue, it was concerned that at least one of the mis-issued intermediate certificates was used for man-in-the-middle (MITM) traffic management of domain names.

“We are also concerned that the private keys for these certificates were not kept as secure as would be expected for intermediate certificates,” he said.

“An intermediate certificate that is used for MITM allows the holder of the certificate to decrypt and monitor communication within their network between the user and any website. Additionally, If the private key to one of the mis-issued intermediate certificates was compromised, then an attacker could use it to create SSL certificates containing domain names or IP addresses that the certificate holder does not legitimately own or control.

“An attacker armed with a fraudulent SSL certificate and an ability to control their victim's network could impersonate websites in a way that would be undetectable to most users. Such certificates could deceive users into trusting websites appearing to originate from the domain owners, but actually containing malicious content or software.”

A translated statement by TurkTrust acknowledged that two ‘incorrect statements' were issued by it in August 2011 that browsers detected in December. “The certificate was cancelled immediately after the notification [was made and] all systems [were] examined in detail [to determine] the exact source of the problem, respectively.”

It also said that as a result of the investigation, the "erroneous output occurs only once" so in the absence of any interference with its systems, any loss resulting from this instance have been identified.

Certificate compromise at CA TurkTrust leads to browsers revoking trust

The fraudulent issuing of certificates from a Turkish certificate authority (CA) has led to major web browsers revoking trust.

According to Dustin Childs, group manager of response communications at Microsoft Trustworthy Computing, an advisory was issued after it became aware of "active attacks using a fraudulent digital certificate issued by TurkTrust". This has led to Google, Microsoft and Mozilla revoking trust in the certificates causing this problem.

It was initially detected on Christmas Eve by Google software engineer Adam Langley, who said that its Chrome browser detected and blocked an unauthorised digital certificate for the ‘google.com' domain and after investigating, it found that the certificate was issued by a CA linking back to Turkish TurkTrust.

Langley said that it alerted TurkTrust who discovered in August 2011 it had mistakenly issued two intermediate certificates to organisations that should have instead received regular SSL certificates.

He said: “Our actions addressed the immediate problem for our users. Given the severity of the situation, we will update Chrome again in January to no longer indicate extended validation status for certificates issued by TurkTrust, though connections to TurkTrust-validated HTTPS servers may continue to be allowed.”

Microsoft's advisory said that TurkTrust incorrectly created two subsidiary CAs - ego.gov.tr and e-islem.kktcmerkezbankasi.org and the first was then used to issue a fraudulent digital certificate to google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties.

Michael Coates, director of security assurance at Mozilla, said that while this was not a Firefox-specific issue, it was concerned that at least one of the mis-issued intermediate certificates was used for man-in-the-middle (MITM) traffic management of domain names.

“We are also concerned that the private keys for these certificates were not kept as secure as would be expected for intermediate certificates,” he said.

“An intermediate certificate that is used for MITM allows the holder of the certificate to decrypt and monitor communication within their network between the user and any website. Additionally, If the private key to one of the mis-issued intermediate certificates was compromised, then an attacker could use it to create SSL certificates containing domain names or IP addresses that the certificate holder does not legitimately own or control.

“An attacker armed with a fraudulent SSL certificate and an ability to control their victim's network could impersonate websites in a way that would be undetectable to most users. Such certificates could deceive users into trusting websites appearing to originate from the domain owners, but actually containing malicious content or software.”

A translated statement by TurkTrust acknowledged that two ‘incorrect statements' were issued by it in August 2011 that browsers detected in December. “The certificate was cancelled immediately after the notification [was made and] all systems [were] examined in detail [to determine] the exact source of the problem, respectively.”

It also said that as a result of the investigation, the "erroneous output occurs only once" so in the absence of any interference with its systems, any loss resulting from this instance have been identified.